This repository is a collection of proof-of-concept ("POC") exploits for various Common Vulnerabilities and Exposures ("CVEs"). Each POC is organized by its corresponding CVE ID and includes both Python scripts and detailed manual exploitation steps.
Certus Cybersecurity is committed to developing step-by-step reproduction guides and POC exploits to support the broader information security community. Our goal is to enhance the understanding of various vulnerabilities and their exploitation techniques, empowering security professionals and researchers to improve defenses and promote a more secure digital environment.
The repository is organized into folders, each named after a specific CVE ID. Inside each folder, you will find:
poc.py: A Python script demonstrating the exploitation of the vulnerability.README.md: A detailed guide containing step-by-step instructions for manually exploiting the vulnerability.requirements.txt: A file listing the Python dependencies required to run the exploit.py script.info.yaml: A file that contains metadata about the POC.images/: A folder containing images referenced in the README.md file to help illustrate the exploitation process
Example Structure
└── CVE-XXXX-XXXXX/
├── README.md
├── images
│ └── X.png
├── info.yaml
├── poc.py
└── requirements.txt
This repository contains search.py, a Python script that allows users to quickly search for keywords within this repository. The script scans through the repository and returns a list of POCs that contain the specified keyword in a structured format.
Ensure you Python 3 is installed. Additionally, install the following dependencies:
- pyyaml
- argparse
- pandas
- tabulate
- gitpython
- Clone the cve-pocs repository.
git clone https://github.com/certuscyber/cve-pocs.git && cd cve-pocs
- Install the required dependencies.
pip3 install -r requirements.txt
Once installed, search.py is ready to be used for searching for CVE POCs.
Examples:
- Search for POCs related to CVEs from 2024:
python3 search.py -q 2024
- Query for Insecure Direct Object Reference ("IDOR") POCs:
python3 search.py -q idor
- Look for SQL Injection POCs:
python3 search.py -q "sql injection"
This repository is for educational purposes only. The POCs provided here are intended to help security researchers understand the nature of vulnerabilities and how they can be exploited. Use this knowledge responsibly. The repository owner is not responsible for any misuse of the information contained within this repository.
Additionally, while some of these CVEs were not initially discovered by Certus Cybersecurity, our contribution lies in the development of detailed step-by-step reproduction guides and POC exploits for these vulnerabilities. We acknowledge and respect the original researchers or organizations responsible for the discoveries, and our goal is to enhance the understanding of various vulnerabilities.