bfbtester|2.0.1|Performs checks of single and multiple argument command line overflows and environment variable overflows|http://sourceforge.net/projects/bfbtester/
binex|1.0|Format String exploit building tool.|http://www.morxploit.com/morxtool
bitdump|34.6a5cbd8|A tool to extract database data from a blind SQL injection vulnerability.|https://github.com/nbshelton/bitdump
blind-sql-bitshifting|52.2325724|A blind SQL injection module that uses bitshfting to calculate characters.|https://github.com/libeclipse/blind-sql-bitshifting
bowcaster|172.a2b084f|A framework intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.|https://github.com/zcutlip/bowcaster
cisco-global-exploiter|1.3|A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.|http://www.blackangels.it
cisco-torch|0.4b|Cisco Torch mass scanning, fingerprinting, and exploitation tool.|http://www.arhont.com
darkd0rk3r|1.0|Python script that performs dork searching and searches for local file inclusion and SQL injection errors.|http://packetstormsecurity.com/files/117403/Dark-D0rk3r.0.html
darkmysqli|1.6|Multi-Purpose MySQL Injection Tool|https://github.com/BlackArch/darkmysqli
encodeshellcode|0.1b|This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.|http://packetstormsecurity.com/files/119904/Encode-Shellcode.1b.html
enteletaor|64.399d107|Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ.|https://github.com/cr0hn/enteletaor
exploit-db|1.6|The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software - A collection of hacks|http://www.exploit-db.com
eyepwn|1.0|Exploit for Eye-Fi Helper directory traversal vulnerability|http://www.pentest.co.uk
fimap|1.00|A little tool for local and remote file inclusion auditing and exploitation|http://code.google.com/p/fimap/
firstexecution|6.a275793|A Collection of different ways to execute code outside of the expected entry points.|https://github.com/nccgroup/firstexecution
formatstringexploiter|27.cd54eac|Helper script for working with format string bugs.|https://github.com/Owlz/formatStringExploiter
hqlmap|38.bb6ab46|A tool to exploit HQL Injections.|https://github.com/PaulSec/HQLmap
htexploit|0.77|A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process|http://www.mkit.com.ar/labs/htexploit/
htshells|79.399feaa|Self contained web shells and other attacks via .htaccess files.|https://github.com/wireghoul/htshells
jboss-autopwn|1.3bc2d29|A JBoss script for obtaining remote shell access.|https://github.com/SpiderLabs/jboss-autopwn
katana|0.0.0.8|A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others).|http://sourceforge.net/projects/katanas/
killerbee|99|Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks.|https://code.google.com/p/killerbee/
leroy-jenkins|3.bdc3965|A python tool that will allow remote execution of commands on a Jenkins server and its nodes.|https://github.com/captainhooligan/Leroy-Jenkins
lfi-autopwn|3.0|A Perl script to try to gain code execution on a remote server via LFI|http://www.blackhatlibrary.net/Lfi_autopwn.pl
lisa.py|30.622f9fe|An Exploit Dev Swiss Army Knife.|https://github.com/ant4g0nist/lisa.py
metasploit|38754.fd07da3|An open source platform that supports vulnerability research, exploit development and the creation of custom security tools representing the largest collection of quality-assured exploits.|http://www.metasploit.com
minimysqlator|0.5|A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.|http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r
miranda-upnp|1.3|A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices|http://code.google.com/p/miranda-upnp/
mitmf|430.2dc1dd4|A Framework for Man-In-The-Middle attacks written in Python.|https://github.com/byt3bl33d3r/MITMf
mosquito|39.fe54831|XSS exploitation tool - access victims through HTTP proxy.|https://github.com/koto/mosquito
opensvp|64.56b2b8f|A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack.|https://github.com/regit/opensvp
osueta|68.827593a|A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.|https://github.com/c0r3dump3d/osueta
otori|0.3|A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities.|http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html
padbuster|0.3.3|Automated script for performing Padding Oracle attacks.|http://www.gdssecurity.com/l/t.php
pirana|0.3.1|Exploitation framework that tests the security of a email content filter.|http://www.guay-leroux.com/projects.html
pmcma|1.00|Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).|http://packetstormsecurity.com/files/104724/Post-Memory-Corruption-Memory-Analyzer.00.html
rext|40.43ca8f6|Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices.|https://github.com/j91321/rext
ropeme|1.0|ROPME is a set of python scripts to generate ROP gadgets and payload.|http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
ropgadget|5.4|Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation.|https://github.com/JonathanSalwan/ROPgadget
rspet|97.70cd210|A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.|https://github.com/panagiks/RSPET
shellcodecs|0.1|A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.|http://www.blackhatlibrary.net/Shellcodecs
shellme|3.8c7919d|Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.|https://github.com/hatRiot/shellme
shocker|60.239286f|A tool to find and exploit servers vulnerable to Shellshock.|https://github.com/nccgroup/shocker
snarf-mitm|40.49cc8cb|SMB Man in the Middle Attack Engine / relay suite.|https://github.com/purpleteam/snarf
sqlninja|0.2.999|A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.|http://sqlninja.sourceforge.net/
sqlsus|0.7.2|An open source MySQL injection and takeover tool, written in perl|http://sqlsus.sourceforge.net/
tcpjunk|2.9.03|A general tcp protocols testing and hacking utility.|http://code.google.com/p/tcpjunk
unibrute|1.b3fb4b7|Multithreaded SQL union bruteforcer.|https://github.com/GDSSecurity/Unibrute
viproy-voipkit|2.99.1|VoIP Pen-Test Kit for Metasploit Framework|http://viproy.com/
webexploitationtool|155.85bcf0e|A cross platform web exploitation toolkit.|https://github.com/AutoSecTools/WebExploitationTool
websploit|3.0.0|An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks|http://code.google.com/p/websploit/
wsuspect-proxy|22.0f79a2f|A tool for MITM'ing insecure WSUS connections.|https://github.com/ctxis/wsuspect-proxy
xcat|0.7.1|A command line tool to automate the exploitation of blind XPath injection vulnerabilities.|https://github.com/orf/xcat
xpl-search|42.d4dbc97|Search exploits in multiple exploit databases!.|https://github.com/CoderPirata/XPL-SEARCH
xxeinjector|51.55015d1|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|https://github.com/enjoiz/XXEinjector
yinjector|0.1|A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.|http://packetstormsecurity.com/files/98359/yInjector-MySQL-Injection-Tool.html
zarp|0.1.8|A network attack tool centered around the exploitation of local networks.|https://defense.ballastsecurity.net/wiki/index.php/Zarp
