Packages that takes advantages of exploits in other programs or services.


Tool count: 120

BlackArch exploitation
Name Version Description Homepage
aggroargs 51.c032446 Bruteforce commandline buffer overflows, linux, aggressive arguments.
angrop 148.7702526 A rop gadget finder and chain builder.
armitage 150813 A graphical cyber attack management tool for Metasploit.
armscgen 98.c51b7d6 ARM Shellcode Generator (Mostly Thumb Mode).
arpoison 0.7 The UNIX arp cache update utility
autosploit 29.c25865d Automate the exploitation of remote hosts.
bad-pdf 56.96576de Steal NTLM Hashes with Bad-PDF.
bed 0.5 Collection of scripts to test for buffer overflows, format string vulnerabilities.
beef 3127.ba5f793b The Browser Exploitation Framework that focuses on the web browser
bfbtester 2.0.1 Performs checks of single and multiple argument command line overflows and environment variable overflows
binex 1.0 Format String exploit building tool.
bitdump 34.6a5cbd8 A tool to extract database data from a blind SQL injection vulnerability.
blind-sql-bitshifting 54.5bbc183 A blind SQL injection module that uses bitshfting to calculate characters.
bowcaster 230.17d69c1 A framework intended to aid those developing exploits.
brosec 1.4.1 An interactive reference tool to help security professionals utilize useful payloads and commands.
chw00t 37.810af70 Unices chroot breaking tool.
cisco-global-exploiter 1.3 A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.
cisco-torch 0.4b Cisco Torch mass scanning, fingerprinting, and exploitation tool.
darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors.
darkmysqli 1.6 Multi-Purpose MySQL Injection Tool
delorean 11.2a8b538 NTP Main-in-the-Middle tool.
dotdotpwn 3.0.2 The Transversal Directory Fuzzer
dr-checker 134.050e078 A Soundy Vulnerability Detection Tool for Linux Kernel Drivers.
drinkme 17.6e83a87 A shellcode testing harness.
encodeshellcode 0.1b This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.
enteletaor 64.399d107 Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ.
exploit-db 1.6 The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software - A collection of hacks
exploitpack 119.973e30e Exploit Pack - Project.
eyepwn 1.0 Exploit for Eye-Fi Helper directory traversal vulnerability
fimap 1.00 A little tool for local and remote file inclusion auditing and exploitation
firstexecution 6.a275793 A Collection of different ways to execute code outside of the expected entry points.
formatstringexploiter 29.8d64a56 Helper script for working with format string bugs.
fs-exploit 3.28bb9bb Format string exploit generation.
getsploit 25.1db4256 Command line utility for searching and downloading exploits.
hackredis 3.fbae1bc A simple tool to scan and exploit redis servers.
hamster 2.0.0 Tool for HTTP session sidejacking.
hcraft 1.0.0 HTTP Vuln Request Crafter
heartleech 116.3ab1d60 Scans for systems vulnerable to the heartbleed bug, and then download them.
hqlmap 38.bb6ab46 A tool to exploit HQL Injections.
htexploit 0.77 A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process
htshells 79.399feaa Self contained web shells and other attacks via .htaccess files.
inception 445.176e8c9 A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP DMA.
insanity 117.cf51ff3 Generate Payloads and Control Remote Machines .
irpas 0.10 Internetwork Routing Protocol Attack Suite.
isf 63.4bc9344 Industrial Exploitation Framework is an exploitation framework based on Python.
jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access.
katana 1.0.0.1 A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others).
killerbee 99 Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks.
koadic 228.4dd9461 A Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
l0l 322.1319ea7 The Exploit Development Kit.
leroy-jenkins 3.bdc3965 A python tool that will allow remote execution of commands on a Jenkins server and its nodes.
lfi-autopwn 3.0 A Perl script to try to gain code execution on a remote server via LFI
lisa.py 42.dc4e241 An Exploit Dev Swiss Army Knife.
metasploit 4.17.1 Advanced open-source platform for developing, testing, and using exploit code
minimysqlator 0.5 A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.
miranda-upnp 1.3 A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices
mitmf 465.067cc4e A Framework for Man-In-The-Middle attacks written in Python.
mosquito 39.fe54831 XSS exploitation tool - access victims through HTTP proxy.
