aggroargs|50.d56728a|Bruteforce commandline buffer overflows, linux, aggressive arguments.|https://github.com/tintinweb/aggroArgs armitage|150813|A graphical cyber attack management tool for Metasploit.|http://www.fastandeasyhacking.com/ armscgen|75.fdf2ff3|ARM Shellcode Generator (Mostly Thumb Mode).|https://github.com/alexpark07/ARMSCGen arpoison|0.7|The UNIX arp cache update utility|http://www.arpoison.net bed|0.5|Collection of scripts to test for buffer overflows, format string vulnerabilities.|http://www.aldeid.com/wiki/Bed beef|0.4.7.0.194.g0234c54|The Browser Exploitation Framework that focuses on the web browser|http://beefproject.com/ bfbtester|2.0.1|Performs checks of single and multiple argument command line overflows and environment variable overflows|http://sourceforge.net/projects/bfbtester/ binex|1.0|Format String exploit building tool.|http://www.morxploit.com/morxtool bitdump|34.6a5cbd8|A tool to extract database data from a blind SQL injection vulnerability.|https://github.com/nbshelton/bitdump blind-sql-bitshifting|52.2325724|A blind SQL injection module that uses bitshfting to calculate characters.|https://github.com/libeclipse/blind-sql-bitshifting bowcaster|172.a2b084f|A framework intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.|https://github.com/zcutlip/bowcaster chw00t|31.19a0726|Unices chroot breaking tool.|https://github.com/earthquake/chw00t cisco-global-exploiter|1.3|A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.|http://www.blackangels.it cisco-torch|0.4b|Cisco Torch mass scanning, fingerprinting, and exploitation tool.|http://www.arhont.com darkd0rk3r|1.0|Python script that performs dork searching and searches for local file inclusion and SQL injection errors.|http://packetstormsecurity.com/files/117403/Dark-D0rk3r.0.html darkmysqli|1.6|Multi-Purpose MySQL Injection Tool|https://github.com/BlackArch/darkmysqli delorean|7.68139d1|NTP Main-in-the-Middle tool.|https://github.com/PentesterES/Delorean dotdotpwn|3.0|The Transversal Directory Fuzzer|http://dotdotpwn.blogspot.com encodeshellcode|0.1b|This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.|http://packetstormsecurity.com/files/119904/Encode-Shellcode.1b.html enteletaor|64.399d107|Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ.|https://github.com/cr0hn/enteletaor exploit-db|1.6|The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software - A collection of hacks|http://www.exploit-db.com exploitpack|14.0c845d1|Exploit Pack - Project.|https://github.com/juansacco/exploitpack eyepwn|1.0|Exploit for Eye-Fi Helper directory traversal vulnerability|http://www.pentest.co.uk fimap|1.00|A little tool for local and remote file inclusion auditing and exploitation|http://code.google.com/p/fimap/ firstexecution|6.a275793|A Collection of different ways to execute code outside of the expected entry points.|https://github.com/nccgroup/firstexecution formatstringexploiter|27.cd54eac|Helper script for working with format string bugs.|https://github.com/Owlz/formatStringExploiter fs-exploit|3.28bb9bb|Format string exploit generation.|https://github.com/miaouPlop/fs hackredis|1.67eeb6c|A simple tool to scan and exploit redis servers.|https://github.com/Ridter/hackredis hamster|2.0.0|Tool for HTTP session sidejacking.|http://hamster.erratasec.com/ hcraft|1.0.0|HTTP Vuln Request Crafter|http://sourceforge.net/projects/hcraft/ hqlmap|38.bb6ab46|A tool to exploit HQL Injections.|https://github.com/PaulSec/HQLmap htexploit|0.77|A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process|http://www.mkit.com.ar/labs/htexploit/ htshells|79.399feaa|Self contained web shells and other attacks via .htaccess files.|https://github.com/wireghoul/htshells inception|432.e38dd7b|A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP DMA.|http://www.breaknenter.org/projects/inception/ irpas|0.10|Internetwork Routing Protocol Attack Suite.|http://phenoelit-us.org/irpas jboss-autopwn|1.3bc2d29|A JBoss script for obtaining remote shell access.|https://github.com/SpiderLabs/jboss-autopwn katana|0.0.0.8|A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others).|http://sourceforge.net/projects/katanas/ killerbee|99|Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks.|https://code.google.com/p/killerbee/ leroy-jenkins|3.bdc3965|A python tool that will allow remote execution of commands on a Jenkins server and its nodes.|https://github.com/captainhooligan/Leroy-Jenkins lfi-autopwn|3.0|A Perl script to try to gain code execution on a remote server via LFI|http://www.blackhatlibrary.net/Lfi_autopwn.pl lisa.py|30.622f9fe|An Exploit Dev Swiss Army Knife.|https://github.com/ant4g0nist/lisa.py metasploit|38676.3413059|An open source platform that supports vulnerability research, exploit development and the creation of custom security tools representing the largest collection of quality-assured exploits.|http://www.metasploit.com minimysqlator|0.5|A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.