├── LICENSE ├── README.md ├── inc ├── common.py ├── config.py ├── console.py ├── dnslog.py ├── import_plugin.py ├── init.py ├── output.py ├── run.py └── thread.py ├── pocbomber.py ├── pocs ├── framework │ ├── flask │ │ └── flask_ssti.py │ ├── laravel │ │ ├── CVE_2017_16894.py │ │ └── CVE_2021_3129.py │ ├── nodejs │ │ ├── CVE_2017_14849.py │ │ └── CVE_2021_21315.py │ ├── php │ │ ├── php_81_backdoor.py │ │ ├── php_xdebug_rce.py │ │ └── phpinfo_inclusion.py │ ├── shiro │ │ └── shiro_defaultkey.py │ ├── spring │ │ ├── CVE_2018_1273.py │ │ ├── CVE_2021_21234.py │ │ ├── CVE_2022_22947.py │ │ ├── CVE_2022_22965.py │ │ ├── jolokia_logback_jndi_rce.py │ │ └── jolokia_realm_jndi_rce.py │ ├── struct2 │ │ ├── s2_001.py │ │ ├── s2_005.py │ │ ├── s2_007.py │ │ ├── s2_008.py │ │ ├── s2_009.py │ │ ├── s2_012.py │ │ ├── s2_013.py │ │ ├── s2_015.py │ │ ├── s2_016.py │ │ ├── s2_032.py │ │ ├── s2_045.py │ │ ├── s2_046.py │ │ ├── s2_048.py │ │ ├── s2_053.py │ │ ├── s2_057.py │ │ └── s2_061.py │ └── thinkphp │ │ ├── thinkphp2_rce.py │ │ ├── thinkphp32x_rce.py │ │ ├── thinkphp5022_5129.py │ │ ├── thinkphp5023_rce.py │ │ ├── thinkphp5_sqli.py │ │ ├── thinkphp_driver_display_rce.py │ │ ├── thinkphp_index_construct_rce.py │ │ ├── thinkphp_index_showid_rce.py │ │ ├── thinkphp_invoke_func_code_exec.py │ │ ├── thinkphp_lite_code_exec.py │ │ ├── thinkphp_method_filter_code_exec.py │ │ ├── thinkphp_multi_sql_leak.py │ │ ├── thinkphp_pay_orderid_sqli.py │ │ ├── thinkphp_request_input_rce.py │ │ └── thinkphp_view_recent_xff_sqli.py ├── middleware │ ├── apache │ │ ├── CVE_2017_15715.py │ │ ├── CVE_2021_36749.py │ │ ├── CVE_2021_41773.py │ │ ├── CVE_2021_42013.py │ │ └── log4j2_rce.py │ ├── jboss │ │ ├── CVE_2017_12149.py │ │ ├── CVE_2017_7501.py │ │ └── CVE_2017_7504.py │ ├── nginx │ │ └── nginx_parsing_vulnerability.py │ ├── tomcat │ │ ├── CVE_2017_12615.py │ │ ├── tomcat.war │ │ └── tomcat_weakpass_getshell.py │ └── weblogic │ │ ├── CVE_2014_4210.py │ │ ├── CVE_2016_0638.py │ │ ├── CVE_2016_3510.py │ │ ├── CVE_2017_10271.py │ │ ├── CVE_2017_3248.py │ │ ├── CVE_2017_3506.py │ │ ├── CVE_2018_2628.py │ │ ├── CVE_2018_2893.py │ │ ├── CVE_2018_2894.py │ │ ├── CVE_2019_2725.py │ │ ├── CVE_2019_2729.py │ │ ├── CVE_2019_2890.py │ │ ├── CVE_2020_14882.py │ │ └── CVE_2020_2551.py ├── ports │ ├── memcache_unauth_11211.py │ ├── redis_6379.py │ ├── rsync_unauth_873.py │ ├── sunlogin_rce.py │ └── zookeeper_unauthorized.py ├── redteam │ ├── fanwei_e-cology_uploadOperation_fileupload_2022.py │ ├── fanwei_e-cology_verifyquicklogin_loginbypass_2022.py │ ├── h3c_cvm_fileupload_2022.py │ ├── huatiandongli_oa_fileupload_2022.py │ ├── landray_oa_admindo_jndiinject_2021.py │ ├── landray_oa_treexml_rce_2022.py │ ├── lvmeng_nsfocus_nf_fileupload_2022.py │ ├── mingyu_fileread_2022.py │ ├── prtg_default_pwd_rce.py │ ├── ruijie_nbr_fileupload.py │ ├── seeyon_oa_ajaxdo_fileupload_2022.py │ ├── seeyon_oa_wpsassistservlet_fileupload_2022.py │ ├── tongda_oa_2016_fileupload.py │ ├── tongda_oa_fileinclude_2020.py │ ├── tongda_oa_qyapp-vote-submit_sqli.py │ ├── tongda_oa_v11-8_apialiphp_fileupload.py │ ├── topsec_management_rce_2022.py │ ├── wangkang_firewall_rce_2021.py │ ├── wanhu_oa_fileupload-controller_fileupload_2022.py │ ├── wanhu_oa_smartupload_fileupload.py │ ├── yongyou_chanjet_login_sqli.py │ ├── yongyou_grp-u8_proxy_xxe-sqli_2022.py │ ├── yongyou_grp-u8_uploadfiledata_fileupload_2022.py │ ├── yongyou_nc_file-receive-servlet_fileupload_2021.py │ ├── yongyou_nc_fileupload_2022.py │ ├── yongyou_nc_rce_2022.py │ ├── yongyou_ufida_ksoa_fileupload_2022.py │ └── zentao_cnvd-2022-42853_sqli.py └── web │ ├── CVE_2021_22205.py │ ├── CVE_2021_40870.py │ ├── atlassian │ └── CVE_2022_26134.py │ ├── dahua │ └── CVE_2021_33044.py │ ├── discuz │ └── discuz67x_rce.py │ ├── f5 │ └── CVE_2022_1388.py │ ├── fanruan │ └── fanruan_oa_v9_fileupload.py │ ├── h2database │ └── h2console_unauth.py │ ├── h3c │ └── h3c_imc_rce.py │ ├── hikvision │ ├── CVE_2017_7921.py │ └── CVE_2021_36260.py │ ├── jenkins │ └── CVE_2018_1000861.py │ ├── landray │ └── landray_oa_custom_jsp_fileread.py │ ├── seeyon │ ├── seeyon_a6_sqli.py │ ├── seeyon_get_sessionslist.py │ ├── seeyon_oa_a8_htmlofficeservlet_getshell.py │ └── seeyon_thirdpartycontroller_getshell.py │ ├── tongda │ ├── tongda_oa_fake_user.py │ ├── tongda_sqli_getdata_php.py │ └── tongda_videofile_fileread.py │ ├── ueditor_1433_parsing_vulnerabilitly.py │ ├── vmware │ ├── CVE_2021_21972.py │ └── CVE_2022_22954.py │ ├── weaver │ ├── CNVD_2019_32204.py │ ├── CNVD_2019_34241.py │ ├── CNVD_2021_49104.py │ ├── TestFile_weaver_common_ctrl_upload.zip │ ├── e_cology_v8_sqli.py │ ├── e_cology_workflowservicexml_rce.py │ ├── weaver_common_ctrl_upload.py │ └── weaver_ecology_getsqldata_sqli.py │ ├── wordpress │ └── CVE_2018_7422.py │ ├── yongyou │ └── yongyou_nc-find-web_fileread.py │ └── zabbix │ └── CVE_2022_23131.py ├── requirements.txt └── 更新日志.txt /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/README.md -------------------------------------------------------------------------------- /inc/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/common.py -------------------------------------------------------------------------------- /inc/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/config.py -------------------------------------------------------------------------------- /inc/console.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/console.py -------------------------------------------------------------------------------- /inc/dnslog.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/dnslog.py -------------------------------------------------------------------------------- /inc/import_plugin.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /inc/init.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/init.py -------------------------------------------------------------------------------- /inc/output.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/output.py -------------------------------------------------------------------------------- /inc/run.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/run.py -------------------------------------------------------------------------------- /inc/thread.