CTF framework and exploit development library

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Automated Mass Exploiter

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Windows Exploit Suggester - Next Generation

一个攻防知识仓库 Red Teaming and Offensive Security

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Notes about attacking Jenkins servers

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

pentest framework

K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Vulnerability Labs for security analysis

Uncover the true IP address of websites safeguarded by Cloudflare & Others

IoT固件漏洞复现环境