Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with exploitation

A curated list of projects in awesome lists tagged with exploitation .

https://github.com/RPISEC/MBE

Course materials for Modern Binary Exploitation by RPISEC

ctf exploitation wargame

Last synced: 11 May 2025

https://github.com/rpisec/mbe

Course materials for Modern Binary Exploitation by RPISEC

ctf exploitation wargame

Last synced: 02 Apr 2025

https://github.com/almandin/fuxploider

File upload vulnerability scanner and exploitation tool.

detection exploitation pentesting python3 takeover vulnerability-scanner

Last synced: 15 May 2025

https://github.com/corkami/collisions

Hash collisions and exploitations

collisions exploitation hash md5 scripts sha1

Last synced: 14 May 2025

https://github.com/rizinorg/rizin

UNIX-like reverse engineering framework and command-line toolset.

debugging exploitation program-analysis reverse-engineering security

Last synced: 12 May 2025

https://github.com/ashemery/exploitation-course

Offensive Software Exploitation Course

exploitation exploitation-course exploitdev offensive ose

Last synced: 08 Oct 2025

https://github.com/megamansec/ssh-snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

bash cybersecurity exploitation exploitation-tool hacking hacking-tools pentesting post-exploitation redteam scanner security security-tools shell ssh ssh-hacking vulnerability-scanner worm

Last synced: 15 May 2025

https://github.com/lefayjey/linwinpwn

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

active-directory adcs adsecurity bloodhound enumeration exploitation hacking impacket kerberoast kerberos mssql penetration-testing pentest pentest-tool pentesting

Last synced: 23 Oct 2025

https://github.com/xyntax/poc-t

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

exploitation pentesting vulnerability-scanner

Last synced: 15 May 2025

https://github.com/Xyntax/POC-T

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

exploitation pentesting vulnerability-scanner

Last synced: 30 Mar 2025

https://github.com/sashs/ropper

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.

binary exploitation gadget-finder gadgets rop rop-chains

Last synced: 25 Apr 2025

https://github.com/sashs/Ropper

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.

binary exploitation gadget-finder gadgets rop rop-chains

Last synced: 13 Mar 2025

https://github.com/lefayjey/linWinPwn

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

active-directory adcs adsecurity bloodhound enumeration exploitation hacking impacket kerberoast kerberos mssql penetration-testing pentest pentest-tool pentesting

Last synced: 12 Jul 2025

https://github.com/dolevf/damn-vulnerable-graphql-application

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

damn-vulnerable damn-vulnerable-web-application exploitation graphql graphql-security penetration-testing security vulnerability

Last synced: 15 May 2025

https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

damn-vulnerable damn-vulnerable-web-application exploitation graphql graphql-security penetration-testing security vulnerability

Last synced: 04 Apr 2025

https://github.com/mufeedvh/moonwalk

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

cve exploit exploitation infosec infosectools linux privilege-escalation red-teaming redteam redteam-tools security security-tools

Last synced: 16 May 2025

https://github.com/wadcoms/wadcoms.github.io

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

blueteam cheatsheet commands enumeration exploitation persistence privilege-escalation redteam wadcoms windows

Last synced: 16 Aug 2025

https://github.com/WADComs/WADComs.github.io

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

blueteam cheatsheet commands enumeration exploitation persistence privilege-escalation redteam wadcoms windows

Last synced: 13 Apr 2025

https://github.com/virb3/magisk-frida

🔐 Run frida-server on boot with Magisk, always up-to-date

android exploitation frida magisk reverse-engineering root security

Last synced: 08 May 2026

https://github.com/stong/how-to-exploit-a-double-free

How to exploit a double free vulnerability in 2021. Use After Free for Dummies

binary ctf double-free exploitation heap lock-free microarchitecture pwn tutorial use-after-free walkthrough

Last synced: 14 May 2025

https://github.com/0xricksanchez/paper_collection

Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

directed-fuzzing embedded exploitation fuzzing fuzzing-binaries guided-fuzzing hybrid-fuzzing iot kernel linux linux-kernel mitigations paper rca root-cause sanitizer vulnerability-detection

Last synced: 13 Apr 2025

https://github.com/jxy-s/herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

antivirus antivirus-evasion exploit exploit-development exploit-framework exploitation exploits process-doppelganging process-herpaderping process-hollowing process-migration security security-vulnerability vulnerability windows windows-10 windows-7 windows-defender

Last synced: 16 May 2025

https://github.com/nccgroup/featherduster

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

cryptanalysis crypto cryptography encryption exploit exploitation exploitation-framework exploits python security

Last synced: 16 May 2025

https://github.com/MegaManSec/SSH-Snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

bash cybersecurity exploitation exploitation-tool hacking hacking-tools pentesting post-exploitation redteam scanner security security-tools shell ssh ssh-hacking vulnerability-scanner worm

Last synced: 11 Apr 2025

https://github.com/safebuffer/sam-the-admin

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

active-directory exploitation redteam s4u2self

Last synced: 08 Oct 2025

https://github.com/adi0x90/attifyos

Attify OS - Distro for pentesting IoT devices

embedded exploitation hacking hardware internet-of-things iot iot-pentesting security

Last synced: 11 Jul 2025

https://github.com/ViRb3/magisk-frida

🔐 Run frida-server on boot with Magisk, always up-to-date

android exploitation frida magisk reverse-engineering root security

Last synced: 20 Mar 2025

https://github.com/bkerler/exploit_me

Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)

arm ctf exploitation rop tutorial

Last synced: 30 Apr 2025

https://github.com/spawnmason/randar-explanation

"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to locate other players currently loaded into the world.

