442 tools indexed

💥

Exploitation

22 tools indexed

Exploitation frameworks, payload generators, post-exploitation tools, and privilege escalation utilities. These tools are used in penetration testing and red team operations to demonstrate the real-world impact of discovered vulnerabilities.

Metasploit Framework

The world's most used penetration testing framework. Exploit development, payload delivery, post-exploitation.

exploitpayloadpost-exploitationclassic

38.0k14.8k24d ago

BloodHound

Active Directory attack path mapping. Visualizes privilege escalation paths using graph theory.

active-directorygraphprivilege-escalationattack-path

Impacket

Collection of Python classes for working with network protocols. Essential for Windows/AD pentesting.

smbactive-directoryprotocolwindows

15.7k3.9k23d ago

CrackMapExec

Swiss army knife for pentesting Active Directory. SMB, LDAP, MSSQL, WinRM enumeration and exploitation.

active-directorysmblateral-movementcredential-spraying

Evil-WinRM

Ultimate WinRM shell for pentesting. Upload/download, in-memory PowerShell, DLL injection, pass-the-hash.

winrmpowershellpass-the-hashpost-exploitation

Covenant

.NET C2 framework. Collaborative, web-based interface for red team operations and implant management.

c2red-teamdotnetimplant

Sliver

Open-source C2 framework by BishopFox. mTLS, HTTP(S), DNS, WireGuard implants with multi-operator support.

c2red-teammulti-operatorimplant

11.1k1.5k29d ago

Ligolo-ng

Advanced tunneling/pivoting tool. Creates a TUN interface for transparent proxying through compromised hosts.

tunnelingpivotingtunproxy

Chisel

Fast TCP/UDP tunnel over HTTP secured via SSH. Single binary, works behind firewalls and NAT.

tunnelingfirewall-bypasssshsingle-binary

15.9k1.6k1mo ago

LinPEAS

Linux privilege escalation enumeration script. Finds misconfigs, SUID bins, creds, and escalation paths.

privescenumerationlinuxsuid

19.7k3.4k28d ago

pspy

Monitor Linux processes without root. Detects cron jobs, user commands, and process events in real time.

process-monitorcronno-rootenumeration

TheFatRat

Exploit and payload generator. Creates backdoors with msfvenom, compiles with anti-AV evasion techniques.

payloadbackdoormsfvenomevasion

11.2k2.5k2y ago

SearchSploit

Command-line tool for searching Exploit-DB - find public exploits and shellcode for known vulnerabilities offline.

exploit-databasecveshellcodevulnerability-research

pwntools

CTF framework and exploit development library for rapid prototyping of binary exploitation and reverse engineering.

ctfbinary-exploitationropshellcode

13.4k1.8k23d ago

Ropper

Display and search for ROP/JOP/SOP gadgets in binaries to assist with exploit development and bypass mitigations.

rop-gadgetsexploit-developmentbinary-analysismitigation-bypass

RouterSploit

Open-source exploitation framework for embedded devices and routers.

routeriotexploitationembedded

13.1k2.4k2mo ago

ROPgadget

Search ROP gadgets in binaries for chain-building across ELF, PE, and Mach-O.

ropexploitationbinarygadget

one_gadget

Find one-gadget RCE execve calls in libc for streamlined exploit development.

exploitlibcgadgetrce

RsaCtfTool

RSA multi-attack tool for recovering private keys from weak public keys.

rsacryptoctfattack

git-dumper

Dumps exposed .git repositories from web servers, reconstructing the full source code and commit history.

git-exposuresource-codeweb-exploitationinformation-disclosure

CAPEv2

Malware behavior analysis sandbox. Detonates samples and extracts configs, payloads, network IOCs, and API call traces.

malware-sandboxbehavioral-analysisconfig-extractionautomated-analysis

DllShimmer

Weaponizes DLL hijacking by generating proxy DLLs with matching export address tables and C++ backdoor boilerplate.

dll-hijackingproxy-dllpersistenceevasion

Related Categories

Vulnerability Scanning

22 tools

Password Attacks

16 tools

Offensive Ops

52 tools

Web Scanning

41 tools