📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

✭ 7,752

hacking penetration-testing pentest hacking-tool exploitation vulnerabilities information-gathering roadmap post-exploitation frameworks web-hacking hacktools

Shellen

🌸 Interactive shellcoding environment to easily craft shellcodes

✭ 799

python shell assembly assembler shellcode architecture exploit ctf interactive exploitation asm pwn disassembly syscalls capstone

Binexp

Linux Binary Exploitation

✭ 742

c linux tutorial exploitation vulnerabilities stackoverflow

Exploitpack

Exploit Pack -The next generation exploit framework

✭ 728

security-tools pentesting pentest-tool exploitation exploits security-vulnerability exploitation-framework

Paper collection

Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

✭ 710

linux iot embedded kernel paper fuzzing exploitation linux-kernel vulnerability-detection

Exploit Writeups

A collection where my current and future writeups for exploits/CTF will go

✭ 676

exploitation vulnerabilities

Rizin

UNIX-like reverse engineering framework and command-line toolset.

✭ 673

c security reverse-engineering debugging exploitation program-analysis

Exploit me

Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)

✭ 665

tutorial arm ctf exploitation rop

Herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

✭ 614

security windows exploit windows-10 vulnerability exploitation exploits antivirus security-vulnerability antivirus-evasion

Attifyos

Attify OS - Distro for pentesting IoT devices

✭ 615

security iot hacking embedded hardware internet-of-things exploitation

Cve 2019 11708

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

✭ 581

javascript firefox exploit exploitation

Heap Viewer

An IDA Pro plugin to examine the glibc heap, focused on exploit development

✭ 574

python exploit exploitation ida-pro ida-plugin heap idapython

Damn Vulnerable Graphql Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

✭ 567

javascript security graphql penetration-testing vulnerability exploitation

Mxtract

mXtract - Memory Extractor & Analyzer

✭ 499

cpp cpp11 linux security security-tools pentesting malware regex redteam exploitation credentials memory-hacking

Dostoevsky Pentest Notes

Notes for taking the OSCP in 2097. Read in book form on GitBook

✭ 495

pentesting exploitation enumeration oscp methodology

Mbe

Course materials for Modern Binary Exploitation by RPISEC

✭ 4,674

c shell C++CMake ctf exploitation wargame

Autosploit

Automated Mass Exploiter

✭ 4,500

python shell security automation security-tools exploit exploitation metasploit offsec

Fireelf

fireELF - Fileless Linux Malware Framework

✭ 435

python linux security framework security-tools pentesting malware redteam exploitation exploitation-framework

Subaru Starlink Research

Subaru StarLink persistent root code execution.

✭ 432

reverse-engineering exploitation jailbreak

Wadcoms.github.io

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

✭ 431

html windows cheatsheet redteam exploitation persistence enumeration privilege-escalation blueteam

Pwndra

A collection of pwn/CTF related utilities for Ghidra

✭ 417

python reverse-engineering ctf exploitation pwn

Botb

A container analysis and exploitation tool for pentesters and engineers.

✭ 414

go exploitation

Sifter

Sifter aims to be a fully loaded Op Centre for Pentesters

✭ 403

shell network pentesting penetration-testing scanner osint pentest exploitation recon post-exploitation vulnerability-scanner

Sqlmap

Automatic SQL injection and database takeover tool

✭ 21,907

python c shell HTML perl C++database pentesting detection exploitation sql-injection vulnerability-scanner sqlmap takeover

Ssrf vulnerable lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

✭ 361

hacking exploitation attack web-security lab

Heapwn

Linux Heap Exploitation Practice

✭ 344

c linux ctf exploitation heap

Sqli Hunter

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

✭ 340

ruby pentesting detection exploitation sql-injection vulnerability-scanner

Suid3num

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

✭ 342

python pentesting pentest exploitation oscp privilege-escalation

Androrat

AndroRAT | Remote Administrator Tool for Android OS Hacking

✭ 340

java android android-application exploit exploitation phone remote rat

Medfusion 4000 Research

Medfusion 4000 security research & a MQX RCE.

✭ 331

python reverse-engineering exploitation

Android Kernel Exploitation

✭ 313

android linux kernel vulnerability exploitation

Ms17 010 Python

MS17-010: Python and Meterpreter

✭ 305

python dynamic exploitation article payload metasploit checker meterpreter subnet

Badmod

CMS auto detect and exploit.

✭ 296

hacking exploitation vulnerability-scanner

formatstring

Format string exploitation helper

✭ 45

python security exploitation formatstring

Writeups

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

exploits challenges

Challenges and vulnerabilities exploitation.

✭ 60

python javascript C++assembly exploit-exercises exploits exploitation exploiting-vulnerabilities exploit-code exploiting

moonwalk

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

✭ 544

rust linux security exploit infosec cve exploitation privilege-escalation security-tools redteam red-teaming redteam-tools infosectools

empirectf

EmpireCTF – write-ups, capture the flag, cybersecurity

✭ 122

C++haxe python java c HTML shell reverse-engineering hacking ctf-writeups ctf exploitation offensive-security

crawleet

Web Recon & Exploitation Tool.

✭ 48

python javascript CSS shell pentest exploitation hacking-tool vulnerability-scanners pwning reconnaissance pentest-tool

hardware-attacks-state-of-the-art

Microarchitectural exploitation and other hardware attacks.

r2con-prequals-rhme3

r2 the Rhme3! The RHme (Riscure Hack me) is a low level hardware CTF that comes in the form of an Arduino board (AVR architecture). It involves a set of SW and HW challenges to test your skills in different areas such as side channel analysis, fault injection, reverse-engineering and software exploitation. In our talk we will briefly recap RHme2…

✭ 15

challenge reverse-engineering exploitation radare2 ra ollvm-obfuscation r2con antidebugging antihooking

how-to-exploit-a-double-free

How to exploit a double free vulnerability in 2021. Use After Free for Dummies

✭ 1,165