A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Self contained htaccess shells and attacks

"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to locate other players currently loaded into the world.

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way

Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463

Hide your payload into .jpg file

Local Privilege Escalation to Root via Sudo chroot in Linux

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Install Metasploit In Termux 2023, No Error, Maintained, Termux

Shellshock exploit + vulnerable environment

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A script to automate privilege escalation with CVE-2023-22809 vulnerability

Helper script for spawning a minimal Ubuntu 16.04 container ready for building kernel exploits (~4.x)

Various local exploits

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

API Key/Token Exploitation Made easy.

Fast exploitation based on metasploit.

Meterpreter payload for all platforms

Automated privilege escalation of the world's most popular Docker images.