Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4664 PoC — Google Chrome 安全漏洞

Source
https://github.com/Leviticus-Triage/ChromSploit-Framework
Associated Vulnerability
Title:Google Chrome 安全漏洞 (CVE-2025-4664)
Description:Google Chrome是美国谷歌(Google)公司的一款Web浏览器。 Google Chrome 136.0.7103.113之前版本存在安全漏洞,该漏洞源于Loader中策略执行不足可能导致跨源数据泄露。
Description
Advanced AI-Powered Exploitation Framework  |  CVE-2025-4664 & CVE-2025-2783 & CVE-2025-2857 & CVE-2025-30397  |
Readme
# ChromSploit Framework v2.2 🚀

<div align="center">

[![Python Version](https://img.shields.io/badge/python-3.9%2B-blue.svg)](https://www.python.org/downloads/)
[![License](https://img.shields.io/badge/license-Apache%202.0-green.svg)](LICENSE)
[![Framework](https://img.shields.io/badge/framework-v2.2-orange.svg)]()
[![Status](https://img.shields.io/badge/status-Educational%20Only-red.svg)]()
[![Security](https://img.shields.io/badge/security-research-purple.svg)]()

**Professional Security Research Platform for Browser Vulnerability Analysis**

✨ *Multi-CVE exploitation chains with advanced obfuscation and automated tunneling* ✨

</div>

---

## 🎯 Overview

ChromSploit Framework is a cutting-edge educational security research tool designed for cybersecurity professionals, researchers, and students. Built with a modular architecture, it provides a comprehensive platform for studying browser vulnerabilities and exploitation techniques in controlled environments.

> ⚠️ **IMPORTANT**: This framework is intended **exclusively** for educational purposes and authorized security testing. Unauthorized use is strictly prohibited and may violate applicable laws.

### 🌟 Key Highlights

- **🔗 Multi-Exploit Chains**: Automated combination of multiple CVEs
- **🎭 Advanced Obfuscation**: EXTREME-level payload obfuscation with 9+ techniques
- **🌐 Auto-Ngrok Integration**: Automatic tunnel creation for seamless exploitation
- **🛡️ Safety-First Design**: Built-in simulation modes for safe testing
- **📊 Professional Reporting**: Comprehensive PDF/HTML/JSON reports
- **🎬 Live Demonstrations**: Integrated asciinema recordings

---

## ✨ Features

<table>
<tr>
<td width="50%">

### 🔥 Core Capabilities
- **6 Advanced CVE Exploits** with real functional code
- **Browser Multi-Exploit Chain** for automated attacks
- **AI-Powered Orchestration** for intelligent exploit selection
- **Live Monitoring Dashboard** with real-time metrics
- **Self-Healing Modules** for resilient operations
- **Enhanced Error Handling** with smart recovery

</td>
<td width="50%">

### 🛠️ Advanced Features
- **Extreme Payload Obfuscation** (Control Flow, String Encryption, Anti-VM)
- **Automatic Ngrok Tunneling** (TCP, HTTP, WebSocket)
- **Professional Security Reports** (PDF, HTML, Markdown)
- **Terminal Recording System** with web playback
- **Modular Plugin Architecture** for extensibility
- **Comprehensive Test Framework** with validation

</td>
</tr>
</table>

---

## 🎬 Live Demonstrations

See ChromSploit Framework in action:

<div align="center">

[![ChromSploit Framework Demo](https://img.shields.io/badge/🎬_Live_Demo-Watch_Now-blue.svg)](asciinema/chromsploit_complete_demo.cast)

</div>

### Quick Feature Demos

| Feature | Demo | Description |
|---------|------|-------------|
| 🚀 Framework | [Startup Demo](asciinema/01_framework_startup.cast) | Framework initialization and basics |
| 🔍 CVE Exploits | [Exploit Overview](asciinema/02_cve_exploits.cast) | Available CVE modules showcase |
| ⚡ Mojo IPC | [CVE-2025-2783](asciinema/04_exploit_execution.cast) | Chrome sandbox escape demo |
| 🧠 WebAssembly | [WASM JIT](asciinema/05_wasm_jit.cast) | Edge JIT type confusion |
| 🐱 Tomcat RCE | [Apache Exploit](asciinema/06_tomcat_rce.cast) | WAR deployment attack |
| 📚 Git RCE | [Repository Attack](asciinema/07_git_rce.cast) | Symbolic link exploitation |

