Skip to content
View fuzzlove's full-sized avatar
🎯
Focusing
🎯
Focusing
84 followers · 307 following

Achievements

Achievement: Arctic Code Vault ContributorAchievement: Pull Shark

Achievements

Achievement: Arctic Code Vault ContributorAchievement: Pull Shark

Block or report fuzzlove

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
fuzzlove/README.md

fuzzlove

Projects, tooling, and research by @fuzzlove.

Featured

Public Repositories

  • ATutor-2.2.4-Language-Exploit - ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169) (⭐ 4, Python, updated 2026-02-26)
  • ATutor-Instructor-Backup-Arbitrary-File - ATutor 2.2.4 'Backup' Remote Command Execution (CVE-2019-12170) (⭐ 3, n/a, updated 2026-02-26)
  • buffer_overflows - Various bufferoverflows made or examined while I was in the process of studying. (⭐ 2, Python, updated 2024-09-17)
  • byosi - Bring Your Own Scripting Interpreter - Custom Shell (PHP) (⭐ 1, PowerShell, updated 2024-12-30)
  • CallBackCodeExecution-v1 - CallBackCodeExecution v1 - Vanilla Series (⭐ 0, C, updated 2026-04-29)
  • Cisco-ASA-FTD-Web-Services-Traversal - CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal (⭐ 6, Python, updated 2026-01-10)
  • Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution - Cisco Bug: CSCur90888 - Cisco UCS Manager Remote Command Execution Vulnerability (⭐ 0, Python, updated 2021-02-05)
  • coruna - The leaked exploit toolkit for various iOS versions (⭐ 0, JavaScript, updated 2026-03-12)
  • curlshell - reverse shell using curl (⭐ 0, Python, updated 2024-04-17)
  • default-http-login-hunter - Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset. (⭐ 0, Lua, updated 2024-04-16)
  • Downgrade-Checker-iOS -  iOS Downgrade Party Checker ✅ 🥳 (⭐ 7, Python, updated 2026-05-07)
  • eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE - eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185) (⭐ 7, Python, updated 2024-08-12)
  • frameless-bitb - A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx. (⭐ 0, CSS, updated 2025-01-15)
  • FUDforum-XSS-RCE - FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839) (⭐ 7, JavaScript, updated 2022-07-16)
  • fuzzlove (⭐ 0, n/a, updated 2026-05-13)
  • GopherSSRF - Gopher HTTP requests (POST/GET) (⭐ 3, Python, updated 2025-10-26)
  • GPPFire - GPP Fire - AutoLogins & Others (⭐ 0, Python, updated 2025-04-21)
  • impacket - Impacket is a collection of Python classes for working with network protocols. (⭐ 0, Python, updated 2026-02-26) [archived]
  • interactsh - An OOB interaction gathering server and client library (⭐ 0, Go, updated 2026-02-26) [archived]
  • lazychicken - lazychicken.sh - A simple external IP check that utilizes multiple sources. (⭐ 1, Shell, updated 2024-06-08)
  • limbos-gate - Hell's Gate, but make it 32-bit! (⭐ 0, C, updated 2026-02-26) [archived]
  • linpeas (⭐ 0, Shell, updated 2024-06-03)
  • macOS-Audit-Agent - Mac Audit Agent is a macOS security auditing and monitoring tool that helps identify system risks, suspicious activity, and configuration weaknesses. It provides clear findings, baseline change detection, and actionable recommendations while keeping all data local to the device. (⭐ 5, Python, updated 2026-05-09)
  • malk - Demonstrate calling a kernel function and handle process creation callback against HVCI (⭐ 0, C++, updated 2026-02-26) [archived]
  • MBE - Course materials for Modern Binary Exploitation by RPISEC (⭐ 0, C, updated 2024-03-05)
