exploitation


Home / Tools / exploitation

Packages that takes advantages of exploits in other programs or services.

Tool count: 328

Name Version Description Category Website
aclpwn 4.81480cc Active Directory ACL exploitation with BloodHound. exploitation
adape-script 43.4d0b9ff Active Directory Assessment and Privilege Escalation Script. windows exploitation
adenum 36.fbbe14d A pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos. exploitation scanner
agafi 1:1.1 A gadget finder and a ROP-Chainer tool for x86 platforms. windows exploitation
aggroargs 51.c032446 Bruteforce commandline buffer overflows, linux, aggressive arguments. exploitation fuzzer
albatar 34.4e63f22 A SQLi exploitation framework in Python. webapp exploitation
angrop 359.72382fc A rop gadget finder and chain builder. exploitation
armitage 4:150813 A graphical cyber attack management tool for Metasploit. exploitation automation
armor 5.bae27a6 A simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. exploitation crypto
armscgen 98.c51b7d6 ARM Shellcode Generator (Mostly Thumb Mode). exploitation automation
arpoison 0.7 The UNIX arp cache update utility exploitation spoof
atscan 2455.5f774e9 Server, Site and Dork Scanner. scanner webapp fuzzer exploitation automation
autosploit 281.9a6a5ef Automate the exploitation of remote hosts. exploitation automation
aws-iam-privesc 11.2983efd AWS IAM policy scanner that helps determine where privilege escalation can be achieved. scanner recon exploitation automation
backoori 55.988e507 Tool aided persistence via Windows URI schemes abuse. exploitation
bad-pdf 61.a8149ee Steal NTLM Hashes with Bad-PDF. exploitation
barq 35.6f1a68c An AWS Cloud Post Exploitation framework. exploitation backdoor automation recon
bbqsql 261.b9859d2 SQL injection exploit tool. webapp exploitation
bed 0.5 Collection of scripts to test for buffer overflows, format string vulnerabilities. exploitation
beef 1:4323.91314013 The Browser Exploitation Framework that focuses on the web browser exploitation
bettercap 2.32.0 A complete, modular, portable and easily extensible MITM framework. sniffer exploitation networking
bfbtester 2.0.1 Performs checks of single and multiple argument command line overflows and environment variable overflows exploitation
binex 1.0 Format String exploit building tool. exploitation automation
bitdump 34.6a5cbd8 A tool to extract database data from a blind SQL injection vulnerability. exploitation webapp
blind-sql-bitshifting 54.5bbc183 A blind SQL injection module that uses bitshfting to calculate characters. exploitation
blisqy 20.e9995fc Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). webapp exploitation
bloodyad 183.aa9a5a8 An Active Directory Privilege Escalation Framework. exploitation windows
bluffy 47.180ed5b Convert shellcode into different formats. exploitation
botb 69.6d33aae A container analysis and exploitation tool for pentesters and engineers. exploitation scanner
bowcaster 230.17d69c1 A framework intended to aid those developing exploits. exploitation
brakeman 1:v6.1.2.1.r0.g675568472 A static analysis security vulnerability scanner for Ruby on Rails applications code-audit exploitation scanner
brosec 278.c51164f An interactive reference tool to help security professionals utilize useful payloads and commands. exploitation
bsqlinjector 13.027184f Blind SQL injection exploitation tool written in ruby. webapp exploitation
camover 92.478c4f3 A camera exploitation tool that allows to disclosure network camera admin password. exploitation
certipy 4.8.2.r0.g2780d53 Active Directory Certificate Services enumeration and abuse. windows exploitation
certsync 0.1.4 Dump NTDS remotely without DRSUAPI: using golden certificate and UnPAC the hash. exploitation windows
chankro 21.7b6e844 Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). webapp exploitation
chiron 48.524abe1 An all-in-one IPv6 Penetration Testing Framework. scanner networking exploitation proxy
chw00t 39.1fd1016 Unices chroot breaking tool. exploitation
cisco-global-exploiter 1.3 A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products. exploitation
cisco-snmp-enumeration 10.ad06f57 Automated Cisco SNMP Enumeration, Brute Force, Configuration Download and Password Cracking. automation networking exploitation cracker
