Alternatives and similar repositories for xss-to-rce

Users that are interested in xss-to-rce are comparing it to the libraries listed below

• xapax / owasp-checklist

  View on GitHub
  ☆29May 14, 2019Updated 6 years ago
• matro7sh / bof-collection

  View on GitHub
  collection of beacon object file (Cobalt strike)
  ☆12Jan 21, 2023Updated 3 years ago
• S3cur3Th1sSh1t / NimWinstaEveryoneAccess

  View on GitHub
  ☆10Jan 17, 2022Updated 4 years ago
• K3ysTr0K3R / CVE-2023-23752-EXPLOIT

  View on GitHub
  A PoC exploit for CVE-2023-23752 - Joomla Improper Access Check in Versions 4.0.0 through 4.2.7
  ☆15Feb 1, 2026Updated 2 weeks ago
• chrismaddalena / DocPatch

  View on GitHub
  A simple script that edits the XML of a macro-enabled Word document (.docm or Word 97 document) to add a reference to a remote stylesheet…
  ☆11Oct 5, 2022Updated 3 years ago
• wsummerhill / Python-Crypter

  View on GitHub
  Custom Python shellcode encryptor and obfuscator
  ☆14Jul 31, 2025Updated 6 months ago
• mdsecactivebreach / TakeATest

  View on GitHub
  ☆19Mar 9, 2021Updated 4 years ago
• Cracked5pider / unguard-eat

  View on GitHub
  havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
  ☆42Aug 6, 2024Updated last year
• decoder-it / BadBackupOperator

  View on GitHub
  ☆37Feb 12, 2018Updated 8 years ago
• XaFF-XaFF / AMSI-Bypass

  View on GitHub
  Rasta's mouse AMSI patch but with function that makes it undetectable.
  ☆14Apr 21, 2021Updated 4 years ago
• SilvestriF3 / Passworld

  View on GitHub
  Passworld is a fully customizable wordlist generator
  ☆16Sep 13, 2024Updated last year
• duck-sec / CVE-2023-46604-ActiveMQ-RCE-pseudoshell

  View on GitHub
  This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due…
  ☆18Jan 24, 2024Updated 2 years ago
• burmat / burmatscripts

  View on GitHub
  Scripts and One-Liners
  ☆20Jan 31, 2025Updated last year
• mgeeky / CustomXMLPart

  View on GitHub
  A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.
  ☆39Aug 8, 2022Updated 3 years ago
• jaiguptanick / CVE-2019-0232

  View on GitHub
  Vulnerability analysis and PoC for the Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (RCE)
  ☆22Sep 4, 2021Updated 4 years ago
• RalfHacker / HTTPServerWithUpload

  View on GitHub
  Python3 HTTP Server with upload functionality
  ☆20Dec 4, 2023Updated 2 years ago
• D00MFist / security

  View on GitHub
  Notes and Commands for CTFs
  ☆22Apr 28, 2020Updated 5 years ago
• 0xbad53c / webshells

  View on GitHub
  My personal collection of webshells for educational purposes. Most are custom implementations/adaptations of stuff I found on the interne…
  ☆21May 20, 2024Updated last year
• mgeeky / EvilClippy

  View on GitHub
  A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…
  ☆25May 19, 2022Updated 3 years ago
• setrus / CVE-2019-0232

  View on GitHub
  CVE-2019-0232-Remote Code Execution on Apache Tomcat 7.0.42
  ☆20Nov 21, 2019Updated 6 years ago
• NioZow / bof-collection

  View on GitHub
  ☆21Feb 22, 2025Updated 11 months ago
• mgeeky / digitalocean-app-redirector

  View on GitHub
  Reverse-HTTP Redirector via DigitalOcean Apps Platform
  ☆31Aug 16, 2023Updated 2 years ago
• gerryamurphy / Foremost

  View on GitHub
  Foremost is a console program to recover files based on their headers, footers, and internal data structures
  ☆37May 9, 2017Updated 8 years ago
• nick-frischkorn / SuspendEventLogBOF

  View on GitHub
  Beacon Object File to locate and suspend the threads hosting the Event Log service
  ☆29Jun 17, 2022Updated 3 years ago
• rexs-io / blocksec2go-ethereum

  View on GitHub
  Wrapper for blocksec2go allowing easy hardware-based signing of Ethereum transactions
  ☆12Feb 8, 2023Updated 3 years ago
• cube0x0 / HashSpray.py

  View on GitHub
  python spraying tools based on impacket lib
  ☆55Sep 6, 2022Updated 3 years ago
• KrustyHack / docker-privilege-escalation

  View on GitHub
  A docker example for privilege escalation
  ☆25Jul 17, 2017Updated 8 years ago
• eliuha / webdav_exploit

  View on GitHub
  An exploit for Microsoft IIS 6.0 CVE-2017-7269
  ☆22Mar 29, 2017Updated 8 years ago
• BloodHoundAD / TierZeroTable

  View on GitHub
  Table of AD and Azure assets and whether they belong to Tier Zero
  ☆26Sep 12, 2023Updated 2 years ago
• carlospolop / gcp_privesc_scripts

  View on GitHub
  ☆30Mar 2, 2023Updated 2 years ago
• Cipher7 / havoc-PoolParty

  View on GitHub
  Windows Thread Pool Injection Havoc Implementation
  ☆33Mar 23, 2024Updated last year
• hausec / CobaltStrikeToGhostWriter

  View on GitHub
  Log converter from CS log to Ghostwriter CSV
  ☆31Nov 23, 2020Updated 5 years ago
• WiredPulse / Invoke-HiveNightmare

  View on GitHub
  PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10…
  ☆35Sep 24, 2022Updated 3 years ago
• synacktiv / OUned

  View on GitHub
  The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
  ☆155Nov 2, 2025Updated 3 months ago
• trevorsaudi / Zero-Import-Malware

  View on GitHub
  Small project looking into how we can build malware with zero-imports by dynamically resolving windows APIs using GetProcAddress and GetM…
  ☆40Oct 26, 2023Updated 2 years ago
• xpn / adfstoolkit

  View on GitHub
  ☆37Jan 7, 2025Updated last year
• Cobalt-Strike / callback_examples

  View on GitHub
  This contains a number of examples demonstrating how to use callback functions in supported aggressor script functions
  ☆38Mar 17, 2025Updated 11 months ago
• GhostManager / cobalt_sync

  View on GitHub
  Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+
  ☆36Dec 1, 2025Updated 2 months ago
• megacorpone / megacorpone.com

  View on GitHub
  dev backup for main site
  ☆40Jan 3, 2018Updated 8 years ago