📄 HTTP/2 Multi-Server HPACK Exhaustion

This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...

📄 AnyDesk 9.7.5 Unquoted Service Path

AnyDesk version 9.7.5 suffers from an unquoted service path vulnerability. Exploit Title: AnyDesk v9.7.5 - Unquoted Service Path Date: 2026-06-06 Exploit Author: Milad Karimi Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com...

📄 Palo Alto GlobalProtect Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. The vulnerability stems from CWE-565: Reliance on Cookies without Validation and Integrity Checking. An unauthenticated remote attacker can forge...

📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner

This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module establishes a BGP session with a target router, performs standard protocol negotiation, and then sends a specially crafted BGP UPDATE message containing...

📄 Gogs 0.14.2 Argument Injection

Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below. ================================================================================================================================== | Title : Gogs Git Rebase Argume...

📄 Check Point VPN IKE Logic Flaw

This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting whether the target responds as an indicator of exploitability, then executing a MITM attack to intercept IKE packets between a victim and a VPN...

📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection

This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...

RISC-V-In-Proactive-computer-Security-PCS-

Exploring RISC-V in Proactive Computer Security PCS PUK pro...

RISC-V-In-Proactive-computer-Security-PCS

Exploring RISC-V in Proactive Computer Security PCS PUK pro...

Exploit for Write-what-where Condition in Linux Linux_Kernel

DirtyFrag CVE-2026-43284 PoC Validation and auditd Detection...

VS Code Extension Persistence

This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested against 1.120....

dvwa-web-attack-lab

Web Application Penetration Testing Lab Platform: Kali Li...

Exploit for Command Injection in Tp-Link Tapo_C200_Firmware

🔍 CVE-2021-4045: Vulnerabilidad de Inyección de Comandos en...

Systems-and-Cyber-Security-Coursework

CSI6SCS2526 — Systems and Cyber Security Coursework Gr...

ExploitOracle

No d...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-23111 nftables LPE: exposure check and safe lab Def...

Exploit for Use After Free in Redis

CVE-2026-23479 Scanner Redis Use-After-Free vulnerability CV...

network-intrusion-detector

network-intrusion-detector A Python tool that analyses web se...

OSCP-PEN200

🛡️ OSCP / PEN-200 Master Pentesting Database !License: MIT...

Exploit for CVE-2026-10795

CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Au...