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/inc/thread.py -------------------------------------------------------------------------------- /pocbomber.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocbomber.py -------------------------------------------------------------------------------- /pocs/framework/flask/flask_ssti.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/flask/flask_ssti.py -------------------------------------------------------------------------------- /pocs/framework/laravel/CVE_2017_16894.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/laravel/CVE_2017_16894.py -------------------------------------------------------------------------------- /pocs/framework/laravel/CVE_2021_3129.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/laravel/CVE_2021_3129.py -------------------------------------------------------------------------------- /pocs/framework/nodejs/CVE_2017_14849.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/nodejs/CVE_2017_14849.py -------------------------------------------------------------------------------- /pocs/framework/nodejs/CVE_2021_21315.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/nodejs/CVE_2021_21315.py -------------------------------------------------------------------------------- /pocs/framework/php/php_81_backdoor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/php/php_81_backdoor.py -------------------------------------------------------------------------------- /pocs/framework/php/php_xdebug_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/php/php_xdebug_rce.py -------------------------------------------------------------------------------- /pocs/framework/php/phpinfo_inclusion.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/php/phpinfo_inclusion.py -------------------------------------------------------------------------------- /pocs/framework/shiro/shiro_defaultkey.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/shiro/shiro_defaultkey.py -------------------------------------------------------------------------------- /pocs/framework/spring/CVE_2018_1273.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/spring/CVE_2018_1273.py -------------------------------------------------------------------------------- /pocs/framework/spring/CVE_2021_21234.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/spring/CVE_2021_21234.py -------------------------------------------------------------------------------- /pocs/framework/spring/CVE_2022_22947.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/spring/CVE_2022_22947.py -------------------------------------------------------------------------------- /pocs/framework/spring/CVE_2022_22965.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/spring/CVE_2022_22965.py -------------------------------------------------------------------------------- /pocs/framework/spring/jolokia_logback_jndi_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/spring/jolokia_logback_jndi_rce.py -------------------------------------------------------------------------------- /pocs/framework/spring/jolokia_realm_jndi_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/spring/jolokia_realm_jndi_rce.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_001.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_001.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_005.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_005.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_007.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_007.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_008.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_008.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_009.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_009.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_012.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_012.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_013.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_013.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_015.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_015.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_016.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_016.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_032.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_032.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_045.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_045.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_046.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_046.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_048.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_048.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_053.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_053.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_057.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_057.py -------------------------------------------------------------------------------- /pocs/framework/struct2/s2_061.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/struct2/s2_061.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp2_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp2_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp32x_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp32x_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp5022_5129.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp5022_5129.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp5023_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp5023_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp5_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp5_sqli.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_driver_display_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_driver_display_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_index_construct_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_index_construct_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_index_showid_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_index_showid_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_invoke_func_code_exec.