4 Repos
Curated archives of proof-of-concept exploit code and vulnerability data used for security research and testing.
Distinct from Exploit Collections: The candidates are nested under awesome-lists, whereas this is the actual primary archive/database itself.
Explore 4 awesome GitHub repositories matching security & cryptography · Exploit Databases. Refine with filters or upvote what's useful.
ExploitDB is a curated archive of exploit code and vulnerability data designed for penetration testing and security research. It serves as an offensive security knowledge base and a repository of publicly available proof-of-concept code used to validate software flaws. The project provides a searchable collection of historical and current exploit vectors. It supports security threat intelligence by tracking public releases and aids in vulnerability research by providing a reference library for analyzing how specific systems can be compromised. The archive is managed through a curated input p
A curated collection of exploit code and vulnerability data for penetration testing and security research.
Traitor is a Linux privilege escalation framework and automated root exploit suite. It provides specialized utilities for scanning system misconfigurations and deploying automated exploit scripts on local Linux hosts to elevate user privileges to the root level. The tool identifies insecure system setups and binary vulnerabilities, such as GTFOBins, to map potential routes for gaining root access. It automates the process of discovering and exploiting these local vulnerabilities through targeted exploit execution and the deployment of sequential scripts. The system covers vulnerability asses
Executes a sequence of known exploits and misconfiguration attacks to automatically obtain a root shell.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Employs a curated knowledge base of vulnerability patterns to automate the selection and delivery of exploit payloads.
lscript is a wireless network pentesting framework and keyboard-driven command console. It functions as a security tool orchestrator for installing and managing reconnaissance frameworks, alongside an automation toolkit for executing wireless attacks. The project distinguishes itself through a keyboard-driven interface that maps specific keystrokes to complex security scripts and system-level shell operations. This allows for the automation of wireless reconnaissance, handshake capture, and password recovery workflows without manual command typing. The system covers wireless adapter manageme
Automates the delivery of targeted attacks and the creation of payloads and listeners.