Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Exploit

Exploit refers to a piece of code or technique that takes advantage of a security vulnerability in a system, application, or network to cause unintended behavior. Exploits can be used by attackers to gain unauthorized access, escalate privileges, execute arbitrary code, or cause a denial of service. This topic covers the various types of exploits, such as zero-day exploits, remote code execution, and privilege escalation. It also explores the lifecycle of an exploit, from discovery and development to deployment and mitigation, and highlights the importance of vulnerability management and patching in preventing exploits.

https://github.com/jamesjara/toolkit-exploit-hacking-seismologic-networks

toolkit for exploiting your own seismological networks

exploit netdb seismology

Last synced: 06 Apr 2025

https://github.com/hupe1980/gomsf

Golang based RPC client to communicate with Metasploit

exploit golang metasploit meterpreter msf redteam rpc shell

Last synced: 16 Apr 2025

https://github.com/thewhiteh4t/cve-2019-11447

CutePHP Cute News 2.1.2 RCE PoC

cutenews cutephp cve-2019-11447 exploit python rce

Last synced: 04 Jul 2025

https://github.com/hunthubspace/cve-2024-0757-exploit

A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)

bugbounty cve ethical-hacking exploit penetration-testing web

Last synced: 13 Apr 2025

https://github.com/cryxnet/cve-2022-42889-rce

Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability)

cve-2022-42889 exploit exploits poc security vulnerability

Last synced: 27 Dec 2025

https://github.com/mordavid/cve-2023-38831-winrar-exploit-generator-poc

This is a POC for the CVE-2023-3883 exploit targeting WinRAR up to 6.22. Modified some existing internet-sourced POCs by introducing greater dynamism and incorporated additional try-except blocks within the code.

archive cve-2023-38831 exploit rce rce-exploit remote-code-execution winrar

Last synced: 12 Jun 2025

https://github.com/martinclauss/exim-rce-cve-2018-6789

This repository provides a learning environment to understand how an Exim RCE exploit for CVE-2018-6789 works.

binary-exploitation cve docker educational exim exim-exploit exploit exploit-development gdb learning-by-doing pwndbg pwntools rce vagrant

Last synced: 27 Aug 2025

https://github.com/mfazrinizar/sqlzr-i

This is a Perl program to do an automated SQL Injection for pentesting web's SQL database protection. Coded by M.Fazri Nizar.

database exploit exploitation pentesting perl sql sql-i

Last synced: 08 May 2025

https://github.com/so1icitx/cve-2024-25600

Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.

bricks-builder bricksbuilder cve-2024-25600 exploit hacking pentesting python-3 python3 rce rce-exploit remote-code-execution security-research security-researcher vulnerability wordpress wordpress-plugin

Last synced: 08 Apr 2025

https://github.com/xewdy444/netgrave

A tool for retrieving login credentials from Netwave IP cameras using a memory dump vulnerability (CVE-2018-17240)

camera exploit netwave security vulnerability

Last synced: 11 Mar 2026

https://github.com/sjord/protravel

Recursively exploit path traversal vulnerability

exploit python3

Last synced: 08 May 2025

https://github.com/xsscx/windows

Welcome to Hoyt's Windows Fuzzing Repo

exploit fuzzing windows

Last synced: 14 Mar 2026

https://github.com/noraj/fuelcms-rce

Fuel CMS 1.4 - Remote Code Execution

cve-2018-16763 exploit fuel-cms poc rce remote-code-execution

Last synced: 12 Apr 2025

https://github.com/000pp/OAO

⚙️ Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...

ace acl ad blueteam exploit golang hacking ldap operator redteam windows

Last synced: 17 Apr 2025

https://github.com/xsscx/ios-arm-binaries

UPDATED: All the action is at https://github.com/xsscx/srd

arm development discovery exploit ios vulnerability

Last synced: 04 Mar 2026

https://github.com/0x00-0x00/cve-2016-10033

PHPMailer < 5.2.18 Remote Code Execution Exploit

2016-10033 cve exploit php phpmailer

Last synced: 12 Jul 2025

https://github.com/paulveillard/cybersecurity-exploits

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software Exploits in Cybersecurity.

exploit

Last synced: 07 Jan 2026

https://github.com/elijahhx/dead1ock-h4ck

"Dead1ock-h4ck" is an open-source project dedicated to exploring cybersecurity and ethical hacking techniques. The project aims to provide resources and tools for learning about network security, cryptography, and penetration testing.

cyber-defense cybersecurity cybersecurity-research dead1ock-h4ck exploit github hacking hacktivism infosec malware pentesting programming ransomware security technology vulnerability

Last synced: 23 Apr 2025

https://github.com/voidsec/tivoli-madness

Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager

authorization-bypass buffer-overflow exploit ibm jamodat tivoli voidsec

Last synced: 09 Apr 2025

https://github.com/systemvll/windows-extension-exploit

Exploit for Windows extension, it can hide the .exe extension and replace it with any other extension

0day exploit windows windows-exploit

Last synced: 21 Jun 2025

https://github.com/emmaconnor/moria

Python library for interacting with in-memory C structures using data mined from binary DWARF debug info.

binary-exploitation c exploit exploit-development exploitation exploits offensive-security python security

Last synced: 11 Mar 2026

https://github.com/nerdsinspace/nocom-frontend

The No Comment web application frontend.

angular exploit javascript minecraft

Last synced: 13 Apr 2025

https://github.com/joe12387/safari-canvas-fingerprinting-exploit

An exploit for Safari 17.4 and lower that enables fingerprinting Safari users using OffscreenCanvas and SharedWorkers even if fingerprinting protections are enabled.

apple browser browser-fingerprint browser-fingerprinting exploit fingerprint fingerprinting ios javascript macos safari vulnerabilities vulnerability

Last synced: 16 Mar 2026

https://github.com/mrcl0wnlab/nuclei-template-exploit-f5-big-ip-icontrol-rest-auth-bypass-rce-command-parameter

CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.

bigip bigip-rest-api cve-2022-1388 exploit f5-bigip nuclei nuclei-templates

Last synced: 24 Feb 2026

https://github.com/kardespro/nosqlmap

NoSQLMap CLI Tool is a command-line interface (CLI) tool designed to test for NoSQL injection vulnerabilities using Node.js, TypeScript, and Axios. It supports both HTTP and HTTPS requests and works with all HTTP methods.

exploit mongodb mongodb-database mongoose nosqlmap pentesting scan-tool security security-tools sqlmap

Last synced: 24 Oct 2025

https://github.com/000pp/oao

⚙️ Operating Account Operators (OAO) is a Golang tool to interact with the LDAP protocol to manage account groups, roles, ACLs/ACEs, etc...

ace acl ad blueteam exploit golang hacking ldap operator redteam windows

Last synced: 24 Apr 2025

https://github.com/team0se7en/cve-2020-8816

Pi-hole ( <= 4.3.2) authenticated remote code execution.

cve-2020-8811 exploit golang pi-hole privesc rce

Last synced: 15 Jun 2025

https://github.com/0xapt/evil-xmlrpc

evil-xmlrpc is a tool that I created to help me bruteforce Wordpress user accounts using xmlrpc.php while bypassing iThemes Security preventing lockouts

exploit ithemes-security python wordpress

Last synced: 07 Sep 2025

https://github.com/synap5e/razor-eop-xiao

Razor installer elevation of privilege trigger + automation with Seeeduino XIAO

circuitpython eop exploit micropython privesc razor

Last synced: 15 Apr 2025

https://github.com/crllect/zorro

Frontend-only game and unblock website with a pretty big lib. Only a fun side-project, dont expect daily updates

exploit games proxy website

Last synced: 23 Jun 2025

https://github.com/vulnsphere/ai_infra_vuln_pocs

This is the PoC repository of LLM service. Updating...

exploit llm ml nuclei nuclei-templates poc security vulnerability

Last synced: 27 Jan 2026

https://github.com/siddhant385/flask-phishing

PHISHING FRAMEWORK BUILT OVER FLASK AND COULD BE DEPLOYED OVER WEB TO SHOW THE RISKS OF PHISHING OVER THE WEB WITH PASSWORD FETCH OVER TELEGRAM

brute-force exploit flask flask-login flask-phishing flask-web instagram iplogger ngrok phishing phishing-attacks phishing-kit phishing-page phishing-script phishing-tool portforward web zphisher

Last synced: 14 Apr 2025

https://github.com/aw-junaid/security-and-hacking

Explore ethical hacking and security: penetration testing, vulnerability scanning, and exploit development. Includes tools, scripts, and hands-on labs.

ethical-hacking exploit hacking penetration-testing security vulnerabilities vulnerability-scanners

Last synced: 08 Jan 2026

https://github.com/iosdec/sandbox-escape-poc-ios-13.4.1-and-lower

This is a POC of a sandbox escape by found by Siguza. Works up to iOS 13.4.1.

exploit ios objective-c sandbox-escape

Last synced: 14 Apr 2025

https://github.com/flutterguard/flutterguard-cli

Know and see everything an attacker can extract and get from your published Flutter app

android apk cli dart exploit flutter opensource reverse-engineering security static-analysis

Last synced: 13 Jan 2026

https://github.com/demining/cold-and-hot-wallets

Cold Wallets and Hot Wallets how to find vulnerabilities and eliminate various attacks on the Blockchain

attack attacker attacks bitcoin bitcoin-transaction bitcoin-wallet blockchain coldwallet coldwaters cryptocurrency exploit exploits hack hacking vulnerabilities vulnerability

Last synced: 13 May 2026

https://github.com/codercooke/osx-thumbnails

Reassemble thumbnails from osx quicklook thumbnail cache

exploit forensics mac macos osx quicklook thumbnails

Last synced: 07 Jul 2025

https://github.com/usbokirishima/vepar

Vepar Botnet distributed system to make Distributed Denial of Services Attacks (DDoS)

botnet ddos exploit hacking malware

Last synced: 12 Apr 2025

https://github.com/rf-peixoto/black_veil

A simple pseudo-crypter for python code.

crypter exploit payload pentest python redteam

Last synced: 24 Jul 2025

https://github.com/acceis/exploit-cve-2022-24780

iTop < 2.7.6 - (Authenticated) Remote command execution

cve cve-2022-24780 exploit rce ssti

Last synced: 16 Jul 2025

https://github.com/geniuszly/CVE-2022-46080

it is script that enables Telnet on routers by sending a specially crafted request. The script allows users to specify the router's URL, Telnet port, and password. It validates the inputs and logs the process, providing feedback on whether the exploit was successful.

buffer-overflow cve cve-2022-46080 cybersecurity ethical-hacking exploit exploit-development linux nexxt nexxt-router penetration-testing poc rce rce-exploit router security telnet vulnerability vulnerability-research

Last synced: 07 May 2025

https://github.com/srdja/arp-poison

ARP cache poisoning tool

arp-poisoning exploit

Last synced: 14 Apr 2025

https://github.com/k3rnel-dev/winrarexploit

CVE-2023-38831-WINRAR-EXPLOIT GENERATOR

0day exploit winrar

Last synced: 13 May 2025

https://github.com/rxzyx/ps3d-ultimate-client

The best hacks for Pixel Strike 3D (PS3D) you can find.

3d aws exploit game hack mod pixel pixelstrike pixelstrike3d playfab ps3d python strike

Last synced: 30 Apr 2026

https://github.com/geniuszly/cve-2022-46080

it is script that enables Telnet on routers by sending a specially crafted request. The script allows users to specify the router's URL, Telnet port, and password. It validates the inputs and logs the process, providing feedback on whether the exploit was successful.

buffer-overflow cve cve-2022-46080 cybersecurity ethical-hacking exploit exploit-development linux nexxt nexxt-router penetration-testing poc rce rce-exploit router security telnet vulnerability vulnerability-research

Last synced: 11 Apr 2025

https://github.com/hupe1980/gopherfy

Tool to generate gopher links for exploiting SSRF

exploit fastcgi gopher http mysql postgresql smtp ssrf

Last synced: 06 Jul 2025

https://github.com/n132/dec-safe-linking

A general way to Recover Safe linking protected value/pointer

exploit heap

Last synced: 21 Jul 2025

https://github.com/aishee/bdeath

The black death backdoor/rootkits

backdoor exploit hack rootkit

Last synced: 13 May 2025

https://github.com/padsalatushal/cve-2018-16763

Fuel CMS 1.4.1 - Remote Code Execution

cve cve-2018-16763 exploit fuelcms python

Last synced: 22 Sep 2025

https://github.com/cokebeer/logi

Logi is a LDAP/MySQL server focusing on pingback deserialize recon and exploit.

commons-beanutils custom cve-2020-14644 deserialize exploit gadget go java jdbc jndi ldap log4j mysql probe server wordlist

Last synced: 09 Apr 2025

https://github.com/0xbitx/dedsec_malware_dropper

linux based super-stealthy Dropper, that can create a fully undetected linux malware executable.

custom-payload dropper exploit fud fud-backdoor linux-tool malware rat undetectable-malware

Last synced: 02 Dec 2025

https://github.com/geniuszly/CVE-2022-45701

it is script designed to exploit certain vulnerabilities in routers by sending payloads through SNMP (Simple Network Management Protocol). The script automates the process of authorization, payload generation, and execution, allowing for remote command execution on the target device.

arris arris-modem arris-router buffer-overflow cve cve-2022-45701 cybersecurity ethical-hacking exploit exploit-development linux penetration-testing poc python security snmp vulnerability vulnerability-research

Last synced: 07 May 2025

https://github.com/nerdsinspace/nocom-http

The No Comment web application backend.

api exploit java minecraft spring spring-boot

Last synced: 13 Apr 2025

https://github.com/geniuszly/cve-2022-44149

it is script designed to interact with a router by sending a payload to its system tools. The script retrieves the router's configuration from environment variables to ensure security. It includes functions for generating an authorization header, sending a payload, and logging the process.

cve cve-2022-44149 cybersecurity ethical-hacking exploit exploit-development linux payload penetration-testing poc privilege-escalation security vulnerability vulnerability-research

Last synced: 11 Apr 2025

https://github.com/geniuszly/cve-2022-45701

it is script designed to exploit certain vulnerabilities in routers by sending payloads through SNMP (Simple Network Management Protocol). The script automates the process of authorization, payload generation, and execution, allowing for remote command execution on the target device.

arris arris-modem arris-router buffer-overflow cve cve-2022-45701 cybersecurity ethical-hacking exploit exploit-development linux penetration-testing poc python security snmp vulnerability vulnerability-research

Last synced: 11 Apr 2025

https://github.com/geniuszly/gendecryptauthme

A Python tool for decrypting passwords hashed with the AuthMe SHA256 algorithm. Ideal for penetration testing and security audits on Minecraft servers using the AuthMe authentication plugin.

authentication-bypass authme authme-sha256 cybersecurity decryption ethical-hacking exploit gendecryptauthme minecraft password-decryption penetration-testing python reverse-engineering security-tools sha256 sha256-hash

Last synced: 15 Jun 2025

https://github.com/jcs090218/reverse_shell

Reverse shell implementation using Python

exploit microservice reverse-shell vulnerability

Last synced: 28 Feb 2026

https://github.com/0xmachos/cve-2019-8561

Proof of concept exploit for CVE-2019-8561 discovered by @jbradley89

exploit macos poc proof-of-concept

Last synced: 14 Jul 2025

https://github.com/kos0ng/cves

Repository regarding my security research

cve exploit security

Last synced: 28 Jul 2025

https://github.com/sgabe/cve-2019-1476

AppXSvc Arbitrary File Overwrite DoS

dos-attack exploit proof-of-concept vulnerability windows10

Last synced: 17 Oct 2025

https://github.com/alexfrancow/cve-2020-7200

CVE-2020-7200: HPE Systems Insight Manager (SIM) RCE PoC

cve exploit hpe jboss rce

Last synced: 09 Jul 2025

https://github.com/z3n70/CVE-2021-43798

Simple program for exploit grafana

bugbounty cybersecurity exploit grafana pentesting

Last synced: 10 Mar 2025

https://github.com/0xnonames/croissanted.py

A Python script exploiting Discord's authorization token.

