Exploit
Browse 47 exploit tools
FEATURED
Vulnerability threat intelligence platform with risk-based scoring and CVE/CWE data
Vulnerability threat intelligence platform with risk-based scoring and CVE/CWE data
Unified white-box and black-box testing platform for exploitable risks
Unified white-box and black-box testing platform for exploitable risks
Runtime protection preventing supply-chain attacks & exploits via library-level policies
Runtime protection preventing supply-chain attacks & exploits via library-level policies
AI-powered WAF rule automation for instant vulnerability protection
AI-powered PTaaS platform with continuous attack surface discovery and exploit validation
AI-powered PTaaS platform with continuous attack surface discovery and exploit validation
AI-powered automated penetration testing platform for web apps and networks
AI-powered automated penetration testing platform for web apps and networks
Find exploits in local and online databases instantly
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A tool for Local File Inclusion (LFI) exploitation and scanning
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.
Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
