Exploit

InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.

Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.

ElasticSearch honeypot to capture attempts to exploit CVE-2014-3120, with logging and daemon options.

A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.

A tool for exploiting SSRF and gaining RCE in various servers

Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.

A collection of precompiled Windows exploits for privilege escalation.

A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.

Phrack Magazine is a digital magazine that focuses on computer security and hacking, featuring articles, interviews, and tutorials on various topics related to computer security.

Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.

OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).

A Ruby framework designed to aid in the penetration testing of WordPress systems.

A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.

A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.

A platform providing an activity feed on exploited vulnerabilities.

Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.

Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.

drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.

A comprehensive database of exploits and vulnerabilities for researchers and professionals

Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.

A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.

Binary analysis and management framework for organizing malware and exploit samples.