2b2t exploit exploitation lattice lattice-reduction lll minecraft munmap papermc radar randar random rng spawnmason spawnmasons

Last synced: 12 Apr 2025

https://github.com/cryptogenic/exploit-writeups

A collection where my current and future writeups for exploits/CTF will go

capture-the-flag exploit-development exploitation vulnerabilities

Last synced: 02 Apr 2025

https://github.com/Cryptogenic/Exploit-Writeups

A collection where my current and future writeups for exploits/CTF will go

capture-the-flag exploit-development exploitation vulnerabilities

Last synced: 13 Mar 2025

https://github.com/danigargu/heap-viewer

IDA Pro plugin to examine the glibc heap, focused on exploit development

exploit exploitation glibc heap ida-plugin ida-pro idapython idapython-plugin python

Last synced: 15 Mar 2025

https://github.com/incredibleindishell/ssrf_vulnerable_lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

attack exploitation hacking lab server-side-request-forgery ssrf web-security

Last synced: 02 Apr 2025

https://github.com/incredibleindishell/SSRF_Vulnerable_Lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

attack exploitation hacking lab server-side-request-forgery ssrf web-security

Last synced: 22 Apr 2025

https://github.com/0xb0bb/pwndra

A collection of pwn/CTF related utilities for Ghidra

ctf ctf-tools exploitation ghidra ghidra-scripts pwn reverse-engineering

Last synced: 13 May 2025

https://github.com/brompwnie/botb

A container analysis and exploitation tool for pentesters and engineers.

container-analysis container-breakout docker-daemon exploitation metadata-endpoints pentesters procfs unix-domain-sockets

Last synced: 12 Jan 2026

https://github.com/anon-exploiter/suid3num

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

auto-exploitation boot2root exploitation gtfo gtfo-bin gtfobins htb oscp oscp-tools pentest pentest-tools pentesting privilege-escalation python python-3 standalone-python-script suid suid-binaries suid3num vulnhub

Last synced: 04 Apr 2025

https://github.com/bishopfox/badpods

A collection of manifests that will create pods with elevated privileges.

assessment exploitation hostipc hostnetwork hostpath hostpid kubernetes penetration-testing pods podspec privileged security

Last synced: 04 Apr 2025

https://github.com/sgayou/subaru-starlink-research

Subaru StarLink persistent root code execution.

exploitation jailbreak reverse-engineering vulnerability-research

Last synced: 22 Jul 2025

https://github.com/entysec/seashell

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

exploit exploitation ios ios-exploit ios-exploitation ios-hacking ios-malware ipados jailbreak post-exploitation post-exploitation-toolkit remote-access-tool remote-admin-tool reverse-shell trollstore

Last synced: 09 Apr 2025

https://github.com/codingranjith/hackingtoolkit

ALL IN ONE Hacking Tool For Hackers, Penetration Tester and Cybersecurity. New Version Beginner to Advanced Tool. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

allinonehackingtool android-hacking-tools anonymously-hiding-tools cyber-security ddos-attack-tools exploitation hackerstool hacking hackingtoolkit hackingtools information-gathering-tools kalilinux metasploit payload payload-creation-tools penetration-testing phishing-attack-tools socialmedia-bruteforce web-attack-tools wordlist-generator

Last synced: 09 Apr 2025

https://github.com/Chudry/Xerror

fully automated pentesting tool

cve2exploit exploitation gui msf pentesting python xerror

Last synced: 11 Jul 2025

https://github.com/Ben-Lichtman/ropr

A blazing fast™ multithreaded ROP Gadget finder. ropper / ropgadget alternative

command-line-tool exploitation rop rop-chain rop-gadget rust

Last synced: 31 Mar 2025

https://github.com/zt2/sqli-hunter

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

detection exploitation pentesting ruby sql-injection sqlmap vulnerability-scanner

Last synced: 17 Jan 2026

https://github.com/akamai-threat-research/mqtt-pwn

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

exploitation iot mqtt mqtt-broker mqtt-client python reconnaissance

Last synced: 15 Jan 2026

https://github.com/str8outtaheap/heapwn

Linux Heap Exploitation Practice

ctf exploitation heap linux pwning

Last synced: 02 Apr 2025

https://github.com/yuawn/ntu-computer-security

台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan

binary-exploitation course csie ctf education exploitation exploits ntu pwn reverse-engineering security

Last synced: 23 Jul 2025

https://github.com/yuawn/NTU-Computer-Security

台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan

binary-exploitation course csie ctf education exploitation exploits ntu pwn reverse-engineering security

Last synced: 02 Apr 2025

https://github.com/M4DM0e/BadMod

CMS auto detect and exploit.

cms-detection exploitation hacking vulnerability-scanner

Last synced: 26 Mar 2025

https://github.com/JohnTroony/Blisqy

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

appsec blind-sql-injection blisqy database-security exploitation john-ombagi sql sql-injection sql-payloads

Last synced: 12 Jul 2025

https://github.com/sgayou/medfusion-4000-research

Medfusion 4000 security research & a MQX RCE.

exploitation reverse-engineering

Last synced: 11 Jul 2025

https://github.com/peperunas/injectopi

A set of tutorials about code injection for Windows.

code-injection exploitation reverse-engineering reversing winapi windows

Last synced: 13 May 2025

https://github.com/klezvirus/candypotato

Pure C++, weaponized, fully automated implementation of RottenPotatoNG

exploitation juicy-potato privesc

Last synced: 09 Apr 2025

https://github.com/acama/xrop

Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC

exploitation pwning rop-gadgets

Last synced: 11 Mar 2026