cookiecutter-poc

A cookiecutter template for rapid Proof-of-Concepts in web security research and exploit development.

Focus on hacking, not boilerplate code.

Contents:

• Installation
  • Prerequisites
  • Quick Install
  • From Local Template
  • Template Prompts
  • Generated Project Structure
  • Run Your Project
  • Next Steps
• Quick Start
  • Prerequisites
  • Create a New POC Project
  • Run Your First Command
  • Your First Exploit
  • Run Your Exploit
  • Common Patterns
  • Next Steps
• HTTP Server & Callbacks
  • Quick Start
  • How It Works
  • Sending Data
  • Retrieving Data
  • Payload Directory
  • Server Logs
  • Event Schema
  • Tips
• Payloads
  • Directory Structure
  • Access via HTTP Server
  • Included Payloads
  • Common Use Cases
• Examples
  • Colored Output
  • Cookie Handling
  • XSS Payloads
  • XXE Exploitation
  • Reverse Shells
  • Shell Catcher
  • File Upload
  • Batch Requests
  • Apache Hooks
  • Network Utilities
  • Encoding Utilities
  • HTML Parsing
  • Timing Attacks
  • Zip Utilities
• Workflows
  • XSS Cookie Stealer
  • RCE to Interactive Shell
  • File Upload to RCE
  • XXE Data Exfiltration
  • Blind SQL Injection
  • SSRF to Internal Access
  • Credential Stuffing
  • Complete Exploitation Workflow
• API Reference
  • Utilities
  • Servers
  • Overview

Features

• Quick POC Creation - Generate new projects in seconds

• Built-in Utilities - Common exploit patterns

• HTTP Callback Server - Event queue, automatic data capture, payload serving

• Reverse Shell Management - Generate and catch shells directly in Python

• XSS & XXE Helpers - Pre-built payload generators

Quick Start

Generate a new POC project:

uvx cookiecutter https://github.com/kwkeefer/cookiecutter-poc

Inside your generated project:

cd your_project
uv run your_project --help       # Run the POC CLI
uv run your_project --server     # Start HTTP callback server

Philosophy

This template follows the KISS Principle (Keep It Simple, Stupid):

• Quick POC creation over robustness

• Minimal dependencies over feature-richness

• Clear, direct code over abstractions

• Working exploits over perfect code

Indices and tables

• Index

• Module Index

• Search Page