Vulnerability Exploitation

Vulnerability Risk Intelligence

Vulnerability risk intelligence for prioritizing exploitable vulnerabilities

PentesterLab PRO

Online platform offering 700+ hands-on web security exercises and training

PentesterLab Master Advanced Web Hacking

Online platform for web app security training via hands-on labs and code review

Comodo Advanced Penetration Testing

Professional penetration testing services for networks, apps, and systems

GreyNoise Block

Real-time threat intel platform detecting malicious scanning & exploitation

Vaya-Ciego-Nen

A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

xssor2

A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Liffy

A local file inclusion exploitation tool

XXEinjector

Automate the exploitation of XXE vulnerabilities

surf

A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.

racepwn

A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.

LFI-files

A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities

LFI-Enum

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

libformatstr.py

A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.

Hash Extender

Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.

Ruler

A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.

GRFICS

GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.

AttackerKB

A platform providing an activity feed on exploited vulnerabilities.

Damn Vulnerable GraphQL Application

A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.

Elastichoney

A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.

sixnet-tools

Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.

Web Application Exploits and Defenses

An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.

Reverse Shell Cheat Sheet

A cheat sheet providing examples of creating reverse shells for penetration testing.

Kerberos Party Tricks

Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.