cisco-snmp-slap 5.daf0589 IP address spoofing tool in order to bypass an ACL protecting an SNMP service on Cisco IOS devices. spoof networking exploitation
cisco-torch 0.4b Cisco Torch mass scanning, fingerprinting, and exploitation tool. exploitation fingerprint scanner
cmseek 382.20f9780 CMS (Content Management Systems) Detection and Exploitation suite. webapp fingerprint exploitation
cmsmap 1:8.59dd0e2 A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. scanner automation webapp exploitation
coercer 1.6 Coerce a Windows server to authenticate on an arbitrary machine through 9 methods. exploitation networking windows
commix 2084.7f06107d Automated All-in-One OS Command Injection and Exploitation Tool. webapp automation exploitation
crabstick 47.bb7827f Automatic remote/local file inclusion vulnerability analysis and exploit tool. webapp exploitation
crackmapexec 3:v6.0.1.r198.gda472cb A swiss army knife for pentesting Windows/Active Directory environments. scanner exploitation
crackql 1.0.r53.gac26a44 GraphQL password brute-force and fuzzing utility webapp exploitation fuzzer
creak 41.a6c011f Poison, reset, spoof, redirect MITM script. networking exploitation sniffer
ctypes-sh 158.b79e401 Allows you to call routines in shared libraries from within bash. reversing exploitation
cve-search v5.0.1.r3.g15b9fe3 A tool to perform local searches for known vulnerabilities. exploitation
cvemap v0.0.6.r20.g78f9176 CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases. exploitation
darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors. exploitation webapp
darkmysqli 1.6 Multi-Purpose MySQL Injection Tool exploitation webapp
darkspiritz 1:6.4d23e94 A penetration testing framework for Linux, MacOS, and Windows systems. exploitation automation
deathstar 60.d7bcbfd Automate getting Domain Admin using Empire. automation exploitation
deepce 117.dbace08 Docker Enumeration, Escalation of Privileges and Container Escapes. exploitation
delorean 16.0291151 NTP Main-in-the-Middle tool. exploitation proxy
dkmc 56.3c238f0 Dont kill my cat - Malicious payload evasion tool. exploitation networking
donpapi 1:V1.2.0.r1.g81ee86b Dumping revelant information on compromised targets without AV detection with DPAPI. windows exploitation
dontgo403 1.0.0.r3.g5b69d5d Tool to bypass 40X response codes.. webapp exploitation scanner
donut 501.61af8cc Generates x86, x64 or AMD64+x86 P.I. shellcode loading .NET Assemblies from memory. backdoor exploitation
doona 145.7a4796c A fork of the Bruteforce Exploit Detector Tool (BED). fuzzer exploitation
dotdotpwn 3.0.2 The Transversal Directory Fuzzer exploitation fuzzer
dr-checker 140.ea63c0f A Soundy Vulnerability Detection Tool for Linux Kernel Drivers. exploitation fuzzer
drinkme 19.acf1a14 A shellcode testing harness. exploitation
drupwn 1:59.8186732 Drupal enumeration & exploitation tool. webapp exploitation scanner
ducktoolkit 37.42da733 Encoding Tools for Rubber Ducky. exploitation crypto
dwarf 1082.cdf85f4 Full featured multi arch/os debugger built on top of PyQt5 and frida. binary debugger disassembler exploitation mobile reversing
encodeshellcode 0.1b This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code. exploitation
enteletaor 68.a975b5c Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. exploitation scanner recon
entropy 702.13aac50 A set of tools to exploit Netwave and GoAhead IP Webcams. exploitation
erl-matter 51.a8bb204 Tool to exploit epmd related services such ass rabbitmp, ejabberd and couchdb by bruteforcing the cookie and gaining RCE afterwards. exploitation cracker
eternal-scanner 94.6338172 An internet scanner for exploit CVE-2017-0144 (Eternal Blue). scanner exploitation
evil-winrm 1:v3.5.r0.g7514b05 The ultimate WinRM shell for hacking/pentesting. exploitation backdoor
evilclippy 62.fa610c6 A cross-platform assistant for creating malicious MS Office documents. exploitation windows
exploit-db 1.6 The Exploit Database (EDB) - an ultimate archive of exploits and vulnerable software - A collection of hacks exploitation
exploitdb 20240207 Offensive Security's Exploit Database Archive exploitation
