GithubHelp home page GithubHelp logo

rabbitathope / achilles Goto Github PK

View Code? Open in Web Editor NEW
1.0 1.0 0.0 31 KB

⚔️ Vulnerability Scanning: A collection of simple Python test scripts to check if servers are vulnerable to specific common CVEs. Based on public PoC.

License: MIT License

Python 100.00%
cve cve-scanning cybersecurity exploit infosec poc vulnerabilities vulnerability-scanners security-tools

achilles's Introduction

⚔️ Machete ⚔️

• a collection of useful exploit testing scripts •

for use with: vulnerability scanners

////

A collection of simple Python test scripts to check if your servers are vulnerable to specific common Common Vulnerabilities and Exposures (CVEs), mostly the very well-known and well-documented ones. This repository is only intended for your own use. I use more advanced versions of these scripts frequently to verify scan results and weed out false positives from vulnerability scan reports, and they are helpful to show a proof of concept for how an exploit might be done. These scripts are easy to incorporate into your own scanners, and each script imports all the libraries it needs to perform its testing. I will periodically add more to this repository over time as I gather more.

⚙️ How to use

Install all the necessary libraries in the requirements.txt file:

pip install -r requirements.txt

Each script corresponds to a specific CVE. Just run the script on the command line on Windows or Linux and enter the IP address or URL of the server you would like to test.

All of these scripts incorporate the bcolors library for command line colors.

📚 Sources used and further reading

Most of these scripts are my own versions of open-source Proof-Of-Concept (PoC) that is already out there, and I've just modified them to fit into my own scripts and to look pretty. Here is an excellent repository that keeps track of the latest Github PoC.

Some common CVE databases that you can reference for more information on each of these CVEs and vulnerabilities are:

⚠️ Disclaimers

  • Do not use these scripts for illegal activities. These scripts are intended for testing your own servers, ethical penetration testing, and demonstrating common vulnerabilities for educational purposes. Attempting exploits on servers that you do not have permission to attack is illegal and unethical.
  • Many of these scripts will appear to be attacking a server or performing the exploit they are testing for, and may set off Endpoint Detection and Response (EDR) products. Please ask permission from your systems administrator or security team before attempting to run any of these scripts on servers that belong to them.

achilles's People

Contributors

rabbitathope avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.