Packages that takes advantages of exploits in other programs or services.
Tool count: 337
Name | Version | Description | Category | Website |
---|---|---|---|---|
aclpwn | 4.81480cc | Active Directory ACL exploitation with BloodHound. | exploitation | |
adape-script | 43.4d0b9ff | Active Directory Assessment and Privilege Escalation Script. | windows exploitation | |
adenum | 36.fbbe14d | A pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos. | exploitation scanner | |
agafi | 1:1.1 | A gadget finder and a ROP-Chainer tool for x86 platforms. | windows exploitation | |
aggroargs | 51.c032446 | Bruteforce commandline buffer overflows, linux, aggressive arguments. | exploitation fuzzer | |
albatar | 34.4e63f22 | A SQLi exploitation framework in Python. | webapp exploitation | |
angrop | 408.15616aa | A rop gadget finder and chain builder. | exploitation | |
armitage | 4:150813 | A graphical cyber attack management tool for Metasploit. | exploitation automation | |
armor | 5.bae27a6 | A simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. | exploitation crypto | |
armscgen | 98.c51b7d6 | ARM Shellcode Generator (Mostly Thumb Mode). | exploitation automation | |
arpoison | 0.7 | The UNIX arp cache update utility | exploitation spoof | |
atscan | 2461.06521a9 | Server, Site and Dork Scanner. | scanner webapp fuzzer exploitation automation | |
autosploit | 281.9a6a5ef | Automate the exploitation of remote hosts. | exploitation automation | |
aws-iam-privesc | 11.2983efd | AWS IAM policy scanner that helps determine where privilege escalation can be achieved. | scanner recon exploitation automation | |
backoori | 55.988e507 | Tool aided persistence via Windows URI schemes abuse. | exploitation | |
bad-pdf | 61.a8149ee | Steal NTLM Hashes with Bad-PDF. | exploitation | |
barq | 35.6f1a68c | An AWS Cloud Post Exploitation framework. | exploitation backdoor automation recon | |
bbqsql | 261.b9859d2 | SQL injection exploit tool. | webapp exploitation | |
bed | 0.5 | Collection of scripts to test for buffer overflows, format string vulnerabilities. | exploitation | |
beef | 1:4619.aa526037 | The Browser Exploitation Framework that focuses on the web browser | exploitation | |
beroot | 1.0.1.r109.g4c0b648 | A post exploitation tool to check common misconfigurations to find a way to escalate our privilege. | exploitation | |
bettercap | 2.33.0 | A complete, modular, portable and easily extensible MITM framework. | sniffer exploitation networking | |
bfbtester | 2.0.1 | Performs checks of single and multiple argument command line overflows and environment variable overflows | exploitation | |
binex | 1.0 | Format String exploit building tool. | exploitation automation | |
bitdump | 34.6a5cbd8 | A tool to extract database data from a blind SQL injection vulnerability. | exploitation webapp | |
blind-sql-bitshifting | 54.5bbc183 | A blind SQL injection module that uses bitshfting to calculate characters. | exploitation | |
blisqy | 20.e9995fc | Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB). | webapp exploitation | |
bloodyad | 203.077892e | An Active Directory Privilege Escalation Framework. | exploitation windows | |
bluffy | 47.180ed5b | Convert shellcode into different formats. | exploitation | |
botb | 69.6d33aae | A container analysis and exploitation tool for pentesters and engineers. | exploitation scanner | |
bowcaster | 230.17d69c1 | A framework intended to aid those developing exploits. | exploitation | |
brakeman | 1:v6.2.2.r7.g88994b8fe | A static analysis security vulnerability scanner for Ruby on Rails applications | code-audit exploitation scanner | |
breads | 131.2d97bcc | BREaking Active Directory Security; focused on enumerating and attacking Active Directory environments through LDAP and SMB protocols. | windows exploitation recon | |
brosec | 278.c51164f | An interactive reference tool to help security professionals utilize useful payloads and commands. | exploitation | |
bsqlinjector | 14.98c8ce8 | Blind SQL injection exploitation tool written in ruby. | webapp exploitation | |
camover | 94.483befd | A camera exploitation tool that allows to disclosure network camera admin password. | exploitation | |
certipy | 4.8.2.r0.g2780d53 | Active Directory Certificate Services enumeration and abuse. | windows exploitation | |
certsync | 0.1.6 | Dump NTDS remotely without DRSUAPI: using golden certificate and UnPAC the hash. | exploitation windows | |
chankro | 21.7b6e844 | Tool that generates a PHP capable of run a custom binary (like a meterpreter) or a bash script (p.e. reverse shell) bypassing disable_functions & open_basedir). | webapp exploitation | |
chiron | 48.524abe1 | An all-in-one IPv6 Penetration Testing Framework. | scanner networking exploitation proxy | |
chw00t | 39.1fd1016 | Unices chroot breaking tool. | exploitation | |
