Exploits / Tools 💣
🧩 A curated collection of public exploit repositories developed by Chocapikk - unauthenticated RCEs, command injections, and weaponized PoCs tied to real CVEs.
Total Exploits: 69 💣
⭐ Featured
💣 MSF Exploit Collection
📦 Chocapikk/msf-exploit-collection
🧠 Large Metasploit exploit collection: consolidated MSF modules, PoCs and exploit scripts.
⭐ Featured
💣 CVE-2025-34152
📦 Chocapikk/CVE-2025-34152
🧠 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE (CVE-2025-34152)
⭐ Featured
💣 CVE-2024-31819
📦 Chocapikk/CVE-2024-31819
🧠 Unauthenticated Remote Code Execution (RCE) Vulnerability in WWBNIndex Plugin of AVideo Platform from 12.4 to 14.2
⭐ Featured
💣 CVE-2024-25600
📦 Chocapikk/CVE-2024-25600
🧠 Unauthenticated Remote Code Execution – Bricks <= 1.9.6
⭐ Featured
💣 CVE-2023-50917
📦 Chocapikk/CVE-2023-50917
🧠 MajorDoMo Unauthenticated RCE: Deep Dive & Exploitation Techniques
⭐ Featured
💣 CVE-2023-29357
📦 Chocapikk/CVE-2023-29357
🧠 Microsoft SharePoint Server Elevation of Privilege Vulnerability
🟢 Public
💣 WPProbe
📦 Chocapikk/wpprobe
🧠 A fast WordPress plugin enumeration tool
🟢 Public
💣 CVE-2024-1212
📦 Chocapikk/CVE-2024-1212
🧠 Unauthenticated Command Injection In Progress Kemp LoadMaster
🟢 Public
💣 CVE-2025-5777
📦 Chocapikk/CVE-2025-5777
🧠 CitrixBleed 2 (CVE-2025-5777)
🟢 Public
💣 CVE-2025-32432
📦 Chocapikk/CVE-2025-32432
🧠 CraftCMS RCE Checker (CVE-2025-32432)
🟢 Public
💣 CVE-2024-3400
📦 Chocapikk/CVE-2024-3400
🧠 Unauthenticated RCE in Palo Alto PAN-OS
🟢 Public
💣 CVE-2024-21887
📦 Chocapikk/CVE-2024-21893-to-CVE-2024-21887
🧠 CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit
🟢 Public
💣 CVE-2024-22903
📦 Chocapikk/CVE-2024-22899-to-22903-ExploitChain
🧠 Comprehensive Exploit Chain for Multiple Vulnerabilities in VinChin Backup & Recovery <= 7.2
🟢 Public
💣 CVE-2024-36401
📦 Chocapikk/CVE-2024-36401
🧠 GeoServer Remote Code Execution
🟢 Public
💣 CVE-2024-45519
📦 Chocapikk/CVE-2024-45519
🧠 Zimbra - Remote Command Execution (CVE-2024-45519)
🟢 Public
💣 CVE-2023-30258
📦 Chocapikk/CVE-2023-30258
🧠 Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
🟢 Public
💣 CVE-2024-56145
📦 Chocapikk/CVE-2024-56145
🧠 Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled
🟢 Public
💣 CVE-2024-8672
📦 Chocapikk/CVE-2024-8672
🧠 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
🟢 Public
💣 CVE-2024-9474
📦 Chocapikk/CVE-2024-9474
🧠 PAN-OS auth bypass + RCE
🟢 Public
💣 CVE-2024-8504
📦 Chocapikk/CVE-2024-8504
🧠 VICIdial Unauthenticated SQLi to RCE Exploit (CVE-2024-8503 and CVE-2024-8504)
🟢 Public
💣 CVE-2024-8517
📦 Chocapikk/CVE-2024-8517
🧠 SPIP BigUp Plugin Unauthenticated RCE
🟢 Public
💣 CVE-2024-34102
📦 Chocapikk/CVE-2024-34102
🧠 CosmicSting (CVE-2024-34102)
🟢 Public
💣 CVE-2024-7954
📦 Chocapikk/CVE-2024-7954
🧠 Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12
🟢 Public
💣 CVE-2024-5084
📦 Chocapikk/CVE-2024-5084
🧠 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
🟢 Public
💣 CVE-2024-4577
📦 Chocapikk/CVE-2024-4577
🧠 PHP CGI Argument Injection vulnerability
🟢 Public
💣 CVE-2024-29269
📦 Chocapikk/CVE-2024-29269
🧠 An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
🟢 Public
💣 CVE-2024-3273
📦 Chocapikk/CVE-2024-3273
🧠 D-Link NAS CVE-2024-3273 Exploit Tool
🟢 Public
💣 CVE-2024-20767
📦 Chocapikk/CVE-2024-20767
🧠 Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability
🟢 Public
💣 CVE-2023-43208-EXPLOIT
📦 Chocapikk/CVE-2023-43208-EXPLOIT
🧠 A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)
🟢 Public
💣 CVE-2024-27198
📦 Chocapikk/CVE-2024-27198
🧠 Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4
🟢 Public
💣 CVE-2023-6553
📦 Chocapikk/CVE-2023-6553
🧠 Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
🟢 Public
💣 CVE-2023-22527
📦 Chocapikk/CVE-2023-22527
🧠 Atlassian Confluence - Remote Code Execution
🟢 Public
💣 CVE-2023-46805
📦 Chocapikk/CVE-2023-46805
🧠 Ivanti Pulse Secure CVE-2023-46805 Scanner - Based on Assetnote's Research
