fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

CTFium

This is a collection of CTF Capture The Flag writeups by PersianCats. It is a repository of technical writeups for various CTF challenges from different events. The writeups cover a range of topics, including exploitation of vulnerabilities, reverse engineering, and binary analysis. The repositor...

CTF-All-In-One

This is a repository for a book titled "CTF-All-In-One" by firmianay. The book is a comprehensive guide to CTF Capture The Flag competitions, covering various topics such as Linux, Web security, reverse engineering, and cryptography. The repository contains the source code and materials for the...

hackingtool

This is an offensive tool for penetration testing and hacking. It is a collection of various tools for different types of attacks, including information gathering, web attacks, SQL injection, phishing, and more. The tool is written in Python and is designed to be run on Linux systems, including...

pwntools

This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...

hackingtool-v5.1

All in One Hacking tool For Hackers🥇 !https://img.shields...

hackingtool

This is an all-in-one hacking tool for hackers, written in Python. The tool is designed to be run on Linux, Kali Linux, or Parrot OS. It provides a menu-driven interface for various hacking tasks, including information gathering, wireless attacks, SQL injection, phishing, web attacks,...

boopkit

This is a Linux rootkit and backdoor built using eBPF Extended Berkeley Packet Filter. The tool is called "boopkit" and is designed to establish a reverse TCP connection from a remote server to a local machine. The tool has several options, including: -lhost and -lport to specify the local host a...

InstantCMS Code Issues Vulnerabilities

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

Exploit for Code Injection in Xwiki

xwiki-15.10.8-revers...

Linux Distros Unpatched Vulnerability : CVE-2022-41561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition,...

Linux Distros Unpatched Vulnerability : CVE-2022-46302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for...

MAL-2025-191709 Malicious code in cti-ctf-challenges (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...

Malicious code in cti-ctf-challenges (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...

Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April...

AutoSploit

PoC exploit for CVE-XXXX-XXXX. It is an automated mass exploiter that uses the Shodan.io API to collect targets and then attempts to exploit them using Metasploit modules. The tool can be configured to run all available Metasploit modules against the targets in a 'Hail Mary' type of attack. The...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others. In this repository we have made and example...

Exploit for Code Injection in Ispconfig

CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit Hi...

Exploit for CVE-2017-0143

💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...

Exploit for Path Traversal in Apache Http_Server

!bannerhttps://img.shields.io/badge/ApachePathTraversal-RCEC...