evilMACHOMalicious use of macho, such as dump-runtime-macho, function-hook.
goMS17-010Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
HEVD Kernel ExploitExploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.
RageRage allows you to execute any file in a Microsoft Office document.
wownedAuthentication bypass for outdated WoW emulation authentication servers
Umbraco-RCEUmbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
doonaNetwork based protocol fuzzer
x64dbgpylibPort of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.
CamRaptorCamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
BashCollection of bash scripts I wrote to make my life easier or test myself that you may find useful.
discord-bugs-exploitsA Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.
IDA WrapperAn IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.
padreBlazing fast, advanced Padding Oracle exploit
spellbookFramework for rapid development and reusable of security tools
RootMyTV.github.ioRootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.
exploitCollection of different exploits
CVE-2019-10149CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
ExploitsA personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.
Scripts-SploitsA number of scripts POC's and problems solved as pentests move along.
apple-knowledgeA collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware
CTFCTF binary exploit code
vulristicsExtensible framework for analyzing publicly available information about vulnerabilities
CamOverCamOver is a camera exploitation tool that allows to disclosure network camera admin password.
hackKubernetes security and vulnerability tools and utilities.
ProxyLogonProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
PwnX.py🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
shakeitoffWindows MSI Installer LPE (CVE-2021-43883)
AxonUnrestricted Lua Execution
PythonPython Powered Repository
exploitingExploiting challenges in Linux and Windows
k8badusbBadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit
exploit-CVE-2015-3306ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
expdevVulnerable software and exploits used for OSCP/OSCE preparation
batchqlGraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
go-gtfogtfo, now with the speed of golang
CRAXCRAX: software CRash analysis for Automatic eXploit generation
Ultimate-Guitar-HackThe first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar
fusee-nanoA minimalist re-implementation of the Fusée Gelée exploit (http://memecpy.com), designed to run on embedded Linux devices. (Zero dependencies)
SubRosaBasic tool to automate backdooring PE files
PocOrExp in Github聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
DoubleStarA personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques
pwn-pulseExploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)