mr-xn/penetration_testing_poc

This repository is a curated archive of proof-of-concept code, scripts, and exploit demonstrations gathered by security researcher Mr-xn. The collection covers a wide range of known software and hardware vulnerabilities, organized by category: IoT devices and routers, web applications, privilege escalation techniques, PC software, and a general-purpose tools section. Everything is intended as reference material for security research and penetration testing. The IoT section is the largest part of the collection. It catalogs vulnerabilities in consumer routers from brands like D-Link, TP-Link, Hikvision, and Huawei, as well as mobile platforms including iOS and Android. Each entry typically links to a write-up, a proof-of-concept script, or an existing exploit database entry, often with the relevant CVE number noted alongside. The web application section covers vulnerabilities in content management systems, authentication bypass techniques, cross-site request forgery issues, and remote code execution flaws. The tools section adds small utility scripts for tasks like batch scanning or credential testing. There is also a section of saved articles and PDF write-ups that explain how specific vulnerabilities were found and reproduced. The README itself is written primarily in Chinese, with CVE identifiers and tool names in English. The repository does not include a unified install process or a single codebase to run. Instead, each entry points outward to a separate tool or write-up, making this a curated index rather than a standalone project. The author notes that all tools should be run in a virtual environment, since some third-party entries may contain unexpected behavior. As of the last commit, the collection spans devices and software dating from roughly 2017 through 2025. The full README is longer than what was shown.