📀 Create traditional MSI installers for your Electron app

SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

A simple, locally hosted Web Search MCP server for use with Local LLMs

🌐 Make websites accessible for AI agents. Automate tasks online with ease.

Proof-of-concept of CVE-2025-55188: 7-Zip arbitrary file write

CVE-2025-49844 (RediShell)

SharePoint WebPart Injection Exploit Tool

Writeup and exploit for CVE-2024-34740, integer overflow in Android's BinaryXmlSerializer to system_server file write and then to system_server code execution from normal installed app

ColorOS短信漏洞，以及用户自救方案

QL-Relax

分流完善的 OpenClash 订阅转换模板，搭配保姆级 OpenClash 设置教程，无需套娃其他插件即可实现完美分流、DNS无污染无泄漏，且快速的国内外上网体验，配套自动化域名规则提交机器人

A Clash Client For OpenWrt

Artefacts for blog post on finding CVE-2025-37899 with o3

A V8 Sandbox Escape Technique.

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

Claude Code settings, commands and agents for vibe coding

自动化的 Python 沙箱逃逸 payload bypass 框架 / Automated Python Sandbox Escape Payload Bypass Framework

CVE-2025-38001: Linux HFSC Eltree Use-After-Free - Debian 12 PoC

Script to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRF

The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many mo…

Adversary Emulation Framework

PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 "Zerodeo"

诺亚盘古大模型研发背后的真正的心酸与黑暗的故事。