Top 343 exploit open source projects

Malicious use of macho, such as dump-runtime-macho, function-hook.

图形化漏洞利用集成工具

block game military grade radar

Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)

One of the few malware collection

Powerful dork searcher and vulnerability scanner for windows platform

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

My exploitDB.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Advanced Web Browser Fingerprinting

Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.

A Ruby micro-framework for writing and running exploits

An overlay attack example

Rage allows you to execute any file in a Microsoft Office document.

Authentication bypass for outdated WoW emulation authentication servers

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Network based protocol fuzzer

Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

CTF中Pwn的快速利用模板（包含awd pwn）

An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.

Blazing fast, advanced Padding Oracle exploit

Framework for rapid development and reusable of security tools

RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

Collection of different exploits

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A number of scripts POC's and problems solved as pentests move along.

⛷ A collection of hacker scripts.

A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware

CTF binary exploit code

Extensible framework for analyzing publicly available information about vulnerabilities

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Kubernetes security and vulnerability tools and utilities.

Guest to host VM escape exploit for Parallels Desktop

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Windows MSI Installer LPE (CVE-2021-43883)

Unrestricted Lua Execution

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Python Powered Repository

Exploiting challenges in Linux and Windows

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

Python script to decrypt passwords stored by mRemoteNG

Vulnerable software and exploits used for OSCP/OSCE preparation

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

gtfo, now with the speed of golang

Simple script that utilities discord's flaw in detecting who blocked who.

Self defense post module for metasploit

CRAX: software CRash analysis for Automatic eXploit generation

The first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar

A minimalist re-implementation of the Fusée Gelée exploit (http://memecpy.com), designed to run on embedded Linux devices. (Zero dependencies)

Basic tool to automate backdooring PE files

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)