Arsenal
Exploits & Tools
80 public repositories - 7 featured
Featured
MSF Exploit Collection
Chocapikk/msf-exploit-collection
Large Metasploit exploit collection: consolidated MSF modules, PoCs and exploit scripts.
CVE-2026-21858
Chocapikk/CVE-2026-21858
n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
CVE-2025-34152
Chocapikk/CVE-2025-34152
Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE (CVE-2025-34152)
CVE-2024-31819
Chocapikk/CVE-2024-31819
Unauthenticated Remote Code Execution (RCE) Vulnerability in WWBNIndex Plugin of AVideo Platform from 12.4 to 14.2
CVE-2024-25600
Chocapikk/CVE-2024-25600
Unauthenticated Remote Code Execution – Bricks <= 1.9.6
CVE-2023-50917
Chocapikk/CVE-2023-50917
MajorDoMo Unauthenticated RCE: Deep Dive & Exploitation Techniques
CVE-2023-29357
Chocapikk/CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
2026
12025
6CVE-2025-68926
RustFS Hardcoded gRPC Authentication Token Exploit
CVE-2025-67494
CVE-2025-67494
CVE-2025-55182
Next.js React Server Components RCE exploit
CVE-2025-34299
MonstaFTP Unauthenticated File Upload
CVE-2025-5777
CitrixBleed 2 (CVE-2025-5777)
CVE-2025-32432
CraftCMS RCE Checker (CVE-2025-32432)
2024
20CVE-2024-1212
Unauthenticated Command Injection In Progress Kemp LoadMaster
CVE-2024-3400
Unauthenticated RCE in Palo Alto PAN-OS
CVE-2024-21887
CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit
CVE-2024-22903
Comprehensive Exploit Chain for Multiple Vulnerabilities in VinChin Backup & Recovery <= 7.2
CVE-2024-36401
GeoServer Remote Code Execution
CVE-2024-45519
Zimbra - Remote Command Execution (CVE-2024-45519)
CVE-2024-56145
Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled
CVE-2024-8672
Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
CVE-2024-9474
PAN-OS auth bypass + RCE
CVE-2024-8504
VICIdial Unauthenticated SQLi to RCE Exploit (CVE-2024-8503 and CVE-2024-8504)
CVE-2024-8517
SPIP BigUp Plugin Unauthenticated RCE
CVE-2024-34102
CosmicSting (CVE-2024-34102)
CVE-2024-7954
Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12
CVE-2024-5084
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
CVE-2024-4577
PHP CGI Argument Injection vulnerability
CVE-2024-29269
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
CVE-2024-3273
D-Link NAS CVE-2024-3273 Exploit Tool
CVE-2024-20767
Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability
CVE-2024-27198
Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4
CVE-2024-21887
RCE in Ivanti Connect Secure
2023
21CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
CVE-2023-43208-EXPLOIT
A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)
CVE-2023-6553
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
CVE-2023-22527
Atlassian Confluence - Remote Code Execution
CVE-2023-46805
Ivanti Pulse Secure CVE-2023-46805 Scanner - Based on Assetnote's Research
CVE-2023-7028
This repository presents a proof-of-concept of CVE-2023-7028
CVE-2023-51467
Apache OfBiz Auth Bypass Scanner for CVE-2023-51467
CVE-2023-5360
Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin (< 1.3.79)
CVE-2023-4966
Sensitive information disclosure in NetScaler ADC
CVE-2023-22515
CVE-2023-22515: Confluence Broken Access Control Exploit
CVE-2023-27372
SPIP Vulnerability Scanner - CVE-2023-27372 Detector
CVE-2023-1698
WAGO Remote Exploit Tool for CVE-2023-1698
CVE-2023-30943
CVE-2023-30943 vulnerability in Moodle
CVE-2023-28432
Automated vulnerability scanner for CVE-2023-28432 in Minio.
CVE-2023-3519
Citrix ADC RCE CVE-2023-3519
CVE-2023-36846
Remote Code Execution on Junos OS CVE-2023-36846
CVE-2023-35885
CloudPanel 2 Remote Code Execution Exploit
CVE-2023-38035-checker
CVE-2023-38035 Recon oriented exploit, extract company name contact information
CVE-2023-35082
Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older
CVE-2023-38646
Remote Code Execution on Metabase CVE-2023-38646
CVE-2023-33617
Authenticated OS command injection vulnerability (CVE-2023-33617)
2022
13CVE-2022-31814
pfBlockerNG <= 2.1.4_26 Unauth RCE (CVE-2022-31814)
CVE-2022-39952
PoC for CVE-2022-39952 affecting Fortinet FortiNAC.
CVE-2022-44877
Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)
CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor Website Builder plugin <= 3.5.5 versions.
CVE-2022-26134
CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection
CVE-2022-40684
Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684)
CVE-2022-1388
CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint
CVE-2022-36804
PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
CVE-2022-27925-Revshell
Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)
CVE-2022-22954
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960
CVE-2022-29464
Python script to exploit CVE-2022-29464
CVE-2022-29303
Python script to exploit CVE-2022-29303
CVE-2022-30525
Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
2021
32019
12017
2Tools
6WPProbe
A fast WordPress plugin enumeration tool
LeakPy
LeakIX API Client (Unofficial)
qdtk
Qdrant ToolKit - Navigate and dump data from Qdrant vector databases
pgread
Read PostgreSQL data files without credentials - forensics, data recovery, and security research tool
docker-misconfig-cli
An interactive Docker client for exploiting misconfigured Docker sockets and remote endpoints
CyberPanel
CyberPanel v2.3.6 Pre-Auth RCE Exploit Tool