exploitpack 139.e565c47 Exploit Pack - Project. exploitation automation
eyepwn 1.0 Exploit for Eye-Fi Helper directory traversal vulnerability exploitation wireless
faraday 9269.4625bd369 A new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analyze of the generated data during the process of a security audit. scanner exploitation fuzzer fingerprint automation misc
faradaysec 12297.f6abaab02 Collaborative Penetration Test and Vulnerability Management Platform. scanner exploitation fuzzer fingerprint automation misc
fdsploit 26.4522f53 A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. webapp fuzzer exploitation
ffm 127.cff4f90 A hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. exploitation
fimap 2:1.00 A little tool for local and remote file inclusion auditing and exploitation. fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. exploitation fuzzer
firstexecution 6.a275793 A Collection of different ways to execute code outside of the expected entry points. exploitation
firstorder 8.107eb6a A traffic analyzer to evade Empire communication from Anomaly-Based IDS. sniffer automation exploitation
flashsploit 23.c465a6d Exploitation Framework for ATtiny85 Based HID Attacks. exploitation
formatstringexploiter 107.2810293 Helper script for working with format string bugs. exploitation
fortiscan 0.7.r7.gd54faa0 A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool. scanner exploitation
fs-exploit 3.28bb9bb Format string exploit generation. exploitation automation
fs-nyarl 1.0 A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit. scanner networking forensic spoof exploitation sniffer
fuxploider 140.ec8742b Tool that automates the process of detecting and exploiting file upload forms flaws. webapp exploitation
fuzzbunch 32.2b76c22 NSA Exploit framework exploitation
gadgettojscript 20.005cb8b .NET serialized gadgets that can trigger .NET assembly from JS/VBS/VBA based scripts. exploitation windows
gcat 29.39b266c A fully featured backdoor that uses Gmail as a C&C server. malware exploitation
gef 2308.2830670 Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers. debugger exploitation
getsploit 37.bcab2ee Command line utility for searching and downloading exploits. exploitation misc
ghauri 1.3.r1.gf341a8b An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. webapp exploitation
ghostdelivery 32.a23ed5a Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions. exploitation windows
gloom 1:93.cd6e927 Linux Penetration Testing Framework. scanner exploitation recon fuzzer social
google-explorer 140.0b21b57 Google mass exploit robot - Make a google search, and parse the results for a especific exploit you define. automation exploitation
gopherus 33.90a2fd5 Tool generates gopher link for exploiting SSRF and gaining RCE in various servers. webapp exploitation
graphql-path-enum 21.29fa505 Tool that lists the different ways of reaching a given type in a GraphQL schema. webapp exploitation fuzzer
graphqlmap 63.59305d7 Scripting engine to interact with a graphql endpoint for pentesting purposes. webapp exploitation fuzzer
greenbone-security-assistant 9.0.1 Greenbone Security Assistant (gsa) - OpenVAS web frontend scanner fuzzer exploitation
gvmd 8.0.1 Greenbone Vulnerability Manager - The database backend for the Greenbone Vulnerability Management (GVM) framework scanner fuzzer exploitation
hackredis 3.fbae1bc A simple tool to scan and exploit redis servers. exploitation scanner
hakku 384.bbb434d Simple framework that has been made for penetration testing tools. scanner recon webapp exploitation fingerprint
hamster 2.0.0 Tool for HTTP session sidejacking. exploitation
hcraft 1.0.0 HTTP Vuln Request Crafter exploitation
heartleech 116.3ab1d60 Scans for systems vulnerable to the heartbleed bug, and then download them. exploitation scanner
hekatomb 1.5 Extract and decrypt all credentials from all domain computers using DPAPI. windows exploitation
homepwn 31.0803981 Swiss Army Knife for Pentesting of IoT Devices. scanner recon fuzzer exploitation
hqlmap 38.bb6ab46 A tool to exploit HQL Injections. exploitation
htexploit 0.77 A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process exploitation
