exploit

A collection of hacking / penetration testing resources to make you better!

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

CTF framework and exploit development library

windows-kernel-exploits Windows平台提权漏洞集合

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Automated Mass Exploiter

linux-kernel-exploits Linux平台提权漏洞集合

Cyber Security ALL-IN-ONE Platform

A collection of links related to Linux kernel security and exploitation

This repository contains several applications, demonstrating the Meltdown bug.

Gather and update all available and newest CVEs with their PoC.

Ladon modular hacking framework penetration scanner & Cobalt strike, Ladon 9.2.1 has 171 built-in modules, including information collection / surviving host / port scanning / service identification / password blasting / vulnerability detection / vulnerability utilization. Vulnerability detection includes ms17010 / smbghost / Weblogic / ActiveMQ / Tomcat / Struts2, password and password blasting (MySQL / Oracle / MSSQL) / ftp / SSH (Linux) / VNC / windows (IPC / WMI / SMB / NetBIOS / LDAP / smbhash / wmihash / winrm), remote execution of commands (smbexec / wmieexe / psexec / atexec / sshexec / webshell), lowering and lifting of rights runas, getsystem, POC / exploit, support for global strike 3.x-4.0

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more

CTF竞赛权威指南

Windows Exploit Suggester - Next Generation

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能