15 रिपॉजिटरी
Modular platforms for developing and executing exploit logic.
Distinguishing note: Focuses on the framework aspect of exploit development.
Explore 15 awesome GitHub repositories matching security & cryptography · Exploit Frameworks. Refine with filters or upvote what's useful.
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
Provides a collection of interchangeable components to define complex attack logic.
RouterSploit is an embedded device exploitation framework and vulnerability scanner designed to identify and exploit security flaws in networked embedded hardware and firmware. It provides a centralized toolkit for scanning for known weaknesses and common misconfigurations to gain unauthorized system access. The framework includes an architecture-specific payload generator to create custom binary payloads tailored to the target hardware. It also features an automated brute force tool that uses dictionary-based credential guessing to bypass authentication on hardware devices. The tool covers
Implements a modular platform for developing and executing device-specific exploit logic at runtime.
TheFatRat is a security exploitation framework designed to automate the creation, obfuscation, and deployment of payloads for penetration testing. It functions as a comprehensive toolkit that streamlines the exploitation lifecycle, enabling users to generate malicious executables, manage network listeners, and execute post-exploitation tasks through a unified command-line interface. The framework distinguishes itself by integrating various third-party exploitation utilities into a single, orchestrated workflow. It provides specialized capabilities for embedding code into legitimate binaries a
Orchestrates the configuration of listeners and the creation of payloads to simplify security testing tasks.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Orchestrates the end-to-end security pipeline from reconnaissance to exploit verification to streamline penetration testing.
ipwndfu is a collection of software utilities designed to exploit the iOS bootrom to enable unsigned code execution and firmware manipulation. The project provides tools to place Apple devices into a pwned DFU state, allowing the system to bypass secure boot signatures. The toolkit includes capabilities for hardware-based decryption, using a connected device's unique keys to decrypt data while in a restricted update mode. It also provides utilities for extracting system ROM and flash memory from the hardware for offline security analysis. The software covers broader hardware exploitation are
Implements bootrom-level hardware exploits to execute unsigned code on iOS devices in DFU mode.
Undecimus is an iOS jailbreak tool and firmware exploit utility designed to remove software restrictions and elevate system privileges on devices running iOS 11.0 through 12.4. It serves as a software implementation for bypassing system limits and performing unauthorized system modifications. The project functions as an installer for third-party package managers and substrates, enabling the deployment of alternative application stores. It also includes system recovery tools to diagnose errors and repair corrupted system packages following firmware modifications. The toolset covers low-level
Leverages iOS-specific kernel vulnerabilities to bypass system limits and allow unauthorized modifications.
palera1n is an iOS jailbreak tool that exploits a permanent hardware vulnerability in the bootrom of A8 through A11 Apple devices running iOS 15.0 or later, granting root access for system customization and third-party software installation. The tool also extends this jailbreak technique to Apple T2-equipped Macs running bridgeOS 5.0 or later, providing system-level access and modification capabilities on those devices. The tool offers two distinct jailbreak environments: a Rootless mode that provides system access without modifying the root filesystem, and a Full-root mode that grants unrest
Exploits a permanent hardware vulnerability in the bootrom of A8 through A11 devices.
Peda is a security tool suite and exploit development framework designed for binary analysis, debugger automation, and memory inspection. It functions as a set of Python scripts that extend a debugger to automate the analysis of compiled files and the inspection of process memory. The project provides specialized utilities for memory corruption research, including a payload generation utility for creating cyclic patterns to discover buffer overflows and a gadget finder to locate return-oriented programming sequences within binaries. It differentiates itself by offering a visualization tool th
Provides a modular platform of GDB Python scripts for automating binary analysis and memory inspection.
