We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
gef - GEF - GDB Enhanced Features for exploit devs & reversers
GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).
exploit gdb reverse-engineering ctf ida-pro binary-ninja pwn exploit-development malware malware-research debuggingysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring Beans/Core (4.x), and Groovy (2.3.x). Later updated to include additional gadget chains for JRE <= 1.7u21 and several other libraries.
deserialization gadget exploit javadeser jvm serialization poc vulnerabilityAutoSploit - Automated Mass Exploiter
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
metasploit exploit exploitation offsec automation security-tools securitymeltdown - This repository contains several applications, demonstrating the Meltdown bug.
The applications in this repository are built with libkdump, a library we developed for the paper. This library simplifies exploitation of the bug by automatically adapting to certain properties of the environment. This repository contains five demos to demonstrate different use cases. All demos are tested on Ubuntu 16.04 with an Intel Core i7-6700K, but they should work on any Linux system with any modern Intel CPU since 2010.
exploit proof-of-concept side-channelpegaswitch - PegaSwitch is an exploit toolkit for the Nintendo Switch
It should no longer be necessary to run usefulscripts/SetupNew.js, since PegaSwitch will now do it automatically. API documentation for SploitCore is automatically generated using jsdoc comments.
switch exploit rop-exploitation console-frameworklabs - Vulnerability Labs for security analysis
Vulnerability Labs for security analysis
cve vulnerability security exploitlinux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
linux-kernel-exploits Linux平台提权漏洞集合
kernel exploit tool collection awesome pentestwindows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
windows-kernel-exploits Windows平台提权漏洞集合
kernel exploit tool collections pentestvulscan - Advanced vulnerability scanning with Nmap NSE
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.
vulnerability vulnerability-scanners vulnerability-detection vulnerability-identification vulnerability-assessment security security-audit security-scanner penetration-testing nmap nmap-scripts exploit vulnerability-scanning vulnerability-databases vulnerability-database-entry nmap-scan-script nse nsescript lua-scriptpwntools - CTF framework and exploit development library
Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.
ctf exploit pwntools ctf-framework shellcode rop pwnable defcon capture-the-flag wargametraitor - Automatic Linux privesc via exploitation of low-hanging fruit e
Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent polkit CVE-2021-3560. More routes to root will be added over time too.
exploit infosec privilege-escalation security-tools privesc hackthebox gtfobins redteam-tools cve-2021-3560Am-I-affected-by-Meltdown - Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a
Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.
meltdown kpti kaiser pti exploit poc security intelbugfeatherduster - An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
FeatherDuster is a tool written by Daniel "unicornfurnace" Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and can be used independently of FeatherDuster. Why "FeatherDuster"? There's an in-joke amongst some crypto folk where using crypto poorly, or to solve a problem that crypto isn't meant to solve is called "sprinkling magical crypto fairy dust on it". FeatherDuster is for cleaning up magical crypto fairy dust.
crypto cryptography encryption security cryptanalysis exploitation exploitation-framework exploit exploitsXAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
vulnerability-scanner vulnerability-detection vulnerability-exploit vulnerability-assessment security-scanner scanner security-tools website-vulnerability-scanner hacking hacking-tool pentest wp-scanner wordpress prestashop joomla lokomedia drupal auto-exploiter exploit exploitationshellen - :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
Shellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Shellen can also be used as an assembly or disassembly tool. keystone and capstone engines are used for all of shellen's operations.
keystone capstone shellcode interactive assembler dissassembler pwn shellcoding disassembly syscalls architecture dsm asm shell syscall-table common-shellcodes exploitation ctf exploith4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more
This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.
hacking penetration-testing hacking-series video-course cybersecurity ethical-hacking ethicalhacking hacker exploit exploits exploit-development vulnerability vulnerability-scanners vulnerability-assessment vulnerability-management vulnerability-identification awesome-lists awesome-list training hackersexternal-protocol-flooding - Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
The source code of the demo for external protocol flooding vulnerability. Allows arbitrary websites to gather information about installed applications on a victim's computer in order to perform reliable tracking across different desktop browsers. This repository is created for research and educational purposes only. Consider reading the original article about research.
security privacy exploit identification vulnerability fingerprinting browser-fingerprintingCVE-2018-8120 - CVE-2018-8120 Windows LPE exploit
Supports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64.
exploit cve cve-2018-8210
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
