#Rce

Showing 58 of 58 repositories tagged #rce, ranked by stars

Mr-xn
Mr-xn
Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Score
100
★ 7.4k ⑂ 2.0k +7/day
HTML
reddelexc
reddelexc
hackerone-reports

Top disclosed reports from HackerOne

Score
100
★ 6.3k ⑂ 1.1k +14/day
Python
k8gege
k8gege
K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Score
94
★ 6.2k ⑂ 2.1k +5/day
PowerShell
zhzyker
zhzyker
vulmap

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Score
90
★ 3.5k ⑂ 573
Python
JoyChou93
JoyChou93
java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

Score
88
★ 2.7k ⑂ 754
Java
gquere
gquere
pwn_jenkins

Notes about attacking Jenkins servers

Score
81
★ 2.1k ⑂ 326 +1/day
Python
JKornev
JKornev
hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Score
85
★ 2.0k ⑂ 502 +3/day
C
brightio
brightio
penelope

Penelope Shell Handler

Score
98
★ 1.9k ⑂ 216 +16/day
Python
XiphosResearch
XiphosResearch
exploits

Miscellaneous exploit code

Score
79
★ 1.6k ⑂ 584
Python
vladko312
vladko312
SSTImap

Automatic SSTI detection tool with interactive interface

Score
96
★ 1.6k ⑂ 176 +5/day
Python
nemesida-waf
nemesida-waf
waf-bypass

Check your WAF before an attacker does

Score
67
★ 1.5k ⑂ 186 +5/day
Python
lintstar
lintstar
About-Attack

一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】

Score
0
★ 638 ⑂ 140
tianchong-zerotemp
tianchong-zerotemp
dianxing

DianXing - AI-Driven End-to-End Code Security Auditing

Score
92
★ 610 ⑂ 57 +165/day
kraken-ng
kraken-ng
Kraken

Kraken, a modular multi-language webshell coded by @secu_x11

Score
71
★ 555 ⑂ 49 +1/day
Python
tangxiaofeng7
tangxiaofeng7
SecExample

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Score
100
★ 483 ⑂ 112
HTML
SummerSec
SummerSec
SpringExploit

🚀 一款为了学习go而诞生的漏洞利用工具

Score
0
★ 450 ⑂ 50
Go
AabyssZG
AabyssZG
Docker-TCP-Scan

旨在以攻促防,针对Docker TCP socket的开源利用工具

Score
65
★ 345 ⑂ 27
Python
dragonked2
dragonked2
Egyscan

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

Score
83
★ 301 ⑂ 60
Python
petercunha
petercunha
jenkins-rce

:smiling_imp: Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Score
69
★ 298 ⑂ 59
Java
XiphosResearch
XiphosResearch
netelf

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

Score
58
★ 285 ⑂ 34
C
aadityapurani
aadityapurani
NodeJS-Red-Team-Cheat-Sheet

NodeJS Red-Team Cheat Sheet

Score
56
★ 230 ⑂ 45
VainlyStrain
VainlyStrain
Vailyn

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Score
52
★ 200 ⑂ 24
Python
SecAegis
SecAegis
SecReport

ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。

Score
0
★ 183 ⑂ 21
Python
dotPY-hax
dotPY-hax
gitlab_RCE

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Score
48
★ 155 ⑂ 27
Python
hackersatyamrastogi
hackersatyamrastogi
react2shell-ultimate

React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, local scanning.

Score
73
★ 150 ⑂ 31
Python
YasserGersy
YasserGersy
cazador_unr

Hacking tools

Score
54
★ 149 ⑂ 57
j0lt-github
j0lt-github
python-deserialization-attack-payload-generator

Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.

Score
44
★ 132 ⑂ 24
Python
AiGptCode
AiGptCode
AiGPT-WordPress-Exploitation-Framework

AiGPT started from the concept of CVE‑2024‑27956 , the WP Automatic CSV injection — but has been completely rebuilt into a multi‑vector, unauthenticated WordPress exploitation engine. It now chains 13 real‑world CVEs to create an administrator account or drop a web shell directly, then automatically injects a reverse shell into the active theme

Score
77
★ 127 ⑂ 33
Python
actuator
actuator
DEFCON-33

Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G/LTE Routers

Score
75
★ 102 ⑂ 18
Warxim
Warxim
vucsa

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

Score
42
★ 101 ⑂ 28
Java
Swordfish-Security
Swordfish-Security
Pentest-In-Docker

Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)

Score
0
★ 97 ⑂ 43
Dockerfile
flast101
flast101
php-8.1.0-dev-backdoor-rce

PHP 8.1.0-dev Backdoor System Shell Script

Score
33
★ 94 ⑂ 21
Python
blackhatruby
blackhatruby
BHR_Labs

Black Hat Ruby book | Lab files | Buy the book https://www.amazon.com/dp/B08JHSF6GT