cisco-global-exploiter | 1.3 | A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products. | exploitation | |
cisco-snmp-enumeration | 10.ad06f57 | Automated Cisco SNMP Enumeration, Brute Force, Configuration Download and Password Cracking. | automation networking exploitation cracker | |
cisco-snmp-slap | 5.daf0589 | IP address spoofing tool in order to bypass an ACL protecting an SNMP service on Cisco IOS devices. | spoof networking exploitation | |
cisco-torch | 0.4b | Cisco Torch mass scanning, fingerprinting, and exploitation tool. | exploitation fingerprint scanner | |
cmseek | 382.20f9780 | CMS (Content Management Systems) Detection and Exploitation suite. | webapp fingerprint exploitation | |
cmsmap | 1:8.59dd0e2 | A python open source Content Management System scanner that automates the process of detecting security flaws of the most popular CMSs. | scanner automation webapp exploitation | |
coercer | 2.4.3 | Coerce a Windows server to authenticate on an arbitrary machine through 9 methods. | exploitation networking windows | |
commix | 2200.6c465179 | Automated All-in-One OS Command Injection and Exploitation Tool. | webapp automation exploitation | |
crabstick | 47.bb7827f | Automatic remote/local file inclusion vulnerability analysis and exploit tool. | webapp exploitation | |
crackmapexec | 3:v6.0.1.r198.gda472cb | A swiss army knife for pentesting Windows/Active Directory environments. | scanner exploitation | |
crackql | 1.0.r53.gac26a44 | GraphQL password brute-force and fuzzing utility | webapp exploitation fuzzer | |
creak | 41.a6c011f | Poison, reset, spoof, redirect MITM script. | networking exploitation sniffer | |
ctypes-sh | 158.b79e401 | Allows you to call routines in shared libraries from within bash. | reversing exploitation | |
cve-search | v5.1.0.r4.g471ccfb | A tool to perform local searches for known vulnerabilities. | exploitation | |
cvemap | v0.0.7.r207.g16e19ca | CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases. | exploitation | |
darkd0rk3r | 1.0 | Python script that performs dork searching and searches for local file inclusion and SQL injection errors. | exploitation webapp | |
darkmysqli | 1.6 | Multi-Purpose MySQL Injection Tool | exploitation webapp | |
darkspiritz | 1:6.4d23e94 | A penetration testing framework for Linux, MacOS, and Windows systems. | exploitation automation | |
deathstar | 60.d7bcbfd | Automate getting Domain Admin using Empire. | automation exploitation | |
deepce | 119.c1bb2ca | Docker Enumeration, Escalation of Privileges and Container Escapes. | exploitation | |
delorean | 16.0291151 | NTP Main-in-the-Middle tool. | exploitation proxy | |
dkmc | 56.3c238f0 | Dont kill my cat - Malicious payload evasion tool. | exploitation networking | |
donpapi | 1:V1.2.0.r37.gfd8eb66 | Dumping revelant information on compromised targets without AV detection with DPAPI. | windows exploitation | |
dontgo403 | 1.0.1.r11.ga47e83b | Tool to bypass 40X response codes.. | webapp exploitation scanner | |
donut | 529.47758d7 | Generates x86, x64 or AMD64+x86 P.I. shellcode loading .NET Assemblies from memory. | backdoor exploitation | |
doona | 145.7a4796c | A fork of the Bruteforce Exploit Detector Tool (BED). | fuzzer exploitation | |
dotdotpwn | 3.0.2 | The Transversal Directory Fuzzer | exploitation fuzzer | |
dr-checker | 140.ea63c0f | A Soundy Vulnerability Detection Tool for Linux Kernel Drivers. | exploitation fuzzer | |
drinkme | 19.acf1a14 | A shellcode testing harness. | exploitation | |
drupwn | 1:59.8186732 | Drupal enumeration & exploitation tool. | webapp exploitation scanner | |
ducktoolkit | 37.42da733 | Encoding Tools for Rubber Ducky. | exploitation crypto | |
dwarf | 1084.fd859ae | Full featured multi arch/os debugger built on top of PyQt5 and frida. | binary debugger disassembler exploitation mobile reversing | |
encodeshellcode | 0.1b | This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code. | exploitation | |
enteletaor | 68.a975b5c | Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. | exploitation scanner recon | |
entropy | 702.13aac50 | A set of tools to exploit Netwave and GoAhead IP Webcams. | exploitation | |
erl-matter | 53.ab793cd | Tool to exploit epmd related services such ass rabbitmp, ejabberd and couchdb by bruteforcing the cookie and gaining RCE afterwards. | exploitation cracker | |
eternal-scanner | 101.3979b0f | An internet scanner for exploit CVE-2017-0144 (Eternal Blue). | scanner exploitation | |
evil-winrm | 1:v3.7.r0.gffe958c | The ultimate WinRM shell for hacking/pentesting. | exploitation backdoor | |
evilclippy | 62.fa610c6 | A cross-platform assistant for creating malicious MS Office documents. | exploitation windows | |
exploit-db | 1.6 | The Exploit Database (EDB) - an ultimate archive of exploits and vulnerable software - A collection of hacks | exploitation | |
