Exploit for CVE-2024-28397

CVE-2024-28397 js2py Sandbox Escape Exploit A collection of e...

LFISuite

This repository is an offensive tool for Local File Inclusion LFI exploitation and scanning. It is primarily used to exploit LFI vulnerabilities in web applications, allowing an attacker to access sensitive files and potentially gain unauthorized access to a system. The tool, called LFI Suite,...

Phantom-Evasion

This is a Python antivirus evasion tool called Phantom-Evasion. It is free software, licensed under the GNU General Public License GPL version 3. The tool is designed to evade detection by antivirus software and is intended for educational or research purposes only. The tool has several modules,...

ctf-tasks

This is a CTF Capture The Flag challenge repository from the CONFidence CTF 2014 event. The repository contains several files and directories related to two tasks: "Crypto Machine" and "Memory". Crypto Machine The "Crypto Machine" task is a reverse engineering challenge that involves exploiting a...

fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

CTFium

This is a collection of CTF Capture The Flag writeups by PersianCats. It is a repository of technical writeups for various CTF challenges from different events. The writeups cover a range of topics, including exploitation of vulnerabilities, reverse engineering, and binary analysis. The repositor...

CTF-All-In-One

This is a repository for a book titled "CTF-All-In-One" by firmianay. The book is a comprehensive guide to CTF Capture The Flag competitions, covering various topics such as Linux, Web security, reverse engineering, and cryptography. The repository contains the source code and materials for the...

hackingtool

This is an offensive tool for penetration testing and hacking. It is a collection of various tools for different types of attacks, including information gathering, web attacks, SQL injection, phishing, and more. The tool is written in Python and is designed to be run on Linux systems, including...

pwntools

This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...

hackingtool-v5.1

All in One Hacking tool For Hackers🥇 !https://img.shields...

hackingtool

This is an all-in-one hacking tool for hackers, written in Python. The tool is designed to be run on Linux, Kali Linux, or Parrot OS. It provides a menu-driven interface for various hacking tasks, including information gathering, wireless attacks, SQL injection, phishing, web attacks,...

boopkit

This is a Linux rootkit and backdoor built using eBPF Extended Berkeley Packet Filter. The tool is called "boopkit" and is designed to establish a reverse TCP connection from a remote server to a local machine. The tool has several options, including: -lhost and -lport to specify the local host a...

InstantCMS Code Issues Vulnerabilities

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

Exploit for Code Injection in Xwiki

xwiki-15.10.8-revers...

Linux Distros Unpatched Vulnerability : CVE-2022-41561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition,...

Linux Distros Unpatched Vulnerability : CVE-2022-46302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for...

MAL-2025-191709 Malicious code in cti-ctf-challenges (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...

Malicious code in cti-ctf-challenges (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...

Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April...

AutoSploit

PoC exploit for CVE-XXXX-XXXX. It is an automated mass exploiter that uses the Shodan.io API to collect targets and then attempts to exploit them using Metasploit modules. The tool can be configured to run all available Metasploit modules against the targets in a 'Hail Mary' type of attack. The...