4 dépôts
Curated archives of proof-of-concept exploit code and vulnerability data used for security research and testing.
Distinct from Exploit Collections: The candidates are nested under awesome-lists, whereas this is the actual primary archive/database itself.
Explore 4 awesome GitHub repositories matching security & cryptography · Exploit Databases. Refine with filters or upvote what's useful.
ExploitDB is a curated archive of exploit code and vulnerability data designed for penetration testing and security research. It serves as an offensive security knowledge base and a repository of publicly available proof-of-concept code used to validate software flaws. The project provides a searchable collection of historical and current exploit vectors. It supports security threat intelligence by tracking public releases and aids in vulnerability research by providing a reference library for analyzing how specific systems can be compromised. The archive is managed through a curated input p
A curated collection of exploit code and vulnerability data for penetration testing and security research.
Traitor is a Linux privilege escalation framework and automated root exploit suite. It provides specialized utilities for scanning system misconfigurations and deploying automated exploit scripts on local Linux hosts to elevate user privileges to the root level. The tool identifies insecure system setups and binary vulnerabilities, such as GTFOBins, to map potential routes for gaining root access. It automates the process of discovering and exploiting these local vulnerabilities through targeted exploit execution and the deployment of sequential scripts. The system covers vulnerability asses
Executes a sequence of known exploits and misconfiguration attacks to automatically obtain a root shell.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Employs a curated knowledge base of vulnerability patterns to automate the selection and delivery of exploit payloads.
lscript est un framework de pentesting de réseau sans fil et une console de commande pilotée par clavier. Il fonctionne comme un orchestrateur d'outils de sécurité pour installer et gérer des frameworks de reconnaissance, aux côtés d'une boîte à outils d'automatisation pour exécuter des attaques sans fil. Le projet se distingue par une interface pilotée par clavier qui mappe des frappes spécifiques à des scripts de sécurité complexes et des opérations shell au niveau du système. Cela permet l'automatisation des flux de travail de reconnaissance sans fil, de capture de handshake et de récupération de mot de passe sans saisie manuelle de commandes. Le système couvre la gestion des adaptateurs sans fil, y compris l'usurpation d'adresse MAC et le basculement en mode moniteur. Il fournit des capacités pour l'analyse réseau via le scan sans fil et la surveillance de handshake, ainsi que des tests de sécurité via l'injection de paquets, la désauthentification de clients et l'automatisation des flux de travail d'exploitation.
Automates the delivery of targeted attacks and the creation of payloads and listeners.