exploitdb | 20240829 | Offensive Security's Exploit Database Archive | exploitation | |
exploitpack | 139.e565c47 | Exploit Pack - Project. | exploitation automation | |
eyepwn | 1.0 | Exploit for Eye-Fi Helper directory traversal vulnerability | exploitation wireless | |
faraday | 9269.4625bd369 | A new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analyze of the generated data during the process of a security audit. | scanner exploitation fuzzer fingerprint automation misc | |
faradaysec | 12753.f8535178a | Collaborative Penetration Test and Vulnerability Management Platform. | scanner exploitation fuzzer fingerprint automation misc | |
fdsploit | 26.4522f53 | A File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. | webapp fuzzer exploitation | |
ffm | 129.6337eaf | A hacking harness that you can use during the post-exploitation phase of a red-teaming engagement. | exploitation | |
fimap | 2:1.00 | A little tool for local and remote file inclusion auditing and exploitation. fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. | exploitation fuzzer | |
firstexecution | 6.a275793 | A Collection of different ways to execute code outside of the expected entry points. | exploitation | |
firstorder | 8.107eb6a | A traffic analyzer to evade Empire communication from Anomaly-Based IDS. | sniffer automation exploitation | |
flashsploit | 23.c465a6d | Exploitation Framework for ATtiny85 Based HID Attacks. | exploitation | |
formatstringexploiter | 107.2810293 | Helper script for working with format string bugs. | exploitation | |
fortiscan | 0.7.r7.gd54faa0 | A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool. | scanner exploitation | |
fs-exploit | 3.28bb9bb | Format string exploit generation. | exploitation automation | |
fs-nyarl | 1.0 | A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit. | scanner networking forensic spoof exploitation sniffer | |
fuxploider | 140.ec8742b | Tool that automates the process of detecting and exploiting file upload forms flaws. | webapp exploitation | |
fuzzbunch | 32.2b76c22 | NSA Exploit framework | exploitation | |
gadgettojscript | 20.005cb8b | .NET serialized gadgets that can trigger .NET assembly from JS/VBS/VBA based scripts. | exploitation windows | |
gcat | 29.39b266c | A fully featured backdoor that uses Gmail as a C&C server. | malware exploitation | |
gef | 2308.2830670 | Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers. | debugger exploitation | |
getsploit | 37.bcab2ee | Command line utility for searching and downloading exploits. | exploitation misc | |
ghauri | 1.4.1.r0.g316410a | An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. | webapp exploitation | |
ghostdelivery | 32.a23ed5a | Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions. | exploitation windows | |
gloom | 1:93.cd6e927 | Linux Penetration Testing Framework. | scanner exploitation recon fuzzer social | |
go-exploitdb | v0.5.0.r1.g7d2fc13 | Tool for searching Exploits from Exploit Databases, etc. | automation exploitation | |
google-explorer | 140.0b21b57 | Google mass exploit robot - Make a google search, and parse the results for a especific exploit you define. | automation exploitation | |
gopherus | 33.90a2fd5 | Tool generates gopher link for exploiting SSRF and gaining RCE in various servers. | webapp exploitation | |
graphql-path-enum | 23.5450280 | Tool that lists the different ways of reaching a given type in a GraphQL schema. | webapp exploitation fuzzer | |
graphqlmap | 63.59305d7 | Scripting engine to interact with a graphql endpoint for pentesting purposes. | webapp exploitation fuzzer | |
greenbone-security-assistant | 9.0.1 | Greenbone Security Assistant (gsa) - OpenVAS web frontend | scanner fuzzer exploitation | |
gvmd | 8.0.1 | Greenbone Vulnerability Manager - The database backend for the Greenbone Vulnerability Management (GVM) framework | scanner fuzzer exploitation | |
hackredis | 3.fbae1bc | A simple tool to scan and exploit redis servers. | exploitation scanner | |
hakku | 384.bbb434d | Simple framework that has been made for penetration testing tools. | scanner recon webapp exploitation fingerprint | |
hamster | 2.0.0 | Tool for HTTP session sidejacking. | exploitation | |
havoc-c2 | 856.fb67b76 | Modern and malleable post-exploitation command and control framework. | automation backdoor exploitation networking | |
hcraft | 1.0.0 | HTTP Vuln Request Crafter | exploitation | |
heartleech | 116.3ab1d60 | Scans for systems vulnerable to the heartbleed bug, and then download them. | exploitation scanner | |
hekatomb | 107.bdd53cf | Extract and decrypt all credentials from all domain computers using DPAPI. | windows exploitation | |
homepwn | 31.0803981 | Swiss Army Knife for Pentesting of IoT Devices. | scanner recon fuzzer exploitation | |
