1
0
mirror of https://github.com/byReqz/blackmate.git synced 2024-11-23 19:54:55 +00:00
blackmate/categories/exploitation
2016-06-25 21:58:53 +08:00

87 lines
11 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

aggroargs|50.d56728a|Bruteforce commandline buffer overflows, linux, aggressive arguments.|https://github.com/tintinweb/aggroArgs
armitage|150813|A graphical cyber attack management tool for Metasploit.|http://www.fastandeasyhacking.com/
armscgen|75.fdf2ff3|ARM Shellcode Generator (Mostly Thumb Mode).|https://github.com/alexpark07/ARMSCGen
arpoison|0.7|The UNIX arp cache update utility|http://www.arpoison.net
bed|0.5|Collection of scripts to test for buffer overflows, format string vulnerabilities.|http://www.aldeid.com/wiki/Bed
beef|0.4.7.0.194.g0234c54|The Browser Exploitation Framework that focuses on the web browser|http://beefproject.com/
bfbtester|2.0.1|Performs checks of single and multiple argument command line overflows and environment variable overflows|http://sourceforge.net/projects/bfbtester/
binex|1.0|Format String exploit building tool.|http://www.morxploit.com/morxtool
bitdump|34.6a5cbd8|A tool to extract database data from a blind SQL injection vulnerability.|https://github.com/nbshelton/bitdump
blind-sql-bitshifting|52.2325724|A blind SQL injection module that uses bitshfting to calculate characters.|https://github.com/libeclipse/blind-sql-bitshifting
bowcaster|172.a2b084f|A framework intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.|https://github.com/zcutlip/bowcaster
chw00t|31.19a0726|Unices chroot breaking tool.|https://github.com/earthquake/chw00t
cisco-global-exploiter|1.3|A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.|http://www.blackangels.it
cisco-torch|0.4b|Cisco Torch mass scanning, fingerprinting, and exploitation tool.|http://www.arhont.com
darkd0rk3r|1.0|Python script that performs dork searching and searches for local file inclusion and SQL injection errors.|http://packetstormsecurity.com/files/117403/Dark-D0rk3r.0.html
darkmysqli|1.6|Multi-Purpose MySQL Injection Tool|https://github.com/BlackArch/darkmysqli
delorean|7.68139d1|NTP Main-in-the-Middle tool.|https://github.com/PentesterES/Delorean
dotdotpwn|3.0|The Transversal Directory Fuzzer|http://dotdotpwn.blogspot.com
encodeshellcode|0.1b|This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.|http://packetstormsecurity.com/files/119904/Encode-Shellcode.1b.html
enteletaor|64.399d107|Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ.|https://github.com/cr0hn/enteletaor
exploit-db|1.6|The Exploit Database (EDB) an ultimate archive of exploits and vulnerable software - A collection of hacks|http://www.exploit-db.com
exploitpack|14.0c845d1|Exploit Pack - Project.|https://github.com/juansacco/exploitpack
eyepwn|1.0|Exploit for Eye-Fi Helper directory traversal vulnerability|http://www.pentest.co.uk
fimap|1.00|A little tool for local and remote file inclusion auditing and exploitation|http://code.google.com/p/fimap/
firstexecution|6.a275793|A Collection of different ways to execute code outside of the expected entry points.|https://github.com/nccgroup/firstexecution
formatstringexploiter|27.cd54eac|Helper script for working with format string bugs.|https://github.com/Owlz/formatStringExploiter
fs-exploit|3.28bb9bb|Format string exploit generation.|https://github.com/miaouPlop/fs
hackredis|1.67eeb6c|A simple tool to scan and exploit redis servers.|https://github.com/Ridter/hackredis
hamster|2.0.0|Tool for HTTP session sidejacking.|http://hamster.erratasec.com/
hcraft|1.0.0|HTTP Vuln Request Crafter|http://sourceforge.net/projects/hcraft/
hqlmap|38.bb6ab46|A tool to exploit HQL Injections.|https://github.com/PaulSec/HQLmap
htexploit|0.77|A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process|http://www.mkit.com.ar/labs/htexploit/
htshells|79.399feaa|Self contained web shells and other attacks via .htaccess files.|https://github.com/wireghoul/htshells
