Top 154 exploitation open source projects

Android application fuzzing framework with fuzzers and crash monitor.

Data Visualization Plugin for IDA Pro

Tool to help exploit XXE vulnerabilities

A set of tutorials about code injection for Windows.

Automated All-in-One OS Command Injection Exploitation Tool.

mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/

Linux and Windows shellcode enrichment utility

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Exploit for CVE-2019-9810 Firefox on Windows 64-bit.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!

A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.

Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Offensive Software Exploitation Course

A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

fully automated pentesting tool

A thorough library database to assist with binary exploitation tasks.

Research on Anti-malware and other related security solutions

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

Exploitation Framework for ATtiny85 Based HID Attacks

GUI tool to create ROP chains using the ropper API

🔐 Run frida-server on boot with Magisk, always up-to-date

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

File upload vulnerability scanner and exploitation tool.

Exploitation on ARM-based Systems (Troopers18)

Blazefox exploits for Windows 10 RS5 64-bit.

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

A collection of awesome videos, articles, books and resources about ARM exploitation.

Penetration test Achieve Knowledge Unite Rapid Interface

This Repository contains the stuff related to windows Active directory environment exploitation

How to prepare for OSCP complete guide

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Collection of resources for my preparation to take the OSEE certification.

Automatic SSRF fuzzer and exploitation tool

HackSys Extreme Vulnerable Windows Driver

Tools for Bug Hunting

A collection of manifests that will create pods with elevated privileges.

Automation for internal Windows Penetrationtest / AD-Security

iOS/macOS/Linux Remote Administration Tool

The Offensive Manual Web Application Penetration Testing Framework.

My solutions to some CTF challenges and a list of interesting resources about pwning stuff

Reverse-engineering tools and exploits for Samsung's implementation of TrustZone

Responsive Command and Control System

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.

A documentation about how to hack Minecraft servers

Exploitation and Mitigation Slides

Blind Attacking Framework

Security Evaluation of Dynamic Binary Instrumentation Engines

Good to know, easy to forget information about binaries and their exploitation!

📚 VoidHack CTF write-ups

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Exploit code for CVE-2016-9066

Writeup of CVE-2020-15906

Remote exploitation framework written in Python