Skip to content

@SECFORCE SECFORCE

Change the repository type filter

All

    Repositories list

    32 repositories

    • Beacon2023

      Public
      Slides from Beacon 2023 Conference
      3300Updated Nov 27, 2023Nov 27, 2023

    • SharpWhispers

      Public
      C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
      C#
      1610010Updated Apr 14, 2023Apr 14, 2023

    • AWS-Cognito-Finder

      Public
      AWS Cognito Finder Burp Suite Extension
      Python
      2520Updated Mar 13, 2023Mar 13, 2023

    • Tunna

      Public
      Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
      Python
      2821.2k141Updated Sep 4, 2022Sep 4, 2022

    • fixer

      Public
      FIX (Financial Information eXchange) protocol fuzzer
      Ruby
      162301Updated Jul 22, 2022Jul 22, 2022

    • CSS_exfiltration

      Public
      Python
      1100Updated Jun 12, 2022Jun 12, 2022

    • SharpASM

      Public
      SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections allocated by the CLR.
      C#
      95700Updated May 23, 2022May 23, 2022

    • NimWhispers

      Public
      Nim
      3900Updated Apr 8, 2022Apr 8, 2022

    • awsome-cis-checker

      Public
      Python
      MIT License
      2410Updated Feb 17, 2022Feb 17, 2022

    • SharpExtractor

      Public
      SharpExtractor is a dotnet project that allows file extraction from file containers.
      C#
      MIT License
      1100Updated Nov 17, 2021Nov 17, 2021

    • SharpZip

      Public
      C#
      1600Updated Nov 11, 2021Nov 11, 2021

    • DLL-Hollow-PoC

      Public
      DLL Hollowing PoC - Remote and Self shellcode injection
      C
      156900Updated Nov 10, 2021Nov 10, 2021

    • SharpAllowedToAct

      Public
      Computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity)
      C#
      37200Updated Nov 10, 2021Nov 10, 2021

    • CVE-2021-37748

      Public
      Python
      6500Updated Oct 25, 2021Oct 25, 2021

    • SNMP-Brute

      Public
      Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.
      Python
      GNU General Public License v3.0
      10829200Updated Sep 13, 2021Sep 13, 2021

    • AzDetect

      Public
      Python
      1000Updated Jun 22, 2021Jun 22, 2021

    • sparta

      Public
      Network Infrastructure Penetration Testing Tool
      Python
      GNU General Public License v3.0
      4451.6k164Updated Jun 2, 2021Jun 2, 2021

    • Progress-MOVEit-Transfer-2020.1-Stored-XSS-CVE-2020-28647

      Public
      MOVEit Transfer 2020 web application Stored Cross-Site Scripting (XSS)
      JavaScript
      0000Updated Dec 17, 2020Dec 17, 2020

    • WPTimeCapsulePOC

      Public
      An authentication bypass was recently discovered (https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/) on WP Time Capsule < 1.21.16. This PoC proves how the issue works and how it can be exploited.
      Python
      4400Updated Jan 16, 2020Jan 16, 2020

    • proxyfuzz

      Public
      Python
      151101Updated Nov 20, 2019Nov 20, 2019

    • CVE-2018-1000082-exploit

      Public
      0100Updated Oct 22, 2019Oct 22, 2019

    • NetScalerEPABypass

      Public
      A quick and dirty way to bypass encrypted EPA to connect to a NetScaler Gateway
      Python
      The Unlicense
      11100Updated Oct 11, 2019Oct 11, 2019

    • secforce.github.io

      Public
      Blog content (BETA)
      HTML
      0000Updated Apr 25, 2019Apr 25, 2019

    • Macro-Keystrokes

      Public
      PoC of execution of commands on a Word macro, without the use of rundll32.exe and importation of kernel32 libraries such as CreateRemoteThread or CreateProcessA. This technique simply relies on sending keystrokes to the host.
      5700Updated Apr 1, 2019Apr 1, 2019

    • CVE-2018-8941

      Public
      D-Link DSL-3782 Code Execution (Proof of Concept)
      9810Updated Apr 3, 2018Apr 3, 2018

    • sftp-exploit

      Public
      OpenSSH <=6.6 SFTP misconfiguration universal exploit
      Python
      252700Updated Mar 20, 2018Mar 20, 2018

    • CVE-2008-1613

      Public
      RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.
      cve-2008-1613
      Python
      4200Updated May 3, 2017May 3, 2017

    • CVE-2008-5416

      Public
      Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
      2300Updated May 3, 2017May 3, 2017

    • chrome-stale-pointer-POC

      Public
      3100Updated Apr 23, 2017Apr 23, 2017

    • CVE-2011-4107

      Public
      phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion
      Ruby
      6400Updated Apr 19, 2017Apr 19, 2017