Repos
41
Stars
222
Forks
25
Top Language
Python
Loading contributions...
Top Repositories
Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.
Arescan is a powerful web directory discovery tool that helps you uncover hidden directories and links on any website. By performing a breadth-first search.
Mobile Mouse 3.6.0.4 could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Collection of efficient curl one-liners for executing reverse shells, ideal for development and security testing.
Clover P2P Reverse Shell allows you to establish a a decentralized peer-to-peer (P2P) connection between two computers and execute shell commands on the remote computer.
This is a simple PHP reverse shell that works on both Windows and Linux systems. It lets you specify the operating system via a query parameter, and will execute a PowerShell reverse shell on Windows or a bash reverse shell on Linux.
Repositories
41Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.
Collection of efficient curl one-liners for executing reverse shells, ideal for development and security testing.
Mobile Mouse 3.6.0.4 could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
This is a simple PHP reverse shell that works on both Windows and Linux systems. It lets you specify the operating system via a query parameter, and will execute a PowerShell reverse shell on Windows or a bash reverse shell on Linux.
MyBB is a free and open source forum software.
WBCE CMS 1.6.4 Remote Code Execution: WBCE CMS version 1.6.4 contains a critical remote code execution vulnerability in the Droplets module. Authenticated attackers with administrator privileges can inject and execute arbitrary PHP code, leading to complete system compromise.
RiteCMS v3.1.0 contains an authenticated Remote Code Execution (RCE) via its content_function() handler: [function:...] tags in page content are evaluated, allowing a user with page-editing privileges to execute arbitrary PHP on the server.
Remote for Windows 2024.15 - RCE Exploit
Remote for Windows version 2024.15 suffers from a missing authentication vulnerability that allows for the disclosure of desktop screenshots.
SQLWinds - SQL Server Security Assessment & Post-Exploitation Toolkit
Silk Chat is a secure, single-file PHP shoutbox requiring no setup. It uses AES-256 encryption for data storage and operates without logs, ensuring private and encrypted communication.
Panzer ProxyFinder is a command-line tool designed to quickly and easily find public proxies. By searching multiple websites, it can quickly and efficiently compile a list of working proxies that can be used for a variety of purposes, such as web scraping, penetration testing, or anonymity.
cothon framework: A stealthy command & control (C2) framework designed for ethical penetration testing and red team operations.
AirKeyboard 1.9.0.0 Integer Overflow to Remote Denial of Service (DoS)
AirKeyboard iOS App Version 1.0.5 - Remote Input Injection
Metasploit Framework
Remote for Mac version 2025.6 suffers from an unauthenticated desktop stream disclosure vulnerability.
Remote for Mac version 2025.6 allows an unauthenticated remote attacker to achieve remote code execution by sending a crafted sequence of UDP packets that simulate keyboard input.
Remote for Windows 2024.15 Unauthenticated Arbitrary Input
The Remote for Windows helper service exposes unauthenticated RCE through the executeScript API endpoint. This allows SYSTEM-level command execution via crafted HTTP requests.
Remote for Windows 2024.15 - Unauthenticated SYSTEM Desktop Stream Exploit Vulnerable Component: Helper app Live View feature (raw H264 over TCP) Live View H264 per default is enabled.
This exploit abuses the Remote Keyboard Desktop 1.0.1 WebSocket interface to simulate keystrokes and execute a remote payload via SMB, leading to unauthenticated remote code execution on Windows systems.
dotx - A hunter for exposed dotfiles and misconfigured secrets
Arescan is a powerful web directory discovery tool that helps you uncover hidden directories and links on any website. By performing a breadth-first search.
Clover P2P Reverse Shell allows you to establish a a decentralized peer-to-peer (P2P) connection between two computers and execute shell commands on the remote computer.
Mago is a JavaFX-based shell generator tool that creates payloads for Linux, Windows systems and web. It features a simple GUI for easy configuration and supports Base64 and URL encoding.
A persistent reverse shells by leveraging Windows environment variables. It provides a stealthy and convenient way to store and execute PowerShell reverse shells, enabling on-demand execution across sessions.
No description provided.
bypass av reverse shell in windows
The Vocal XSS demonstrates proof-of-concept scripts for exploiting voice-based Cross-Site Scripting (XSS) in web applications.