Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in Bluetooth devices that allow an attacker to remotely execute code on a device. The PoC code is written in Python and uses the PyBluez library to...

isf

This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...

aflnet

It is an offensive tool for network protocols. AFLNet is a greybox fuzzer for protocol implementations. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of recorded message exchanges between...

Exploit for CVE-2017-0144

This repository is an offensive tool for Windows. It is an implementation of the DoublePulsar backdoor in C/C++. The tool includes a suite of exploits and detectors for various vulnerabilities, including the EternalBlue vulnerability CVE-2017-0144. The tool can be used to upload a DLL to a...

pentest-guide

This repository is an offensive tool for penetration testing, specifically a guide based on OWASP Open Web Application Security Project including test cases, resources, and examples. It contains various modules and tools for testing different types of vulnerabilities, such as Brute Force, Busines...

Exploit for OS Command Injection in Docker

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable...

jexboss

This is a Python script for a tool called JexBoss, which is designed to exploit vulnerabilities in JBoss Application Server and other Java platforms. The script is written in Python 2.7 and uses the urllib3 library for HTTP requests. The script has several modules, including exploits.py,...

uptux

uptux Specialized privilege escalation checks for Linux systems. Implemented so far: - Writable systemd paths, services, timers, and socket units - Disassembles systemd unit files looking for: - References to executables that are writable - References to broken symlinks pointing to writeable...

GyoiThon

This is an offensive tool for penetration testing using machine learning. It is called GyoiThon. The tool is designed to perform penetration testing using machine learning algorithms and can be used to identify vulnerabilities in web applications and services. The tool uses a variety of technique...

TIDoS-Framework

The TIDoS Framework is a comprehensive web application penetration testing framework written in Python. It has five main phases: Reconnaissance, Scanning & Enumeration, Vulnerability Analysis, Exploits Castle, and Auxiliaries. The framework is designed to automate various tasks, including...

CVE-2025-38397

CVE-2025-38397 is a Linux kernel vulnerability related to a suspicious RCU usage warning in nvme_mpath_add_sysfs_link() during NVMe over TCP tests. The connected SUSE/OpenSUSE advisories confirm a kernel fix addressing this RCU warning (nvme-multipath) in the Linux kernel, and indicate an updated...

URLCrazy Domain Name Typo Tool 0.8.1

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo ...

Exploit for Deserialization of Untrusted Data in Microsoft

Divine Absolute - CVE-2025-53770 Exploit Tool !Licensehttp...

Towards Unifying Quantitative Security Benchmarking for Multi Agent Systems

Evolving AI systems increasingly deploy multi-agent architectures where autonomous agents collaborate, share information, and delegate tasks through developing protocols. This connectivity, while powerful, introduces novel security risks. One such risk is a cascading risk: a breach in one agent c...

Development of a Standardized Testing Environment for QRNGs Based on Semiconductor Laser Phase Noise

Quantum random number generators QRNGs based on semiconductor laser phase noise are an inexpensive and efficient resource for true random numbers. Commercially available technology allows for designing QRNG setups tailored to specific use cases. However, it is important to constantly monitor...

Enabling Cyber Security Education through Digital Twins and Generative AI

Digital Twins DTs are gaining prominence in cybersecurity for their ability to replicate complex IT Information Technology, OT Operational Technology, and IoT Internet of Things infrastructures, allowing for real time monitoring, threat analysis, and system simulation. This study investigates how...

CLSA-2025-1753207513 pam: Fix of CVE-2025-6020

CVE-2025-6020: privilege elevation to root via multiple symlink attacks and race conditions - Perform regression testing...

CLSA-2025-1753206853 pam: Fix of CVE-2025-6020

CVE-2025-6020: privilege elevation to root via multiple symlink attacks and race conditions - Perform regression testing...

Exploit for OS Command Injection in Openbsd Openssh

🔐 CVE-2023-51385 - OpenSSH ProxyCommand Injection PoC This...

Malicious code in scenes-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ede91952fd4d242e34d4fdd634b5d10a0f0d16145af1bfbfe011b8c5c1d02501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...