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_invoke_func_code_exec.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_lite_code_exec.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_lite_code_exec.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_method_filter_code_exec.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_method_filter_code_exec.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_multi_sql_leak.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_multi_sql_leak.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_pay_orderid_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_pay_orderid_sqli.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_request_input_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_request_input_rce.py -------------------------------------------------------------------------------- /pocs/framework/thinkphp/thinkphp_view_recent_xff_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/framework/thinkphp/thinkphp_view_recent_xff_sqli.py -------------------------------------------------------------------------------- /pocs/middleware/apache/CVE_2017_15715.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/apache/CVE_2017_15715.py -------------------------------------------------------------------------------- /pocs/middleware/apache/CVE_2021_36749.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/apache/CVE_2021_36749.py -------------------------------------------------------------------------------- /pocs/middleware/apache/CVE_2021_41773.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/apache/CVE_2021_41773.py -------------------------------------------------------------------------------- /pocs/middleware/apache/CVE_2021_42013.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/apache/CVE_2021_42013.py -------------------------------------------------------------------------------- /pocs/middleware/apache/log4j2_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/apache/log4j2_rce.py -------------------------------------------------------------------------------- /pocs/middleware/jboss/CVE_2017_12149.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/jboss/CVE_2017_12149.py -------------------------------------------------------------------------------- /pocs/middleware/jboss/CVE_2017_7501.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/jboss/CVE_2017_7501.py -------------------------------------------------------------------------------- /pocs/middleware/jboss/CVE_2017_7504.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/jboss/CVE_2017_7504.py -------------------------------------------------------------------------------- /pocs/middleware/nginx/nginx_parsing_vulnerability.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/nginx/nginx_parsing_vulnerability.py -------------------------------------------------------------------------------- /pocs/middleware/tomcat/CVE_2017_12615.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/tomcat/CVE_2017_12615.py -------------------------------------------------------------------------------- /pocs/middleware/tomcat/tomcat.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/tomcat/tomcat.war -------------------------------------------------------------------------------- /pocs/middleware/tomcat/tomcat_weakpass_getshell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/tomcat/tomcat_weakpass_getshell.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2014_4210.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2014_4210.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2016_0638.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2016_0638.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2016_3510.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2016_3510.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2017_10271.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2017_10271.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2017_3248.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2017_3248.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2017_3506.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2017_3506.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2018_2628.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2018_2628.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2018_2893.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2018_2893.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2018_2894.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2018_2894.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2019_2725.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2019_2725.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2019_2729.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2019_2729.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2019_2890.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2019_2890.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2020_14882.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2020_14882.py -------------------------------------------------------------------------------- /pocs/middleware/weblogic/CVE_2020_2551.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/middleware/weblogic/CVE_2020_2551.py -------------------------------------------------------------------------------- /pocs/ports/memcache_unauth_11211.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/ports/memcache_unauth_11211.py -------------------------------------------------------------------------------- /pocs/ports/redis_6379.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/ports/redis_6379.py -------------------------------------------------------------------------------- /pocs/ports/rsync_unauth_873.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/ports/rsync_unauth_873.py -------------------------------------------------------------------------------- /pocs/ports/sunlogin_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/ports/sunlogin_rce.py -------------------------------------------------------------------------------- /pocs/ports/zookeeper_unauthorized.