Linux WSL via Startup Folder Persistence

This module establishes persistence by creating a payload in the windows startup folder from within the Windows Subsystem for Linux WSL environment. This allows for code execution on Windows user login. Verified on Windows 10 with Ubuntu 24.04 WSL distribution. Module Options msf use...

Exploit for CVE-2025-7441

CVE-2025-7441 StoryChief - 1.0.42 - Unauthenticated Arbitrary...

EUVD-2022-48309

Malicious code in bioql PyPI...

hackingtool-v5.1

All in One Hacking tool For Hackers🥇 !https://img.shields...

hackingtool

This is an all-in-one hacking tool for hackers, written in Python. The tool is designed to be run on Linux, Kali Linux, or Parrot OS. It provides a menu-driven interface for various hacking tasks, including information gathering, wireless attacks, SQL injection, phishing, web attacks,...

LFI-zip-exploit

LFI Zip Exploit Tool A Python tool to exploit LFI Local File...

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution RCE Date: 25-06-2025 Exploit Author: Huseyin Mardini @housma Original Researcher: Luka Sikic Original Exploit Author: hash3liZer Vendor Homepage: https://wordpress.org/plugins/social-warfare/ Softwa...

Picklescan failed to detect to some unsafe global function in Numpy library

Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...

CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...

vulhub

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...

n+otes 1.6.2 - Denial of Service Exploit

Exploit Title: n+otes 1.6.2 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/n-otes/id596895960 Version: 1.6.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note:...

MoveKit - Cobalt Strike Kit For Lateral Movement

Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the executeassembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a...

Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)

Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...

ScareCrow - Payload Creation Framework Designed Around EDR Bypass

If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2 Description ScareCrow is a payload creation framework for generating loaders for the use of side loading not injection into a legitimate Windows process bypassing Application...

TaskCanvas 1.4.0 - Registration Denial Of Service

TaskCanvas 1.4.0 - Registration Denial Of Service Exploit Title: TaskCanvas 1.4.0 - 'Registration' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : https://www.digitalvolcano.co.uk/ Link Software : https://www.digitalvolcano.co.uk/taskcanvasdownload.ht...

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version: v4.6.1217 Tested on: Windows 7 x64 Windows XP SP3 1.- Run python code :poc.py 2.-...

Exploit for XML Injection (aka Blind XPath Injection) in Nsa Ghidra

CVE-2019-16941 Proof-of-Concept: The vulnerability requires...

fireELF - Fileless Linux Malware Framework

fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfdcreate' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive. Feature...

EggShell - iOS/macOS/Linux Remote Administration Tool

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shel...

Payload Generation Framework: SharpShooter

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the...