Score
38
★ 91 ⑂ 32
Ruby
Chocapikk
Chocapikk
CVE-2023-6553

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

Score
31
★ 85 ⑂ 23
Python
Warxim
Warxim
CVE-2022-41852

CVE-2022-41852 Proof of Concept (unofficial)

Score
25
★ 74 ⑂ 15
Java
Chocapikk
Chocapikk
CVE-2025-55182

Next.js React Server Components RCE exploit for CVE-2025-55182

Score
62
★ 67 ⑂ 15
Python
Ruulian
Ruulian
wconsole_extractor

WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a python function that leaks a file content and you have your shell :)

Score
0
★ 66 ⑂ 8
Python
Splinter0
Splinter0
tensorflow-rce

RCE PoC for Tensorflow using a malicious Lambda layer

Score
15
★ 62 ⑂ 9
Python
K3ysTr0K3R
K3ysTr0K3R
CVE-2024-25600-EXPLOIT

A PoC exploit for CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)

Score
12
★ 57 ⑂ 11
Python
kljunowsky
kljunowsky
CVE-2023-36845

Juniper Firewalls CVE-2023-36845 - RCE

Score
19
★ 55 ⑂ 13
Python
gquere
gquere
CVE-2020-7931

Hacking Artifactory with server side template injection

Score
17
★ 51 ⑂ 15
Python
vah13
vah13
SAP_vulnerabilities

DoS PoC's for SAP products

Score
21
★ 50 ⑂ 19
Python
xalgord
xalgord
React2Shell

Advanced Exploitation Toolkit for Next.js Server Actions (CVE-2025-55182)

Score
50
★ 46 ⑂ 5 +1/day
Python
BitTheByte
BitTheByte
Domainker

BugBounty Tool

Score
10
★ 40 ⑂ 17
Python
cyinnove
cyinnove
paramx

ParamX is a tool designed to extract and categorize interesting subdomains and parameters from URLs.

Score
33
★ 33 ⑂ 9
Go
gh0x0st
gh0x0st
RCE_Web_Shell_Python

A python approach to interacting with web shells.

Score
6
★ 30 ⑂ 9
Python
K3ysTr0K3R
K3ysTr0K3R
CVE-2023-43208-EXPLOIT

A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)

Score
67
★ 29 ⑂ 11
Python
Coff0xc
Coff0xc
catchclaw

CatchClaw v5.3.0 — 多平台 AI Agent 安全评估工具,支持 OpenClaw / Dify / FastGPT / LobeChat / NextChat / AnythingLLM / Flowise / RagFlow 等 9 大平台。78 条 DAG 攻击链 | 78 个 Exploit 模块 | ATT&CK 阶段映射 | 多平台指纹识别 | Async Tokio 引擎 | 攻击图可视化

Score
60
★ 28 ⑂ 5
Rust
TheStingR
TheStingR
CVE-2025-68613-POC

Public PoC + Scanner and research for CVE-2025-68613: Critical RCE in n8n Workflow Automation via Expression Injection (CVSS 10.0). Includes detection tools, full exploit, and remediation guidance.

Score
27
★ 26 ⑂ 0
Python
AmoloHT
AmoloHT
CVE-2022-33891

「💥」CVE-2022-33891 - Apache Spark Command Injection

Score
4
★ 25 ⑂ 5
Python
janglapuk
janglapuk
pointblank-modtools

Point Blank modification tools

Score
8
★ 24 ⑂ 13
C++
l0n3m4n
l0n3m4n
CVE-2024-47176

Unauthenticated RCE on cups-browsed (exploit and nuclei template)

Score
2
★ 17 ⑂ 1
Python
n3rada
n3rada
toboggan

Turn any RCE primitive into a semi-interactive shell with forward shell (mkfifo) and post-exploitation actions.

Score
46
★ 16 ⑂ 2
Python
nemmusu
nemmusu
php-in-jpg

php-in-jpg is a simple yet flexible tool that generates .jpg image files embedding PHP payloads, designed to support PHP RCE polyglot techniques.

Score
0
★ 13 ⑂ 2
Python
kOaDT
kOaDT
poc-cve-2025-55182

This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.

Score
29
★ 12 ⑂ 3
TypeScript
papageo75
papageo75
CVE-2026-48908-PoC

Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.

Score
40
★ 12 ⑂ 2 +1/day
Python
kabiri-labs
kabiri-labs
rcpayloadgen

RCEPayloadGen is a context-aware RCE payload generator for authorized security testing, producing 20k+ targeted, executable payloads across 12 environments — with safety tiers, observable indicators, a benign detection mode, and metadata-rich output for validation, fuzzing, and pentest automation.

Score
35
★ 11 ⑂ 2
Python
unlock-security
unlock-security
wshell

A handy interactive shell through {code,command,template} injection

Score
23
★ 10 ⑂ 0
Python
Related Topics
#hacking#exploit#security#penetration-testing#poc#python#vulnerability#pentesting#remote-code-execution#cve#cybersecurity#xss

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly