@ExCraft_labs profile picture
SCADA exploits Pack @ExCraft_labs
Joined July 2013
  • Tweets 225
  • Following 27
  • Followers 143
10 Photos and videos
2.41 SCADA std pack: - CAREL Boss Mini v1.4.0 LFI. CVE-2023-3643 - ICONICS Genesis HMI SCADA Denial of Service - Pro-face Pro-Server PCRuntime Remote DoS - Modbus SCADA DirTrav.
43
1.69 Pro Pack vulns: - Handysoft Co., Ltd Groupware HSPreView.dll Remote Code Execution Vulnerability. pub - HomeSeer <=4.1.17.0 Authenticated vulns: RCE. Directory Traversal. Command Execution. Arbitrary File Upload.
45
1.61 IoT pack : - Tapo C260. CVE-2026-0652 CVE-2026-0653 - D-Link DIR-825 CVE-2025-10666 - MOVISTAR ADSL ROUTER ABUS Security Camera COMMAX Smart Home DVR minor vulns - Intelbras IWR 3000N 1.5.0 devices Dos - MESSOA NIC990 IP-Camera auth bypass configuration download
61
1.68 Pro pack updates - aiohttp Directory Traversal Vulnerability - 7-Zip < 25 Symlink RCE (CVE-2025-11001) - PowerWalker Shutdown Wizard Remote Shutdown old-0day - Flowise 3.0.4 Remote Code Execution
28
SCADA pack 2.40 updates: - Fluke Biomedical Ansur TList7.ocx ActiveX Control Remote Code Execution - ABB Cylon FLXeon JSON Object Flooding DoS - Pimatic Authorized Info Disclosure - MedDream_PACS_Server_XSS
22
IoT pack: - Ilevia EVE X1/X5 Safe Checker (ZSL-2025-5959) - B-Link BL-AC2100 Denial of Service - XiongMai ip camera Directory Traversal Vulnerability - Technicolor TG789vn v3 Denial of Service - QLogic SANsurfer Fibre Channel Directory Traversal. old-0day and more
35
ECQ Pro 1.67 (former ExCraft) upd: SIEMENS IP-Camera CCID1410 and CCPW5025 Vulnerability. 0day - SAP NetWeaver AS JAVA vuln. pub - WatchGuard Fireware AD Helper Component Credential Disclosure. pub - SolarView Compact 6.0 OS Command Injection. pub
42
ECQ SCADA std pack (former ExCraft) 2.39 upd: - Horos DICOM Medical Image Viewer DOS - S3 Scada Remote Runtime Stop 0day - ServersCheck Monitoring Software Denial of Service - TLNET Shutdown Agent Information Disclosure - Debut Embedded httpd 1.20 Denial of Service
33
1.59 ECQ (former ExCraft) IoT pack for CoreImpact updated with 6 routers, dvrs, ipcams exploits: including Motorola, Master IP CAM, PLANET ADSL ROUTER, Nortel Wireless, Netwave IP Camera
864
ECQ and ExCraft researchers continue improving Packs support. Bundle discounts and promo actions for All existing and former clients are available upon request. For purchase - please contact ECQ directly: e-cq.net/contact-us.html

ECQ - Offensive Security

ECQ provides Advesary Simulation or Red Team service to help you truly test and validate the effectiveness of your entire security architecture. While penetration test service mainly focuses on...

e-cq.net
50
ECQ (former ExCraft) 2.37 SCADA std pack: - Santesoft Sante PACS Medical Server vuln CVE-2025-2264 - Paradox Security Systems IPR512 overwrite configurations - CVE-2023-24709 - 1Panel DirTrav Exploit. - Global 360 Imaging Remote File Rename Vulnerability. public
157
ECQ (former ExCraft) IoT pack 1.57 updates: - FortiRecorder 6.4.3 DoS - Path traversal bypass in Kyocera TASKalfa 4053ci printer. public - TP-Link Archer AX21 - Unauthenticated Command Injection - D-Link DIR-816 A2 Stack overflow vulnerability
35
ECQ (former ExCraft) Pro pack updates: - EasyPHP Webserver DirTravl. 0day - Rukovoditel <=3.3 SQL Injections. 0days - Rukovoditel <=3.3 Authenticated Code Execution 0day and Arbitrary File Upload. and more...
69
ExCraft SCADA | IoT packages are now in the process of acquisition by e-cq.net company! All existing clients will keep their subscriptions. Promo actions are also available for new orders

ECQ - Offensive Security

ECQ provides Advesary Simulation or Red Team service to help you truly test and validate the effectiveness of your entire security architecture. While penetration test service mainly focuses on...

e-cq.net
25
IoT pack 1.56 public vulns: - Mikrotik RouterOS Credentials Disclosure - NetGear Router Authentication Bypass - Tenda AC20 Telnet Denial of Service CVE-2025-9090 - Tenda F1203 Router Stack Buffer Overflow / Denial Of Service - Aztech DSL5005EN Admin Password Change
56
Pro 1.64 autumn release #1: - Symlabs Directory Extender 3.5.3 Invalid Data Length DoS Vulnerability. pub - Siklu MultiHaul TG series unauthenticated credential disclosure. pub
20
SCADA std 2.36: - OpenPLC WebServer DoS - Webpower UPS 5.53 Denial Of Service - LG LED Assistant Password Reset CVE-2024-2862
21
Just take a look to awesome stand with real controllers presented on Govware Exhibition in Singapore on the 21st - 23rd October ... linkedin.com/posts/phuong-ng… ECQ is also finalizing the acquisition of ExCraft exploit packages to bring clients more power in ICS SCADA pentests
39
Since July 2025 Fortra is no longer reselling ExCraft packs. Core Impact and ExCraft clients are still allowed to update/download packages on their own. We announce direct sales opportunity new resellers in Singapore and USA. Also working on alternatives
51
Pro 1.63 - summer release #2 - Vite Arbitrary File Read CVE-2025-30208 - NodeJS Path Traversal CVE-2025-27210
78
Load more