Exploitation

An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.

A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.

SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.

A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.

A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.

Automatic SSRF fuzzer and exploitation tool

A DNS rebinding exploitation framework

A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.

ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.

A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.

A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.

An advanced cross-platform tool for detecting and exploiting SQL injection security flaws

PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.

Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.

A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.

A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.

A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.

Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.

A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.

Tplmap is a command-line tool that detects and exploits server-side template injection vulnerabilities in web applications across multiple template engines.