1
0
mirror of https://github.com/byReqz/blackmate.git synced 2024-11-01 11:33:13 +00:00
blackmate/categories/exploitation

87 lines
11 KiB
Plaintext
Raw Normal View History

2016-06-25 13:58:53 +00:00
aggroargs|50.d56728a|Bruteforce commandline buffer overflows, linux, aggressive arguments.|https://github.com/tintinweb/aggroArgs
armitage|150813|A graphical cyber attack management tool for Metasploit.|http://www.fastandeasyhacking.com/
armscgen|75.fdf2ff3|ARM Shellcode Generator (Mostly Thumb Mode).|https://github.com/alexpark07/ARMSCGen
arpoison|0.7|The UNIX arp cache update utility|http://www.arpoison.net
bed|0.5|Collection of scripts to test for buffer overflows, format string vulnerabilities.|http://www.aldeid.com/wiki/Bed
2016-07-02 17:25:11 +00:00
beef|0.4.7.0.195.g5fb1fa3|The Browser Exploitation Framework that focuses on the web browser|http://beefproject.com/
2016-06-25 13:58:53 +00:00
bfbtester|2.0.1|Performs checks of single and multiple argument command line overflows and environment variable overflows|http://sourceforge.net/projects/bfbtester/
binex|1.0|Format String exploit building tool.|http://www.morxploit.com/morxtool
bitdump|34.6a5cbd8|A tool to extract database data from a blind SQL injection vulnerability.|https://github.com/nbshelton/bitdump
blind-sql-bitshifting|52.2325724|A blind SQL injection module that uses bitshfting to calculate characters.|https://github.com/libeclipse/blind-sql-bitshifting
bowcaster|172.a2b084f|A framework intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.|https://github.com/zcutlip/bowcaster
chw00t|31.19a0726|Unices chroot breaking tool.|https://github.com/earthquake/chw00t
cisco-global-exploiter|1.3|A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.|http://www.blackangels.it
cisco-torch|0.4b|Cisco Torch mass scanning, fingerprinting, and exploitation tool.|http://www.arhont.com
darkd0rk3r|1.0|Python script that performs dork searching and searches for local file inclusion and SQL injection errors.|http://packetstormsecurity.com/files/117403/Dark-D0rk3r.0.html
darkmysqli|1.6|Multi-Purpose MySQL Injection Tool|https://github.com/BlackArch/darkmysqli
delorean|7.68139d1|NTP Main-in-the-Middle tool.|https://github.com/PentesterES/Delorean
dotdotpwn|3.0|The Transversal Directory Fuzzer|http://dotdotpwn.blogspot.com
encodeshellcode|0.1b|This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.|http://packetstormsecurity.com/files/119904/Encode-Shellcode.1b.html
enteletaor|64.399d107|Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ.|https://github.com/cr0hn/enteletaor
exploit-db|1.6|The Exploit Database (EDB) an ultimate archive of exploits and vulnerable software - A collection of hacks|http://www.exploit-db.com
exploitpack|14.0c845d1|Exploit Pack - Project.|https://github.com/juansacco/exploitpack
eyepwn|1.0|Exploit for Eye-Fi Helper directory traversal vulnerability|http://www.pentest.co.uk
fimap|1.00|A little tool for local and remote file inclusion auditing and exploitation|http://code.google.com/p/fimap/
firstexecution|6.a275793|A Collection of different ways to execute code outside of the expected entry points.|https://github.com/nccgroup/firstexecution
formatstringexploiter|27.cd54eac|Helper script for working with format string bugs.|https://github.com/Owlz/formatStringExploiter
fs-exploit|3.28bb9bb|Format string exploit generation.|https://github.com/miaouPlop/fs
hackredis|1.67eeb6c|A simple tool to scan and exploit redis servers.|https://github.com/Ridter/hackredis
hamster|2.0.0|Tool for HTTP session sidejacking.|http://hamster.erratasec.com/
hcraft|1.0.0|HTTP Vuln Request Crafter|http://sourceforge.net/projects/hcraft/
hqlmap|38.bb6ab46|A tool to exploit HQL Injections.|https://github.com/PaulSec/HQLmap
htexploit|0.77|A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process|http://www.mkit.com.ar/labs/htexploit/
htshells|79.399feaa|Self contained web shells and other attacks via .htaccess files.|https://github.com/wireghoul/htshells
inception|432.e38dd7b|A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP DMA.|http://www.breaknenter.org/projects/inception/
irpas|0.10|Internetwork Routing Protocol Attack Suite.|http://phenoelit-us.org/irpas
jboss-autopwn|1.3bc2d29|A JBoss script for obtaining remote shell access.|https://github.com/SpiderLabs/jboss-autopwn
katana|0.0.0.8|A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others).|http://sourceforge.net/projects/katanas/
killerbee|99|Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks.|https://code.google.com/p/killerbee/
leroy-jenkins|3.bdc3965|A python tool that will allow remote execution of commands on a Jenkins server and its nodes.|https://github.com/captainhooligan/Leroy-Jenkins
lfi-autopwn|3.0|A Perl script to try to gain code execution on a remote server via LFI|http://www.blackhatlibrary.net/Lfi_autopwn.pl
lisa.py|30.622f9fe|An Exploit Dev Swiss Army Knife.|https://github.com/ant4g0nist/lisa.py
2016-07-02 17:25:11 +00:00
metasploit|38754.fd07da3|An open source platform that supports vulnerability research, exploit development and the creation of custom security tools representing the largest collection of quality-assured exploits.|http://www.metasploit.com
2016-06-25 13:58:53 +00:00
minimysqlator|0.5|A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.|http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r
miranda-upnp|1.3|A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices|http://code.google.com/p/miranda-upnp/
mitmf|430.2dc1dd4|A Framework for Man-In-The-Middle attacks written in Python.|https://github.com/byt3bl33d3r/MITMf
mosquito|39.fe54831|XSS exploitation tool - access victims through HTTP proxy.|https://github.com/koto/mosquito
opensvp|64.56b2b8f|A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack.|https://github.com/regit/opensvp
osueta|68.827593a|A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.|https://github.com/c0r3dump3d/osueta
otori|0.3|A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities.|http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html
padbuster|0.3.3|Automated script for performing Padding Oracle attacks.|http://www.gdssecurity.com/l/t.php
pirana|0.3.1|Exploitation framework that tests the security of a email content filter.|http://www.guay-leroux.com/projects.html
pmcma|1.00|Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).|http://packetstormsecurity.com/files/104724/Post-Memory-Corruption-Memory-Analyzer.00.html
pompem|85.a2dc2bb|A python exploit tool finder.|https://github.com/rfunix/Pompem
powersploit|321.262a260|A PowerShell Post-Exploitation Framework.|https://github.com/mattifestation/PowerSploit
ptf|530.c5fc34e|The Penetration Testers Framework is a way for modular support for up-to-date tools.|https://github.com/trustedsec/ptf
rebind|0.3.4|DNS Rebinding Tool|http://code.google.com/p/rebind/
rext|40.43ca8f6|Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices.|https://github.com/j91321/rext
rfcat|150225|RF ChipCon-based Attack Toolset.|http://code.google.com/p/rfcat
ropeme|1.0|ROPME is a set of python scripts to generate ROP gadgets and payload.|http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
ropgadget|5.4|Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation.|https://github.com/JonathanSalwan/ROPgadget
2016-07-02 17:25:11 +00:00
ropper|1.10.7|Show information about binary files and find gadgets to build rop chains for different architectures|https://github.com/sashs/Ropper
2016-06-25 13:58:53 +00:00
roputils|189.07fc123|A Return-oriented Programming toolkit.|https://github.com/inaz2/roputils
2016-07-02 17:25:11 +00:00
routersploit|285.3e39991|The Router Exploitation Framework.|https://github.com/reverse-shell/routersploit
2016-06-25 13:58:53 +00:00
rp|136.5f0841c|A full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries.|https://github.com/0vercl0k/rp
2016-07-02 17:25:11 +00:00
rspet|97.70cd210|A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.|https://github.com/panagiks/RSPET
2016-06-25 13:58:53 +00:00
shellcodecs|0.1|A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.|http://www.blackhatlibrary.net/Shellcodecs
shellme|3.8c7919d|Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.|https://github.com/hatRiot/shellme
2016-07-02 17:25:11 +00:00
shellsploit-framework|256.8198e14|New Generation Exploit Development Kit.|https://github.com/b3mb4m/shellsploit-framework
2016-06-25 13:58:53 +00:00
shocker|60.239286f|A tool to find and exploit servers vulnerable to Shellshock.|https://github.com/nccgroup/shocker
snarf-mitm|40.49cc8cb|SMB Man in the Middle Attack Engine / relay suite.|https://github.com/purpleteam/snarf
sqlninja|0.2.999|A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.|http://sqlninja.sourceforge.net/
sqlsus|0.7.2|An open source MySQL injection and takeover tool, written in perl|http://sqlsus.sourceforge.net/
stackflow|2.2af525d|Universal stack-based buffer overfow exploitation tool.|https://github.com/d4rkcat/stackflow
subterfuge|5.0|Automated Man-in-the-Middle Attack Framework|http://kinozoa.com
tcpjunk|2.9.03|A general tcp protocols testing and hacking utility.|http://code.google.com/p/tcpjunk
unibrute|1.b3fb4b7|Multithreaded SQL union bruteforcer.|https://github.com/GDSSecurity/Unibrute
viproy-voipkit|2.99.1|VoIP Pen-Test Kit for Metasploit Framework|http://viproy.com/
webexploitationtool|155.85bcf0e|A cross platform web exploitation toolkit.|https://github.com/AutoSecTools/WebExploitationTool
websploit|3.0.0|An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks|http://code.google.com/p/websploit/
wildpwn|9.379f0da|Unix wildcard attacks.|https://github.com/localh0t/wildpwn
wsuspect-proxy|22.0f79a2f|A tool for MITM'ing insecure WSUS connections.|https://github.com/ctxis/wsuspect-proxy
xcat|0.7.1|A command line tool to automate the exploitation of blind XPath injection vulnerabilities.|https://github.com/orf/xcat
xpl-search|42.d4dbc97|Search exploits in multiple exploit databases!.|https://github.com/CoderPirata/XPL-SEARCH
xxeinjector|51.55015d1|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|https://github.com/enjoiz/XXEinjector
yinjector|0.1|A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.|http://packetstormsecurity.com/files/98359/yInjector-MySQL-Injection-Tool.html
zarp|0.1.8|A network attack tool centered around the exploitation of local networks.|https://defense.ballastsecurity.net/wiki/index.php/Zarp