•        72

WehnTrust is a Host-based Intrusion Prevention System (HIPS) for Windows 2000, XP, and Server 2003. It includes support for exploit mitigations that are designed to make exploitation more difficult by preventing the use of specific exploitation techniques and by making exploi...




Related Projects

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

linux-exploit-suggester - Linux privilege escalation auditing tool

  •    Shell

Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.

Zeratool - Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems

  •    Python

This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are then weaponized for remote code execution through pwntools and a series of script tricks. Finally the payload is tested locally then submitted to a remote CTF server to recover the flag. Zeratool has room to grow and future iterations of Zeratool will include information disclosure discovery and linking those leaks to an offset for general ASLR bypasses.


  •    PHP

Training and educating about the web security

wordpress-exploit-framework - A Ruby framework designed to aid in the penetration testing of WordPress systems

  •    Ruby

A Ruby framework designed to aid in the penetration testing of WordPress systems. To install the latest stable build, run gem install wpxf.

Pompem - Find exploit tool

  •    Python

Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database ... You can download the latest tarball by clicking here or latest zipball by clicking here.

wePWNise - WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software

  •    Python

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit, Cobalt Strike) and it also accepts any custom payload in raw format. wePWNise requires both 32 and 64 bit raw payloads in order to be able to deliver the appropriate type when it lands on an unknown target. However, if only an x86 architecture is targeted, a dummy 64 bit payload must be provided to replace the missing code.

NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

  •    Python

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".

pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments

  •    Python

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more. Pacu is a fairly lightweight program, as it requires only Python3.5+ and pip3 to install a handful of Python libraries. Running install.sh will check your Python version and ensure all Python packages are up to date.

w3af - Web Application Attack and Audit Framework

  •    Python

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

KdExploitMe - A kernel driver to practice writing exploits against, as well as some example exploits using public techniques

  •    C++

A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. The intent of this driver is to educate security testers on how memory corruption issues in Windows kernel drivers can be exploited. Knowing how to exploit security issues allows security testers to prove that bugs are exploitable which can be used to convince developers to fix bugs. While these techniques can be used for evil, I have written this driver in the hopes that you will use this knowledge for good.

vulscan - Advanced vulnerability scanning with Nmap NSE

  •    Lua

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.

Am-I-affected-by-Meltdown - Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a

  •    C++

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.


  •    ASPNET

Sholo.Web.Security contains several tools to improve the security of ASP.NET applications. Make FormsAuthentication stateful, strengthen FormsAuthTicket validation, detect & prevent Padding Oracle exploit, kick/ban users & IP's, detect multiple logins from different IP's, etc.

kali-nethunter - The Kali NetHunter Project

  •    Lua

The Kali NetHunter is an Android penetration testing platform targeted towards Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there. We've incorporated some amazing features into the NetHunter OS which are both powerful and unique. From pre-programmed HID Keyboard (Teensy) attacks, to BadUSB Man In The Middle attacks, to one-click MANA Evil Access Point setups, access to the Offensive Security Exploit Database... And yes, NetHunter natively supports wireless 802.11 frame injection with a variety of supported USB NICs. Attack descriptions as well as some documentation to get you started with the installation and setup of Kali NetHunter can be found at https://github.com/offensive-security/kali-nethunter/wiki.

AutoSploit - Automated Mass Exploiter

  •    Python

Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.

PESecurity - PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode

  •    PowerShell

PowerShell script to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, Authenticode, Control Flow Guard, and HighEntropyVA.

Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go


Welcome to my collection of exploit writeups. This repo is where my current and future writeups for public exploits, vulnerability research, and CTF challenge solves will go. Below is a directory of the current writeups that I've published. An overview of the PS4 kernel exploit codenamed "namedobj", which targets a type confusion vulnerability in the sys_namedobj_* Sony system calls. This overview covers the basic exploit strategy required to leverage the type confusion bug into a fully fledged exploit.