Shadowaudit

Shado...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

Mirth Connect PoC Script Simple Python script for security re...

The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0

The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an...

Microsoft Windows Service Installation Persistence

This is a Microsoft Windows persistent service installer for creating backdoor services that automatically start payloads upon system boot. This tool is designed for authorized penetration testing and security research purposes. This variant from the author is written in PHP...

📄 Microsoft Windows LNK File Remote Code Execution

This PHP script is a proof of concept exploit that demonstrates how to create a Windows LNK shortcut file that executes a PowerShell command in this example, launches calc.exe...

AEGIS: No Tool Call Left Unchecked -- a Pre-Execution Firewall and Audit Layer for AI Agents

AI agents increasingly act through external tools: they query databases, execute shell commands, read and write files, and send network requests. Yet in most current agent stacks, model-generated tool calls are handed to the execution layer with no framework-agnostic control point in between...

VisualLeakBench: Auditing the Fragility of Large Vision-Language Models against PII Leakage and Social Engineering

As Large Vision-Language Models LVLMs are increasingly deployed in agent-integrated workflows and other deployment-relevant settings, their robustness against semantic visual attacks remains under-evaluated -- alignment is typically tested on explicit harmful content rather than privacy-critical...

Microsoft Graph Cloud Intelligence Collector

The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...

rami-kali-MCP

Red Team MCP Server MCP Model Context Protocol server that...

Exploit for Cross-site Scripting in Quantizor Markdown-To-Jsx

███████╗██╗ ██╗ █████╗ ██████╗ ██╗███╗ ██╗ ██████╗ █████...

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

pentesting-writeups

🔐 Pentesting Writeups Personal penetration testing document...

pentesting-notes

🔐 Pentesting Notes Personal penetration testing documentati...

Exploit for CVE-2026-0709

Hikvision Wireless AP – CVE-2026-0709 Authenticated RCE Tool...

WebDAV Advanced Penetration Testing Script

This Python-based WebDAV penetration testing script tests methods available, attempts directory listing with PROPFIND, file upload with PUT, and more...

web-vulnerability-scanner

Web Vulnerability Scanner This project is a simple Python too...

WAV Fuzzer 1.0

This script is a fuzzer tool for WAV file processing programs that targets memory corruption vulnerabilities...

📄 OpenBabel 3.1.1 Heap Buffer Overflow

This project is a local exploitation research and crash detection framework designed to evaluate memory-safety weaknesses in Open Babel version 3.1.1 under controlled laboratory conditions...

Malicious code in simple-text-parser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 028015ffba2e58b87cbc6405ccb9358c194b81fafea44e7359587509510d4027 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2026-1286 Malicious code in demozecosse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...