hqlmap | 38.bb6ab46 | A tool to exploit HQL Injections. | exploitation | |
htexploit | 0.77 | A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process | exploitation | |
htshells | 2:89.3216523 | Self contained web shells and other attacks via .htaccess files. | exploitation | |
http2smugl | 36.78abc09 | Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -больше HTTP/1.1 conversion. | webapp scanner exploitation | |
impacket-ba | 0.12.0 | Collection of classes for working with network protocols. | exploitation networking | |
inception | 454.4df3231 | A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. | exploitation hardware | |
inguma | 0.1.1 | A free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. | cracker disassembler exploitation fuzzer scanner | |
insanity | 117.cf51ff3 | Generate Payloads and Control Remote Machines . | exploitation | |
irpas | 0.10 | Internetwork Routing Protocol Attack Suite. | exploitation | |
isf | 68.5228865 | Industrial Exploitation Framework is an exploitation framework based on Python. | exploitation | |
jaidam | 18.15e0fec | Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. | webapp automation exploitation | |
jboss-autopwn | 1.3bc2d29 | A JBoss script for obtaining remote shell access. | exploitation webapp automation | |
jexboss | 86.338b531 | Jboss verify and Exploitation Tool. | webapp exploitation | |
jndi-injection-exploit | 10.2dc4018 | A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability, like Jackson, Fastjson, etc. | exploitation | |
jsql-injection | 0.101 | A Java application for automatic SQL database injection. | webapp exploitation fuzzer | |
k55 | 86.b3c4aa9 | Linux x86_64 Process Injection Utility. | backdoor exploitation | |
kadimus | 183.ac5f438 | LFI Scan & Exploit Tool. | webapp exploitation scanner | |
katana | 1.0.0.1 | A framework that seeks to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). | exploitation dos cracker scanner recon | |
katana-framework | 1.0.0.1 | A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others). | exploitation dos cracker scanner recon | |
kerberoast | 1:0.2.0.r9.g82f5bb2 | Kerberoast attack -pure python-. | exploitation cracker windows | |
kernelpop | 238.b3467d3 | Kernel privilege escalation enumeration and exploitation framework. | exploitation automation | |
killcast | 30.ee81cfa | Manipulate Chromecast Devices in your Network. | exploitation automation | |
killerbee | 398.748740d | Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks. | exploitation wireless | |
klar | 2.4.0 | Integration of Clair and Docker Registry. | exploitation misc | |
koadic | 1:637.ac46c44 | A Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. | exploitation automation | |
krbjack | 1.2.0 | DNS dynamic update abuse in ADIDNS and MitM attack using Kerberos AP-REQ hijacking. | networking exploitation | |
kubesploit | 86.2de2f12 | Cross-platform post-exploitation HTTP/2 Command & Control server. | scanner exploitation | |
kwetza | 26.0e50272 | Python script to inject existing Android applications with a Meterpreter payload. | backdoor exploitation | |
l0l | 322.1319ea7 | The Exploit Development Kit. | exploitation | |
leroy-jenkins | 3.bdc3965 | A python tool that will allow remote execution of commands on a Jenkins server and its nodes. | exploitation | |
lethalhta | 2.5602402 | Lateral Movement technique using DCOM and HTA. | windows exploitation | |
leviathan | 35.a1a1d8c | A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. | scanner cracker webapp fuzzer exploitation | |
lfi-autopwn | 3.0 | A Perl script to try to gain code execution on a remote server via LFI | exploitation fuzzer | |
lfi-exploiter | 1.1 | This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability. | webapp exploitation | |
lfi-fuzzploit | 1.1 | A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. | webapp fuzzer exploitation | |
lfi-sploiter | 1.0 | This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities. | webapp fuzzer exploitation | |
lfifreak | 21.0c6adef | A unique automated LFi Exploiter with Bind/Reverse Shells. | webapp exploitation | |
lfisuite | 85.470e01f | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. | scanner webapp exploitation | |
libc-database | 45.69815cd | Database of libc offsets to simplify exploitation. | reversing exploitation | |
liffy | 1:33.89dd4f8 | A Local File Inclusion Exploitation tool. | webapp exploitation fuzzer | |
limelighter | 17.d119dc7 | A tool for generating fake code signing certificates or signing real ones. | exploitation windows | |
lisa.py | 61.2d1f81a | An Exploit Dev Swiss Army Knife. | exploitation | |
locasploit | 117.fa48151 | Local enumeration and exploitation framework. | scanner exploitation | |
m3-gen | 7.7c656cc | Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass. This tool intended for adversary simulation and red teaming purpose. | exploitation | |
