altoroj

WARNING: This app contains security vulnerabilities. AltoroJ is a sample banking J2EE web application. It shows what happens when web applications are written with consideration of app functionality but not app security. It's a simple and uncluttered platform for demonstrating and learning more about real-life application security issues.

altoromutual-owasp-zap-context

Altoro Mutual OWASP ZAP Context file

cacti-rce-cve-2022-46169-vulnerable-application

WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2022-46169). Run it at your own risk!

cacti-rce-snmp-options-vulnerable-application

WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2023-39362). Run it at your own risk!

ctf-rsa-breaker

This is a Python 2.7 script that can be used to solve RSA challenges in CTFs.

ctf-writeups

Bunch of CTF writeups.

data-grabber

This is a simple PHP script that can be used as a cookie grabber / session stealer. It uses MySQL to store data in a structured way.

gitlab_rce_cve-2022-2884

Exploits GitLab authenticated RCE vulnerability known as CVE-2022-2884.

m3ssap0

m3ssap0.github.io

massive-appscan-prepare

This is a Python 2.7 script that can be used to launch massive 'appscan prepare' commands.

massive-git-clone

This is a Python 2.7 script that can be used to clone several Git repositories defined, via URL, into a text file.

spring-break_cve-2017-8046

This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).

springbreakvulnerableapp

WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk!

struts2_cve-2017-5638

This is a sort of Java porting of the Python exploit at: https://www.exploit-db.com/exploits/41570/.

v8worker2

Minimal golang binding to V8

wordpress_cve-2018-6389

Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service.