Goby is a powerful security tool that includes a vulnerability scanner and asset mapping functionality. visit gobies.org/.
Joined June 2019
- Tweets 441
- Following 288
- Followers 1,926
- Likes 156
342 Photos and videos
Jan 26
⚠️CVE-2026-23760:SmarterMail enables remote attackers to reset the admin password via crafted HTTP requests, then exploit the "Volume Mounts" feature for SYSTEM privilege escalation and RCE. Goby includes a one-click exploit.
link:gobies.org
Jan 22
DE&TH to Vulnerabilities: Huntress Catches SmarterMail Account Takeover Leading to RCE:
Huntress has observed in-the-wild exploitation of a privileged account takeover vulnerability (CVE-2026-23760) in SmarterTool’s SmarterMail application that has resulted in successful remote code execution.
awesome blog by @CyberRaiju and Lindon Wass
huntress.com/blog/smartermai…
2
273
Jan 26
⚠️CVE-2026-24061 (CVSS 9.8): GNU telnetd fails to sanitize the client-supplied username from the USER environment variable before passing it to the /usr/bin/login command line. Goby includes a one-click exploit.
链接: gobies.org
Jan 22
GNU InetUtils telnetd Argument Injection Authentication Bypass Leads to RCE (CVE-2026-24061)
USER="-f root" telnet -a 127.0.0.1 2323
Try reproduce this issue using #Vulhub
github.com/vulhub/vulhub/tre…
2
228
Jan 15
🚨CVE-2026-23478:Affecting versions 3.1.6 through 6.0.7. An attacker can take over any account by invoking session.update() with the target's email address. A working Goby EXP has been released.
Link: gobies.org
Cal.comにCVSS 10.0の致命的脆弱性(CVE-2026-23478)。単一API呼び出しでアカウント完全乗っ取り、2FAも無効化。UIよりAPIが本丸。即時パッチ必須。#CVE #APIsecurity #2FA securityonline.info/one-api-…
1
2
586
Cal.comにCVSS 10.0の致命的脆弱性(CVE-2026-23478)。単一API呼び出しでアカウント完全乗っ取り、2FAも無効化。UIよりAPIが本丸。即時パッチ必須。#CVE #APIsecurity #2FA securityonline.info/one-api-…
1
1,065
30 Dec 2025
🚨CVE-2025-68645: Zimbra Collaboration 10.0/10.1 Webmail Classic UI has an LFI vulnerability. Unauthenticated attackers can send malicious requests to /h/rest to read arbitrary files under WebRoot. Goby completed PoC reproduction.
Link: gobies.org
25 Dec 2025
Zimbra patches a high-severity LFI (CVE-2025-68645) allowing unauthenticated file access and a Flickr Zimlet credential leak. Upgrade to v10.1.13!
#Zimbra #ZCS #CyberSecurity #LFI #Infosec #Vulnerability #PatchNow #CVE202568645
securityonline.info/zimbra-u…
1
385
29 Dec 2025
🚨CCVE-2025-14847: Critical Unauthenticated MongoDB Vulnerability Exposes Sensitive Information, With Over 1.3 Million Publicly Exposed Assets — Goby Now Supports Fingerprint Detection and Vulnerability Validation.
link:gobies.org
⚠️⚠️ CVE-2025-14847: Critical Unauthenticated MongoDB Flaw Leaks Sensitive
🔥PoC: github.com/joe-desimone/mong…
🔗FOFA Link: en.fofa.info/result?qbase64=…
🎯1.2m Results are found on the en.fofa.info nearly year.
FOFA Query: app="MongoDB"
#OSINT #FOFA #CyberSecurity #vulnerability
133
5 Dec 2025
🚨CVE-2025-55182:It has been confirmed that Dify is among the most severely affected, with an estimated vulnerability rate of over 30%. Goby now supports echo EXP detection for this vulnerability.
link:gobies.org
⚠️⚠️ CVE-2025-55182(CVSS 10.0) && CVE-2025-66478(CVSS 10.0) : Catastrophic React Flaw allows Unauthenticated RCE on Next.js and React Server Components.
🔥PoC: github.com/ejpir/CVE-2025-55…
github.com/BankkRoll/Quickch…
🔗FOFA Link: en.fofa.info/result?qbase64=…
🎯8.7M Results are found on the en.fofa.info nearly year.
FOFA Query: app="NEXT.JS" || app="React.js"
🔖Refer: securityonline.info/catastro…
#OSINT #FOFA #CyberSecurity #Vulnerability
411
2 Dec 2025
Tired of manually setting up an FTP server? Goby’s EXP (Exploit) capabilities have been upgraded! Starting from the practical combat of CVE-2024-56145, nail the service-dependent vulnerability and achieve getshell in one step👋
github.com/gobysec/Research/…
1
248
25 Nov 2025
🚨CVE-2025-61757:ACritical vulnerability in Oracle Identity Manager allows unauthenticated RCE. Oracle patched it 30 days ago; in-the-wild exploitation detected. Fix promptly—Goby offers one-click practical verification & exploitation.
