Exploit for CVE-2026-42945

CVE-2026-42945-NGINX-Rift bash Basic usage with target I...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Exploit - CVE-2025-55182 Author: andrei2308...

Exploit for OS Command Injection in Wago Compact_Controller_100_Firmware

CVE-2023-1698 CVE-2023-1698 exploit with golang how t...

Exploit for CVE-2025-30208

Disclaimer: The vulnerabilities described in this document, a...

Exploit for CVE-2025-24752

CVE-2025-24752-POC Introduction This python application c...

Exploit for CVE-2024-27292

Docassemblepoc Docassemble任意文件读取漏洞CVE-2024-27292 python D...

Exploit for Path Traversal in Grafana

Automated Exploit Tool for Grafana CVE-2021-43798 !Previewi...

Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower Detection Of Typosquatting And Phishing Domains

AntiSquat leverages AI techniques such as natural language processing NLP, large language models ChatGPT and more to empower detection of typosquatting and phishing domains. How to use Clone the project via git clone https://github.com/redhuntlabs/antisquat. Install all dependencies by typing pip...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 Checking and exploit for CVE-2022-1388...

S3-Account-Search - S3 Account Search

This tool lets you find the account id an S3 bucket belongs too. For this to work you need to have at least one of these permissions: Permission to download a known file from the bucket s3:getObject. Permission to list the contents of the bucket s3:ListBucket. Additionally, you will need a role...

SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments

SharpHose is a C password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers...

Sshtunnel - SSH Tunnels To Remote Server

Inspired by https://github.com/jmagnusson/bgtunnel, which doesn't work on Windows. See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installation sshtunnel is on PyPI, so simply run: pip install sshtunnel or easyinstall sshtunnel or conda install -c...

Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework

A Python Module to interact with the Mitre ATT&CK Framework. pyattck has the following notable features in it's current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations All techniques have suggested mitigations as a property For each class you can access addition...

Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code via P-Code and confuse macro analysis tools. Runs on Linux, OSX and Windows. Current features Hide VBA macros from the GUI editor VBA stomping P-code abuse Fool analyst tools Serve VBA stomp...

Jok3R - Network And Web Pentest Framework

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...

Eternal Check - Ip Vulnerability Check To Eternal Blue, Romance, Synergy & Champion

Ip Vulnerability Check To Eternal Blue, Romance, Synergy & Champion: Eternal Check Eternal Check verifies if an ip is vulnerable to the smb vulnerabilities Eternal Blue Eternal Romance Eternal champion Eternal synergy Screenshots Eternal Check Running Video Requirements nmap winbind wine32 wget...