310 Open source projects that are alternatives of or similar to Exploit Framework

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)

🛡️ GitHub Action for security audits

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Vulnerability Labs for security analysis

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Poc Collected for study and develop

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

Wordpress Vulnerability Scanner

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Reverse Shell as a Service

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

PoC materials for article https://habr.com/en/post/486856/

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Find exploit tool

Safari local file reader

Steal Net-NTLM Hash using Bad-PDF

MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.

ISF(Industrial Control System Exploitation Framework)，a exploitation framework based on Python

Test a host for susceptibility to CVE-2019-19781

kernel privilege escalation enumeration and exploitation framework

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

ES File Explorer Open Port Vulnerability - CVE-2019-6447

An advanced graphical search engine for Exploit-DB

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Automatic SSRF fuzzer and exploitation tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

0day安全_软件漏洞分析技术

Penetration tests guide based on OWASP including test cases, resources and examples.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Decrypted content of eqgrp-auction-file.tar.xz

A collection of curated Java Deserialization Exploits

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

Proofs-of-concept

Collection of things made during my preparation to take on OSEE

for mass exploiting

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Miscellaneous exploit code

hacker, ready for more of our story ! 🚀

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

EternalRocks worm

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

A list of resources in different fields of Computer Science (multiple languages)

Penetration Testing Platform

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Here you can get full exploit for SAP NetWeaver AS JAVA

Greenbone Vulnerability Manager