🔍 Extract and construct missing parameters from JavaScript files for effective unauthorized testing, enhancing your API engagement strategy.

🔍 Detect and demonstrate RCE vulnerabilities in React Server Components and Next.js with this comprehensive security research toolkit.

⚠️ Explore a vulnerable environment to test security scanners against the CVE-2025-55182 RCE flaw in React Server Components and Next.js applications.

🔍 Demonstrate CVE-2025-55182, a critical vulnerability in React Server Components allowing unauthenticated arbitrary code execution.

🛡️ Explore CVE-2025-55182, a critical RCE vulnerability in React's Flight Protocol, demonstrating exploitation techniques and mitigation strategies.

🛠️ Validate and demonstrate CVE-2016-15042 with a Dockerized lab for unauthenticated file uploads in WordPress file managers.

A secure, Dockerized Remote Code Execution Engine for C++ and Python.

Arbitary code execution demo for toJSFunction in expr-eval

React2Shell (CVE-2025-55182) proof-of-concept (PoC) exploit demonstrating a CRITICAL remote code execution (RCE) vulnerability in modern web frameworks using React Server Components (RSC).

PoC for RCE in ProjectWorlds Gym Management System via Arbitrary File Upload.

Website for RCE

VR Man-in-the-Room Attack and Command & Control Server Proof of Concept — Bigscreen

Foxit PDF Reader Remote Code Execution Exploit

Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit

NodeJS Deserialization Payload Generator

Getting started with java code auditing 代码审计入门的小项目

Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit

WordPress RCE - Authenticated XXE (CVE-2021-29447)

CVE-2020-28502 node-XMLHttpRequest RCE