awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
Back to offensive-security/exploitdb

Open-source alternatives to Exploitdb

30 open-source projects similar to offensive-security/exploitdb, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Exploitdb alternative.

  • trickest/cveAvatar de trickest

    trickest/cve

    7,882Ver en GitHub↗

    This project is a vulnerability intelligence database and aggregator that organizes common vulnerabilities and exposures alongside their corresponding proof-of-concept exploit code. It functions as a security vulnerability tracker and an indexed directory of public exploit payloads. The system monitors new security flaws and updates to known exploits through repository watches and atom feeds. It utilizes automated aggregation to collect vulnerability details from centralized repositories and discovers associated exploit code via reference analysis and global searches. The tool provides capab

    HTMLcvecve-pocexploit
    Ver en GitHub↗7,882
  • sqlmapproject/sqlmapAvatar de sqlmapproject

    sqlmapproject/sqlmap

    37,676Ver en GitHub↗

    This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris

    Pythondatabasedetectionexploitation
    Ver en GitHub↗37,676
  • trustedsec/social-engineer-toolkitAvatar de trustedsec

    trustedsec/social-engineer-toolkit

    14,984Ver en GitHub↗

    The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br

    Python
    Ver en GitHub↗14,984

Búsqueda con IA

Explora más repositorios increíbles

Describe lo que necesitas en lenguaje sencillo: la IA clasifica miles de proyectos open-source curados por relevancia.

Find more with AI search
  • andresriancho/w3afAvatar de andresriancho

    andresriancho/w3af

    4,850Ver en GitHub↗

    w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing

    Pythonappseccross-site-scriptingscanner
    Ver en GitHub↗4,850
  • apsdehal/awesome-ctfAvatar de apsdehal

    apsdehal/awesome-ctf

    11,614Ver en GitHub↗

    This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert pr

    JavaScriptawesomectfpenetration
    Ver en GitHub↗11,614
  • r3dy/capsulecorp-pentestAvatar de R3dy

    R3dy/capsulecorp-pentest

    988Ver en GitHub↗

    Vagrant VirtualBox environment for conducting an internal network penetration test

    Rubyansibleethical-hackinghacking
    Ver en GitHub↗988
  • sherlock-project/sherlockAvatar de sherlock-project

    sherlock-project/sherlock

    85,076Ver en GitHub↗

    Sherlock is a command-line automation tool designed to orchestrate software build, execution, and deployment workflows. It functions as an ephemeral runtime orchestrator that executes applications directly from source code, bypassing the need for persistent system-wide installations or manual dependency management. By providing a unified, containerized development environment, it ensures that application dependencies and infrastructure configurations remain consistent across diverse host operating systems. The project distinguishes itself through its ability to synthesize container images dec

    Pythonclicticybersecurity
    Ver en GitHub↗85,076
  • swisskyrepo/payloadsallthethingsAvatar de swisskyrepo

    swisskyrepo/PayloadsAllTheThings

    78,434Ver en GitHub↗

    This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i

    Pythonbountybugbountybypass
    Ver en GitHub↗78,434
  • nixawk/pentest-wikiAvatar de nixawk

    nixawk/pentest-wiki

    3,716Ver en GitHub↗
    Pythonhackingpentestsecurity
    Ver en GitHub↗3,716
  • getgrav/gravAvatar de getgrav

    getgrav/grav

    15,395Ver en GitHub↗

    Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru

    PHPcmscontentcontent-management
    Ver en GitHub↗15,395
  • vulhub/vulhubAvatar de vulhub

    vulhub/vulhub

    20,279Ver en GitHub↗

    Vulhub is a collection of pre-configured, containerized applications designed to serve as a standardized platform for security research, vulnerability testing, and educational exploitation exercises. It functions as an orchestration framework that enables users to deploy isolated software environments for the purpose of practicing penetration testing and analyzing common security flaws in a controlled setting. The project utilizes an infrastructure-as-code pattern to define complex, multi-service software stacks, ensuring that testing targets remain consistent and reproducible. By leveraging

    Dockerfiledockerdocker-composedockerfile
    Ver en GitHub↗20,279
  • beefproject/beefAvatar de beefproject

    beefproject/beef

    10,728Ver en GitHub↗

    BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and

    JavaScript
    Ver en GitHub↗10,728
  • commixproject/commixAvatar de commixproject

    commixproject/commix

    5,757Ver en GitHub↗

    Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str

    Python
    Ver en GitHub↗5,757
  • offensive-security/exploit-databaseAvatar de offensive-security

    offensive-security/exploit-database

    7,849Ver en GitHub↗

    This project is a public exploit code archive and vulnerability database. It serves as a collection of documented software exploits and vulnerability data, providing a reference library of exploit scripts and payloads used to validate security flaws in target environments. The archive supports security threat intelligence, vulnerability research, and penetration testing workflows. It functions as a historical record of software vulnerabilities and the proof-of-concept code used to trigger them. The codebase is organized through directory-based categorization and flat-file data storage, utili

