ShellPop. Pop shells like a master.
1.5kFakePip. Pip install exploit package
158CVE-2019-0841-BYPASS. A fully automatic CVE-2019-0841 bypass targeting all versions of Edge in Windows 10.
58CVE-2018-1000001. glibc getcwd() local privilege escalation compiled binaries
31Shellkiller. A killer reverse-shell script that is able to use a lot of techniques to ensure your shell will pop back to you.
30NamedPipes. Bind shell that uses Named Pipes as transport and execute PowerShell code through Runspaces.
17CVE-2016-2098. Ruby On Rails unrestricted render() exploit
16-CVE-2017-9805. Exploit script for Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805)
15CVE-2019-1064. CVE-2019-1064 Local Privilege Escalation Vulnerability
11TelePreter. Telegram-based PowerShell Runspace Host
11CVE-2018-12613. PHPMyAdmin v4.8.0 and v.4.8.1 LFI exploit
10XXE. My own repository used for testing XXE vulnerabilities in a more automated way.
6CVE-2016-10033. PHPMailer < 5.2.18 Remote Code Execution Exploit
6CVE-2017-5638. Struts02 s2-045 exploit program
6CVE-2018-10517. CMS Made Simple 2.2.7 RCE exploit
5CVE-2018-7600. CVE-2018-7600 - Drupal 7.x RCE
4BlueKeep. Proof of concept for CVE-2019-0708
3Hash-Buster. Crack hashes in seconds.
3ctf_tools. Tools we (Watchers) use for CTF wargames.
3CVE-2014-6271. Shellshock exploitation script that is able to upload and RCE using any vector due to its versatility.
3webminerpool. Complete sources for a monero webminer.
3shemutils. Pythonic multi-task library of encryption, database, logging and checksum.
30x00-0x00.github.io. Ruby
3CVE-2015-3224. Modification of Metasploit module for RCE in Ruby-On-Rails Console CVE-2015-3224
2netcracker. WiFi auditing tool to monitor, capture and crack WPA handshakes.
2crypt. Crypt is a cryptography tool to protect all kinds of data using AES-256 and RSA-4096 algorithms.
2shredder. C program to erase files securely overwritting data with random patterns.
2gadreel-bot. Telegram bot to help with task management and CTF wargames
2router_attack. wireless security audit repository
2CVE-2018-10949. Zimbra Collaboration Suite Username Enumeration
1CTF_SecurityWeekend. Data for FATEC's 1st SecurityWeekend CTF
1nichide. NicHide is a pure-C program to hide your NIC hardware address.
1decryptor. A substitution cipher decryptor that uses the operator (user) to decrypt the cipher on-the-fly.
1hashfind. A simple program to request to decrypthash.com to decrypt the hash given by the user.
1ReverseEngineerPractice. Reverse Engineering Tutorial Files from Lena Course
1autobackup. C program to handle rsync and SimplePush notifications easily for my own servers.
1CVE-2018-15131. Zimbra Collaboration Suite Username Enumeration
1asyncspider. A URL brute-forcer to find hidden files from a target URL. AsyncIO.
1proxypwn. ProxyPwn is a scanner and tunneler for open proxies.
1CVE-2018-7422. Wordpress plugin Site-Editor v1.1.1 LFI exploit
1netwatch. NetWatch is a tool to monitor network hosts TCP ports, uptime and visualize scan logs.
1shell_scripts. My own shell scripts used for management.
1