exploit

There are 264 repositories under exploit topic.

• h4cker

  The-Art-of-Hacking / h4cker

  This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

  hackingpenetration-testinghacking-seriescybersecurityethical-hackinghackerexploitexploitsexploit-developmentvulnerabilityvulnerability-assessmentvulnerability-managementvulnerability-identificationawesome-listsawesome-listtraininghackersaiartificial-intelligenceai-security
  Language:Jupyter Notebook 16738

• vitalysim / Awesome-Hacking-Resources

  A collection of hacking / penetration testing resources to make you better!

  ctfhackingprivilege-escalationreverse-engineeringbuffer-overflowpenetration-testingowaspexploitmalwarewindows-privilege-escalationprivilege-escalation-linuxmitm
  14748

• Gallopsled / pwntools

  CTF framework and exploit development library

  ctfexploitpythonpwntoolsassemblyctf-frameworkshellcoderoppwnabledefconcapture-the-flagwargamepython2python3linuxbsdshellcodingshellcode-developmenthacktoberfest
  Language:Python 11537

• SecWiki / windows-kernel-exploits

  windows-kernel-exploits Windows平台提权漏洞集合

  collectionsexploitkernelpentesttoolwindows
  Language:C 7841
• ysoserial

  frohoff / ysoserial

  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  javadeserializationgadgetexploitjavadeserjvmserializationpocvulnerability
  Language:Java 7348

• edoardottt / awesome-hacker-search-engines

  A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

  awesomeawesome-listhackingsearch-engineosintawesome-listsdnshacking-toolsexploitsecuritysecurity-toolsvulnerabilitywifi-networkbugbountyosint-toolvulnerabilitiesredteamredteamingcvehacktoberfest
  Language:Shell 6747
• gef

  hugsy / gef

  GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

  pythonexploitgdblinuxreverse-engineeringctfida-probinary-ninjapwnexploit-developmentdebuggingmalware-analysispwntoolspowerpcsparcmipsdiscordgefpython-api
  Language:Python 6529
• traitor

  liamg / traitor

  :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

  gtfobinsexploitprivescprivilege-escalationhacktheboxinfosecredteam-toolssecurity-toolscve-2021-3560dirtypipecve-2022-0847
  Language:Go 6506

• Mr-xn / Penetration_Testing_POC

  渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

  penetration-testingpocgetshellcsrfpenetration-testing-poccsrf-webshellcvercesql-pocpoc-expbypassoa-getshellcve-cmsphp-bypassthinkphpsql-getshellauthentication-bypasscobalt-strikeexploit
  Language:HTML 6181

• trickest / cve

  Gather and update all available and newest CVEs with their PoC.

  poccvecve-poclatest-cvevulnerabilityvulnerabilitiessoftware-vulnerabilitiessoftware-securityexploitsecurityinfosechackingpentestingpenetration-testingred-teamsecurity-toolssoftware-vulnerability
  Language:HTML 6123

• yaklang / yakit

  Cyber Security ALL-IN-ONE Platform

  redteamredteam-toolshacking-toolsscannerburpsuitepentestgolangblueteamexploithackingsecurity
  Language:TypeScript 6080

• nomi-sec / PoC-in-GitHub

  📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

  securitycveexploitpocvulnerability
  6009
• K8tools

  k8gege / K8tools

  K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

  exploitapt0daypocgetshellpentesthackingscannerprivilege-escalationbypasscracknetscanbrute-forcepassworddatabase
  Language:PowerShell 5648

• xairy / linux-kernel-exploitation

  A collection of links related to Linux kernel security and exploitation

  linux-kernelkernel-exploitationexploitprivilege-escalationsecurity
  5340

• ihebski / DefaultCreds-cheat-sheet

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

  infosecdefault-passwordpentestingbugbountypentestcredentials-gatheringcheatsheetcybersecurityblueteamoffensive-securityexploit
  Language:Python 5313

• SecWiki / linux-kernel-exploits

  linux-kernel-exploits Linux平台提权漏洞集合

  linuxkernelexploittoolcollectionawesomepentest
  Language:C 5129

• NullArray / AutoSploit

  Automated Mass Exploiter

  automationexploitexploitationmetasploitoffsecpythonsecuritysecurity-tools
  Language:Python 4920
• Ladon

  k8gege / Ladon

  Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange

  scannerportscanpentesthackingsecuritysecurity-toolssecurity-scannerpocgetshellbrute-forcepasswordnetscantoolshackexpladonipscannerexploit
  Language:PowerShell 4609

