30 open-source projects similar to offensive-security/exploit-database, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Exploit Database alternative.
This project is a vulnerability intelligence database and aggregator that organizes common vulnerabilities and exposures alongside their corresponding proof-of-concept exploit code. It functions as a security vulnerability tracker and an indexed directory of public exploit payloads. The system monitors new security flaws and updates to known exploits through repository watches and atom feeds. It utilizes automated aggregation to collect vulnerability details from centralized repositories and discovers associated exploit code via reference analysis and global searches. The tool provides capab
HackTricks is a comprehensive cybersecurity knowledge base and wiki designed to support ethical hacking, penetration testing, and infrastructure security auditing. It serves as a structured reference guide for security professionals, providing detailed documentation on common vulnerabilities, attack vectors, and remediation strategies across diverse software and network environments. The project distinguishes itself by offering actionable methodologies for identifying and analyzing security flaws. It functions as a centralized repository for security research, enabling practitioners to study
This project is a curated archive and cybersecurity research dataset of raw source code from various malware families. It serves as a malware analysis library designed to help researchers study the inner workings of different threats and identify attack patterns across multiple platforms and programming languages. The repository supports security research by providing raw text distribution of original source code. This allows for the study of platform vulnerabilities, threat intelligence gathering, and the development of security products and detection signatures. The collection is organized
My proof-of-concept exploits for the Linux kernel
Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
Blasting Dictionary provides curated datasets of common usernames and passwords designed for auditing authentication strength and identifying vulnerable accounts. It serves as a collection of credential stuffing wordlists and password attack dictionaries used to test for weak or default credentials in target services. The project facilitates security penetration testing and vulnerability assessments by providing the necessary datasets for simulating brute force and credential stuffing attacks. These resources are used to evaluate the security of authentication systems and identify services su
This project is a curated directory of research internships and programs for undergraduate students, specifically focused on science, technology, engineering, and mathematics. It serves as an academic opportunity database and a resource for early-career students to find research placements across various global regions and institutions. The repository is maintained as a collaborative, Git-curated resource where new entries are vetted and integrated through version control pull requests. Data is stored as a searchable index of research placements using a markdown-based opportunity database of
This project is a technical reference knowledge base and developer cheat sheet repository. It functions as a searchable collection of quick-reference guides, CLI command patterns, and code snippets for various operating systems, cloud platforms, and infrastructure tools. The system operates as a markdown-based technical knowledge base, where content is stored in plain text files and rendered as a static site. This approach enables a personal knowledge management system that utilizes version control and a directory-based navigation hierarchy to organize technical notes for long-term retrieval.
This repository serves as a comprehensive knowledge base for software engineering interview preparation. It provides a curated collection of technical questions and answers designed to assist developers in reviewing core concepts across the entire software development stack. The project covers a broad range of topics, including full-stack engineering principles, programming language proficiency, and software architecture design. By focusing on high-level system design patterns and technical trade-offs, the content helps candidates prepare for both coding and architectural discussions during p
ExploitDB is a curated archive of exploit code and vulnerability data designed for penetration testing and security research. It serves as an offensive security knowledge base and a repository of publicly available proof-of-concept code used to validate software flaws. The project provides a searchable collection of historical and current exploit vectors. It supports security threat intelligence by tracking public releases and aids in vulnerability research by providing a reference library for analyzing how specific systems can be compromised. The archive is managed through a curated input p
ML-Course-Notes is a collaborative knowledge base and academic wiki that collects student-contributed notes and educational resources for university-level machine learning and artificial intelligence courses. It functions as a shared repository for documenting and exchanging insights from various academic curricula. The project focuses on the mapping of AI course resources, providing curated directories of lecture notes, videos, and descriptions. This includes specific knowledge management for natural language processing and language models. The repository utilizes a community-driven model w
This project is a collection of datasets and study guides consisting of curated algorithmic problems organized by employer for technical interview practice. It serves as a reference for identifying frequently asked coding challenges used by major companies during software engineering recruitment. The repository provides curated company problem sets and a discovery mechanism to identify common coding problems associated with specific employers. These lists are organized by frequency of occurrence to highlight typical technical challenges. The content is structured as a competitive programming
This is a curated collection of resources designed for self-directed study in programming language theory. It functions as a structured reading list and bibliography covering major topics including semantics, type systems, module systems, and recursion schemes. Each major subtopic—such as module systems and recursion schemes—has its own dedicated directory of carefully selected papers, talks, and articles. The collection is hand-picked by the curator to ensure relevance and quality. Resources are organized by subtopic into separate markdown files, and the entire repository is version-controll