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/ports/zookeeper_unauthorized.py -------------------------------------------------------------------------------- /pocs/redteam/fanwei_e-cology_uploadOperation_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/fanwei_e-cology_uploadOperation_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/fanwei_e-cology_verifyquicklogin_loginbypass_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/fanwei_e-cology_verifyquicklogin_loginbypass_2022.py -------------------------------------------------------------------------------- /pocs/redteam/h3c_cvm_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/h3c_cvm_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/huatiandongli_oa_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/huatiandongli_oa_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/landray_oa_admindo_jndiinject_2021.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/landray_oa_admindo_jndiinject_2021.py -------------------------------------------------------------------------------- /pocs/redteam/landray_oa_treexml_rce_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/landray_oa_treexml_rce_2022.py -------------------------------------------------------------------------------- /pocs/redteam/lvmeng_nsfocus_nf_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/lvmeng_nsfocus_nf_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/mingyu_fileread_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/mingyu_fileread_2022.py -------------------------------------------------------------------------------- /pocs/redteam/prtg_default_pwd_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/prtg_default_pwd_rce.py -------------------------------------------------------------------------------- /pocs/redteam/ruijie_nbr_fileupload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/ruijie_nbr_fileupload.py -------------------------------------------------------------------------------- /pocs/redteam/seeyon_oa_ajaxdo_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/seeyon_oa_ajaxdo_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/seeyon_oa_wpsassistservlet_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/seeyon_oa_wpsassistservlet_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/tongda_oa_2016_fileupload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/tongda_oa_2016_fileupload.py -------------------------------------------------------------------------------- /pocs/redteam/tongda_oa_fileinclude_2020.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/tongda_oa_fileinclude_2020.py -------------------------------------------------------------------------------- /pocs/redteam/tongda_oa_qyapp-vote-submit_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/tongda_oa_qyapp-vote-submit_sqli.py -------------------------------------------------------------------------------- /pocs/redteam/tongda_oa_v11-8_apialiphp_fileupload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/tongda_oa_v11-8_apialiphp_fileupload.py -------------------------------------------------------------------------------- /pocs/redteam/topsec_management_rce_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/topsec_management_rce_2022.py -------------------------------------------------------------------------------- /pocs/redteam/wangkang_firewall_rce_2021.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/wangkang_firewall_rce_2021.py -------------------------------------------------------------------------------- /pocs/redteam/wanhu_oa_fileupload-controller_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/wanhu_oa_fileupload-controller_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/wanhu_oa_smartupload_fileupload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/wanhu_oa_smartupload_fileupload.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_chanjet_login_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_chanjet_login_sqli.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_grp-u8_proxy_xxe-sqli_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_grp-u8_proxy_xxe-sqli_2022.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_grp-u8_uploadfiledata_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_grp-u8_uploadfiledata_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_nc_file-receive-servlet_fileupload_2021.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_nc_file-receive-servlet_fileupload_2021.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_nc_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_nc_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_nc_rce_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_nc_rce_2022.py -------------------------------------------------------------------------------- /pocs/redteam/yongyou_ufida_ksoa_fileupload_2022.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/yongyou_ufida_ksoa_fileupload_2022.py -------------------------------------------------------------------------------- /pocs/redteam/zentao_cnvd-2022-42853_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/redteam/zentao_cnvd-2022-42853_sqli.py -------------------------------------------------------------------------------- /pocs/web/CVE_2021_22205.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/CVE_2021_22205.py -------------------------------------------------------------------------------- /pocs/web/CVE_2021_40870.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/CVE_2021_40870.py -------------------------------------------------------------------------------- /pocs/web/atlassian/CVE_2022_26134.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/atlassian/CVE_2022_26134.py -------------------------------------------------------------------------------- /pocs/web/dahua/CVE_2021_33044.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/dahua/CVE_2021_33044.py -------------------------------------------------------------------------------- /pocs/web/discuz/discuz67x_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/discuz/discuz67x_rce.py -------------------------------------------------------------------------------- /pocs/web/f5/CVE_2022_1388.