htshells 2:89.3216523 Self contained web shells and other attacks via .htaccess files. exploitation
http2smugl 36.78abc09 Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -больше HTTP/1.1 conversion. webapp scanner exploitation
inception 454.4df3231 A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. exploitation hardware
inguma 0.1.1 A free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. cracker disassembler exploitation fuzzer scanner
insanity 117.cf51ff3 Generate Payloads and Control Remote Machines . exploitation
irpas 0.10 Internetwork Routing Protocol Attack Suite. exploitation
isf 68.5228865 Industrial Exploitation Framework is an exploitation framework based on Python. exploitation
jaidam 18.15e0fec Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. webapp automation exploitation
jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access. exploitation webapp automation
jexboss 86.338b531 Jboss verify and Exploitation Tool. webapp exploitation
jndi-injection-exploit 10.2dc4018 A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability, like Jackson, Fastjson, etc. exploitation
jsql-injection 0.95 A Java application for automatic SQL database injection. webapp exploitation fuzzer
k55 86.b3c4aa9 Linux x86_64 Process Injection Utility. backdoor exploitation
kadimus 183.ac5f438 LFI Scan & Exploit Tool. webapp exploitation scanner
katana 1.0.0.1 A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
katana-framework 1.0.0.1 A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). exploitation dos cracker scanner recon
kerberoast 1:0.2.0.r9.g82f5bb2 Kerberoast attack -pure python-. exploitation cracker windows
kernelpop 238.b3467d3 Kernel privilege escalation enumeration and exploitation framework. exploitation automation
killcast 30.ee81cfa Manipulate Chromecast Devices in your Network. exploitation automation
killerbee 398.748740d Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks. exploitation wireless
klar 2.4.0 Integration of Clair and Docker Registry. exploitation misc
koadic 1:637.ac46c44 A Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. exploitation automation
kubesploit 86.2de2f12 Cross-platform post-exploitation HTTP/2 Command & Control server. scanner exploitation
kwetza 26.0e50272 Python script to inject existing Android applications with a Meterpreter payload. backdoor exploitation
l0l 322.1319ea7 The Exploit Development Kit. exploitation
leroy-jenkins 3.bdc3965 A python tool that will allow remote execution of commands on a Jenkins server and its nodes. exploitation
lethalhta 2.5602402 Lateral Movement technique using DCOM and HTA. windows exploitation
leviathan 35.a1a1d8c A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. scanner cracker webapp fuzzer exploitation
lfi-autopwn 3.0 A Perl script to try to gain code execution on a remote server via LFI exploitation fuzzer
lfi-exploiter 1.1 This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. webapp exploitation
lfi-fuzzploit 1.1 A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. webapp fuzzer exploitation
lfi-sploiter 1.0 This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. webapp fuzzer exploitation
lfifreak 21.0c6adef A unique automated LFi Exploiter with Bind/Reverse Shells. webapp exploitation
lfisuite 85.470e01f Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. scanner webapp exploitation
libc-database 45.69815cd Database of libc offsets to simplify exploitation. reversing exploitation
liffy 1:33.89dd4f8 A Local File Inclusion Exploitation tool. webapp exploitation fuzzer
limelighter 17.d119dc7 A tool for generating fake code signing certificates or signing real ones. exploitation windows
lisa.py 61.2d1f81a An Exploit Dev Swiss Army Knife. exploitation
locasploit 117.fa48151 Local enumeration and exploitation framework. scanner exploitation
m3-gen 7.7c656cc Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass. This tool intended for adversary simulation and red teaming purpose. exploitation
maligno 2.5 An open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. scanner fuzzer exploitation
mando.me 9.8b34f1a Web Command Injection Tool. webapp exploitation
marshalsec 10.2dc4018 Java Unmarshaller Security - Turning your data into code execution. exploitation
