Projects, tooling, and research by @fuzzlove.

• SparstanBoogie

• ATutor-2.2.4-Language-Exploit - ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169) (Python, updated 2026-02-26)
• ATutor-Instructor-Backup-Arbitrary-File - ATutor 2.2.4 'Backup' Remote Command Execution (CVE-2019-12170) (n/a, updated 2026-02-26)
• buffer_overflows - Various bufferoverflows made or examined while I was in the process of studying. (Python, updated 2024-09-17)
• byosi - Bring Your Own Scripting Interpreter - Custom Shell (PHP) (PowerShell, updated 2024-12-30)
• CallBackCodeExecution-v1 - CallBackCodeExecution v1 - Vanilla Series (C, updated 2026-04-29)
• Cisco-ASA-FTD-Web-Services-Traversal - CVE-2020-3452 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) traversal (Python, updated 2026-01-10)
• Cisco-UCS-Manager-2.2-1d-Remote-Command-Execution - Cisco Bug: CSCur90888 - Cisco UCS Manager Remote Command Execution Vulnerability (Python, updated 2021-02-05)
• Downgrade-Checker-iOS - iOS Downgrade Party Checker (Python, updated 2026-05-07)
• eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE - eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185) (Python, updated 2024-08-12)
• FUDforum-XSS-RCE - FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839) (JavaScript, updated 2022-07-16)
• GopherSSRF - Gopher HTTP requests (POST/GET) (Python, updated 2025-10-26)
• GPPFire - GPP Fire - AutoLogins & Others (Python, updated 2025-04-21)
• lazychicken - lazychicken.sh - A simple external IP check that utilizes multiple sources. (Bashscript, updated 2024-06-08)
• macOS-Audit-Agent - Mac Audit Agent is a macOS security auditing and monitoring tool that helps identify system risks, suspicious activity, and configuration weaknesses. It provides clear findings, baseline change detection, and actionable recommendations while keeping all data local to the device. (Python, updated 2026-05-09)
• OWASP-Testing-Guide-v5 - The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. (2019-08-30)
• p12cracker - Bruteforce p12 files for fun (Python, updated 2026-05-08)
• PowerShell-Reverse-Shell-Generator - Obfuscated, FUD Simple PowerShell Reverse Shell One-Liner (Python, updated 2024-07-02)
• PowrShhh - Simple yet effective PS SC loader. (PowerShell, updated 2025-10-29)
• Sickle - Shellcode development tool (Python, updated 2019-09-18)
• SkyC2 - A basic python c2 server (Python, updated 2025-10-29)
• social-engineering-vector-analysis - Technical analysis and Proof of Concepts (PoCs) for common web-based execution vectors, including ClickFix and FileFix methodologies. This repository maps these techniques to MITRE ATT&CK T1204.004 for defensive research. (HTML, updated 2026-02-26)
• soplanning-1.52-exploits - SOPlanning 1.52.00 CSRF/SQLi/XSS (CVE-2024-33722, CVE-2024-33724) (n/a, updated 2024-05-07)
• SparstanBoogie - Exploit chain utilizing directory traversal and iOS restore to overwrite protected files. (Python, updated 2026-05-23)
• SystemFunction032-Case-Studies - SystemFunction032 Research (C++, updated 2026-02-26)
• TeamViewer-Password-Decrypt - TeamViewer Password Decrypter (Python, updated 2024-04-25)
• Zipper - A shellcode runner that runs shellcode from a password protected zip file. (C, updated 2026-02-26)
• Zippy - C# Shellcode Runner (In-Memory GZip) (C#, updated 2026-02-26)

• Portfolio: fuzzlove.github.io
• Repositories tab: github.com/fuzzlove?tab=repositories