    Ver en GitHub↗7,849
  • ebookfoundation/free-programming-booksAvatar de EbookFoundation

    EbookFoundation/free-programming-books

    390,347Ver en GitHub↗

    This project is a centralized, open-access repository that serves as a structured directory for technical education and professional development. It functions as a community-driven knowledge base, aggregating high-quality learning materials to support global accessibility to computer science and software engineering resources. The platform distinguishes itself through a collaborative governance model that utilizes peer-reviewed workflows for all content additions and modifications. By leveraging structured text files and decentralized version control, the repository maintains a searchable, hu

    Pythonbookseducationhacktoberfest
    Ver en GitHub↗390,347
  • rhinosecuritylabs/pacuAvatar de RhinoSecurityLabs

    RhinoSecurityLabs/pacu

    5,234Ver en GitHub↗

    Pacu is an exploitation framework designed for auditing and testing the security of Amazon Web Services environments. It serves as a cloud penetration testing tool and resource enumerator used to identify misconfigurations, map attack surfaces, and execute privilege escalation paths. The framework provides specialized capabilities for post-exploitation and red team operations, including establishing persistence through identity and access management backdooring. It distinguishes itself with a plugin-based module system that allows for the development of custom tasks and the orchestration of A

    Python
    Ver en GitHub↗5,234
  • hanc00l/wooyun_publicAvatar de hanc00l

    hanc00l/wooyun_public

    4,405Ver en GitHub↗

    This project is a vulnerability search engine and security knowledge base designed to collect and index public security disclosures. It functions as a vulnerability database crawler that extracts technical reports and security flaws from websites to create a searchable local archive. The system utilizes a security knowledge indexer and a full-text inverted index to convert unstructured crawled data into a structured format. This allows for keyword-based information retrieval, enabling the location of specific security flaws and technical details through a dedicated search interface. The plat

    PHP
    Ver en GitHub↗4,405
  • dirtycow/dirtycow.github.ioAvatar de dirtycow

    dirtycow/dirtycow.github.io

    3,436Ver en GitHub↗

    This project is a technical repository of kernel exploit guides, memory corruption analyses, and archived methods for gaining root access. It serves as a centralized library of security flaws and reproduction steps used for testing system protections and verification. The documentation focuses on the Linux kernel, providing technical breakdowns of how memory management errors and multi-page write techniques allow for the modification of read-only files. It details the use of race conditions to achieve administrative privilege escalation. The repository covers a broad surface of security rese

    HTML
    Ver en GitHub↗3,436
  • google/security-researchAvatar de google

    google/security-research

    4,362Ver en GitHub↗

    This is a public archive of vulnerability findings, proof-of-concept code, and technical reports detailing security flaws discovered in third-party software. It functions as a coordinated vulnerability disclosure platform, enabling private reporting to vendors and structured publication of advisories after a fix is released or a 90-day deadline passes. The repository provides modular security analysis tooling—standalone scripts and binaries each targeting a specific bug class for automated detection—alongside a cross-platform fuzzing framework that runs tests across multiple operating systems

    C
    Ver en GitHub↗4,362
  • antonio-morales/fuzzing101Avatar de antonio-morales

    antonio-morales/Fuzzing101

    3,796Ver en GitHub↗

    Fuzzing101 is an educational resource providing a structured curriculum and containerized security labs for learning software fuzzing and vulnerability research. It functions as a training course that guides users through the process of identifying security flaws using systematic input manipulation and memory corruption analysis. The project distinguishes itself by providing isolated environments that ensure consistent build dependencies for practicing software instrumentation and crash triaging. It includes a practical tutorial on using evolutionary fuzzing engines and instrumentation tools

    Ver en GitHub↗3,796
  • bitwise-01/instagram-Avatar de Bitwise-01

    Bitwise-01/Instagram-

    4,968Ver en GitHub↗

    This project is a security auditing and penetration testing utility designed for automating password guessing, credential stuffing, and account brute-forcing on Instagram. It functions as an account recovery auditor that simulates automated login attacks to test the strength of account passwords. The tool incorporates a proxy manager to handle the import and monitoring of proxy lists. This system routes requests through rotating IP addresses and monitors proxy health to prune unresponsive addresses and avoid rate limiting. The software provides capabilities for concurrent request execution a

    Pythonbruteforcehackinstagram
    Ver en GitHub↗4,968
  • mantvydasb/redteaming-tactics-and-techniquesAvatar de mantvydasb

    mantvydasb/RedTeaming-Tactics-and-Techniques

    4,620Ver en GitHub↗

    This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi

    PowerShelloffensive-securityoscppentesting
    Ver en GitHub↗4,620
  • mame82/p4wnp1Avatar de mame82

    mame82/P4wnP1

    4,371Ver en GitHub↗

    P4wnP1 is a wireless USB payload framework and attack platform based on the Raspberry Pi Zero. It functions as a USB HID emulator and network adapter, mimicking keyboards and other peripherals to interact with target hardware and execute automated keyboard payloads. The project provides a customizable system for delivering HID attacks and managing remote access via a wireless hotspot. It enables the emulation of composite devices, allowing a single physical port to present multiple functions, such as Ethernet and keyboard interfaces, simultaneously. The framework covers capabilities for hard

