SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Exploit Open-Source Projects
-
h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
-
Awesome-Hacking-Resources
A collection of hacking / penetration testing resources to make you better!
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
-
-
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
-
-
AndroRAT
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
-
Ghost
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. (by EntySec)
-
Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
-
CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
The Pwntools library stands out as a sophisticated toolset for CTF enthusiasts and security researchers. It aids in creating and executing shellcode, designing payloads, and interacting with remote processes. For instance, the context feature allows developers to switch between different architectures effortlessly, while the 'tube' module streamlines the communication between local and remote processes. And it's not just limited to Linux; the library has support for various platforms including Windows, making it versatile and comprehensive.
Project mention: anybody got ysoserial to work in kali 2022 running java v17? | /r/oscp | 2023-06-24
Project mention: Traitor – Automatic Linux privesc via exploitation of low-hanging fruits | news.ycombinator.com | 2023-06-12
There is also GEF, which is widely used by the reverse engineering and CTF community.
https://github.com/hugsy/gef
Did you try using https://trickest.com?
Project mention: How do you stay on top of new vulnerabilities or CVEs? | /r/cybersecurity | 2023-12-07
Project mention: Scanning ports and finding network vulnerabilities using nmap | dev.to | 2023-12-01Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.
Project mention: Universal local privilege escalation exploit for CVE-2024-1086 | news.ycombinator.com | 2024-04-11
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Exploit related posts
- Minecraft Randar Exploit
- Randar: A Minecraft exploit that uses LLL lattice reduction to crack server RNG
- Universal local privilege escalation exploit for CVE-2024-1086
- Get Exploits of CVE,GHSA,EDB,ZDI,PSS,WLB,H1,Talos and Huntr IDs with One Utility
-
blooket-hack VS repo-name - a user suggested alternative
2 projects | 15 Nov 2023
- PSA Region Changing via soft mods is now possible
- GitHub - actuator/Android-Security-Exploits-YouTube-Curriculum: 🔓A curated list of modern Android exploitation conference talks.
-
A note from our sponsor - SaaSHub
www.saashub.com | 25 Apr 2024
Index
What are some of the best open-source Exploit projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | h4cker | 16,518 |
| 2 | Awesome-Hacking-Resources | 14,677 |
| 3 | pwntools | 11,447 |
| 4 | windows-kernel-exploits | 7,712 |
| 5 | ysoserial | 7,291 |
| 6 | awesome-hacker-search-engines | 6,664 |
| 7 | traitor | 6,491 |
| 8 | gef | 6,474 |
| 9 | cve | 6,049 |
| 10 | PoC-in-GitHub | 5,946 |
| 11 | linux-kernel-exploitation | 5,309 |
| 12 | DefaultCreds-cheat-sheet | 5,269 |
| 13 | AutoSploit | 4,918 |
| 14 | PhoneSploit-Pro | 4,177 |
| 15 | wesng | 3,933 |
| 16 | vulscan | 3,314 |
| 17 | AndroRAT | 2,680 |
| 18 | Ghost | 2,528 |
| 19 | Penetration-Testing-Tools | 2,413 |
| 20 | one_gadget | 1,950 |
| 21 | pwn_jenkins | 1,886 |
| 22 | HackVault | 1,876 |
| 23 | CVE-2024-1086 | 1,857 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com