discord exploit python

Last synced: 24 Jul 2025

https://github.com/teemsploit/situationadmin.lua

A console admin script built for synapseX & Script-Ware may not work on other executors.

admin exploit lua luau rlua roblox roblox-cheat roblox-hack roblox-script robloxlua script-ware synapsex teemsploit

Last synced: 04 Oct 2025

https://github.com/cybersecsi/blueborne-dockerized

Repo code for the related post on SecSI Blog: https://secsi.io/blog/blueborne-kill-chain-on-dockerized-android

android aslr aslr-bypass blueborne bluetooth container docker exploit secsi

Last synced: 13 Jul 2025

https://github.com/mauricelambert/cve-2021-31166

CVE-2021-31166: exploitation with Powershell, Python, Ruby, NMAP and Metasploit.

bluescreen crash cve cve-2021-31166 denial-of-service dos exploit iis metasploit microsoft nmap payload powershell python3 ruby vulnerability webserver

Last synced: 04 Sep 2025

https://github.com/undacmic/heartbleed-proof-of-concept

Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. :old_key: :unlock:

cve-2014-0160 exploit heartbeat heartbleed proof-of-concept tls vulnerability

Last synced: 06 Mar 2026

https://github.com/voidsec/mona-ropshell

For all loaded modules (DLLs), fetch ROP gadgets querying Ropshell DB

corelan exploit exploitation mona rop ropgadget ropshell voidsec

Last synced: 09 Apr 2025

https://github.com/eqstlab/cve-2024-48914

Arbitrary File Read and DoS in vendure-ecommerce exploit

cve exploit poc proof-of-concept security typescript vulnerability

Last synced: 27 Jul 2025

https://github.com/monke443/CVE-2023-40028

Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink.

cve cve-2023-40028 exploit ghost-cms github pentesting security vulnerability

Last synced: 30 Aug 2025

https://github.com/sebastian-mora/cve-2020-27358-27359

CVE-2020-27358 and CVE-2020-27359

cve cve-2020-27358 cve-2020-27359 exploit

Last synced: 10 Mar 2025

https://github.com/idiidk/apeslapslion

A poc WebKit exploit for older devices based on the Phoenhex team exploit.

1131 exploit ios poc safari webkit

Last synced: 30 May 2026

https://github.com/danucosukosuko/rfsrcexploit

Un nuevo exploit de ChatGPT o una alternativa a D.A.N. Las siglas de RFSR son RE.FU.SE.R. Que se salta la política de OpenAI.

exploit gpt-3-5-turbo

Last synced: 03 Jan 2026

Exploit Awesome Lists
Awesome-Hacking-Resources 291 awesome-hacker-search-engines 564 awesome-mcp-security 119 bluetoolkit 67 awesome-vm-escape 47 awesome-MLSecOps 190 awesome-uefi-security 233 awesome-cryptocurrency-security 50 awesome-iot-security-resource 204
Exploit Categories
Uncategorized 700 Table of Contents 385 Threat Modeling 317 Vulnerability Writeup 271 Blogs 213 TODO List 86 Blogs :newspaper: 84 Cloud Infrastructure 63 MlSecOps pipeline 63 Talks :speaker: 60 Open Source Security Tools 54 📕 Articles, X threads and Blog Posts 52 CI/CD & DevOps Pipelines 43 Qemu 39 Tools :hammer: 38 Install 36 Repositories 34 Firmware 26 🧑‍🚀 Tools and code 25 Community Resources 23