• AzeemIdrisi / PhoneSploit-Pro

  An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

  adbandroidandroid-debug-bridgecybersecurityexploithackingmetasploit-frameworkpenetration-testingpentestingphonesploitphonesploit-proandroid-hackinghacking-scripthacking-toolhackmeterpreterpentest-toolpythonhacktoberfestcollaborate
  Language:Python 4216

• IAIK / meltdown

  This repository contains several applications, demonstrating the Meltdown bug.

  exploitproof-of-conceptside-channel
  Language:C 4098

• zhzyker / exphub

  Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

  weblogictomcatexploitpocvulnerabilityexpwebshelldrupalgetshellnexuscve-2020-10199cve-2020-2555cve-2020-11444cve-2020-10204cve-2020-1938cve-2020-2883cve-2020-2551cve-2020-5902cve-2020-14882
  Language:Python 4030

• bitsadmin / wesng

  Windows Exploit Suggester - Next Generation

  microsoftwindowsexploitsuggesterpatchesupdates
  Language:Python 3967

• firmianay / CTF-All-In-One

  CTF竞赛权威指南

  ctfsecuritypwnreverse-engineeringwebmisccryptoexploitbookhacking
  Language:C 3798

• lcvvvv / kscan

  Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

  redteamscannerbruteforcebrute-forcepentestexploitred-teamsecuritywebscanfingerprint
  Language:Go 3657

• scipag / vulscan

  Advanced vulnerability scanning with Nmap NSE

  vulnerabilityvulnerability-scannersvulnerability-detectionvulnerability-identificationvulnerability-assessmentsecuritysecurity-auditsecurity-scannerpenetration-testingnmapnmap-scriptsexploitvulnerability-scanningvulnerability-databasesvulnerability-database-entrynmap-scan-scriptnsensescriptlualua-script
  Language:Lua 3337

• Threekiii / Awesome-Redteam

  一个攻防知识仓库 Red Teaming and Offensive Security

  command-and-controlexecutionexploitinitial-accesslateral-movementprivilege-escalationreconnaissancered-teaming
  Language:Python 3313

• zhzyker / vulmap

  Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

  exploitcvercevulnerabilitiescve-2016-4437securitysecurity-toolspentestingpentest-toolcve-2020-14882cve-2020-2555cve-2020-2883scannercve-2020-13942cve-2020-17518cve-2021-21972cve-2021-26855cve-2021-27065cve-2021-21975cve-2021-3129
  Language:Python 3280

• karma9874 / AndroRAT

  A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

  androidbackdoorpythonreverse-shellsocketsinterpreterandroratratandroid-applicationexploitinterpreter-commandsjavaapkhacktoberfestandroid-rat
  Language:Java 2726
• Ghost

  EntySec / Ghost

  Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

  adbandroid-deviceandroidandroid-debug-bridgeandroid-exploitpost-exploitationexploitexploitation-frameworkandroid-hackandroid-hackingandroid-ratratremote-accesskali-linuxhackhackinghacking-toolsremote-shellbackdoorentysec
  Language:Python 2556

• mgeeky / Penetration-Testing-Tools

  A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

  penetration-testingpenetrationtestingtoolsscriptscheatsheetsexploitsocial-engineeringnetworksred-teaminghackingpentestingredteamsecurity
  Language:PowerShell 2438

• joaomatosf / jexboss

  JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

  exploitexploiting-vulnerabilitiesdeserializationjavadesergadgetreverse-shell
  Language:Python 2365
• RootMyTV.github.io

  RootMyTV / RootMyTV.github.io

  RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

  tvwebosexploitcve-2022-23727cve-2020-9759
  Language:HTML 2101

• david942j / one_gadget

  The best tool for finding one gadget RCE in libc.so.6

  ctfpwnablepwnglibcone-gadget-rceshellexploitgadgetlibc
  Language:Ruby 1975

• Notselwyn / CVE-2024-1086

  Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

  cvecve-2024-1086exploitlpepoc
  Language:C 1927

• helloexp / 0day

  各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新

  exploit
  Language:C 1901
• pwn_jenkins

  gquere / pwn_jenkins

  Notes about attacking Jenkins servers

  jenkinspentesthackingexploitrce
  Language:Python 1898