PhoneSploit-Pro एक Android एक्सप्लॉयटेशन और रिमोट एडमिनिस्ट्रेशन टूलकिट है। यह Android Debug Bridge (ADB) प्रोटोकॉल का उपयोग करके Android डिवाइसेस को रिमोटली कंट्रोल करने और डेटा निकालने के लिए एक सिस्टम प्रदान करता है। यह प्रोजेक्ट Metasploit के साथ इंटीग्रेट होता है ताकि पेलोड्स के निर्माण और इंस्टॉलेशन को ऑटोमेट किया जा सके और कमांड-एंड-कंट्रोल सेशंस स्थापित किए जा सकें। इसमें TCP पोर्ट्स को प्रोब करके लोकल नेटवर्क पर सक्रिय Android होस्ट्स की पहचान करने के लिए एक नेटवर्क डिवाइस स्कैनर भी शामिल है। यह टूलकिट रिमोट शेल एग्जीक्यूशन, एप्लीकेशन मैनेजमेंट और हार्डवेयर स्टेट कंट्रोल जैसी व्यापक प्रशासनिक और फॉरेंसिक क्षमताओं को कवर करता है।
Automates the integration and deployment of Metasploit payloads to establish remote command-and-control sessions.
Nugget is an iOS system customization tool that applies exploit-based modifications to device configuration files, enabling changes to system appearance and behavior without jailbreaking. It functions as a feature flag toggler, mobile gestalt modifier, and PosterBoard wallpaper manager, allowing users to enable experimental iOS features, modify hardware-level identifiers, and apply custom wallpapers through system file manipulation. The tool distinguishes itself by using the sparserestore or BookRestore exploit to write system files outside normal restore locations, supporting modifications t
Core mechanism for applying unsupported modifications to iOS system files via sparserestore or BookRestore.
AutoSploit एक ऑटोमेटेड एक्सप्लॉइटेशन फ्रेमवर्क है जिसे रिमोट होस्ट्स को खोजने और रिवर्स शेल स्थापित करने के लिए बड़े पैमाने पर एक्सप्लॉइट मॉड्यूल चलाने के लिए डिज़ाइन किया गया है। यह एक नेटवर्क रिकॉनिसेंस टूल और रिमोट कोड निष्पादन ऑर्केस्ट्रेटर के रूप में कार्य करता है, जो कई लक्ष्यों के विरुद्ध अटैक मॉड्यूल की तैनाती का प्रबंधन करता है। सिस्टम में एक प्रॉक्सी-आधारित ट्रैफ़िक मास्कर है जो बाहरी सर्वर के माध्यम से नेटवर्क अनुरोधों को रूट करता है और गतिविधि के स्रोत को छिपाने के लिए HTTP हेडर और यूज़र एजेंट को रोटेट करता है। यह बाहरी अटैक मॉड्यूल के एकीकरण और वर्कस्पेस कनेक्शन मापदंडों के प्रबंधन के माध्यम से कस्टम एक्सप्लॉइट ऑर्केस्ट्रेशन की अनुमति देता है। यह फ्रेमवर्क सर्च इंजन क्वेरी और API एकीकरण के माध्यम से लक्ष्य खोज को कवर करता है, साथ ही बाहरी फ़ाइलों और व्हाइटलिस्ट का उपयोग करके लक्ष्य सूची प्रबंधन भी करता है। इसमें आने वाले रिमोट कनेक्शन को कैप्चर करने के लिए सेशन-आधारित लिसनर कॉन्फ़िगरेशन की क्षमताएं भी शामिल हैं।
Orchestrates listener configurations and custom modules to automate the exploitation of remote services.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Supports uploading and executing third-party payloads to continue the post-exploitation process.
Apfell is a red teaming framework and command and control server designed for collaborative adversary simulation. It provides a centralized infrastructure to manage remote agents and distribute tasking across multiple operating systems using a message broker for real-time synchronization. The system functions as a distributed agent orchestrator, allowing teams to coordinate complex attack chains and synchronize container data. It features a multi-platform payload manager that enables the downloading and integration of custom agents and command profiles from remote repositories. The platform
Integrates third-party agent types and platform-specific command profiles into the operational environment.
ROPgadget is a binary analysis tool and multi-architecture disassembler designed to locate instructional sequences used for return-oriented programming. It functions as an exploit development framework that identifies gadgets within binaries to facilitate the creation of memory corruption exploits. The tool supports cross-architecture binary auditing, processing machine code from x86, ARM, MIPS, and RISC-V. It provides a unified interface for analyzing diverse executable file formats, including ELF, PE, and Mach-O. Its capabilities cover binary vulnerability analysis and exploit payload deve
Functions as a framework for identifying the specific code gadgets necessary to bypass memory protections.
jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra
Functions as a modular platform for scanning and exploiting Java deserialization vulnerabilities.