This project is a Chinese translation of the official Spring Boot technical documentation. It serves as a comprehensive Java backend development guide, providing a localized version of English technical specifications to make framework details accessible to Chinese speakers. The repository is structured as a markdown documentation collection, with content organized by module and chapter to mirror the original reference manual. This setup allows for the conversion of raw text files into a navigable technical website via static site generation. The project covers the architecture and implement
KnowledgeGraphCourse is a structured collection of graduate-level academic materials, lecture notes, and a comprehensive curriculum focused on the theory and application of knowledge graphs. It serves as a markdown-based educational resource that provides navigable course modules and study guides. The material covers specialized research on integrating knowledge graphs with large language models to reduce hallucinations. It includes detailed guides on using the SPARQL language for storing large-scale graph datasets and executing optimized queries. The curriculum spans a broad range of capabi
This project is a game development knowledge base and technical reference focused on real-time rendering, computer graphics, and GPU programming. It serves as a study guide for game programming, providing a curated collection of notes and documentation on graphics theory. The repository covers educational resources for game engine development, specifically addressing software engineering practices and design patterns. It includes structured references for programming languages and tools used in professional game development to improve performance and image quality. The content is stored as m
This is a public archive of vulnerability findings, proof-of-concept code, and technical reports detailing security flaws discovered in third-party software. It functions as a coordinated vulnerability disclosure platform, enabling private reporting to vendors and structured publication of advisories after a fix is released or a 90-day deadline passes. The repository provides modular security analysis tooling—standalone scripts and binaries each targeting a specific bug class for automated detection—alongside a cross-platform fuzzing framework that runs tests across multiple operating systems
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i
PeiQi-WIKI-Book is a cybersecurity knowledge base and security research wiki. It functions as a markdown static site generator that converts structured text files into a set of interconnected HTML pages. This system serves as a curated collection of technical documentation and guides focused on vulnerability research, code auditing, and penetration testing. The project utilizes a git-driven documentation workflow, using version control hooks to automatically update a live website when content changes. It features a client-side searchable index that allows users to find security topics without
Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit
Clair is a container vulnerability scanner that performs static analysis of container images to identify known security vulnerabilities. It functions as an analyzer for OCI and Docker images, indexing their contents to detect security risks and outdated packages without requiring the containers to be running. The tool identifies vulnerabilities by matching indexed container components against security databases to find common vulnerabilities and exposures. This process involves analyzing filesystem layers to track the provenance and versioning of packages across the image hierarchy. The proj
Drozer is a security testing framework and runtime analyzer for Android applications and devices. It functions as an exploit management framework and a security toolset used to identify vulnerabilities, misconfigurations, and leaks within the Android operating system and its installed applications. The framework enables the simulation of application behavior and the interaction with communication endpoints to detect security flaws. It manages the execution, analysis, and sharing of public exploits for mobile security research. The system provides capabilities for application auditing, vulner
This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part
EHole is a specialized toolkit for network asset parsing, binary transformation, payload generation, and vulnerability research. It functions as an asset discovery and fingerprinting tool designed to identify software versions and high-value assets across IP ranges and URLs using custom fingerprints. The project provides a vulnerability research toolkit for decrypting software credentials and retrieving factory default passwords for security devices and web applications. It also includes a security payload generator for encoding and escaping command strings to bypass shell tokenization and ex
OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas
This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities. The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vector
HowToHunt is a bug bounty hunting knowledge base and a structured guide for web application penetration testing. It provides a research methodology for organizing security testing procedures and validating application behaviors against known vulnerability patterns. The project features a curated library of security flaws and reconnaissance techniques. It organizes security testing into modular playbooks, checklists, and categorical vulnerability mappings to align specific exploitation techniques with target weaknesses. The repository covers a systematic sequence of information gathering task
dirsearch is a command-line security tool and web path scanner used for discovering hidden directories and files on web servers. It functions as a recursive directory fuzzer and brute-force utility that identifies undocumented paths and sensitive files using wordlists and HTTP status codes. The tool distinguishes itself through template-driven path generation and an automated HTTP response filter that uses status codes, content length, and regex patterns to isolate valid targets. It supports recursive directory crawling to map complex web structures and provides state-persistence serializatio
Hello-World is a Git repository hosting service and source code management platform. It functions as a version control system for storing and managing source code. The platform facilitates remote code hosting and version control management to track changes over time. It supports public code distribution and collaborative software development, allowing multiple contributors to work on the same project from different locations. The system includes a web-based interface, an HTTP-based API, and SSH-based authentication for secure access. It utilizes a distributed repository model and content-add