🟢 Public
💣 CVE-2024-21887
📦 Chocapikk/CVE-2024-21887
🧠 RCE in Ivanti Connect Secure
🟢 Public
💣 CVE-2023-7028
📦 Chocapikk/CVE-2023-7028
🧠 This repository presents a proof-of-concept of CVE-2023-7028
🟢 Public
💣 CVE-2023-51467
📦 Chocapikk/CVE-2023-51467
🧠 Apache OfBiz Auth Bypass Scanner for CVE-2023-51467
🟢 Public
💣 CVE-2023-5360
📦 Chocapikk/CVE-2023-5360
🧠 Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin (< 1.3.79)
🟢 Public
💣 CVE-2023-4966
📦 Chocapikk/CVE-2023-4966
🧠 Sensitive information disclosure in NetScaler ADC
🟢 Public
💣 CVE-2023-22515
📦 Chocapikk/CVE-2023-22515
🧠 CVE-2023-22515: Confluence Broken Access Control Exploit
🟢 Public
💣 CVE-2023-27372
📦 Chocapikk/CVE-2023-27372
🧠 SPIP Vulnerability Scanner - CVE-2023-27372 Detector
🟢 Public
💣 CVE-2023-1698
📦 Chocapikk/CVE-2023-1698
🧠 WAGO Remote Exploit Tool for CVE-2023-1698
🟢 Public
💣 CVE-2017-8225-EXPLOIT
📦 Chocapikk/CVE-2017-8225-EXPLOIT
🧠 A PoC exploit for CVE-2017-8225 - GoAhead System.ini Leak
🟢 Public
💣 CVE-2023-30943
📦 Chocapikk/CVE-2023-30943
🧠 CVE-2023-30943 vulnerability in Moodle
🟢 Public
💣 CVE-2023-28432
📦 Chocapikk/CVE-2023-28432
🧠 Automated vulnerability scanner for CVE-2023-28432 in Minio.
🟢 Public
💣 CVE-2023-3519
📦 Chocapikk/CVE-2023-3519
🧠 Citrix ADC RCE CVE-2023-3519
🟢 Public
💣 CVE-2023-36846
📦 Chocapikk/CVE-2023-36846
🧠 Remote Code Execution on Junos OS CVE-2023-36846
🟢 Public
💣 CVE-2023-35885
📦 Chocapikk/CVE-2023-35885
🧠 CloudPanel 2 Remote Code Execution Exploit
🟢 Public
💣 CVE-2017-9841
📦 Chocapikk/CVE-2017-9841
🧠 PHPUnit RCE
🟢 Public
💣 CVE-2023-38035-checker
📦 Chocapikk/CVE-2023-38035-checker
🧠 CVE-2023-38035 Recon oriented exploit, extract company name contact information
🟢 Public
💣 CVE-2023-35082
📦 Chocapikk/CVE-2023-35082
🧠 Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older
🟢 Public
💣 CVE-2023-38646
📦 Chocapikk/CVE-2023-38646
🧠 Remote Code Execution on Metabase CVE-2023-38646
🟢 Public
💣 CVE-2023-33617
📦 Chocapikk/CVE-2023-33617
🧠 Authenticated OS command injection vulnerability (CVE-2023-33617)
🟢 Public
💣 CVE-2019-19492
📦 Chocapikk/CVE-2019-19492
🧠 FreeSWITCH Exploit (CVE-2019-19492)
🟢 Public
💣 CVE-2022-31814
📦 Chocapikk/CVE-2022-31814
🧠 pfBlockerNG <= 2.1.4_26 Unauth RCE (CVE-2022-31814)
🟢 Public
💣 CVE-2022-39952
📦 Chocapikk/CVE-2022-39952
🧠 PoC for CVE-2022-39952 affecting Fortinet FortiNAC.
🟢 Public
💣 CVE-2022-44877
📦 Chocapikk/CVE-2022-44877
🧠 Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)
🟢 Public
💣 CVE-2022-29455
📦 Chocapikk/CVE-2022-29455
🧠 DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor Website Builder plugin <= 3.5.5 versions.
🟢 Public
💣 CVE-2022-26134
📦 Chocapikk/CVE-2022-26134
🧠 CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection
🟢 Public
💣 CVE-2022-40684
📦 Chocapikk/CVE-2022-40684
🧠 Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684)
🟢 Public
💣 CVE-2022-1388
📦 Chocapikk/CVE-2022-1388
🧠 CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint
🟢 Public
💣 CVE-2021-46422
📦 Chocapikk/CVE-2021-46422
🧠 Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
🟢 Public
💣 CVE-2022-36804
📦 Chocapikk/CVE-2022-36804-ReverseShell
🧠 PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
🟢 Public
💣 CVE-2022-27925-Revshell
📦 Chocapikk/CVE-2022-27925-Revshell
🧠 Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)
🟢 Public
💣 CVE-2021-35064
📦 Chocapikk/CVE-2021-35064
🧠 Python script to exploit CVE-2021-35064 and CVE-2021-36356
🟢 Public
💣 CVE-2022-22954
📦 Chocapikk/CVE-2022-22954
🧠 Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960
🟢 Public
💣 CVE-2022-29464
📦 Chocapikk/CVE-2022-29464
🧠 Python script to exploit CVE-2022-29464
🟢 Public
💣 CVE-2022-29303
📦 Chocapikk/CVE-2022-29303
🧠 Python script to exploit CVE-2022-29303
🟢 Public
💣 CVE-2022-30525
📦 Chocapikk/CVE-2022-30525-Reverse-Shell
🧠 Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
🟢 Public
💣 CVE-2021-41773
📦 Chocapikk/CVE-2021-41773
🧠 Apache 2.4.49 RCE