SUSE CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

GO-2025-3472 SSRF in sliver teamserver in github.com/bishopfox/sliver

SSRF in sliver teamserver in github.com/bishopfox/sliver...

SSRF in sliver teamserver

Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...

GHSA-FH4V-V779-4G2W SSRF in sliver teamserver

Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

PT-2024-29267 · Sliver · Sliver

Name of the Vulnerable Software and Affected Versions: Sliver version 1.6.0 prerelease Sliver versions prior to 1.6.0 Description: Sliver is an open source cross-platform adversary emulation/red team framework that can be used by organizations of all sizes to perform security testing. It is...

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570: Havoc-C2-SSRF-poc This vulnerability is exploi...

HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...

Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Fortra Cobalt Strike contains a cross-site scripting XSS vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely...

VulnCheck KEV: CVE-2022-39197

Fortra Cobalt Strike contains a cross-site scripting XSS vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely...

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

CVE-2022-39197-POC 中文版本READMECN.md ---...

CVE-2022-39197

An XSS Cross Site Scripting vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the...

CVE-2022-39197

An XSS Cross Site Scripting vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the...

PT-2022-24798

Name of the Vulnerable Software and Affected Versions HelpSystems Cobalt Strike versions through 4.7 Description A Cross Site Scripting XSS issue was found that allows a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit this issue, an attacker must first inspect a Cobalt...

Paragon - Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI

Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of the backend work to enable operators to focus on writing implants and spend less time worrying about databases and css. The repository also provides some offensive tools already...

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

UPDATE: SILENTTRINITY v0.3.0

PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...