maligno | 2.5 | An open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. | scanner fuzzer exploitation | |
mando.me | 9.8b34f1a | Web Command Injection Tool. | webapp exploitation | |
marshalsec | 10.2dc4018 | Java Unmarshaller Security - Turning your data into code execution. | exploitation | |
massexpconsole | 1:v2.3.5.r1.g530c880 | A collection of tools and exploits with a cli ui for mass exploitation. | automation exploitation | |
merlin-server | 1.3.0 | Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. | automation exploitation | |
metasploit | 6.4.36 | Advanced open-source platform for developing, testing, and using exploit code | exploitation fuzzer scanner recon networking | |
metasploit-autopwn | 12.09320cc | db_autopwn plugin of metasploit. | automation exploitation | |
minimysqlator | 0.5 | A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. | exploitation | |
miranda-upnp | 1.3 | A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices | exploitation scanner | |
mitmap-old | 1:0.1 | Shell Script for launching a Fake AP with karma functionality and launches ettercap for packet capture and traffic manipulation. | automation exploitation sniffer | |
mitmf | 467.0458300 | A Framework for Man-In-The-Middle attacks written in Python. | exploitation proxy networking spoof | |
mitmproxy | 11.0.0 | SSL-capable man-in-the-middle HTTP proxy | proxy exploitation | |
moonwalk | v1.0.0.r18.g68d5be1 | Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. | exploitation | |
mosquito | 39.fe54831 | XSS exploitation tool - access victims through HTTP proxy. | exploitation webapp | |
mrkaplan | 1:1.1.1 | Help red teamers to stay hidden by clearing evidence of execution. | windows exploitation | |
msfenum | 36.6c6b77e | A Metasploit auto auxiliary script. | automation exploitation | |
myjwt | 202.719b939 | This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject, etc. | exploitation cracker | |
n1qlmap | 2.5365444 | An N1QL exploitation tool. | exploitation | |
netexec | v1.3.0.r104.g24135483 | A Windows / Active Directory environments pentest tool. | scanner exploitation windows | |
nimbostratus | 54.c7c206f | Tools for fingerprintinging and exploiting Amazon cloud infrastructures. | fingerprint exploitation fuzzer | |
nosqli | 37.6fce3eb | NoSQL scanner and injector. | webapp scanner exploitation | |
nosqli-user-pass-enum | 18.1b3713a | Script to enumerate usernames and passwords from vulnerable web applications running MongoDB. | exploitation webapp | |
nosqlmap | 298.efe6f7a | Automated Mongo database and NoSQL web application exploitation tool | webapp exploitation | |
ntlm-theft | 26.512074d | A tool for generating multiple types of NTLMv2 hash theft files. | exploitation | |
nullscan | 1.0.1 | A modular framework designed to chain and automate security tests. | automation scanner recon fingerprint networking fuzzer exploitation | |
office-dde-payloads | 34.53291f9 | Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique. | exploitation | |
opensvp | 65.df54ed8 | A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack. | exploitation networking | |
openvas | 20241207 | The OpenVAS scanning Daemon | scanner fuzzer exploitation | |
openvas-cli | 1.4.5 | The OpenVAS Command-Line Interface | scanner fuzzer exploitation | |
openvas-libraries | 9.0.2 | The OpenVAS libraries | scanner fuzzer exploitation | |
openvas-manager | 7.0.3 | A layer between the OpenVAS Scanner and various client applications | scanner fuzzer exploitation | |
openvas-scanner | 22.4.0 | The OpenVAS scanning Daemon | scanner fuzzer exploitation | |
osueta | 82.2ee8068 | A simple Python script to exploit the OpenSSH User Enumeration Timing Attack. | exploitation | |
otori | 0.3 | A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities. | exploitation webapp | |
owasp-zsc | 316.f763dea | Shellcode/Obfuscate Code Generator. | exploitation | |
pacu | 1520.d4c2314 | The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. | exploitation | |
padbuster | 11.50e4a3e | Automated script for performing Padding Oracle attacks. | exploitation | |
pastejacker | 12.ed9f153 | Hacking systems with the automation of PasteJacking attacks. | automation exploitation | |
pathzuzu | 64.4f4533c | Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables. | exploitation | |
pblind | 1.0 | Little utility to help exploiting blind sql injection vulnerabilities. | exploitation webapp | |
peda | 1.2 | Python Exploit Development Assistance for GDB | debugger exploitation | |
phantom-evasion | 103.2cd0673 | Antivirus evasion tool written in python. | exploitation | |
phpggc | 665.177cd21 | A library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. | webapp exploitation | |
pirana | 0.3.1 | Exploitation framework that tests the security of a email content filter. | exploitation | |
