612 Open source projects that are alternatives of or similar to Exploits

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

PwnableWeb is a suite of web applications for use in information security training.

SpectreExploit POC

A sandbox to protect your pwn challenges being pwned in CTF AWD.

🔥 An Exploit framework for Web Vulnerabilities written in Python

Venom - A Multi-hop Proxy for Penetration Testers

This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.

Writeups for HacktheBox 'boot2root' machines

Scoreboard for Capture The Flag competitions.

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

cve-search - a tool to perform local searches for known vulnerabilities

Collection of resources for my preparation to take the OSEE certification.

Riscure Hack Me embedded hardware CTF 2017-2018.

Detect hidden files and text in images

Reversing list

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Repository for information about 0-days exploited in-the-wild.

CTF write-ups by PDKT team with English and Indonesian language

A python script designed to check if the website if vulnerable of clickjacking and create a poc

Source code, writeups and exps in LCTF2018.

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Collection of things made during my preparation to take on OSEE

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Transcribed video lessons of HackerOne to pdf's

collection poc use pocsuite framework 收集一些 poc with pocsuite框架

CTF Field Guide

Exploitation Framework for Embedded Devices

AWD 自动化攻击框架

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Automatic SSRF fuzzer and exploitation tool

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

Build a database of libc offsets to simplify exploitation

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

Script to setup pwn environment for CTF with Docker

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

oscp-ctf is a small collection of basic Bash scripts that make life easier and save time whether you are in the OSCP labs, HackThebox or playing around with CTFs.

Learning Penetration Testing of Android Applications

A curated list of Game Challenges from various CTFs

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

Python script wrote to automate the process of generating various reverse shells.

A collection of hacking / penetration testing resources to make you better!

Hacking tools

The PHP Security Checker

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A list of resources in different fields of Computer Science (multiple languages)

A flag submitter service with distributed attackers for attack/defense CTF games.

Web wrapper of niklasb/libc-database

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Exploit Discord's cache system to remote upload payloads on Discord users machines

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

prove of concept using angularjs (1.x) accessing github api

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

用cel-go重现了长亭xray的poc检测功能的轮子

The best tool for finding one gadget RCE in libc.so.6

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

Good to know, easy to forget information about binaries and their exploitation!

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Free Labs to Train Your Pentest / CTF Skills