drupwn

This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-5777: The Ultimate Scanner 🚀 !Hackerhttps://media...

Exploit for Deserialization of Untrusted Data in Google Android

CVE-2024-31317-PoC-Deployer!Android Versionhttps://img.shie...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CrushFTP CVE-2025-31161 Exploit Tool 🔓 Advanced detection an...

Exploit for CVE-2025-30208

ViteVulScan Vulnerabilities Overview This project involves...

Exploit for CVE-2025-2294

Kubio Page Builder LFI Exploit CVE-2025-2294 !Pythonhttp...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 | Jenkins -p -f or bash python CVE-...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 An Exploitation tool to exploit the confluence...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 An Exploitation tool to exploit the confluence...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 An Exploitation tool to exploit the confluence...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2023-46747 An Exploitation script developed to exploit the...

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

Exploit for CVE-2022-30190

FOLLINA-CVE-2022-30190 Implementation of FOLLINA-CVE-2022-3019...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

This repository is an offensive tool for web application exploitation. The primary vulnerability targeted is CVE-2022-30525, a server-side request forgery SSRF vulnerability in a web application. The tool is designed to exploit this vulnerability by sending a specially crafted request to the targ...

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emai...

Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used f...

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

By Chetan Raghuprasad, Asheer Malhotra and Vitor Ventura, with contributions from Matt Thaxton. Cisco Talos discovered a new attack framework including a command and control C2 tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. The Alchimist has a web...

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

Exploit for Deserialization of Untrusted Data in Apache Log4J

This is a proof-of-concept PoC exploit for CVE-2021-44228, a v...

Some-PoC-oR-ExP

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability targeted by the code is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The tool is designed to exploit this vulnerability to...