4 个仓库
Curated archives of proof-of-concept exploit code and vulnerability data used for security research and testing.
Distinct from Exploit Collections: The candidates are nested under awesome-lists, whereas this is the actual primary archive/database itself.
Explore 4 awesome GitHub repositories matching security & cryptography · Exploit Databases. Refine with filters or upvote what's useful.
ExploitDB is a curated archive of exploit code and vulnerability data designed for penetration testing and security research. It serves as an offensive security knowledge base and a repository of publicly available proof-of-concept code used to validate software flaws. The project provides a searchable collection of historical and current exploit vectors. It supports security threat intelligence by tracking public releases and aids in vulnerability research by providing a reference library for analyzing how specific systems can be compromised. The archive is managed through a curated input p
A curated collection of exploit code and vulnerability data for penetration testing and security research.
Traitor is a Linux privilege escalation framework and automated root exploit suite. It provides specialized utilities for scanning system misconfigurations and deploying automated exploit scripts on local Linux hosts to elevate user privileges to the root level. The tool identifies insecure system setups and binary vulnerabilities, such as GTFOBins, to map potential routes for gaining root access. It automates the process of discovering and exploiting these local vulnerabilities through targeted exploit execution and the deployment of sequential scripts. The system covers vulnerability asses
Executes a sequence of known exploits and misconfiguration attacks to automatically obtain a root shell.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Employs a curated knowledge base of vulnerability patterns to automate the selection and delivery of exploit payloads.
lscript 是一个无线网络渗透测试框架和键盘驱动的命令控制台。它作为一个安全工具编排器,用于安装和管理侦察框架,并提供用于执行无线攻击的自动化工具包。 该项目的特色在于其键盘驱动的界面,将特定的按键映射到复杂的安全脚本和系统级 shell 操作。这使得无需手动输入命令即可自动化执行无线侦察、握手包捕获和密码恢复工作流。 该系统涵盖了无线网卡管理,包括 MAC 地址欺骗和监听模式切换。它通过无线扫描和握手监控提供网络分析功能,并通过数据包注入、客户端取消认证和漏洞利用工作流自动化进行安全测试。
Automates the delivery of targeted attacks and the creation of payloads and listeners.