CVE-2025-8671

This repository contains a functional Python-based tool for testing HTTP/2 DDoS vulnerabilities, specifically targeting CVE-2023-44487 (Rapid Reset) and CVE-2025-8671 (MadeYouReset). The tool includes interactive and CLI modes, supports multiple targets, and exports results in JSON/CSV formats.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and executable scripts.

This repository contains a functional Python-based PoC for CVE-2025-8671, which targets HTTP/2 implementations by sending malformed frames to trigger potential DoS conditions. The script tests multiple attack vectors, including invalid WINDOW_UPDATE, DATA after END_STREAM, and malformed HEADERS/PRIORITY frames, while logging server responses.

The repository contains a Python-based scanner for CVE-2025-8671, which exploits HTTP/2 stream accounting vulnerabilities by forcing RST_STREAM frames while backend processing continues. It includes statistical analysis for detecting anomalies but does not contain functional exploit code for achieving RCE or other offensive outcomes.

This repository contains a functional PoC for CVE-2025-8671, a DoS vulnerability in lighttpd's HTTP/2 implementation. The script checks for vulnerable versions and can trigger a DoS by sending malformed HTTP/2 streams.