Log4Shell Exploit Kit (CVE-2021-44228)
Modular exploit for Log4j RCE. Includes malicious LDAP/HTTP server, payloads for multiple platforms, and WAF bypass.
Arsenal
Professional offensive security tools & exploit frameworks
120
Tools
12
Categories
Spring4Shell RCE Exploit (CVE-2022-22965)
Exploit for Spring Framework RCE via ClassLoader manipulation. Works on Spring MVC with JDK 9+ on Tomcat.
ProxyShell Exchange Exploit Chain
Complete exploitation chain for Microsoft Exchange: SSRF + Arbitrary File Write + RCE. CVE-2021-34473/34523/31207.
Linux Kernel LPE Collection 2024-2025
Collection of 5 recent Linux kernel privilege escalation exploits. DirtyPipe, GameOver(lay), StackRot, and more.
SQLi to RCE Escalation Script
Python script that automates SQL injection to remote code execution escalation on MySQL, MSSQL, and PostgreSQL.
XSS to Account Takeover Toolkit
Advanced XSS payloads with cookie exfiltration, DOM keylogging, session hijacking, and in-page phishing.
Windows Print Spooler Exploit (PrintNightmare)
Exploit for CVE-2021-34527 PrintNightmare. RCE and LPE via Windows Print Spooler service abuse.
SSTI Payload Generator
Server-Side Template Injection payload generator for Jinja2, Twig, Freemarker, Velocity, Pebble, and Mako.
WPA2 Handshake Capturer
Automated script for WPA2 4-way handshake capture. Manages monitor mode, selective deauth, and captured handshake validation.
Evil Twin AP Framework Module
Module for creating Evil Twin Access Points with customizable captive portal. Captures WiFi credentials and web logins.
Bluetooth Low Energy Scanner
BLE scanner that enumerates devices, GATT services, characteristics, and allows value read/write. Ideal for IoT recon.
WiFi Deauth Detector & Alert
Passive monitor that detects deauthentication frames on the WiFi spectrum and alerts in real time. Defensive/awareness tool.