Exploitation Tools

997 tools
100-redteam-projects
100-redteam-projects
Free Exploitation

Projects for security students
1earn
1earn
Free Exploitation

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
365
365
Free Exploitation Reconnaissance

BlueTeam, RedTeam, Bug bounty, CTI, OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitatio…
365-Stealer
365-Stealer
Free Exploitation Social Engineering

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
403-Bypass
403-Bypass
Free Exploitation

Depending on the configuration made by the infrastructure analyst, there are some ways to get past the 403-forbidden error generally by conf…
7-Zip-CVE-2025-0411-POC
7-Zip-CVE-2025-0411-POC
Free Exploitation

This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass.
A-Red-Teamer-diaries
A-Red-Teamer-diaries
Free Exploitation Post-Exploitation

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
AboutSecurity
AboutSecurity
Free Exploitation

Everything for pentest. | 渗透测试知识库,以 AI Agent 可执行的格式沉淀安全方法论。
ACEshark
ACEshark
Open Source Exploitation

ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating t…
Active-Directory-Exploitation-Cheat-Sheet
Active-Directory-Exploitation-Cheat-Sheet
Open Source Exploitation Post-Exploitation

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
ActiveReign
ActiveReign
Open Source Exploitation Scanning & Enumeration

A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
AD-Attacks-by-Service
AD-Attacks-by-Service
Open Source Exploitation Scanning & Enumeration

Active Directory Penetration Testing for Red Teams
AddUser-SAMR
AddUser-SAMR
Free Exploitation

Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Crystal, Python and Rust
adminexploit
adminexploit
Free Exploitation

This is the fastest way to get admin rights at work, school, etc., in just a few seconds.
ADMMutate
ADMMutate
Open Source Evasion Exploitation

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.ed…
adscan
adscan
Free Exploitation Post-Exploitation

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.
Advanced-WAF-WAFinity
Advanced-WAF-WAFinity
Free Exploitation Web Application

An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signatu…
adversarial-robustness-toolbox
adversarial-robustness-toolbox
Open Source Evasion Exploitation

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Bl…
adversarial-threat-modelling
adversarial-threat-modelling
Free Exploitation

Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop
adversary_emulation_library
adversary_emulation_library
Open Source Exploitation

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
advtools
advtools
Open Source Exploitation

Automated PowerHacker Suite: Your all-in-one solution for ethical hacking. Conduct comprehensive network mapping, vulnerability assessments,…
ael
ael
Open Source Exploitation

The ATT&CK Emulation Library includes a collection of adversary emulation plans used in published ATT&CK Evaluations.
AES-Encoder
AES-Encoder
Open Source Evasion Exploitation

PowerShell Obfuscator. A PowerShell script anti-virus evasion tool
AgentPoison
AgentPoison
Open Source Exploitation

[NeurIPS 2024] Official implementation for "AgentPoison: Red-teaming LLM Agents via Memory or Knowledge Base Backdoor Poisoning"