Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Exploit
Exploit refers to a piece of code or technique that takes advantage of a security vulnerability in a system, application, or network to cause unintended behavior. Exploits can be used by attackers to gain unauthorized access, escalate privileges, execute arbitrary code, or cause a denial of service. This topic covers the various types of exploits, such as zero-day exploits, remote code execution, and privilege escalation. It also explores the lifecycle of an exploit, from discovery and development to deployment and mitigation, and highlights the importance of vulnerability management and patching in preventing exploits.
- GitHub: https://github.com/topics/exploit
- Wikipedia: https://en.wikipedia.org/wiki/Exploit_(computer_security)
- Created by: The cybersecurity community
- Related Topics: hacking, cybersecurity, penetration-testing, vulnerability-assessment,
- Aliases: exploits, vulnerability-exploit,
- Last updated: 2025-01-27 00:10:00 UTC
- JSON Representation
https://github.com/safebreach-labs/sireprat
Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
exploit iot-core raspberry-pi raspberrypi rce windows-iot
Last synced: 20 Jan 2025
https://github.com/assetnote/batchql
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
Last synced: 21 Jan 2025
https://github.com/den1al/jsshell
An interactive multi-user web JS shell
exploit interactive javascript python python-3-6 shell web xss
Last synced: 24 Jan 2025
https://github.com/Den1al/JSShell
An interactive multi-user web JS shell
exploit interactive javascript python python-3-6 shell web xss
Last synced: 03 Nov 2024
https://github.com/sam-b/windows_kernel_resources
Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
Last synced: 18 Nov 2024
https://github.com/saelo/armpwn
Repository to train/learn memory corruption on the ARM platform.
Last synced: 22 Jan 2025
https://github.com/a2u/cve-2018-7600
💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
cve-2018-7600 drupal drupalgeddon2 exploit poc sa-core-2018-002
Last synced: 21 Jan 2025
https://github.com/Cr4sh/KernelForge
A library to develop kernel level Windows payloads for post HVCI era
exploit hvci hypervisor kernel library rookit vbs windows
Last synced: 21 Nov 2024
https://github.com/hugsy/gdb-static
Public repository of statically compiled GDB and GDBServer
debug exploit gdb gdbserver gef linux reverse-engineering
Last synced: 21 Jan 2025
https://github.com/hlldz/CVE-2021-1675-LPE
Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
cobaltstrike cve-2021-1675 cve-2021-34527 exploit lpe printnightmare reflectivedll windows
Last synced: 21 Nov 2024
https://github.com/puliczek/cve-2022-0337-poc-google-chrome-microsoft-edge-opera
🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups
Last synced: 22 Jan 2025
https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera
🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups
Last synced: 03 Nov 2024
https://github.com/rezasp/vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
exploit owasp vbscan vbulletin vulnerability vulnerability-scanners
Last synced: 31 Dec 2024
https://github.com/rip1s/cve-2017-11882
CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.
cve-2017-11882 exploit rtf shellcode
Last synced: 22 Jan 2025
https://github.com/OWASP/vbscan
OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
exploit owasp vbscan vbulletin vulnerability vulnerability-scanners
Last synced: 03 Nov 2024
https://github.com/kkent030315/evil-mhyprot-cli
A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
driver exploit kernel kernel-exploit kernel-exploits mhyprot mhyprot2 windows
Last synced: 21 Jan 2025
https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
cve cve-2019-1003000 exploit groovy information-security jenkins poc rce security security-1266
Last synced: 20 Jan 2025
https://github.com/0x727/jndiexploit
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
Last synced: 22 Jan 2025
https://github.com/tijme/angularjs-csti-scanner
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
angularjs angularjs-csti-scanner angularjs-sandbox-escape exploit sandbox-escape security tool vulnerability-scanners xss xss-scanners
Last synced: 21 Jan 2025
https://github.com/crozone/spectrepoc
Proof of concept code for the Spectre CPU exploit.
exploit linux poc spectre spectreexploit-poc
Last synced: 20 Jan 2025
https://github.com/mazen160/struts-pwn_cve-2018-11776
An exploit for Apache Struts CVE-2018-11776
apache cve-2018-11776 exploit st2-057 struts struts-pwn
Last synced: 22 Jan 2025
https://github.com/mazen160/struts-pwn_CVE-2018-11776
An exploit for Apache Struts CVE-2018-11776
apache cve-2018-11776 exploit st2-057 struts struts-pwn
Last synced: 18 Jan 2025
https://github.com/garyodernichts/udpih
Exploit for the Wii U's USB Host Stack
exploit hacking raspberry-pi wiiu
Last synced: 22 Jan 2025
https://github.com/petercunha/jenkins-rce
:smiling_imp: Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
exploit hacking jenkins orangetw rce unauthenticated
Last synced: 22 Jan 2025
https://github.com/a2nkf/macos-kernel-exploit
macOS Kernel Exploit for CVE-2019-8781.
Last synced: 03 Nov 2024
https://github.com/entysec/hatsploit
Modular penetration testing platform that enables you to write, test, and execute exploit code.
android entysec exploit exploit-database exploit-development exploitation exploitation-framework exploits hacking-tool infosec payload post-exploitation privilege-escalation python remote-access-tool remote-control security windows windows-hacking
Last synced: 27 Jan 2025
https://github.com/hacksysteam/CVE-2023-21608
Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit
adobe adobe-reader aslr-bypass cfg-bypass cve-2023-21608 dep-bypass exploit rce use-after-free
Last synced: 02 Jan 2025
https://github.com/momo5502/cod-exploits
☠️ Call of Duty - Vulnerabilities and proof-of-concepts
assembly cod cpp exploit hack ida mw2 poc security-vulnerability
Last synced: 09 Nov 2024
https://github.com/tintinweb/pub
Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
cve-2014-2021 cve-2014-2022 cve-2014-2023 cve-2015-5477 cve-2016-0772 cve-2016-2563 cve-2016-3115 cve-2016-3116 cve-2016-5725 cve-2017-13208 cve-2017-16929 cve-2017-16930 cve-2017-18016 cve-2017-8798 cve-2018-10057 cve-2018-10058 ethereum-mist exploit poc vulnerability
Last synced: 21 Jan 2025
https://github.com/NtRaiseHardError/Antimalware-Research
Research on Anti-malware and other related security solutions
antimalware antivirus antivirus-evasion antivirus-testing bypass bypass-antivirus bypassantivirus bypassing-avs c exploit exploit-dev exploit-development exploitation windows
Last synced: 21 Nov 2024
https://github.com/m8sec/ActiveReign
A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
activedirectory enumeration exploit impacket ldap network network-enumeration python windows
Last synced: 21 Nov 2024
https://github.com/m8sec/activereign
A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
activedirectory enumeration exploit impacket ldap network network-enumeration python windows
Last synced: 22 Jan 2025
https://github.com/jimywork/shodanwave
Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
camera exploit ipcamera netwave-ip-cameras python shodan shodan-api vulnerability-scanners
Last synced: 23 Jan 2025
https://github.com/wangyihang/reverse-shell-manager
:hammer: A multiple reverse shell session/client manager via terminal
attack-defense command-and-control ctf exploit pentesting pty python reverse-shell socket web-security
Last synced: 24 Jan 2025
https://github.com/WangYihang/Reverse-Shell-Manager
:hammer: A multiple reverse shell session/client manager via terminal
attack-defense command-and-control ctf exploit pentesting pty python reverse-shell socket web-security
Last synced: 21 Nov 2024
https://github.com/unknownhad/CloudIntel
This repo contains IOC, malware and malware analysis associated with Public cloud
aws azure exploit gcp malware-analysis security threat-intelligence threatintel
Last synced: 20 Dec 2024
https://github.com/chocapikk/cve-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
cve-2023-24955 cve-2023-29357 exploit infosec microsoft sharepoint
Last synced: 23 Jan 2025
https://github.com/a-d-team/grafanaexp
A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.
cve-2021-43798 exploit grafana
Last synced: 22 Jan 2025
https://github.com/A-D-Team/grafanaExp
A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.
cve-2021-43798 exploit grafana
Last synced: 21 Nov 2024
https://github.com/0x27/CiscoRV320Dump
CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!
