CVE-2024-6387 RegreSSHion PoC
Functional exploit for the RegreSSHion vulnerability in OpenSSH <9.8. Race condition in SSHD's signal handler allowing pre-auth RCE.
Arsenal
Professional offensive security tools & exploit frameworks
120
Tools
12
Categories
Apache Path Traversal Exploit (CVE-2021-41773)
Exploit for path traversal in Apache HTTP Server 2.4.49-2.4.50. Allows reading arbitrary files and RCE with mod_cgi enabled.
Log4Shell Exploit Kit (CVE-2021-44228)
Modular exploit for Log4j RCE. Includes malicious LDAP/HTTP server, payloads for multiple platforms, and WAF bypass.
Spring4Shell RCE Exploit (CVE-2022-22965)
Exploit for Spring Framework RCE via ClassLoader manipulation. Works on Spring MVC with JDK 9+ on Tomcat.
ProxyShell Exchange Exploit Chain
Complete exploitation chain for Microsoft Exchange: SSRF + Arbitrary File Write + RCE. CVE-2021-34473/34523/31207.
Linux Kernel LPE Collection 2024-2025
Collection of 5 recent Linux kernel privilege escalation exploits. DirtyPipe, GameOver(lay), StackRot, and more.
SQLi to RCE Escalation Script
Python script that automates SQL injection to remote code execution escalation on MySQL, MSSQL, and PostgreSQL.
XSS to Account Takeover Toolkit
Advanced XSS payloads with cookie exfiltration, DOM keylogging, session hijacking, and in-page phishing.
Windows Print Spooler Exploit (PrintNightmare)
Exploit for CVE-2021-34527 PrintNightmare. RCE and LPE via Windows Print Spooler service abuse.
SSTI Payload Generator
Server-Side Template Injection payload generator for Jinja2, Twig, Freemarker, Velocity, Pebble, and Mako.