    Python
    Ver en GitHub↗4,371
  • ctf-wiki/ctf-wikiAvatar de ctf-wiki

    ctf-wiki/ctf-wiki

    9,449Ver en GitHub↗

    This project is a security training wiki and markdown knowledge base that provides technical guides, categorized exercises, and tool directories for participants in competitive security challenges. It serves as a comprehensive resource for capture the flag training, organizing learning materials into a searchable website. The knowledge base covers specialized security domains including cryptography, web security, and reverse engineering. It includes a curated directory of research tools and software used for vulnerability research and exploitation, alongside a repository of practical challeng

    Pythoncryptoctfmisc
    Ver en GitHub↗9,449
  • owasp/nettackerAvatar de OWASP

    OWASP/Nettacker

    5,258Ver en GitHub↗

    Nettacker is an automated penetration testing framework designed to orchestrate reconnaissance, port scanning, and vulnerability detection. It functions as a network reconnaissance tool and vulnerability scanner that identifies open ports, fingerprints services, and checks systems against databases of known security flaws. The framework distinguishes itself by combining a web application crawler for discovering hidden paths via fuzzing with a vulnerability management system that persists scan results in a database to track historical assessments. It also includes specialized capabilities for

    Pythonautomationbruteforcecve
    Ver en GitHub↗5,258
  • jasonxtn/argusAvatar de jasonxtn

    jasonxtn/Argus

    3,254Ver en GitHub↗

    Argus is a modular network reconnaissance framework designed for gathering network intelligence, mapping infrastructure, and assessing security postures through automated discovery tasks. It operates as a containerized security toolset that allows for the consistent execution of specialized information-gathering modules across different operating systems. The system functions as an infrastructure audit tool and a web application security scanner, performing tasks such as DNS lookups, port scanning, and the inspection of HTTP headers to detect vulnerabilities. It also serves as a threat intell

    Pythoncms-detectiondirectory-finderdns-lookup
    Ver en GitHub↗3,254
  • peiqi0/peiqi-wiki-bookAvatar de PeiQi0

    PeiQi0/PeiQi-WIKI-Book

    4,111Ver en GitHub↗

    PeiQi-WIKI-Book is a cybersecurity knowledge base and security research wiki. It functions as a markdown static site generator that converts structured text files into a set of interconnected HTML pages. This system serves as a curated collection of technical documentation and guides focused on vulnerability research, code auditing, and penetration testing. The project utilizes a git-driven documentation workflow, using version control hooks to automatically update a live website when content changes. It features a client-side searchable index that allows users to find security topics without

    Ver en GitHub↗4,111
  • c0ny1/upload-labsAvatar de c0ny1

    c0ny1/upload-labs

    4,157Ver en GitHub↗

    upload-labs is a file upload vulnerability lab and penetration testing sandbox. It consists of a collection of intentionally vulnerable web applications designed for practicing the discovery and exploitation of file upload security flaws. The project serves as a web security training ground and cybersecurity education lab. It provides a simulated environment for learning how to bypass upload restrictions and achieve remote code execution on servers through controlled laboratory exercises. The system includes capabilities for vulnerability research simulation and penetration testing practice.

    PHP
    Ver en GitHub↗4,157
  • lylemi/learn-web-hackingAvatar de LyleMi

    LyleMi/Learn-Web-Hacking

    5,414Ver en GitHub↗

    Learn-Web-Hacking is a structured web security study guide and penetration testing knowledge base. It provides a collection of research notes focused on identifying and exploiting vulnerabilities in web applications and network protocols. The project includes specialized frameworks for evaluating security risks in large language models to prevent prompt injection, as well as guides for hardening cloud-native infrastructure, including container standards and orchestration tools. It also covers the analysis of identity standards and authentication protocols. The material spans a broad range of

    Pythonhackingpenetration-testingpentesting
    Ver en GitHub↗5,414
  • vxunderground/malwaresourcecodeAvatar de vxunderground

    vxunderground/MalwareSourceCode

    18,415Ver en GitHub↗

    This project is a curated archive and cybersecurity research dataset of raw source code from various malware families. It serves as a malware analysis library designed to help researchers study the inner workings of different threats and identify attack patterns across multiple platforms and programming languages. The repository supports security research by providing raw text distribution of original source code. This allows for the study of platform vulnerabilities, threat intelligence gathering, and the development of security products and detection signatures. The collection is organized

    Assemblymalwaremalware-detectionmalware-development
    Ver en GitHub↗18,415