Exploitation
Explore 25 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.
Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.
Collection of Return-Oriented Programming challenges for practicing exploitation skills.
Collection of Return-Oriented Programming challenges for practicing exploitation skills.
A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.
A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.
A Windows Kernel driver intentionally vulnerable to help improve skills in kernel-level exploitation.
A Windows Kernel driver intentionally vulnerable to help improve skills in kernel-level exploitation.
Small script to simplify format string exploitation.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.
Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.
Very vulnerable ARM/ARM64[AARCH64] application with various levels of vulnerabilities for exploitation training.
Very vulnerable ARM/ARM64[AARCH64] application with various levels of vulnerabilities for exploitation training.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.
A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.
Exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP.
Exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
Search gadgets on binaries to facilitate ROP exploitation.
An open source network penetration testing framework with automatic recon and scanning capabilities.
An open source network penetration testing framework with automatic recon and scanning capabilities.
A comprehensive collection of resources for learning ARM assembly language and shellcode development.
A comprehensive collection of resources for learning ARM assembly language and shellcode development.
A post-exploitation tool for pentesting Active Directory
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.