  • OneRuleToRuleThemStill - A revamped and updated version of my original OneRuleToRuleThemAll hashcat rule (⭐ 0, n/a, updated 2024-04-11)
  • OWASP-Testing-Guide-v5 - The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. (⭐ 0, n/a, updated 2019-08-30)
  • p12cracker - Bruteforce p12 files for fun (⭐ 0, Python, updated 2026-05-08)
  • PEzor - Open-Source Shellcode & PE Packer (⭐ 0, C, updated 2024-12-25)
  • PowerShell-Reverse-Shell-Generator - Obfuscated, FUD Simple PowerShell Reverse Shell One-Liner (⭐ 0, Python, updated 2024-07-02)
  • PowrShhh - Simple yet effective PS SC loader. (⭐ 0, PowerShell, updated 2025-10-29)
  • privesc-lin - privesc stuff for linux (⭐ 0, Shell, updated 2024-06-03)
  • privesc-win - privesc tools for windows (⭐ 0, PowerShell, updated 2024-04-25)
  • ReverseGoShell - A Golang Reverse Shell Tool With AES Dynamic Encryption (⭐ 0, Go, updated 2022-06-02)
  • Shaco - Shaco is a linux agent for havoc (⭐ 0, C, updated 2026-02-26)
  • shellGo - A Microsoft windows x86_64 Golang shellcode tester that includes example calc.exe shellcode. (⭐ 0, Go, updated 2022-06-10)
  • Sickle - Shellcode development tool (⭐ 0, Python, updated 2019-09-18)
  • SigFlip - SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature. (⭐ 0, C#, updated 2026-02-26) [archived]
  • SkyC2 - A basic python c2 server (⭐ 1, Python, updated 2025-10-29)
  • social-engineering-vector-analysis - Technical analysis and Proof of Concepts (PoCs) for common web-based execution vectors, including ClickFix and FileFix methodologies. This repository maps these techniques to MITRE ATT&CK T1204.004 for defensive research. (⭐ 0, HTML, updated 2026-02-26)
  • soplanning-1.52-exploits - SOPlanning 1.52.00 CSRF/SQLi/XSS (CVE-2024-33722, CVE-2024-33724) (⭐ 0, n/a, updated 2024-05-07)
  • SparstanBoogie - Exploit chain utilizing directory traversal and iOS restore to overwrite protected files. (⭐ 3, Python, updated 2026-05-23)
  • SuperMega - Stealthily inject shellcode into an executable (⭐ 0, Python, updated 2026-02-26) [archived]
  • SystemFunction032-Case-Studies - SystemFunction032 Research (⭐ 0, C++, updated 2026-02-26)
  • TeamViewer-Password-Decrypt - TeamViewer Password Decrypter (⭐ 0, Python, updated 2024-04-25)
  • WindowsD - Disable DSE and WinTcb (without breaking DRM) (⭐ 0, C, updated 2025-03-29)
  • Zipper - A shellcode runner that runs shellcode from a password protected zip file. (⭐ 0, C, updated 2026-02-26)
  • Zippy - C# Shellcode Runner (In-Memory GZip) (⭐ 0, C#, updated 2026-02-26)

Links

Pinned Loading

  1. FUDforum-XSS-RCE FUDforum-XSS-RCE Public

    FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

    JavaScript 7 4

  2. ATutor-2.2.4-Language-Exploit ATutor-2.2.4-Language-Exploit Public

    ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)

    Python 4 3

  3. eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE Public

    eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185)

    Python 7 2

  4. Cisco-ASA-FTD-Web-Services-Traversal Cisco-ASA-FTD-Web-Services-Traversal Public

    CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal

    Python 6 2

  5. macOS-Audit-Agent macOS-Audit-Agent Public

    Mac Audit Agent is a macOS security auditing and monitoring tool that helps identify system risks, suspicious activity, and configuration weaknesses. It provides clear findings, baseline change det…

    Python 5

  6. SparstanBoogie SparstanBoogie Public

    Exploit chain utilizing directory traversal and iOS restore to overwrite protected files.

    Python 3