Vulnerability Exploitation
Browse 24 vulnerability exploitation tools
FEATURED
Online platform offering 700+ hands-on web security exercises and training
Online platform offering 700+ hands-on web security exercises and training
Online platform for web app security training via hands-on labs and code review
Online platform for web app security training via hands-on labs and code review
Professional penetration testing services for networks, apps, and systems
Professional penetration testing services for networks, apps, and systems
Real-time threat intel platform detecting malicious scanning & exploitation
Real-time threat intel platform detecting malicious scanning & exploitation
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
A platform providing an activity feed on exploited vulnerabilities.
A platform providing an activity feed on exploited vulnerabilities.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
A cheat sheet providing examples of creating reverse shells for penetration testing.
A cheat sheet providing examples of creating reverse shells for penetration testing.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
