渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

• UpdatedDec 5, 2025
• HTML

NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js

• UpdatedApr 12, 2025
• Python

Authentication bypass for outdated WoW emulation authentication servers

• UpdatedDec 21, 2017
• C++

Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager

• UpdatedJan 21, 2023
• Python

A stealth SSH backdoor leveraging PAM shared object (.so) injection to bypass authentication and gain SSH access.

• UpdatedMar 7, 2025
• Shell

Authentication Bypass Vulnerability — CVE-2024–4358 — Telerik Report Server 2024

• UpdatedNov 26, 2024
• Python

A PoC exploit for CVE-2023-51467 - Apache OFBiz Authentication Bypass

• UpdatedDec 31, 2023
• Python

This repository contains a basic custom lab environment designed to demonstrate and explore SQL injection vulnerabilities. The lab provides a hands-on learning experience to understand the risks associated with insecure coding practices and the impact of SQL injection attacks on web applications.

• UpdatedSep 20, 2023
• Python

Hack Karadeniz 2022 CyberCafe sorusu için yazdığım writeup

• UpdatedOct 30, 2023
• Python

The Vulnerability of GoAhead Service on VStarcam C34S-X4 that allows you to download system.ini configuration file and get login and password.

• UpdatedFeb 28, 2021
• Python

WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk!

• UpdatedNov 19, 2024
• Dockerfile

A PoC exploit for CVE-2024-27198 - JetBrains TeamCity Authentication Bypass

• UpdatedMar 9, 2024
• Python

It is a simple password brute force tool designed for ethical hacking and security testing. Automates the process of selecting passwords for a given user on a website by sending POST requests with different passwords and analyzing the response.

• UpdatedAug 11, 2024
• Python

A Python tool for decrypting passwords hashed with the AuthMe SHA256 algorithm. Ideal for penetration testing and security audits on Minecraft servers using the AuthMe authentication plugin.

• UpdatedAug 9, 2024
• Python

Authentication Bypass PoC for CVE-2025-2825 – Exploiting CrushFTP 10.x

• UpdatedJul 22, 2025
• Python

Intentionally vulnerable captive portal lab for wireless security training. Demonstrates session hijacking, authentication bypass, and network security vulnerabilities. Docker containerized for safe, isolated learning environments. FOR EDUCATIONAL USE ONLY.

• UpdatedOct 6, 2025
• Python

This repository demonstrates a privilege escalation attack targeting Open5GS's WebUI, exploiting unauthenticated database connections and forged session cookies/JWT tokens. The analysis reveals critical vulnerabilities in authentication mechanisms, offering insights for securing 5G network components.

• UpdatedJun 12, 2025
• Python

🛡️ Web Penetration Testing is the process of testing websites or web apps for security flaws. 🔍 It helps find vulnerabilities like SQL injection, XSS, and authentication bypass. 🚨 Used to protect data, improve security, and prevent hacking attacks.

• UpdatedNov 24, 2025

Exploits for CVE-2020-9376 and CVE-2020-9377

• UpdatedJul 9, 2020
• Python

PoC for CVE-2025-5777 – Auth Bypass and RCE in Trend Micro Apex Central

• UpdatedJul 23, 2025
• Python