fuzzlove
Complete public repository index.
Disclaimer
All content is provided for authorized security research, defensive testing, and educational purposes only.
Any misuse, unauthorized access, or illegal activity is strictly prohibited. You are solely responsible for how you use these materials.
The author assumes no liability for misuse, damage, service disruption, data loss, or legal consequences resulting from use of this code.
ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)
ATutor 2.2.4 'Backup' Remote Command Execution (CVE-2019-12170)
Various bufferoverflows made or examined while I was in the process of studying.
Bring Your Own Scripting Interpreter - Custom Shell (PHP)
CallBackCodeExecution v1 - Vanilla Series
CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal
Cisco Bug: CSCur90888 - Cisco UCS Manager Remote Command Execution Vulnerability
The leaked exploit toolkit for various iOS versions
reverse shell using curl
Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
iOS Downgrade Party Checker ✅ 🥳
eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185)
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.
FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)
Gopher HTTP requests (POST/GET)
GPP Fire - AutoLogins & Others
Impacket is a collection of Python classes for working with network protocols.
An OOB interaction gathering server and client library
lazychicken.sh - A simple external IP check that utilizes multiple sources.
Hell's Gate, but make it 32-bit!
Mac Audit Agent is a macOS security auditing and monitoring tool that helps identify system risks, suspicious activity, and configuration weaknesses. It provides clear findings, baseline change detection, and actionable recommendations while keeping all data local to the device.
Demonstrate calling a kernel function and handle process creation callback against HVCI
Course materials for Modern Binary Exploitation by RPISEC
A revamped and updated version of my original OneRuleToRuleThemAll hashcat rule
The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
Bruteforce p12 files for fun
Open-Source Shellcode & PE Packer
Obfuscated, FUD Simple PowerShell Reverse Shell One-Liner
Simple yet effective PS SC loader.
privesc stuff for linux
privesc tools for windows
A Golang Reverse Shell Tool With AES Dynamic Encryption
Shaco is a linux agent for havoc
A Microsoft windows x86_64 Golang shellcode tester that includes example calc.exe shellcode.
Shellcode development tool
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
A basic python c2 server
Technical analysis and Proof of Concepts (PoCs) for common web-based execution vectors, including ClickFix and FileFix methodologies. This repository maps these techniques to MITRE ATT&CK T1204.004 for defensive research.
SOPlanning 1.52.00 CSRF/SQLi/XSS (CVE-2024-33722, CVE-2024-33724)
Exploit chain utilizing directory traversal and iOS restore to overwrite protected files.
Stealthily inject shellcode into an executable
SystemFunction032 Research
TeamViewer Password Decrypter
Disable DSE and WinTcb (without breaking DRM)
A shellcode runner that runs shellcode from a password protected zip file.
C# Shellcode Runner (In-Memory GZip)