Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

CVE-2026-30824 — Flowise NVIDIA NIM Authentication Bypass Chec...

MAL-2026-866 Malicious code in oraceldb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 723248915f1acb6de7c5bed00d0d554ced6b8cd6359d79436c8ab02f49f18360 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell: CVE-2025-55182 – Comprehensive Vulnerability Scan...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

Exploit CVE-2025-31161 INSTALLATION 1. git clone h...

China-Linked AI Pentest Tool ‘Villager’ Raises Concern After 10K Downloads

China-linked AI tool Villager, published on PyPI, automates cyberattacks and has got experts worried after 10,000 downloads in…...

LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...

Infection Monkey v1.6 - An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...

SubScraper - External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTPS requests and DNS "A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to...

EggShell - iOS/macOS Remote Administration Tool

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

iOS macOS Remote Administration Tool: EggShell

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

Chromebackdoor - Backdoor C&C for Populars Browsers

Chromebackdoor is a pentest tool, this tool use a MITB technique for generate a windows executable ".exe" after launch run a malicious extension or script on most popular browsers, and send all DOM datas on command and control. VIDEO Install Text V 3.0 Install Video OLD Binder guide Module guide...

Foolav - Pentest Tool For Antivirus Evasion and Running Arbitrary Payload on Target Wintel Host

Executable compiled with this code is useful during penetration tests where there is a need to execute some payload meterpreter maybe? while being certain that it will not be detected by antivirus software. The only requirement is to be able to upload two files: binary executable and payload file...

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...