Exploit for Deserialization of Untrusted Data in Facebook React

RSC Surface & Crash Detector This tool is a non-intrusive sec...

Exploit for Missing Authorization in Oliverpos Oliver_Pos

Usage Basic Usage bash python3 exploit.py -l targets.txt -e your...

Exploit for CVE-2025-34085

Cyberlone Indonesia 🛠️ WordPress Simple File List RCE Scanner...

Exploit for Missing Authentication for Critical Function in Commvault

CVE-2025-34028 - Commvault Command Center Remote Code Executio...

Exploit for Code Injection in Craftcms Craft_Cms

Before you run script again do fuser -k 6666/tcp...

Exploit for OS Command Injection in Progress Loadmaster

CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️...

meg+ - Automated Reconnaissance Wrapper

This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a...

shodan-api NSE Script

Queries Shodan API for given targets and produces similar output to a -sV nmap scan. The ShodanAPI key can be set with the 'apikey' script argument, or hardcoded in the .nse file itself. You can get a free key from N.B if you want this script to run completely passively make sure to include the -...

http-wordpress-users NSE Script

Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others. Original advisory: Script Arguments http-wordpress-users.out If set it saves the username list in this file...

nping-brute NSE Script

Performs brute force password auditing against an Nping Echo service. See for Echo Mode documentation. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the cred...