cisco config-dump exploit exploitation
Last synced: 18 Jan 2025
https://github.com/riptl/cve-2021-3449
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
cve-2021-3449 denial-of-service exploit openssl tls
Last synced: 03 Jan 2025
https://github.com/voidsec/exploit-development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
0day aslr aslr-bypass eop exploit kernel lpe poc rce rop rop-chain rop-exploitation rop-gadgets shellcode windows
Last synced: 23 Jan 2025
https://github.com/hugsy/stuff
Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest
exploit malware-development pentest python reverse-engineering tools
Last synced: 22 Jan 2025
https://github.com/entysec/camraptor
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
camera camera-hacking entysec exploit iot kalilinux payload
Last synced: 22 Jan 2025
https://github.com/KishanBagaria/AirDoS
💣 Remotely render any nearby iPhone or iPad unusable with an AirDrop exploit (now patched)
Last synced: 04 Nov 2024
https://github.com/kishanbagaria/airdos
💣 Remotely render any nearby iPhone or iPad unusable with an AirDrop exploit (now patched)
Last synced: 19 Dec 2024
https://github.com/edoardottt/tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
capture capture-the-flag code ctf-challenges ctf-competitions ctf-solutions ctf-writeups cyber-security cybersecurity exploit exploitation exploits hacking hacking-tools hacktoberfest notes penetration-testing tryhackme web-exploitation writeups
Last synced: 26 Oct 2024
https://github.com/b1gnout/VAC-Bypass
(NO LONGER WORKS)
anticheat anticheat-bypass cheat csgo exploit hacking hooking reverse-engineering vac vac-bypass valve-anti-cheat
Last synced: 13 Dec 2024
https://github.com/EntySec/CamRaptor
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
camera camera-hacking entysec exploit iot kalilinux payload
Last synced: 21 Nov 2024
https://github.com/mgeeky/expdevbadchars
Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
bad bin charset development diff expdev exploit
Last synced: 24 Jan 2025
https://github.com/Jackbail4/VAC-Bypass
Full VAC Bypass. Inject detected cheats and not get VAC banned.
anticheat anticheat-bypass cheat csgo exploit hacking hooking reverse-engineering vac vac-bypass valve-anti-cheat
Last synced: 07 Nov 2024
https://github.com/HuskyHacks/ShadowSteal
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
exploit exploit-development nim windows
Last synced: 21 Nov 2024
https://github.com/huskyhacks/shadowsteal
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
exploit exploit-development nim windows
Last synced: 29 Oct 2024
https://github.com/glebarez/padre
Blazing fast, advanced Padding Oracle exploit
aes cbc-mode-encryption exploit padding-oracle-attacks
Last synced: 01 Nov 2024
https://github.com/mgeeky/expdevBadChars
Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
bad bin charset development diff expdev exploit
Last synced: 21 Nov 2024
https://github.com/CTXz/stm32f1-picopwner
Dump read-out protected STM32F1's with a Pi Pico - A Pi Pico implementation of @JohannesObermaier's, Marc Schink's and Kosma Moczek's Glitch and FPB attack to bypass RDP (read-out protection) level 1 on STM32F1 chips
attack dump exploit firmware firmware-dump glitching pi pi-pico pico pwn pwned rdp stm32f1
Last synced: 25 Jan 2025
https://github.com/ctxz/stm32f1-picopwner
Dump read-out protected STM32F1's with a Pi Pico - A Pi Pico implementation of @JohannesObermaier's, Marc Schink's and Kosma Moczek's Glitch and FPB attack to bypass RDP (read-out protection) level 1 on STM32F1 chips
attack dump exploit firmware firmware-dump glitching pi pi-pico pico pwn pwned rdp stm32f1
Last synced: 23 Jan 2025
https://github.com/Svenito/exploit-pattern
generate and search pattern string for exploit development
debruijn exploit exploit-development python
Last synced: 25 Oct 2024
https://github.com/svenito/exploit-pattern
generate and search pattern string for exploit development
debruijn exploit exploit-development python
Last synced: 22 Jan 2025
https://github.com/saelo/cve-2014-0038
Linux local root exploit for CVE-2014-0038
Last synced: 20 Nov 2024
https://github.com/lassehauballe/Eternalblue
Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
eternalblue eternalblue-scanner exploit metasploit powershell
Last synced: 21 Nov 2024
https://github.com/jollheef/lpe
collection of verified Linux kernel exploits
exploit exploit-database exploit-kit exploits lpe
Last synced: 06 Nov 2024
https://github.com/VoidSec/WebRTC-Leak
Check if your VPN leaks your IP address via the WebRTC technology
exploit vpn-leaks webrtc webrtc-leak
Last synced: 25 Oct 2024
https://github.com/voidsec/webrtc-leak
Check if your VPN leaks your IP address via the WebRTC technology
exploit vpn-leaks webrtc webrtc-leak
Last synced: 24 Nov 2024
https://github.com/sickcodes/no-sandbox
No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/
0day bug bugbounty chrome chromium exploit rce research
Last synced: 28 Oct 2024
https://github.com/aziz0x48/vmass
vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
auto-exploit bot drupal exploit exploitation-framework hacking-tool joomla magento pentest-tool pentesting perl prestashop security-tools vulnerability vulnerability-detection vulnerability-scanners wordpress wpscan
Last synced: 19 Dec 2024
https://github.com/k8gege/powerladon
Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
exp exploit hacking ladon lanscanner netscan pentest pentest-tool pentesting-networks poc portscan security subdomain-scanner vulscan
Last synced: 24 Jan 2025
https://github.com/samueltulach/nullmap
Using CVE-2023-21768 to manual map kernel mode driver
cve-2023-21768 driver exploit kernel manual-mapper mapper windows
Last synced: 19 Dec 2024
https://github.com/k8gege/PowerLadon
Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
exp exploit hacking ladon lanscanner netscan pentest pentest-tool pentesting-networks poc portscan security subdomain-scanner vulscan
Last synced: 21 Nov 2024
https://github.com/andreafioraldi/cve_searchsploit
Search an exploit in the local exploitdb database by its CVE
cve cve-edb cve-exploit edb edbid exploit exploit-database exploit-db exploitdb search-exploits searchsploit
Last synced: 20 Jan 2025
https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome
🐱💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups
Last synced: 03 Nov 2024
https://github.com/puliczek/cve-2021-21123-poc-google-chrome
🐱💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups
Last synced: 22 Jan 2025
https://github.com/NullArray/MIDA-Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
bash bash-script enumeration exploit exploitation pentest pentesting privilege-escalation root shell shell-script vulnerability-identification
Last synced: 13 Dec 2024
https://github.com/nullarray/mida-multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
bash bash-script enumeration exploit exploitation pentest pentesting privilege-escalation root shell shell-script vulnerability-identification
Last synced: 19 Dec 2024
https://github.com/synacktiv/octoscan
Octoscan is a static vulnerability scanner for GitHub action workflows.
cicd exploit github github-actions vulnerability
Last synced: 15 Dec 2024
https://github.com/radenvodka/SVScanner
SVScanner - Scanner Vulnerability And MaSsive Exploit.
auto-exploiter exploit massive scanner scanner-web svscanner wordpress-exploit-framework
Last synced: 21 Nov 2024
https://github.com/dotPY-hax/gitlab_RCE
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
ctf cve cve-2018-19571 cve-2018-19585 cve-2020-10977 exploit gitlab gitlab-rce lfi rce
Last synced: 21 Nov 2024
https://github.com/ALEXZZZ9/PS4-5.01-WebKit-Exploit-PoC
PS4 5.01 WebKit Exploit PoC
Last synced: 18 Nov 2024
https://github.com/TasosY2K/camera-exploit-tool
Automated exploit scanner for cameras on the internet
camera camera-exploitation camera-hacking exploit iot scanner shodan vulnerability
Last synced: 17 Nov 2024
https://github.com/ningzhenyu/nailgun
Nailgun attack on ARM devices.
android arm attack debugging exploit fingerprint huawei-mate7 proof-of-concept raspberry-pi security tee trustzone vulnerabilities
Last synced: 10 Nov 2024
https://github.com/hugsy/gef-extras
Extra goodies for GEF to (try to) make GDB suck even less
debugging exploit gdb gef linux pwn python reverse-engineering
Last synced: 22 Jan 2025
https://github.com/0x802/MikrotikSploit
MikrotikSploit is a script that searches for and exploits Mikrotik network vulnerabilities
docker exploit mikrotik network network-mikrotik password python3 routers
Last synced: 29 Oct 2024
https://github.com/forrest-orr/doublestar
A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques
alpc apt chain cve-2019-17026 cve-2020-0674 darkhotel double eop exploit firefox jit pac rpc shellcode star wpad
Last synced: 01 Nov 2024