pkinittools | 10.7311de8 | Tools for Kerberos PKINIT and relaying to AD CS. | exploitation windows | |
pmcma | 1.00 | Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption). | exploitation automation fuzzer | |
pocsuite | 430.877d1b1 | An open-sourced remote vulnerability testing framework developed by the Knownsec Security Team. | exploitation | |
pompem | 141.3ebe768 | A python exploit tool finder. | exploitation | |
postenum | 123.3a148ba | Clean, nice and easy tool for basic/advanced privilege escalation techniques. | recon scanner exploitation | |
powercloud | 21.0928303 | Deliver powershell payloads via DNS TXT via CloudFlare using PowerShell. | windows exploitation | |
powersploit | 591.d943001 | A PowerShell Post-Exploitation Framework. | exploitation windows | |
ppmap | v1.2.0.r15.g9426af6 | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | webapp scanner exploitation | |
preeny | 110.aaef77f | Some helpful preload libraries for pwning stuff. | exploitation reversing | |
pret | 108.a04bd04 | Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. | exploitation fuzzer recon scanner | |
ps1encode | 41.68d7778 | A tool to generate and encode a PowerShell based Metasploit payloads. | exploitation | |
ptf | 1517.74f58d6 | The Penetration Testers Framework is a way for modular support for up-to-date tools. | exploitation scanner recon automation | |
punk | 9.c2bc420 | A post-exploitation tool meant to help network pivoting from a compromised unix box. | exploitation | |
pupy | 2988.4b78dc58 | Opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. | automation exploitation | |
pwncat-caleb | v0.5.4.r11.g37f04d4 | A post-exploitation platform. | exploitation | |
pwndrop | 18.385ba70 | Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. | webapp exploitation automation | |
pyersinia | 49.73f4056 | Network attack tool like yersinia but written in Python. | networking fuzzer dos voip scanner exploitation | |
pykek | 12.651b9ba | Kerberos Exploitation Kit. | exploitation | |
python-ssh-mitm | 5.0.0 | SSH mitm server for security audits supporting public key authentication, session hijacking and file manipulation. | exploitation sniffer | |
python2-ropgadget | 5.9 | ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. | exploitation | |
qark | 301.ba1b265 | Tool to look for several security related Android application vulnerabilities. | mobile fuzzer scanner exploitation | |
rapidscan | 221.296a20b | The Multi-Tool Web Vulnerability Scanner. | webapp scanner recon fingerprint fuzzer exploitation | |
rebind | 0.3.4 | DNS Rebinding Tool | exploitation | |
remot3d | 38.a707ef7 | An Simple Exploit for PHP Language. | webapp backdoor exploitation | |
rex | 714.0cb89f9 | Shellphish's automated exploitation engine, originally created for the Cyber Grand Challenge. | exploitation | |
rext | 63.5f0f626 | Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices. | exploitation scanner | |
rfcat | 1:v2.0.1.r5.g07f99bb | RF ChipCon-based Attack Toolset. | exploitation | |
richsploit | 3.6b15e0f | Exploitation toolkit for RichFaces. | exploitation webapp | |
rmiscout | 1.4 | Enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities. | exploitation | |
rombuster | 223.4592b7a | A router exploitation tool that allows to disclosure network router admin password. | exploitation | |
ropeme | 4.9b3a8fd | ROPME is a set of python scripts to generate ROP gadgets and payload. | exploitation | |
ropgadget | 7.4 | Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. | exploitation binary | |
ropgadget2 | 5.4 | Search gadgets in binaries to facilitate ROP exploitation for several file formats and architectures | exploitation | |
ropper | 1.13.10 | Show information about binary files and find gadgets to build rop chains for different architectures | exploitation binary | |
roputils | 195.ae7ed20 | A Return-oriented Programming toolkit. | exploitation | |
routersploit | 3.4.4 | The Router Exploitation Framework. | exploitation | |
rp | 138.3a54a7c | A full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. | exploitation binary | |
rspet | 263.de4356e | A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. | exploitation backdoor dos | |
ruler | 310.1fe118c | A tool to abuse Exchange services. | webapp exploitation | |
rupture | 1383.131c61a | A framework for BREACH and other compression-based crypto attacks. | crypto exploitation | |
sc-make | 12.7e39718 | Tool for automating shellcode creation. | exploitation automation | |
scansploit | 9.a0890af | Exploit using barcodes, QRcodes, earn13, datamatrix. | exploitation | |
search1337 | 1:11.bf03ec9 | Online, lightweight exploit scanner and downloader. | automation exploitation | |
searchsploit | 1:1828.2ae6cf2b7 | The official Exploit Database search tool. | automation exploitation | |