opensvp 65.df54ed8 A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack.
osueta 73.03c873a A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.
otori 0.3 A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities.
owasp-zsc 314.fdc06a0 Shellcode/Obfuscate Code Generator.
padbuster 10.320a020 Automated script for performing Padding Oracle attacks.
pathzuzu 64.4f4533c Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables.
pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities.
pirana 0.3.1 Exploitation framework that tests the security of a email content filter.
pmcma 1.00 Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
pocsuite 2.0.6 An open-sourced remote vulnerability testing framework developed by the Knownsec Security Team.
pompem 138.da342a1 A python exploit tool finder.
powersploit 476.c7985c9 A PowerShell Post-Exploitation Framework.
pret 81.4f3820a Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
ps1encode 41.68d7778 A tool to generate and encode a PowerShell based Metasploit payloads.
ptf 998.cc4d89f The Penetration Testers Framework is a way for modular support for up-to-date tools.
pykek 12.651b9ba Kerberos Exploitation Kit.
rebind 0.3.4 DNS Rebinding Tool
rex 437.fe4483d Shellphish's automated exploitation engine, originally created for the Cyber Grand Challenge.
rext 63.5f0f626 Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices.
rfcat 170508 RF ChipCon-based Attack Toolset.
ropeme 1.0 ROPME is a set of python scripts to generate ROP gadgets and payload.
ropgadget 5.4 Search gadgets in binaries to facilitate ROP exploitation for several file formats and architectures
ropper 1.11.6 Show information about binary files and find gadgets to build rop chains for different architectures
roputils 195.ae7ed20 A Return-oriented Programming toolkit.
routersploit 737.4b641bb The Router Exploitation Framework.
rp 138.3a54a7c A full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries.
rspet 263.de4356e A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
sc-make 12.7e39718 Tool for automating shellcode creation.
scansploit 9.a0890af Exploit using barcodes, QRcodes, earn13, datamatrix.
sensepost-xrdp 16.46d6c19 A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions.
serialbrute 3.111c217 Java serialization brute force attack tool.
shellcode-factory 95.1a2b63e Tool to create and test shellcodes from custom assembly sources.
shellcodecs 0.1 A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.
shellen 55.2bea7c5 Interactive shellcoding environment to easily craft shellcodes.
shellme 5.d5206f0 Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.
shellsploit-framework 273.a16d22f New Generation Exploit Development Kit.
shocker 63.0380a73 A tool to find and exploit servers vulnerable to Shellshock.
sickle 35.9c4a56d A shellcode development tool, created to speed up the various steps needed to create functioning shellcode.
sigploit 696.6167c35 Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP.
smap 24.3ed1ac7 Shellcode mapper - Handy tool for shellcode analysis.
snarf-mitm 41.bada142 SMB Man in the Middle Attack Engine / relay suite.
sqlninja 0.2.999 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl
ssh-mitm 107.0b721dd SSH man-in-the-middle tool.
stackflow 2.2af525d Universal stack-based buffer overfow exploitation tool.
staekka 9.57787ca This plugin extends Metasploit for some missing features and modules allowing interaction with other/custom exploits/ways of getting shell access.
subterfuge 5.0 Automated Man-in-the-Middle Attack Framework
tcpjunk 2.9.03 A general tcp protocols testing and hacking utility.
tomcatwardeployer 72.085a40c Apache Tomcat auto WAR deployment & pwning penetration testing tool.
unibrute 1.b3fb4b7 Multithreaded SQL union bruteforcer.
viproy-voipkit 78.54542b3 VoIP Pen-Test Kit for Metasploit Framework
vmap 0.3 A Vulnerability-Exploit desktop finder.
webexploitationtool 155.85bcf0e A cross platform web exploitation toolkit.
websploit 3.0.0 An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks
wildpwn 11.4623714 Unix wildcard attacks.
wsuspect-proxy 24.89f9375 A tool for MITM'ing insecure WSUS connections.
xcat 0.9 A command line tool to automate the exploitation of blind XPath injection vulnerabilities.
xpl-search 42.d4dbc97 Search exploits in multiple exploit databases!.
xxeinjector 53.8c5c70e Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.
zarp 0.1.8 A network attack tool centered around the exploitation of local networks.
zirikatu 7.afe1d9c Fud Payload generator script.