|http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r miranda-upnp|1.3|A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices|http://code.google.com/p/miranda-upnp/ mitmf|430.2dc1dd4|A Framework for Man-In-The-Middle attacks written in Python.|https://github.com/byt3bl33d3r/MITMf mosquito|39.fe54831|XSS exploitation tool - access victims through HTTP proxy.|https://github.com/koto/mosquito opensvp|64.56b2b8f|A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack.|https://github.com/regit/opensvp osueta|68.827593a|A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.|https://github.com/c0r3dump3d/osueta otori|0.3|A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities.|http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html padbuster|0.3.3|Automated script for performing Padding Oracle attacks.|http://www.gdssecurity.com/l/t.php pirana|0.3.1|Exploitation framework that tests the security of a email content filter.|http://www.guay-leroux.com/projects.html pmcma|1.00|Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).|http://packetstormsecurity.com/files/104724/Post-Memory-Corruption-Memory-Analyzer.00.html pompem|85.a2dc2bb|A python exploit tool finder.|https://github.com/rfunix/Pompem powersploit|321.262a260|A PowerShell Post-Exploitation Framework.|https://github.com/mattifestation/PowerSploit ptf|530.c5fc34e|The Penetration Testers Framework is a way for modular support for up-to-date tools.|https://github.com/trustedsec/ptf rebind|0.3.4|DNS Rebinding Tool|http://code.google.com/p/rebind/ rext|40.43ca8f6|Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices.|https://github.com/j91321/rext rfcat|150225|RF ChipCon-based Attack Toolset.|http://code.google.com/p/rfcat ropeme|1.0|ROPME is a set of python scripts to generate ROP gadgets and payload.|http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/ ropgadget|5.4|Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation.|https://github.com/JonathanSalwan/ROPgadget ropper|1.10.0|Show information about binary files and find gadgets to build rop chains for different architectures|https://github.com/sashs/Ropper roputils|189.07fc123|A Return-oriented Programming toolkit.|https://github.com/inaz2/roputils routersploit|275.c026726|The Router Exploitation Framework.|https://github.com/reverse-shell/routersploit rp|136.5f0841c|A full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries.|https://github.com/0vercl0k/rp rspet|95.db9c012|A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.|https://github.com/panagiks/RSPET shellcodecs|0.1|A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.|http://www.blackhatlibrary.net/Shellcodecs shellme|3.8c7919d|Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.|https://github.com/hatRiot/shellme shellsploit-framework|250.a5fd60c|New Generation Exploit Development Kit.|https://github.com/b3mb4m/shellsploit-framework shocker|60.239286f|A tool to find and exploit servers vulnerable to Shellshock.|https://github.com/nccgroup/shocker snarf-mitm|40.49cc8cb|SMB Man in the Middle Attack Engine / relay suite.|https://github.com/purpleteam/snarf sqlninja|0.2.999|A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.|http://sqlninja.sourceforge.net/ sqlsus|0.7.2|An open source MySQL injection and takeover tool, written in perl|http://sqlsus.sourceforge.net/ stackflow|2.2af525d|Universal stack-based buffer overfow exploitation tool.|https://github.com/d4rkcat/stackflow subterfuge|5.0|Automated Man-in-the-Middle Attack Framework|http://kinozoa.com tcpjunk|2.9.03|A general tcp protocols testing and hacking utility.|http://code.google.com/p/tcpjunk unibrute|1.b3fb4b7|Multithreaded SQL union bruteforcer.|https://github.com/GDSSecurity/Unibrute viproy-voipkit|2.99.1|VoIP Pen-Test Kit for Metasploit Framework|http://viproy.com/ webexploitationtool|155.85bcf0e|A cross platform web exploitation toolkit.|https://github.com/AutoSecTools/WebExploitationTool websploit|3.0.0|An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks|http://code.google.com/p/websploit/ wildpwn|9.379f0da|Unix wildcard attacks.|https://github.com/localh0t/wildpwn wsuspect-proxy|22.0f79a2f|A tool for MITM'ing insecure WSUS connections.|https://github.com/ctxis/wsuspect-proxy xcat|0.7.1|A command line tool to automate the exploitation of blind XPath injection vulnerabilities.|https://github.com/orf/xcat xpl-search|42.d4dbc97|Search exploits in multiple exploit databases!.|https://github.com/CoderPirata/XPL-SEARCH xxeinjector|51.55015d1|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|https://github.com/enjoiz/XXEinjector yinjector|0.1|A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.|http://packetstormsecurity.com/files/98359/yInjector-MySQL-Injection-Tool.html zarp|0.1.8|A network attack tool centered around the exploitation of local networks.|https://defense.ballastsecurity.net/wiki/index.php/Zarp