gobies.org
22 Nov 2025
GitHub - Jinxia62/Oracle-Identity-Manager-CVE-2025-61757: Oracle Identity Manager 远程代码执行漏洞CVE-2025-61757 github.com/Jinxia62/Oracle-I…
211
19 Nov 2025
Focus on CVE-2025-61882's practical pain points! Goby EXP adds custom paths independent service instances to easily crack path strict verification vulnerabilities, maximizing penetration efficiency~ Click the link for full technical details👇
github.com/gobysec/Research/…
182
17 Nov 2025
🚨CVE-2025-64446: Attackers can bypass authentication by traversing paths, creating administrator accounts to bypass control systems. Goby now supports one-click deployment of exploits. link:📷gobies.org
14 Nov 2025
🚨CVE-2025-64446: Fortinet FortiWeb Path Traversal Vulnerability has been added to the CISA KEV Catalog.
darkwebinformer.com/cisa-kev…
PoC: github.com/fevar54/CVE-2025-…
PoC: github.com/sxyrxyy/CVE-2025-…
267
24 Sep 2025
🚨CVE-2025-41243: CVE-2025-41243: An attacker can modify configuration properties by accessing the @systemProperties bean registered in the system. Successfully bypassing this restriction allows the attacker to access sensitive information.
Goby supports one-click exploitation.
22 Sep 2025
PoC Released for CVE-2025-41243 - A Spring Cloud Gateway Flaw with CVSS 10.0 securityonline.info/poc-rele…
2
557
1 Jul 2025
🚨CVE-2025-49493 : a critical XXE in Akamai CloudTest, affecting multiple legacy SOAP endpoints. Full file read via XML payloads.
Goby already supports one-click vulnerability exploitation.👇
link:🔗gobies.org
Even mature products hide critical flaws – and @XBOW just found another one.
CVE-2025-49493: XXE in Akamai CloudTest discovered during our climb to #1 on HackerOne.
A complete technical breakdown from an error-based detection to a full exfiltration by @djurado9
xbow.com/blog/xbow-akamai-cl…
1
529
27 Apr 2025
🚨CVE-2025-32432 : Commvault File Upload Vulnerability. Goby has completed command execution and rebound shell reproduction.
Use the effect as shown in the demonstration.👇
🔗Download Link: gobies.org
24 Apr 2025
🔥 Critical Exploit Alert!
A 9.0 CVSS flaw in Commvault Command Center lets hackers run code without logging in.
🎯 Targets versions 11.38.0–11.38.19
💥 Pre-auth SSRF → Remote Code Execution
Learn more about CVE-2025-34028 here: thehackernews.com/2025/04/cr…
523
27 Apr 2025
🚨CVE-2025-32432 : Craft CMS /index.php Code Execution Vulnerability. Goby has completed the command execution EXP reproduction, demonstrating the effect:verification exploits .👇
Download Link:🔗gobies.org
26 Apr 2025
I'm back! 🤘 Just reproduced CVE-2025-32432 and submitted a Metasploit module for it. This one targets Craft CMS RCE in versions 3.x, 4.x, and 5.x < 5.6.17. Check out the PR! 🚀
🔗 github.com/rapid7/metasploit…
1
416
25 Apr 2025
🚨CVE-2025-32433 LErlang/OTP SSH Server Code Execution Vulnerability.When the SSH daemon runs with root privileges, attackers can gain full control of the device. This vulnerability affects all SSH servers based on the Erlang/OTP SSH library.
Goby Realize the Exploits of RCE:
24 Apr 2025
Cisco confirms: ConfD, NSO, Smart PHY & more hit by CVE-2025-32433. No RCE risk yet, but PoC exploit is out.
Erlang-based systems across network & industrial gear now under the spotlight.
Details: thehackernews.com/2025/04/cr…
1
277
9 Apr 2025
🚨CVE-2025-3248 Langflow /api/v1/validate/code Code Execution Vulnerability.
Security vulnerabilities in large AI models:Goby already supports one-click verification exploits
👉gobies.org:
9 Apr 2025
#CVE-2025-3248 #DeepSeek
在复现LangFlow 的代码执行漏洞,直接把出现漏洞的代码丢给DeepSeek,它成功构造出了漏洞利用代码,甚至还能帮你构造一个回显的POC。👍👍
github.com/langflow-ai/langf…
2
327
12 Mar 2025
🚨CVE-2025-24813 :Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks.
Gogby has been reproduced with one-click exploitatioink: Goby download link>gobies.org
⚠️⚠️ CVE-2025-24813 Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks: Update Immediately
🎯6.5M Results are found on the en.fofa.info nearly year.
🔗FOFA Link: en.fofa.info/result?qbase64=…
FOFA Query:app="APACHE-Tomcat"
🔖Refer:securityonline.info/cve-2025…
#OSINT #FOFA #CyberSecurity #Vulnerability
4
228
3 Mar 2025
🚨 Ollama /api/tags Unauthorized Access Vulnerability POC/EXP:Goby has been reproduced with one-click exploitatioin>gobies.org
7 Feb 2025
New: Exposed #Ollama APIs, impacting AI model owners & cloud costs. Over 7,000 IPs are affected, with #DeepSeek models widely used. The highest concentrations? China, the US & Germany.
Read: hackread.com/exposed-ollama-…
#CyberSecurity #AI #Vulnerability
4
259
25 Dec 2024
🚨CVE-2024-9047 WordPress File Upload Pluginwfu_file_downloader.php Arbitrary File Read Vulnerability
Goby AI 2.0 can generate PoC/EXP code intelligently based on vulnerability details. For more information:
👉github.com/gobysec/Goby-AI
👉Goby download link>gobies.org
2
4
778