massexpconsole 1:v2.3.5.r1.g530c880 A collection of tools and exploits with a cli ui for mass exploitation. automation exploitation
merlin-server 1.3.0 Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. automation exploitation
metasploit 6.3.60 Advanced open-source platform for developing, testing, and using exploit code exploitation fuzzer scanner recon networking
metasploit-autopwn 12.09320cc db_autopwn plugin of metasploit. automation exploitation
minimysqlator 0.5 A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. exploitation
miranda-upnp 1.3 A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices exploitation scanner
mitmap-old 1:0.1 Shell Script for launching a Fake AP with karma functionality and launches ettercap for packet capture and traffic manipulation. automation exploitation sniffer
mitmf 467.0458300 A Framework for Man-In-The-Middle attacks written in Python. exploitation proxy networking spoof
mitmproxy 10.2.4 SSL-capable man-in-the-middle HTTP proxy proxy exploitation
moonwalk v1.0.0.r18.g68d5be1 Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. exploitation
mosquito 39.fe54831 XSS exploitation tool - access victims through HTTP proxy. exploitation webapp
mrkaplan 1:1.1.1 Help red teamers to stay hidden by clearing evidence of execution. windows exploitation
msfenum 36.6c6b77e A Metasploit auto auxiliary script. automation exploitation
myjwt 195.73c4d58 This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject, etc. exploitation cracker
n1qlmap 2.5365444 An N1QL exploitation tool. exploitation
netexec v1.1.0.r199.g5d777547 A Windows / Active Directory environments pentest tool. scanner exploitation windows
nimbostratus 54.c7c206f Tools for fingerprintinging and exploiting Amazon cloud infrastructures. fingerprint exploitation fuzzer
nosqli 37.6fce3eb NoSQL scanner and injector. webapp scanner exploitation
nosqli-user-pass-enum 18.1b3713a Script to enumerate usernames and passwords from vulnerable web applications running MongoDB. exploitation webapp
nosqlmap 298.efe6f7a Automated Mongo database and NoSQL web application exploitation tool webapp exploitation
ntlm-theft 20.81589ea A tool for generating multiple types of NTLMv2 hash theft files. exploitation
nullscan 1.0.1 A modular framework designed to chain and automate security tests. automation scanner recon fingerprint networking fuzzer exploitation
office-dde-payloads 34.53291f9 Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique. exploitation
opensvp 65.df54ed8 A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack. exploitation networking
openvas 6.0.1 The OpenVAS scanning Daemon scanner fuzzer exploitation
openvas-cli 1.4.5 The OpenVAS Command-Line Interface scanner fuzzer exploitation
openvas-libraries 9.0.2 The OpenVAS libraries scanner fuzzer exploitation
openvas-manager 7.0.3 A layer between the OpenVAS Scanner and various client applications scanner fuzzer exploitation
openvas-scanner 22.4.0 The OpenVAS scanning Daemon scanner fuzzer exploitation
osueta 82.2ee8068 A simple Python script to exploit the OpenSSH User Enumeration Timing Attack. exploitation
otori 0.3 A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. exploitation webapp
owasp-zsc 316.f763dea Shellcode/Obfuscate Code Generator. exploitation
pacu 1220.7acc82a The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. exploitation
padbuster 11.50e4a3e Automated script for performing Padding Oracle attacks. exploitation
pastejacker 12.ed9f153 Hacking systems with the automation of PasteJacking attacks. automation exploitation
pathzuzu 64.4f4533c Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables. exploitation
pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities. exploitation webapp
peda 1.2 Python Exploit Development Assistance for GDB debugger exploitation
phantom-evasion 103.2cd0673 Antivirus evasion tool written in python. exploitation
phpggc 615.ac6f174 A library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. webapp exploitation
pirana 0.3.1 Exploitation framework that tests the security of a email content filter. exploitation
pkinittools 10.7311de8 Tools for Kerberos PKINIT and relaying to AD CS. exploitation windows
