exploit

CTF framework and exploit development library

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Automated Mass Exploiter

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Windows Exploit Suggester - Next Generation

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

一个红队知识仓库

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

Notes about attacking Jenkins servers

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

pentest framework

Vulnerability Labs for security analysis

Craft PNG files that appear completely different in Apple software [NOW PATCHED]

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

🌸 Interactive shellcoding environment to easily craft shellcodes

IoT固件漏洞复现环境