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/f5/CVE_2022_1388.py -------------------------------------------------------------------------------- /pocs/web/fanruan/fanruan_oa_v9_fileupload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/fanruan/fanruan_oa_v9_fileupload.py -------------------------------------------------------------------------------- /pocs/web/h2database/h2console_unauth.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/h2database/h2console_unauth.py -------------------------------------------------------------------------------- /pocs/web/h3c/h3c_imc_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/h3c/h3c_imc_rce.py -------------------------------------------------------------------------------- /pocs/web/hikvision/CVE_2017_7921.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/hikvision/CVE_2017_7921.py -------------------------------------------------------------------------------- /pocs/web/hikvision/CVE_2021_36260.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/hikvision/CVE_2021_36260.py -------------------------------------------------------------------------------- /pocs/web/jenkins/CVE_2018_1000861.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/jenkins/CVE_2018_1000861.py -------------------------------------------------------------------------------- /pocs/web/landray/landray_oa_custom_jsp_fileread.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/landray/landray_oa_custom_jsp_fileread.py -------------------------------------------------------------------------------- /pocs/web/seeyon/seeyon_a6_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/seeyon/seeyon_a6_sqli.py -------------------------------------------------------------------------------- /pocs/web/seeyon/seeyon_get_sessionslist.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/seeyon/seeyon_get_sessionslist.py -------------------------------------------------------------------------------- /pocs/web/seeyon/seeyon_oa_a8_htmlofficeservlet_getshell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/seeyon/seeyon_oa_a8_htmlofficeservlet_getshell.py -------------------------------------------------------------------------------- /pocs/web/seeyon/seeyon_thirdpartycontroller_getshell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/seeyon/seeyon_thirdpartycontroller_getshell.py -------------------------------------------------------------------------------- /pocs/web/tongda/tongda_oa_fake_user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/tongda/tongda_oa_fake_user.py -------------------------------------------------------------------------------- /pocs/web/tongda/tongda_sqli_getdata_php.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/tongda/tongda_sqli_getdata_php.py -------------------------------------------------------------------------------- /pocs/web/tongda/tongda_videofile_fileread.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/tongda/tongda_videofile_fileread.py -------------------------------------------------------------------------------- /pocs/web/ueditor_1433_parsing_vulnerabilitly.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/ueditor_1433_parsing_vulnerabilitly.py -------------------------------------------------------------------------------- /pocs/web/vmware/CVE_2021_21972.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/vmware/CVE_2021_21972.py -------------------------------------------------------------------------------- /pocs/web/vmware/CVE_2022_22954.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/vmware/CVE_2022_22954.py -------------------------------------------------------------------------------- /pocs/web/weaver/CNVD_2019_32204.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/CNVD_2019_32204.py -------------------------------------------------------------------------------- /pocs/web/weaver/CNVD_2019_34241.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/CNVD_2019_34241.py -------------------------------------------------------------------------------- /pocs/web/weaver/CNVD_2021_49104.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/CNVD_2021_49104.py -------------------------------------------------------------------------------- /pocs/web/weaver/TestFile_weaver_common_ctrl_upload.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/TestFile_weaver_common_ctrl_upload.zip -------------------------------------------------------------------------------- /pocs/web/weaver/e_cology_v8_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/e_cology_v8_sqli.py -------------------------------------------------------------------------------- /pocs/web/weaver/e_cology_workflowservicexml_rce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/e_cology_workflowservicexml_rce.py -------------------------------------------------------------------------------- /pocs/web/weaver/weaver_common_ctrl_upload.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/weaver_common_ctrl_upload.py -------------------------------------------------------------------------------- /pocs/web/weaver/weaver_ecology_getsqldata_sqli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/weaver/weaver_ecology_getsqldata_sqli.py -------------------------------------------------------------------------------- /pocs/web/wordpress/CVE_2018_7422.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/wordpress/CVE_2018_7422.py -------------------------------------------------------------------------------- /pocs/web/yongyou/yongyou_nc-find-web_fileread.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/yongyou/yongyou_nc-find-web_fileread.py -------------------------------------------------------------------------------- /pocs/web/zabbix/CVE_2022_23131.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/pocs/web/zabbix/CVE_2022_23131.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | func_timeout 3 | rich 4 | dnslib 5 | -------------------------------------------------------------------------------- /更新日志.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tr0uble-mAker/POC-bomber/HEAD/更新日志.txt --------------------------------------------------------------------------------