Top 343 exploit open source projects

Vulnerability Labs for security analysis

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Writeup of CVE-2020-15906

Remote exploitation framework written in Python

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

Exploiting Edge's read:// urlhandler

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

Using open Adb ports we can exploit a Andriod Device

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Notes about attacking Jenkins servers

PegaSwitch is an exploit toolkit for the Nintendo Switch

Discover duplication glitches, abusive staff giving items, x-ray or simply poor server economy.

Yet another implementation of AEG (Automated Exploit Generation) using symbolic execution engine Triton.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

🌸 Interactive shellcoding environment to easily craft shellcodes

Collection of things made during my OSCP journey

Self contained htaccess shells and attacks

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

OWASP Joomla Vulnerability Scanner Project

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

windows-kernel-exploits Windows平台提权漏洞集合

A tool to help you write binary exploits

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

An IDA Pro plugin to examine the glibc heap, focused on exploit development

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

hack tools

Framework to test any Anti-Cheat

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI

Proofs-of-concept

Automated Mass Exploiter

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Multiplatform reverse shell generator

CVE-2018-8120 Windows LPE exploit

Hypervisor Memory Introspection Core Library

Blueborne CVE-2017-0785 Android information leak vulnerability

My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Cloak can backdoor any python script with some tricks.

Detect deauthentication frames using an ESP8266

Discovering vulnerabilities in firmware through concolic analysis and function clustering.

This repository contains several applications, demonstrating the Meltdown bug.

linux-kernel-exploits Linux平台提权漏洞集合

Various kernel exploits

Kindle 5.6.5 exploitation tools.

Bypassing disabled exec functions in PHP (c) CRLF

An exploit for Apache Struts CVE-2017-5638

A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Trinity Exploit - Emulator Escape

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container