pmcma 1.00 Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption). exploitation automation fuzzer
pocsuite 430.877d1b1 An open-sourced remote vulnerability testing framework developed by the Knownsec Security Team. exploitation
pompem 141.3ebe768 A python exploit tool finder. exploitation
postenum 116.9cd9d7e Clean, nice and easy tool for basic/advanced privilege escalation techniques. recon scanner exploitation
powercloud 21.0928303 Deliver powershell payloads via DNS TXT via CloudFlare using PowerShell. windows exploitation
powersploit 591.d943001 A PowerShell Post-Exploitation Framework. exploitation windows
ppmap v1.2.0.r15.g9426af6 A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. webapp scanner exploitation
preeny 110.aaef77f Some helpful preload libraries for pwning stuff. exploitation reversing
pret 108.a04bd04 Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. exploitation fuzzer recon scanner
ps1encode 41.68d7778 A tool to generate and encode a PowerShell based Metasploit payloads. exploitation
ptf 1491.f87dfa8 The Penetration Testers Framework is a way for modular support for up-to-date tools. exploitation scanner recon automation
punk 9.c2bc420 A post-exploitation tool meant to help network pivoting from a compromised unix box. exploitation
pupy 2988.4b78dc58 Opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. automation exploitation
pwncat-caleb v0.5.4.r11.g37f04d4 A post-exploitation platform. exploitation
pwndrop 18.385ba70 Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. webapp exploitation automation
pyersinia 49.73f4056 Network attack tool like yersinia but written in Python. networking fuzzer dos voip scanner exploitation
pykek 12.651b9ba Kerberos Exploitation Kit. exploitation
python-ssh-mitm 4.1.1 SSH mitm server for security audits supporting public key authentication, session hijacking and file manipulation. exploitation sniffer
python2-ropgadget 5.9 ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. exploitation
qark 301.ba1b265 Tool to look for several security related Android application vulnerabilities. mobile fuzzer scanner exploitation
rapidscan 221.296a20b The Multi-Tool Web Vulnerability Scanner. webapp scanner recon fingerprint fuzzer exploitation
rebind 0.3.4 DNS Rebinding Tool exploitation
remot3d 38.a707ef7 An Simple Exploit for PHP Language. webapp backdoor exploitation
rex 707.f108838 Shellphish's automated exploitation engine, originally created for the Cyber Grand Challenge. exploitation
rext 63.5f0f626 Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices. exploitation scanner
rfcat 170508 RF ChipCon-based Attack Toolset. exploitation
richsploit 3.6b15e0f Exploitation toolkit for RichFaces. exploitation webapp
rmiscout 1.4 Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities. exploitation
rombuster 220.615e86c A router exploitation tool that allows to disclosure network router admin password. exploitation
ropeme 4.9b3a8fd ROPME is a set of python scripts to generate ROP gadgets and payload. exploitation
ropgadget 7.4 Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. exploitation binary
ropgadget2 5.4 Search gadgets in binaries to facilitate ROP exploitation for several file formats and architectures exploitation
ropper 1.13.8 Show information about binary files and find gadgets to build rop chains for different architectures exploitation binary
roputils 195.ae7ed20 A Return-oriented Programming toolkit. exploitation
routersploit 3.4.0 The Router Exploitation Framework. exploitation
rp 138.3a54a7c A full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. exploitation binary
rspet 263.de4356e A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. exploitation backdoor dos
ruler 301.1e5ee2d A tool to abuse Exchange services. webapp exploitation
rupture 1383.131c61a A framework for BREACH and other compression-based crypto attacks. crypto exploitation
sc-make 12.7e39718 Tool for automating shellcode creation. exploitation automation
scansploit 9.a0890af Exploit using barcodes, QRcodes, earn13, datamatrix. exploitation
search1337 1:11.bf03ec9 Online, lightweight exploit scanner and downloader. automation exploitation
searchsploit 1:1828.2ae6cf2b7 The official Exploit Database search tool. automation exploitation
sensepost-xrdp 16.46d6c19 A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions. exploitation
serialbrute 3.111c217 Java serialization brute force attack tool. exploitation
set 1:8.0.3 Social-engineer toolkit. Aimed at penetration testing around Social-Engineering. social exploitation
shad0w 387.d35b9dc A modular C2 framework designed to successfully operate on mature environments. windows exploitation
shellcode-compiler 24.e8edc8e Compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows & Linux. exploitation
shellcode-factory 96.07ae857 Tool to create and test shellcodes from custom assembly sources. exploitation
shellcodecs 0.1 A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process. exploitation
shellen 66.c0c5f83 Interactive shellcoding environment to easily craft shellcodes. exploitation
shellme 5.d5206f0 Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script. exploitation automation
shellnoob 35.72cf498 A toolkit that eases the writing and debugging of shellcode debugger exploitation
shellsploit-framework 273.a16d22f New Generation Exploit Development Kit. exploitation backdoor
shellter 7.2 A dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. exploitation backdoor windows
shocker 65.65d4d76 A tool to find and exploit servers vulnerable to Shellshock. exploitation scanner
sickle 73.e14c0bb A shellcode development tool, created to speed up the various steps needed to create functioning shellcode. exploitation
sigploit 786.0e52072 Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP. exploitation mobile
sigthief 25.ffb501b Stealing Signatures and Making One Invalid Signature at a Time. exploitation windows
simple-ducky 20.f15079e A payload generator. automation exploitation
sipvicious 462.fd3e7c7 Tools for auditing SIP devices automation exploitation
sireprat 34.b8ef60b Remote Command Execution as SYSTEM on Windows IoT Core. exploitation windows
sjet 103.dd2a4e6 Siberas JMX exploitation toolkit. exploitation webapp
slither 1:4213.f7238c4fd Solidity static analysis framework written in Python 3. code-audit exploitation
smap 24.3ed1ac7 Shellcode mapper - Handy tool for shellcode analysis. exploitation binary
smbexec 2:59.a54fc14 A rapid psexec style attack with samba tools. scanner recon fuzzer exploitation
smbrelay 3 SMB / HTTP to SMB replay attack toolkit. windows networking exploitation
smikims-arpspoof 25.244d9ee Performs an ARP spoofing attack using the Linux kernel's raw sockets. spoof exploitation networking
smplshllctrlr 9.2baf390 PHP Command Injection exploitation tool. webapp exploitation
smtptester 13.634e1ee Small python3 tool to check common vulnerabilities in SMTP servers. exploitation cracker
sn00p 0.8 A modular tool written in bourne shell and designed to chain and automate security tools and tests. automation scanner recon fingerprint networking fuzzer exploitation
snarf-mitm 41.bada142 SMB Man in the Middle Attack Engine / relay suite. exploitation proxy
snoopy-ng 128.eac73f5 A distributed, sensor, data collection, interception, analysis, and visualization framework. drone exploitation sniffer
sploitctl 1:3.0.4 Fetch, install and search exploit archives from exploit sites like exploit-db and packetstorm. automation exploitation
spookflare 24.19491b5 Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures. automation exploitation
spraykatz 62.1fb3aa7 Credentials gathering tool automating remote procdump and parse of lsass process. exploitation
sqlmap 1.8 Automatic SQL injection and database takeover tool webapp exploitation fuzzer
sqlninja 0.2.999 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. exploitation fuzzer webapp
sqlping 4 SQL Server scanning tool that also checks for weak passwords using wordlists. windows webapp exploitation
sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl exploitation webapp
ssh-mitm 140.70998ba SSH man-in-the-middle tool. exploitation networking
sslstrip 0.9 Python tool to hijack HTTPS connections during a MITM attack. proxy networking exploitation
ssrfmap 104.f688ec9 Automatic SSRF fuzzer and exploitation tool. webapp scanner fuzzer exploitation
stackflow 2.2af525d Universal stack-based buffer overfow exploitation tool. exploitation