sensepost-xrdp | 16.46d6c19 | A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions. | exploitation | |
serialbrute | 3.111c217 | Java serialization brute force attack tool. | exploitation | |
set | 1:8.0.3 | Social-engineer toolkit. Aimed at penetration testing around Social-Engineering. | social exploitation | |
shad0w | 387.d35b9dc | A modular C2 framework designed to successfully operate on mature environments. | windows exploitation | |
shellcode-compiler | 26.8a25463 | Compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows & Linux. | exploitation | |
shellcode-factory | 96.07ae857 | Tool to create and test shellcodes from custom assembly sources. | exploitation | |
shellcodecs | 0.1 | A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process. | exploitation | |
shellen | 66.c0c5f83 | Interactive shellcoding environment to easily craft shellcodes. | exploitation | |
shellme | 5.d5206f0 | Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script. | exploitation automation | |
shellnoob | 35.72cf498 | A toolkit that eases the writing and debugging of shellcode | debugger exploitation | |
shellsploit-framework | 273.a16d22f | New Generation Exploit Development Kit. | exploitation backdoor | |
shellter | 7.2 | A dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. | exploitation backdoor windows | |
shocker | 65.65d4d76 | A tool to find and exploit servers vulnerable to Shellshock. | exploitation scanner | |
sickle | 100.83aa243 | A shellcode development tool, created to speed up the various steps needed to create functioning shellcode. | exploitation | |
sigploit | 786.0e52072 | Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP. | exploitation mobile | |
sigthief | 25.ffb501b | Stealing Signatures and Making One Invalid Signature at a Time. | exploitation windows | |
simple-ducky | 20.f15079e | A payload generator. | automation exploitation | |
sipvicious | 462.fd3e7c7 | Tools for auditing SIP devices | automation exploitation | |
sireprat | 34.b8ef60b | Remote Command Execution as SYSTEM on Windows IoT Core. | exploitation windows | |
sjet | 103.dd2a4e6 | Siberas JMX exploitation toolkit. | exploitation webapp | |
slither | 1:4572.3befc968b | Solidity static analysis framework written in Python 3. | code-audit exploitation | |
smap | 24.3ed1ac7 | Shellcode mapper - Handy tool for shellcode analysis. | exploitation binary | |
smbexec | 2:59.a54fc14 | A rapid psexec style attack with samba tools. | scanner recon fuzzer exploitation | |
smbrelay | 3 | SMB / HTTP to SMB replay attack toolkit. | windows networking exploitation | |
smikims-arpspoof | 25.244d9ee | Performs an ARP spoofing attack using the Linux kernel's raw sockets. | spoof exploitation networking | |
smplshllctrlr | 9.2baf390 | PHP Command Injection exploitation tool. | webapp exploitation | |
smtptester | 13.634e1ee | Small python3 tool to check common vulnerabilities in SMTP servers. | exploitation cracker | |
sn00p | 0.8 | A modular tool written in bourne shell and designed to chain and automate security tools and tests. | automation scanner recon fingerprint networking fuzzer exploitation | |
snarf-mitm | 41.bada142 | SMB Man in the Middle Attack Engine / relay suite. | exploitation proxy | |
snoopy-ng | 128.eac73f5 | A distributed, sensor, data collection, interception, analysis, and visualization framework. | drone exploitation sniffer | |
sploitctl | 1:3.0.4 | Fetch, install and search exploit archives from exploit sites like exploit-db and packetstorm. | automation exploitation | |
spookflare | 24.19491b5 | Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures. | automation exploitation | |
spraykatz | 62.1fb3aa7 | Credentials gathering tool automating remote procdump and parse of lsass process. | exploitation | |
sqlmap | 1.8.8 | Automatic SQL injection and database takeover tool | webapp exploitation fuzzer | |
sqlninja | 0.2.999 | A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. | exploitation fuzzer webapp | |
sqlping | 4 | SQL Server scanning tool that also checks for weak passwords using wordlists. | windows webapp exploitation | |
sqlsus | 0.7.2 | An open source MySQL injection and takeover tool, written in perl | exploitation webapp | |
ssh-mitm | 140.70998ba | SSH man-in-the-middle tool. | exploitation networking | |
sslstrip | 0.9 | Python tool to hijack HTTPS connections during a MITM attack. | proxy networking exploitation | |
ssrfmap | 115.36eb5a3 | Automatic SSRF fuzzer and exploitation tool. | webapp scanner fuzzer exploitation | |
sstimap | v1.2.r3.g0d45b44 | Automatic SSTI detection tool with interactive interface. | exploitation webapp | |
stackflow | 2.2af525d | Universal stack-based buffer overfow exploitation tool. | exploitation | |
