ExploitDB is a curated archive of exploit code and vulnerability data designed for penetration testing and security research. It serves as an offensive security knowledge base and a repository of publicly available proof-of-concept code used to validate software flaws.
Las características principales de offensive-security/exploitdb son: Exploit Databases, Exploit Proof-of-Concept Indexes, Learning Resources, Penetration Testing, Security Knowledge Bases, Vulnerability Research and Analysis, Threat Intelligence Resources, Flat-File Databases.
Las alternativas de código abierto para offensive-security/exploitdb incluyen: trickest/cve — This project is a vulnerability intelligence database and aggregator that organizes common vulnerabilities and… trustedsec/social-engineer-toolkit — The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate… sqlmapproject/sqlmap — This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It… andresriancho/w3af — w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities… apsdehal/awesome-ctf — This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for… nixawk/pentest-wiki.
This project is a vulnerability intelligence database and aggregator that organizes common vulnerabilities and exposures alongside their corresponding proof-of-concept exploit code. It functions as a security vulnerability tracker and an indexed directory of public exploit payloads. The system monitors new security flaws and updates to known exploits through repository watches and atom feeds. It utilizes automated aggregation to collect vulnerability details from centralized repositories and discovers associated exploit code via reference analysis and global searches. The tool provides capab
The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing