CVE-2021-41773
waf-bypass
CVE-2021-41773 | waf-bypass | |
---|---|---|
1 | 5 | |
83 | 1,098 | |
- | 6.1% | |
2.6 | 7.7 | |
about 2 years ago | 9 days ago | |
Python | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CVE-2021-41773
-
Oh My WebServer TryHackMe Machine Writeup and Walkthrough
After studing, what was the flaw a written a custom exploit for this specific CVE which will give us RCE on the server, you can find that exploit here.
waf-bypass
- WAF Bypass Tool - check your WAF before an attacker does
- WAF bypass is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does.
-
Nemesida WAF Free – free Nginx WAF with the minimum False Positive and amazing Web visualisation
We can also recommend our waf-bypass tool to check your WAF https://github.com/nemesida-waf/waf-bypass
-
Does Your Waf Have False Positive
Did you check this ruleset with some bypass tools? Like https://github.com/nemesida-waf/waf-bypass or https://github.com/wallarm/gotestwaf ? I assume you have a lot of bypassed attacks (false negative).
What are some alternatives?
pwn_jenkins - Notes about attacking Jenkins servers
imagemagick-lfi-poc - ImageMagick LFI PoC [CVE-2022-44268]
pwntools - CTF framework and exploit development library
MHDDoS - Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods
AutoSploit - Automated Mass Exploiter
Cloudmare - Cloudflare, Sucuri, Incapsula real IP tracker.
HULK - Hulk DDos Attack script created using python libs
adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
onelinepy - Python Obfuscator to generate One-Liners and FUD Payloads.
badblood - SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)
Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal: