本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.

• Updated Aug 17, 2025
• C#

vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞

• Updated Dec 4, 2023
• Python

CVE-2022-1388 F5 BIG-IP iControl REST RCE

• Updated May 9, 2022
• Python

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

• Updated May 6, 2022

Tool for CVE-2022-1388

• Updated May 13, 2022
• Python

F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB

• Updated May 11, 2023
• Java

-- FOR EDUCATIONAL USE ONLY -- Proof-of-Concept RCE for CVE-2022-1388, plus some added functionality for blue and red teams

• Updated Dec 25, 2022
• Python

CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP...

• Updated May 12, 2022

F5 BIG-IP Exploit Using CVE-2022-1388 and CVE-2022-41800

• Updated Apr 12, 2023
• Python

BIG-IP iControl REST vulnerability CVE-2022-1388 PoC

• Updated May 10, 2022
• Python

CVE-2022-1388, bypassing iControl REST authentication

• Updated Jul 4, 2022
• Shell