Discover @Chocapikk Open Source projects

Valentin Lobstein (@Chocapikk)

Chocapikk

Stars
966
Global Rank 31,008 (Top 2 %)
Followers 397
Following 107
Registered almost 3 years ago
Most used languages

Python
86.8 %

Shell
4.4 %

PHP
4.4 %

Lua
1.5 %

HTML
1.5 %

Go
1.5 %
Location 🇫🇷 France
Country Total Rank 63,269
Country Ranking

Python
145

Lua
527

Shell
1,789

Go
1,920

PHP
2,137

HTML
2,213

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2023-22515

CVE-2023-22515: Confluence Broken Access Control Exploit

CVE-2024-25600

Unauthenticated Remote Code Execution – Bricks <= 1.9.6

CVE-2024-3273

D-Link NAS CVE-2024-3273 Exploit Tool

CVE-2023-6553

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

CVE-2024-27198

Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4

LFIHunt

Advanced Tool To Scan And Exploit Local File Inclusion (LFI) Vulnerabilities

CVE-2024-21893-to-CVE-2024-21887

CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit

CVE-2023-50917

MajorDoMo Unauthenticated RCE: Deep Dive & Exploitation Techniques

CVE-2023-30943

A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.

CVE-2024-1212

Unauthenticated Command Injection In Progress Kemp LoadMaster

CVE-2023-46805

Ivanti Pulse Secure CVE-2023-46805 Scanner - Based on Assetnote's Research

CVE-2024-20767

Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability

CVE-2023-5360

Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: CVE-2023-5360.

LeakPy

LeakIX API Client/lib

CVE-2023-51467

Apache OfBiz Auth Bypass Scanner for CVE-2023-51467

Balgo-Crypter

Balgo Crypter is a Xor encoded payload generation utility with hexadecimal.

CVE-2024-3400

CVE-2023-22527

Atlassian Confluence - Remote Code Execution

CVE-2024-22899-to-22903-ExploitChain

Comprehensive Exploit Chain for Multiple Vulnerabilities in VinChin Backup & Recovery <= 7.2

CTF-Challenges

This repo contains challenges I made to train my friends

CVE-2022-1388

CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint

NmapWeb-Choca

Use nmap from Flask App (testing purpose)

CVE-2017-9841

PersonalRobloxScripts

Here is my personal exploits

dorkscanner

CVE-2022-27925-Revshell

Python Script to exploit Zimbra Auth Bypass + RCE (CVE-2022-27925)

My-CVEs

List of my CVEs

GithubBackup

GitHub Backup Script

CVE-2023-3519

Citrix ADC RCE CVE-2023-3519

CVE-2022-26134

CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection

SQLI-DIOS

Created SQLI DIOS

BalgoFuckerrrr

SSH Botnet remastored by Balgo Security and mindfuckerrrr

CVE-2021-41773

projet_selinux

Ghost-Framework

Modified Version of Ghost Framework

VSCode-Config-File-Parser

This program is designed to parse Visual Studio Code configuration files (sftp.json) that may be exposed on the internet

CVE-2022-29455

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.

CVE-2022-29303

Python script to exploit CVE-2022-29303

CVE-2023-35082

Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older

pentest-reseau

Projet de pentest réseau automatisé

CVE-2023-28432

Automated vulnerability scanner for CVE-2023-28432 in Minio deployments, revealing sensitive environment variables.

CVE-2019-19492

FreeSWITCH Exploit (CVE-2019-19492)

PythonRAT

CVE-2022-31814

pfBlockerNG <= 2.1.4_26 Unauth RCE (CVE-2022-31814)

CVE-2021-46422

Telesquare SDT-CW3B1 1.1.0 - OS Command Injection

CVE-2022-29464

Python script to exploit CVE-2022-29464 (mass mode)

CVE-2023-33617

Authenticated OS command injection vulnerability (CVE-2023-33617)

CVE-2022-22954

Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960

CVE-2022-30525-Reverse-Shell

Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Shells

CVE-2024-4577

PHP CGI Argument Injection vulnerability

onelinepy

CVE-2022-40684

Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684) [ Mass Exploit ]

CVE-2021-35064

Python script to exploit CVE-2021-35064 and CVE-2021-36356

CVE-2022-44877

Bash Script for Checking Command Injection Vulnerability on CentOS Web Panel [CWP] (CVE-2022-44877)

MultiPwn

Piano-Tiles-Bot

My own Bot to cheat on Piano Tiles

CVE-2022-39952

PoC for CVE-2022-39952 affecting Fortinet FortiNAC.

CVE-2022-36804-ReverseShell

PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

CVE-2023-27372

SPIP Vulnerability Scanner - CVE-2023-27372 Detector

sinkhole

Sinkhole for my school project

CVE-2024-31819

Unauthenticated Remote Code Execution (RCE) Vulnerability in WWBNIndex Plugin of AVideo Platform from 12.4 to 14.2

ssl_explorer

A CLI Tool for Extracting Server Ownership Clues from SSL/TLS Certificates

CVE-2023-38646

Remote Code Execution on Metabase CVE-2023-38646

CVE-2023-36846

Remote Code Execution on Junos OS CVE-2023-36846

lfi-training

LFI Challenge - Capture The Flag (CTF)

CVE-2023-1698

WAGO Remote Exploit Tool for CVE-2023-1698