staekka | 9.57787ca | This plugin extends Metasploit for some missing features and modules allowing interaction with other/custom exploits/ways of getting shell access. | exploitation | |
stowaway | v2.2.r35.g8fccbed | A Multi-hop proxy tool for security researchers and pentesters. | proxy exploitation | |
subterfuge | 2:64.69dda99 | Automated Man-in-the-Middle Attack Framework | exploitation | |
suid3num | 60.2241c9c | Python script which utilizes python's built-in modules to enumerate SUID binaries. | exploitation | |
swarm | 1:41.1713c1e | A distributed penetration testing tool. | scanner recon cracker exploitation webapp | |
tactical-exploitation | 95.7bbcb5d | Modern tactical exploitation toolkit. | scanner exploitation recon sniffer | |
tcpjunk | 2.9.03 | A general tcp protocols testing and hacking utility. | exploitation fuzzer | |
thefatrat | 813.b0586d0 | TheFatRat a massive exploiting tool: easy tool to generate backdoor and easy tool to post exploitation attack. | automation exploitation | |
tomcatwardeployer | 98.4535e64 | Apache Tomcat auto WAR deployment & pwning penetration testing tool. | exploitation automation webapp | |
tplmap | 719.616b0e5 | Automatic Server-Side Template Injection Detection and Exploitation Tool. | webapp exploitation | |
unibrute | 1.b3fb4b7 | Multithreaded SQL union bruteforcer. | exploitation database | |
unicorn-powershell | 212.5421d46 | A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. | backdoor exploitation | |
veil | 5:297.d8acd4c | A tool designed to generate metasploit payloads that bypass common anti-virus solutions. | automation exploitation | |
venom | 135.2b84e68 | A Multi-hop Proxy for Penetration Testers. | exploitation proxy | |
villain | 1:V2.2.1.r0.gb14f685 | C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features and share them among connected sibling servers. | backdoor networking exploitation | |
viproy-voipkit | 1:82.52b27db | VoIP Pen-Test Kit for Metasploit Framework | exploitation fuzzer scanner | |
vmap | 0.3 | A Vulnerability-Exploit desktop finder. | exploitation | |
vnc-bypauth | 0.0.1 | Multi-threaded bypass authentication scanner for VNC servers <= 4.1.1. | cracker exploitation | |
volana | v1.0.0.r26.g6dbf9a4 | Shell command obfuscation to avoid detection systems. | exploitation | |
webexploitationtool | 155.85bcf0e | A cross platform web exploitation toolkit. | exploitation webapp | |
websploit | 4.0.4 | An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks | exploitation fuzzer scanner social | |
webxploiter | 56.c03fe6b | An OWASP Top 10 Security scanner. | webapp exploitation fuzzer scanner | |
wesng | 378.e75696f | Windows Exploit Suggester - Next Generation. | exploitation windows | |
wifi-pumpkin | 2:v1.1.7.r2.g344a475 | Framework for Rogue Wi-Fi Access Point Attack. | wireless dos spoof exploitation sniffer social | |
wildpwn | 11.4623714 | Unix wildcard attacks. | exploitation | |
windows-privesc-check | 181.9f304fd | Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems. | windows exploitation | |
witchxtool | 1.1 | A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner. | webapp scanner exploitation fuzzer | |
wordpress-exploit-framework | 907.e55ded4 | A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. | webapp exploitation | |
wpforce | 88.b72ec64 | Wordpress Attack Suite. | webapp cracker exploitation | |
wsuspect-proxy | 24.89f9375 | A tool for MITM'ing insecure WSUS connections. | exploitation proxy | |
xattacker | 122.72f9f8e | Website Vulnerability Scanner & Auto Exploiter. | webapp scanner blackarck-exploitation | |
xcat | 266.faaf8fe | A command line tool to automate the exploitation of blind XPath injection vulnerabilities. | exploitation automation | |
xerosploit | 38.e2c3c7b | Efficient and advanced man in the middle framework. | networking exploitation sniffer | |
xpl-search | 42.d4dbc97 | Search exploits in multiple exploit databases!. | exploitation misc | |
xrop | 83.4af7452 | Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC. | exploitation | |
xsser | 2:1.8 | A penetration testing tool for detecting and exploiting XSS vulnerabilites. | webapp fuzzer exploitation | |
xxeinjector | 56.150067a | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | exploitation webapp | |
xxexploiter | 103.c1f0f41 | It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. | exploitation webapp | |
yinjector | 0.1 | A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. | exploitation webapp automation | |
ysoserial | 0.0.6 | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | webapp exploitation | |
zarp | 0.1.8 | A network attack tool centered around the exploitation of local networks. | exploitation networking | |
zeratool | 48.3fb3262 | Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems. | exploitation automation | |
zirikatu | 7.afe1d9c | Fud Payload generator script. | exploitation automation |