#Exploit

Showing 60 of 303 repositories tagged #exploit, ranked by stars

The-Art-of-Hacking
The-Art-of-Hacking
h4cker

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org

Score
100
★ 28.3k ⑂ 5.3k +135/day
Jupyter Notebook
vitalysim
vitalysim
Awesome-Hacking-Resources

A collection of hacking / penetration testing resources to make you better!

Score
100
★ 17.2k ⑂ 2.2k +29/day
Gallopsled
Gallopsled
pwntools

CTF framework and exploit development library

Score
100
★ 13.6k ⑂ 1.8k +5/day
Python
edoardottt
edoardottt
awesome-hacker-search-engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Score
99
★ 10.9k ⑂ 1.0k +16/day
Shell
friuns2
friuns2
BlackFriday-GPTs-Prompts

List of free GPTs that doesn't require plus subscription

Score
0
★ 9.6k ⑂ 1.4k +17/day
hugsy
hugsy
gef

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Score
94
★ 8.3k ⑂ 829 +4/day
Python
trickest
trickest
cve

Gather and update all available and newest CVEs with their PoC.

Score
98
★ 7.9k ⑂ 976 +7/day
HTML
nomi-sec
nomi-sec
PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Score
98
★ 7.9k ⑂ 1.3k +4/day
yaklang
yaklang
yakit

Cyber Security ALL-IN-ONE Platform

Score
100
★ 7.6k ⑂ 817 +6/day
TypeScript
Mr-xn
Mr-xn
Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Score
99
★ 7.4k ⑂ 2.0k +7/day
HTML
liamg
liamg
traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Score
56
★ 7.1k ⑂ 703
Go
ihebski
ihebski
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Score
88
★ 6.6k ⑂ 780 +3/day
Python
xairy
xairy
linux-kernel-exploitation

A collection of links related to Linux kernel security and exploitation

Score
98
★ 6.5k ⑂ 1.1k +8/day
k8gege
k8gege
K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Score
93
★ 6.2k ⑂ 2.1k +5/day
PowerShell
AzeemIdrisi
AzeemIdrisi
PhoneSploit-Pro

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Score
82
★ 6.0k ⑂ 836 +9/day
Python
k8gege
k8gege
Ladon

Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange

Score
91
★ 5.3k ⑂ 881
C#
NullArray
NullArray
AutoSploit

Automated Mass Exploiter

Score
65
★ 5.2k ⑂ 1.2k
Python
gommzystudio
gommzystudio
device-activity-tracker

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

Score
0
★ 5.0k ⑂ 693
TypeScript
karma9874
karma9874
AndroRAT

A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

Score
71
★ 4.9k ⑂ 1.6k +7/day
Java
firmianay
firmianay
CTF-All-In-One

CTF竞赛权威指南

Score
89
★ 4.5k ⑂ 712
C
lcvvvv
lcvvvv
kscan

Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。

Score
44
★ 4.3k ⑂ 550
Go
scipag
scipag
vulscan

Advanced vulnerability scanning with Nmap NSE

Score
96
★ 3.8k ⑂ 696 +2/day
Lua
zhzyker
zhzyker
vulmap

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Score
88
★ 3.5k ⑂ 573
Python
EntySec
EntySec
Ghost

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

Score
100
★ 3.4k ⑂ 1.1k +3/day
Python
blackorbird
blackorbird
APT_REPORT

Interesting APT Report Collection And Some Special IOCs

Score
97
★ 3.0k ⑂ 574 +26/day
Python
mgeeky
mgeeky
Penetration-Testing-Tools

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Score
88
★ 3.0k ⑂ 546 +1/day
PowerShell
Crypto-Cat
Crypto-Cat
CTF

CTF challenge (mostly pwn) files, scripts etc

Score
95
★ 2.5k ⑂ 461 +4/day
Python
david942j
david942j
one_gadget

The best tool for finding one gadget RCE in libc.so.6

Score
96
★ 2.3k ⑂ 150
Ruby
AabyssZG
AabyssZG
SpringBoot-Scan

针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具

Score
92
★ 2.3k ⑂ 177 +5/day
Python
gquere
gquere
pwn_jenkins

Notes about attacking Jenkins servers

Score
85
★ 2.1k ⑂ 326 +1/day
Python
adysec
adysec
nuclei_poc

Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC

Score
97
★ 2.1k ⑂ 474 +1/day
lukechilds
lukechilds
reverse-shell

Reverse Shell as a Service

Score
94
★ 2.0k ⑂ 250
Go
ihebski
ihebski
A-Red-Teamer-diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Score
91
★ 1.9k ⑂ 315
Moham3dRiahi
Moham3dRiahi
XAttacker

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Score
84
★ 1.7k ⑂ 473 +1/day
Perl
pcaversaccio
pcaversaccio
reentrancy-attacks

A chronological and (hopefully) complete list of reentrancy attacks to date.

Score
95
★ 1.6k ⑂ 173
C0nw0nk
C0nw0nk
Nginx-Lua-Anti-DDoS

A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc

Score
95
★ 1.6k ⑂ 310
Lua
v3n0m-Scanner
v3n0m-Scanner
V3n0M-Scanner

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Score
41
★ 1.6k ⑂ 415
Python
zidansec
zidansec
CloudPeler

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Score
83
★ 1.6k ⑂ 193
PHP
gobysec
gobysec
Goby

Attack surface mapping

Score
81
★ 1.5k ⑂ 153
mufeedvh
mufeedvh
moonwalk

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

Score
81
★ 1.5k ⑂ 134 +2/day
Rust
hack-different
hack-different
apple-knowledge

A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware

Score
77
★ 1.3k ⑂ 106 +1/day
Ruby
k8gege
k8gege
K8CScan

K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

Score
83
★ 1.3k ⑂ 330
Python
Vu1nT0tal
Vu1nT0tal
IoT-vulhub

IoT固件漏洞复现环境

Score
67
★ 1.3k ⑂ 178
Python
0xSteph
0xSteph
pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

Score
94
★ 1.3k ⑂ 246 +26/day
Python
m4n3dw0lf
m4n3dw0lf
pythem

pentest framework

Score
82
★ 1.2k ⑂ 321
Python
hacktoolspack
hacktoolspack
hack-tools

hack tools

Score
84
★ 1.2k ⑂ 498
Python
jxy-s
jxy-s
herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Score
79
★ 1.2k ⑂ 223
C++
ycdxsb
ycdxsb
PocOrExp_in_Github

Automatically Collect POC or EXP from GitHub by CVE ID.

Score
76
★ 1.2k ⑂ 236
Python
nixawk
nixawk
labs

Vulnerability Labs for security analysis

Score
84
★ 1.2k ⑂ 437
Python
laluka
laluka
bypass-url-parser

bypass-url-parser

Score
93
★ 1.1k ⑂ 122
Python
nccgroup
nccgroup
featherduster

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

Score
78
★ 1.1k ⑂ 130 +1/day
Python
wireghoul
wireghoul
htshells

Self contained htaccess shells and attacks

Score
78
★ 1.1k ⑂ 195 +1/day
Shell
sundaysec
sundaysec
Android-Exploits

A collection of android Exploits and Hacks

Score
69
★ 998 ⑂ 152 +1/day
HTML
DataDog
DataDog
KubeHound

Tool for building Kubernetes attack paths

Score
78
★ 979 ⑂ 65
Go
ihack4falafel
ihack4falafel
OSCP

Collection of things made during my OSCP journey

Score
35
★ 956 ⑂ 462
Python
Puliczek
Puliczek
CVE-2021-44228-PoC-log4j-bypass-words

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Score
76
★ 950 ⑂ 135
Java
Chocapikk
Chocapikk
wpprobe

A fast WordPress plugin enumeration tool

Score
89
★ 916 ⑂ 119
Go
bigblackhat
bigblackhat
oFx

一个开源的、开箱即用的漏洞批量验证框架

Score
47
★ 912 ⑂ 162 +912/day
Python
Puliczek
Puliczek
awesome-list-of-secrets-in-environment-variables

🦄🔒 Awesome list of secrets in environment variables 🖥️

Score
75
★ 909 ⑂ 77
konatabrk
konatabrk
shellen

:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes

Score
75
★ 908 ⑂ 94
Python
Related Topics
#security#hacking#security-tools#vulnerability#pentesting#poc#pentest#penetration-testing#cve#scanner#cybersecurity#python

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly