A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Self contained htaccess shells and attacks

"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to locate other players currently loaded into the world.

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

Hide your payload into .jpg file

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Shellshock exploit + vulnerable environment

Install Metasploit In Termux 2023, No Error, Maintained, Termux

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A script to automate privilege escalation with CVE-2023-22809 vulnerability

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Various local exploits

Helper script for spawning a minimal Ubuntu 16.04 container ready for building kernel exploits (~4.x)

API Key/Token Exploitation Made easy.

Fast exploitation based on metasploit.

Meterpreter payload for all platforms

Automated privilege escalation of the world's most popular Docker images.

Kubernetes security and vulnerability tools and utilities.

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit