PoC
WhatWeb
| PoC | WhatWeb | |
|---|---|---|
| 10 | 1 | |
| 788 | 5,102 | |
| - | - | |
| 5.3 | 0.0 | |
| 3 months ago | 4 months ago | |
| Ruby | Ruby | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PoC
- Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM) using a vulnerability in 2017 in 2022 (it wasn't patched prior March 2021)
- Cisco Nexus Dashboard Fabric Controller unauth web-to-root shell
-
Windows filehosting
And the fix that they couldn't be bothered to implement? Literally one line of code.
- Pre-auth WAN remote root for Cisco RV340 VPN Gateway Router
- “Podem tomar o controlo da sua TV e espiá-lo com a câmara e o microfone”. Ataque à Vodafone analisado por um dos maiores ‘hackers’ do mundo
- RCE vulnerability in TIBCO Data Virtualization
- Pwning Cisco ISE: from XSS to a root shell (w/ exploit video)
- Command Injection and SQL Injection Vulnerabilities in Micro Focus Operations Bridge Reporter (CVE-2021-22502)
- Unauth cmd injection as root on login / logout (plus other hilarious vulns) in Micro Focus Operations Bridge Reporter
-
How We Hacked a TP-Link Router and Took Home $55.000 in Pwn2Own
If you already have a day job in security, the $500 the manufacturer will give you won't give you a big boost. I prefer to drop the advisory and exploit after they fixed it even if I don't get money, as that gives me more street credz amongst the hacker crowd. See my github for examples: https://github.com/pedrib/PoC
WhatWeb
What are some alternatives?
CVE-2021-36260 - command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
dawnscanner - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
evil-winrm - The ultimate WinRM shell for hacking/pentesting
Kali-Linux-Tools-Interface - Graphical Web interface developed to facilitate the use of security information tools.
mad-metasploit - Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
evillimiter-windows - Tool that limits bandwidth of devices on the same network without access.
shotdroid - ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.
netdiscover - Netdiscover, ARP Scanner (official repository)
WeaponizeKali.sh - Automate installation of extra pentest tools on Kali Linux