Ethical hacking tools and resources for penetration testing and red team operations. Task: ExploitExplore 21 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A tool for Local File Inclusion (LFI) exploitation and scanning
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
A collection of precompiled Windows exploits for privilege escalation.
A collection of precompiled Windows exploits for privilege escalation.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
Phrack Magazine is a digital magazine that focuses on computer security and hacking, featuring articles, interviews, and tutorials on various topics related to computer security.
Phrack Magazine is a digital magazine that focuses on computer security and hacking, featuring articles, interviews, and tutorials on various topics related to computer security.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
A Ruby framework designed to aid in the penetration testing of WordPress systems.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement
A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.