staekka 9.57787ca This plugin extends Metasploit for some missing features and modules allowing interaction with other/custom exploits/ways of getting shell access. exploitation
stowaway v2.1.r11.g0463556 A Multi-hop proxy tool for security researchers and pentesters. proxy exploitation
subterfuge 2:64.69dda99 Automated Man-in-the-Middle Attack Framework exploitation
suid3num 60.2241c9c Python script which utilizes python's built-in modules to enumerate SUID binaries. exploitation
swarm 1:41.1713c1e A distributed penetration testing tool. scanner recon cracker exploitation webapp
tactical-exploitation 91.fdc84c9 Modern tactical exploitation toolkit. scanner exploitation recon sniffer
tcpjunk 2.9.03 A general tcp protocols testing and hacking utility. exploitation fuzzer
thefatrat 813.b0586d0 TheFatRat a massive exploiting tool: easy tool to generate backdoor and easy tool to post exploitation attack. automation exploitation
tomcatwardeployer 98.4535e64 Apache Tomcat auto WAR deployment & pwning penetration testing tool. exploitation automation webapp
tplmap 719.616b0e5 Automatic Server-Side Template Injection Detection and Exploitation Tool. webapp exploitation
unibrute 1.b3fb4b7 Multithreaded SQL union bruteforcer. exploitation database
unicorn-powershell 212.5421d46 A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. backdoor exploitation
veil 5:297.d8acd4c A tool designed to generate metasploit payloads that bypass common anti-virus solutions. automation exploitation
venom 135.2b84e68 A Multi-hop Proxy for Penetration Testers. exploitation proxy
viproy-voipkit 1:82.52b27db VoIP Pen-Test Kit for Metasploit Framework exploitation fuzzer scanner
vmap 0.3 A Vulnerability-Exploit desktop finder. exploitation
vnc-bypauth 0.0.1 Multi-threaded bypass authentication scanner for VNC servers <= 4.1.1. cracker exploitation
webexploitationtool 155.85bcf0e A cross platform web exploitation toolkit. exploitation webapp
websploit 4.0.4 An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks exploitation fuzzer scanner social
webxploiter 56.c03fe6b An OWASP Top 10 Security scanner. webapp exploitation fuzzer scanner
wesng 326.7bc1621 Windows Exploit Suggester - Next Generation. exploitation windows
wifi-pumpkin 2:v1.1.7.r2.g344a475 Framework for Rogue Wi-Fi Access Point Attack. wireless dos spoof exploitation sniffer social
wildpwn 11.4623714 Unix wildcard attacks. exploitation
windows-privesc-check 181.9f304fd Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems. windows exploitation
witchxtool 1.1 A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. webapp scanner exploitation fuzzer
wordpress-exploit-framework 907.e55ded4 A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. webapp exploitation
wpforce 88.b72ec64 Wordpress Attack Suite. webapp cracker exploitation
wsuspect-proxy 24.89f9375 A tool for MITM'ing insecure WSUS connections. exploitation proxy
xattacker 122.72f9f8e Website Vulnerability Scanner & Auto Exploiter. webapp scanner blackarck-exploitation
xcat 266.faaf8fe A command line tool to automate the exploitation of blind XPath injection vulnerabilities. exploitation automation
xerosploit 38.e2c3c7b Efficient and advanced man in the middle framework. networking exploitation sniffer
xpl-search 42.d4dbc97 Search exploits in multiple exploit databases!. exploitation misc
xrop 83.4af7452 Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC. exploitation
xsser 2:1.8 A penetration testing tool for detecting and exploiting XSS vulnerabilites. webapp fuzzer exploitation
xxeinjector 55.604c39a Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. exploitation webapp
xxexploiter 103.c1f0f41 It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. exploitation webapp
yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. exploitation webapp automation
ysoserial 0.0.6 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. webapp exploitation
zarp 0.1.8 A network attack tool centered around the exploitation of local networks. exploitation networking
zeratool 48.3fb3262 Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems. exploitation automation
zirikatu 7.afe1d9c Fud Payload generator script. exploitation automation