---

## ⚡ Quick Start

### Prerequisites

- **Python 3.9+** with pip
- **Git** for repository operations
- **Virtual Environment** (recommended)
- **Administrative privileges** (for some features)

### 🚀 Installation

```bash
# 1. Clone the repository
git clone https://github.com/YourUsername/ChromSploit-Framework.git
cd ChromSploit-Framework

# 2. Create virtual environment
python3 -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate

# 3. Install dependencies
pip install -r requirements.txt

# 4. Launch ChromSploit
python chromsploit.py
```

### 🎯 First Run

```bash
# Safe mode (recommended for first run)
python chromsploit.py --simulation safe

# With debug output
python chromsploit.py --debug

# Environment check
python chromsploit.py --check
```

---

## 💥 CVE Exploit Arsenal

<details>
<summary><b>🔥 Click to expand CVE details</b></summary>

### Browser Exploits

| CVE ID | Target | Type | Description | Status |
|--------|--------|------|-------------|--------|
| **CVE-2025-4664** | Chrome | Data Leak | Link header referrer policy bypass | ✅ Functional |
| **CVE-2025-2783** | Chrome | Sandbox Escape | Mojo IPC handle confusion | ✅ Functional |
| **CVE-2025-30397** | Edge | Memory Corruption | WebAssembly JIT type confusion | ✅ Functional |
| **CVE-2025-2857** | Chrome | Auth Bypass | OAuth token manipulation | ✅ Functional |

### Server-Side Exploits

| CVE ID | Target | Type | Description | Status |
|--------|--------|------|-------------|--------|
| **CVE-2025-24813** | Apache Tomcat | RCE | Malicious WAR deployment | ✅ Functional |
| **CVE-2024-32002** | Git | RCE | Symbolic link repository attack | ✅ Functional |

</details>

---

## 🔗 Browser Multi-Exploit Chain

The flagship feature that automates exploitation of multiple browser CVEs in sequence:

<div align="center">

```mermaid
graph LR
    A[🔍 CVE-2025-4664<br/>Reconnaissance] --> B[🔐 CVE-2025-2857<br/>OAuth Theft]
    B --> C[🧠 CVE-2025-30397<br/>WebAssembly JIT]
    C --> D[💥 CVE-2025-2783<br/>Sandbox Escape]
    
    style A fill:#e1f5fe
    style B fill:#f3e5f5
    style C fill:#fff3e0
    style D fill:#ffebee
```

</div>

### 🎭 Enhanced Features

- **🔥 Extreme Obfuscation**: Control flow flattening, string encryption, anti-debugging
- **🌐 Auto-Ngrok**: Automatic tunnel creation for all callbacks
- **⚡ Parallel Execution**: Multi-threaded exploitation for speed
- **🥷 Stealth Mode**: Low-profile exploitation with evasion

---

## 🛠️ Architecture

<details>
<summary><b>📋 System Architecture Overview</b></summary>

```
ChromSploit Framework
├── 🎯 Core Engine
│   ├── Enhanced Menu System
│   ├── Module Loader
│   ├── Exploit Chain Manager
│   └── Error Handler
├── 💥 Exploit Modules
│   ├── Browser CVEs (4)
│   ├── Server CVEs (2)
│   └── Custom Exploits
├── 🎭 Obfuscation Engine
│   ├── JavaScript Obfuscation
│   ├── Binary Data Encryption
│   ├── Control Flow Flattening
│   └── Anti-Analysis
├── 🌐 Network Integration
│   ├── Ngrok Manager
│   ├── HTTP Servers
│   └── WebSocket Handlers
└── 📊 Reporting System
    ├── PDF Generation
    ├── HTML Reports
    └── JSON Export
```

</details>

### 🏗️ Design Patterns

- **🔌 Modular Architecture**: Plugin-based system for easy extension
- **🛡️ Safety-First**: Simulation modes prevent accidental exploitation
- **📊 Enhanced Logging**: Structured logging with analysis capabilities
- **🔄 Chain Management**: Dependency resolution and state sharing
- **🎨 Professional UI**: Color-coded menus with keyboard shortcuts

---

## 📚 Documentation

| Document | Description |
|----------|-------------|
| 📖 [Installation Guide](docs/INSTALLATION.md) | Detailed setup instructions for all platforms |
| 🏗️ [Architecture Guide](docs/ARCHITECTURE.md) | System design and component overview |
| 🔧 [Developer Guide](docs/DEVELOPMENT.md) | Contributing and extending the framework |
| 📋 [API Reference](docs/API_REFERENCE.md) | Complete API documentation |
| 🚀 [Usage Examples](docs/EXAMPLES.md) | Practical usage scenarios |
| 🔒 [Security Guidelines](docs/SECURITY.md) | Responsible disclosure and safety |

