Repository navigation
Exploit
Exploit refers to a piece of code or technique that takes advantage of a security vulnerability in a system, application, or network to cause unintended behavior. Exploits can be used by attackers to gain unauthorized access, escalate privileges, execute arbitrary code, or cause a denial of service. This topic covers the various types of exploits, such as zero-day exploits, remote code execution, and privilege escalation. It also explores the lifecycle of an exploit, from discovery and development to deployment and mitigation, and highlights the importance of vulnerability management and patching in preventing exploits.
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
A collection of hacking / penetration testing resources to make you better!
CTF framework and exploit development library
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
Gather and update all available and newest CVEs with their PoC.
⬆ ☠ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Cyber Security ALL-IN-ONE Platform
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
A collection of links related to Linux kernel security and exploitation
linux-kernel-exploits Linux平台提权漏洞集合
Automated Mass Exploiter
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange