WPSploit
WPSploit is a repository designed for creating and/or porting specific exploits for WordPress using Metasploit as an exploitation tool. It currently contains 45 modules (15 exploits and 30 auxiliaries). For usage, download the modules to a directory, and refer to the official documentation of Metasploit for loading external modules. All modules are based on the WPScan Vulnerability Database (WPVDB). For contributions, fork the repository, create a new feature branch, commit changes, and create a new pull request. Questions and suggestions can be sent to robertoespreto[at]gmail.com.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
RedWarden is a Cobalt Strike C2 Reverse proxy that evades detection by Blue Teams, AVs, EDRs, and scanners through packet inspection and malleable profile correlation.
A proof-of-concept obfuscation toolkit for C# post-exploitation tools, designed to conceal malicious activities from detection.
A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
A collection of resources for practicing penetration testing
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.