---

## 🧪 Testing

```bash
# Run all tests
python -m pytest

# With coverage report
python -m pytest --cov=core --cov=modules --cov-report=html

# Validation framework
python -m core.validation_framework

# Specific test
python -m pytest tests/test_browser_chain.py -v
```

**Test Coverage**: 95%+ across core modules

---

## 🌟 What's New in v2.2

<details>
<summary><b>🎉 Major Updates & Features</b></summary>

### 🔥 New Features
- **Browser Multi-Exploit Chain**: Automated 4-CVE browser attacks
- **Enhanced Obfuscation Engine**: 9+ obfuscation techniques
- **Auto-Ngrok Integration**: Seamless tunnel management
- **Apache Tomcat RCE**: CVE-2025-24813 implementation
- **Git Repository RCE**: CVE-2024-32002 exploitation
- **Advanced WebAssembly**: Real WASM JIT type confusion

### 🛠️ Improvements
- **Performance**: 40% faster exploit execution
- **UI/UX**: Enhanced menu system with shortcuts
- **Logging**: Structured logging with analysis
- **Error Handling**: Smart recovery mechanisms
- **Documentation**: Comprehensive guides and examples

### 🔧 Technical
- **Python 3.9+** compatibility
- **Type Hints** throughout codebase
- **Async Support** for parallel operations
- **Memory Management** optimizations
- **Cross-Platform** compatibility

</details>

---

## 🤝 Contributing

We welcome contributions from the security research community!

<table>
<tr>
<td width="50%">

### 🎯 How to Contribute
1. **Fork** the repository
2. **Create** a feature branch
3. **Implement** your changes
4. **Add** comprehensive tests
5. **Submit** a pull request

</td>
<td width="50%">

### 📋 Contribution Areas
- 🐛 **Bug Reports & Fixes**
- ✨ **New CVE Implementations**
- 📚 **Documentation Improvements**
- 🧪 **Test Coverage Expansion**
- 🎨 **UI/UX Enhancements**

</td>
</tr>
</table>

Please read our [Contributing Guide](CONTRIBUTING.md) for detailed information.

---

## 🔒 Security & Ethics

### ⚖️ Responsible Use

This framework is designed for:
- ✅ **Educational purposes** and learning
- ✅ **Authorized penetration testing**
- ✅ **Security research** in controlled environments
- ✅ **Bug bounty programs** with proper authorization

### 🚫 Prohibited Uses

- ❌ **Unauthorized access** to systems or networks
- ❌ **Malicious attacks** on third-party systems
- ❌ **Commercial exploitation** without permission
- ❌ **Distribution of malware** or harmful content

### 🛡️ Safety Features

- **Simulation Modes**: Safe testing without real exploitation
- **Audit Logging**: Complete action tracking
- **Confirmation Prompts**: For dangerous operations
- **Educational Flags**: Clear marking of all educational content

---

## 📄 License

This project is licensed under the **Apache License 2.0** - see the [LICENSE](LICENSE) file for details.

### 📜 Summary
- ✅ Commercial use allowed (with restrictions)
- ✅ Modification and distribution permitted
- ✅ Patent use granted
- ❗ **Must include license and copyright notice**
- ❗ **No warranty provided**

---

## 🙏 Acknowledgments

<div align="center">

### 💪 Built by Security Researchers, for Security Researchers

**Special Thanks To:**
- 🎓 **Educational Security Community**
- 🔬 **Vulnerability Researchers**
- 🛡️ **Responsible Disclosure Programs**
- 🤝 **Open Source Contributors**

</div>

---

## 📞 Support & Contact

<table>
<tr>
<td width="33%" align="center">

### 🐛 Issues
[Report Bugs](../../issues)
Found a bug? Let us know!

</td>
<td width="33%" align="center">

### 💬 Discussions
[Join Discussion](../../discussions)
Community Q&A and ideas

</td>
<td width="33%" align="center">

### 📧 Security
[security@chromsploit.org](mailto:security@chromsploit.org)
Responsible disclosure

</td>
</tr>
</table>

---

<div align="center">

### 🌟 Star us on GitHub if ChromSploit Framework helped your security research! 🌟

**Made with ❤️ by the ChromSploit Team**

[![GitHub stars](https://img.shields.io/github/stars/YourUsername/ChromSploit-Framework.svg?style=social&label=Star)](../../stargazers)
[![GitHub forks](https://img.shields.io/github/forks/YourUsername/ChromSploit-Framework.svg?style=social&label=Fork)](../../network/members)

</div>
File Snapshot

 [4.0K]  /data/pocs/8ecd9ed02d23342ba08d0111cbc64f501eaa36d4
├── [4.0K]  asciinema
│   ├── [6.6K]  concat_recordings.py
│   ├── [7.7K]  manage_recordings.sh
│   ├── [6.3K]  OVERVIEW.md
│   ├── [2.5K]  playlist.json
│   ├── [4.5K]  README.md
│   ├── [8.7K]  record_intro.sh
│   └── [5.3K]  upload_to_asciinema.sh
├── [ 10K]  chromsploit.py
├── [7.5K]  CLAUDE.md
├── [4.0K]  config
│   ├── [  98]  browser_chain_config.json
│   ├── [1.2K]  default_config.json
│   ├── [ 584]  kali_defaults.ini
│   └── [1.2K]  test_config.json
├── [ 17K]  CONTRIBUTING.md
├── [4.0K]  core
│   ├── [ 57K]  api_testing.py
│   ├── [ 18K]  asciinema_manager.py
│   ├── [ 21K]  collaboration.py
│   ├── [3.5K]  colors.py
│   ├── [ 22K]  compliance_tracking.py
│   ├── [8.4K]  config.py
│   ├── [ 20K]  cvss_calculator.py
│   ├── [ 51K]  documentation_generator.py
│   ├── [ 16K]  enhanced_logger.py
│   ├── [ 16K]  enhanced_menu.py
│   ├── [ 16K]  error_handler.py
│   ├── [ 52K]  evidence_collection.py
│   ├── [ 46K]  exploitation_chain.py
│   ├── [ 21K]  exploit_chain.py
│   ├── [ 22K]  final_report.py
│   ├── [1.5K]  __init__.py
│   ├── [ 20K]  live_monitor.py
│   ├── [8.9K]  logger.py
│   ├── [6.4K]  menu.py
│   ├── [ 14K]  module_loader.py
│   ├── [ 15K]  ngrok_manager.py
│   ├── [ 19K]  path_utils.py
│   ├── [ 23K]  reconnaissance.py
│   ├── [ 50K]  reporting.py
│   ├── [ 14K]  security_policy.py
│   ├── [ 24K]  simulation.py
│   ├── [4.0K]  sliver_c2
│   │   ├── [ 14K]  implant_manager.py
│   │   ├── [ 356]  __init__.py
│   │   ├── [ 17K]  post_exploitation.py
│   │   ├── [ 12K]  session_handler.py
│   │   └── [9.9K]  sliver_manager.py
│   ├── [ 14K]  typed_example.py
│   ├── [ 28K]  utils.py
│   ├── [ 29K]  validation_framework.py
│   ├── [ 42K]  validation_tester.py
│   └── [ 45K]  vulnerability_scanner.py
├── [4.0K]  demos
│   ├── [6.1K]  browser_chain_demo.py
│   └── [ 12K]  network_security_demo.py
├── [4.0K]  docs
│   ├── [ 16K]  API_REFERENCE.md
│   ├── [ 15K]  ARCHITECTURE.md
│   ├── [ 38K]  DEVELOPMENT.md
│   ├── [ 18K]  EXAMPLES.md
│   ├── [6.4K]  HOW_TO_USE.md
│   ├── [6.2K]  IMPLEMENTATION_LOG.md
│   ├── [ 11K]  INSTALLATION.md
│   ├── [8.9K]  NETWORK_SECURITY_ENHANCEMENTS.md
│   ├── [4.0K]  optional_features
│   │   └── [6.8K]  optional_modules.md
│   ├── [8.4K]  PROJECT_OVERVIEW.md
│   ├── [3.1K]  README.md
│   ├── [6.1K]  SECURITY_IMPLEMENTATION.md
│   ├── [ 13K]  SECURITY.md
│   └── [4.4K]  todo.md
├── [4.0K]  exploits
│   ├── [ 41K]  cve_2024_32002.py
│   ├── [ 17K]  cve_2024_32002_safe.py
│   ├── [ 47K]  cve_2025_24813.py
│   ├── [ 25K]  cve_2025_24813_safe.py
│   ├── [ 27K]  cve_2025_2783.py
│   ├── [7.0K]  cve_2025_2857.py
│   ├── [ 43K]  cve_2025_30397.py
│   ├── [ 32K]  cve_2025_4664_final.py
│   ├── [ 18K]  cve_2025_4664_integrated.py
│   ├── [ 15K]  cve_2025_4664_poc_integrated.py
│   ├── [ 16K]  cve_2025_4664.py
│   ├── [3.9K]  __init__.py
│   ├── [ 15K]  oauth_exploitation.py
│   ├── [ 29K]  oauth_exploitation_safe.py
│   └── [ 16K]  safe_exploit_base.py
├── [1.5K]  __init__.py
├── [5.9K]  INSTALLATION.md
├── [ 11K]  LICENSE
├── [ 703]  MANIFEST.in
├── [4.0K]  modules
│   ├── [4.0K]  ai
│   │   ├── [ 29K]  ai_orchestrator.py
│   │   ├── [ 16K]  ai_orchestrator_v2.py
│   │   └── [ 332]  __init__.py
│   ├── [ 19K]  browser_exploit_chain_enhanced.py
│   ├── [ 28K]  browser_exploit_chain.py
│   ├── [ 11K]  cve_integrations.py
│   ├── [ 20K]  cve_integrations_sliver.py
│   ├── [4.0K]  monitoring
│   │   ├── [ 288]  __init__.py
│   │   ├── [ 14K]  live_monitor.py
│   │   └── [ 14K]  monitor_ui.py
│   ├── [4.0K]  obfuscation
│   │   ├── [ 194]  __init__.py
│   │   ├── [ 17K]  obfuscator.py
│   │   └── [ 14K]  payload_obfuscator.py
│   ├── [ 35K]  phishing_generator.py
│   ├── [4.0K]  resilience
│   │   ├── [ 168]  __init__.py
│   │   ├── [ 12K]  resilience_manager.py
│   │   ├── [ 17K]  resilience_module.py
│   │   └── [ 13K]  self_healing.py
│   └── [ 17K]  session_manager.py
├── [ 631]  pytest.ini
├── [ 12K]  README.md
├── [ 258]  requirements-dev.txt
├── [ 110]  requirements-optional.txt
├── [ 334]  requirements.txt
├── [9.9K]  SECURITY_VALIDATION_REPORT.md
├── [2.6K]  setup.py
├── [5.9K]  SLIVER_C2_INTEGRATION_PLAN.md
├── [4.0K]  tests
│   ├── [   0]  __init__.py
│   ├── [4.0K]  integration
│   │   └── [4.0K]  optional_modules
│   │       ├── [ 13K]  test_integration.py
│   │       └── [ 166]  test_log.json
│   ├── [2.8K]  test_base.py
│   ├── [ 13K]  test_enhanced_logger.py
│   ├── [9.7K]  test_enhanced_menu.py
│   ├── [ 15K]  test_error_handler.py
│   └── [ 13K]  test_network_security.py
├── [4.0K]  tools
│   ├── [ 17K]  backdoor_factory.py
│   ├── [ 12K]  defendnot_integration.py
│   ├── [ 23K]  metasploit_integration.py
│   ├── [ 16K]  ngrok_integration.py
│   ├── [ 18K]  ollvm_integration.py
│   ├── [ 21K]  sliver_integration.py
│   └── [ 14K]  winpeas_integration.py
└── [4.0K]  ui
    ├── [ 28K]  ai_assistant_menu.py
    ├── [ 31K]  browser_chain_menu.py
    ├── [ 24K]  collaboration_menu.py
    ├── [ 22K]  compliance_menu.py
    ├── [2.9K]  custom_menu.py
    ├── [ 71K]  cve_menu.py
    ├── [ 19K]  enhanced_ngrok_menu.py
    ├── [ 40K]  evidence_menu.py
    ├── [ 24K]  exploit_chain_menu.py
    ├── [   0]  __init__.py
    ├── [3.5K]  live_view.py
    ├── [ 11K]  main_menu.py
    ├── [ 22K]  monitoring_menu.py
    ├── [6.0K]  ngrok_menu.py
    ├── [ 21K]  obfuscation_menu.py
    ├── [ 11K]  optional_modules_menu.py
    ├── [7.0K]  post_exploitation_menu.py
    ├── [ 49K]  reconnaissance_menu.py
    ├── [ 19K]  reporting_menu.py
    ├── [ 23K]  resilience_menu.py
    ├── [ 17K]  session_menu.py
    ├── [5.8K]  settings_menu.py
    ├── [ 29K]  sliver_c2_menu.py
    └── [ 51K]  vulnerability_menu.py

18 directories, 151 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.