inception|432.e38dd7b|A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP DMA.|http://www.breaknenter.org/projects/inception/
irpas|0.10|Internetwork Routing Protocol Attack Suite.|http://phenoelit-us.org/irpas
jboss-autopwn|1.3bc2d29|A JBoss script for obtaining remote shell access.|https://github.com/SpiderLabs/jboss-autopwn
katana|0.0.0.8|A framework that seekss to unite general auditing tools, which are general pentesting tools (Network,Web,Desktop and others).|http://sourceforge.net/projects/katanas/
killerbee|99|Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks.|https://code.google.com/p/killerbee/
leroy-jenkins|3.bdc3965|A python tool that will allow remote execution of commands on a Jenkins server and its nodes.|https://github.com/captainhooligan/Leroy-Jenkins
lfi-autopwn|3.0|A Perl script to try to gain code execution on a remote server via LFI|http://www.blackhatlibrary.net/Lfi_autopwn.pl
lisa.py|30.622f9fe|An Exploit Dev Swiss Army Knife.|https://github.com/ant4g0nist/lisa.py
metasploit|38676.3413059|An open source platform that supports vulnerability research, exploit development and the creation of custom security tools representing the largest collection of quality-assured exploits.|http://www.metasploit.com
minimysqlator|0.5|A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.|http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r
miranda-upnp|1.3|A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices|http://code.google.com/p/miranda-upnp/
mitmf|430.2dc1dd4|A Framework for Man-In-The-Middle attacks written in Python.|https://github.com/byt3bl33d3r/MITMf
mosquito|39.fe54831|XSS exploitation tool - access victims through HTTP proxy.|https://github.com/koto/mosquito
opensvp|64.56b2b8f|A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack.|https://github.com/regit/opensvp
osueta|68.827593a|A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.|https://github.com/c0r3dump3d/osueta
otori|0.3|A python-based toolbox intended to allow useful exploitation of XML external entity ("XXE") vulnerabilities.|http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html
padbuster|0.3.3|Automated script for performing Padding Oracle attacks.|http://www.gdssecurity.com/l/t.php
pirana|0.3.1|Exploitation framework that tests the security of a email content filter.|http://www.guay-leroux.com/projects.html
pmcma|1.00|Automated exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).|http://packetstormsecurity.com/files/104724/Post-Memory-Corruption-Memory-Analyzer.00.html
pompem|85.a2dc2bb|A python exploit tool finder.|https://github.com/rfunix/Pompem
powersploit|321.262a260|A PowerShell Post-Exploitation Framework.|https://github.com/mattifestation/PowerSploit
ptf|530.c5fc34e|The Penetration Testers Framework is a way for modular support for up-to-date tools.|https://github.com/trustedsec/ptf
rebind|0.3.4|DNS Rebinding Tool|http://code.google.com/p/rebind/
rext|40.43ca8f6|Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices.|https://github.com/j91321/rext
rfcat|150225|RF ChipCon-based Attack Toolset.|http://code.google.com/p/rfcat
ropeme|1.0|ROPME is a set of python scripts to generate ROP gadgets and payload.|http://www.vnsecurity.net/2010/08/ropeme-rop-exploit-made-easy/
ropgadget|5.4|Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation.|https://github.com/JonathanSalwan/ROPgadget
ropper|1.10.0|Show information about binary files and find gadgets to build rop chains for different architectures|https://github.com/sashs/Ropper
roputils|189.07fc123|A Return-oriented Programming toolkit.|https://github.com/inaz2/roputils
routersploit|275.c026726|The Router Exploitation Framework.|https://github.com/reverse-shell/routersploit
rp|136.5f0841c|A full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries.|https://github.com/0vercl0k/rp
rspet|95.db9c012|A Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.|https://github.com/panagiks/RSPET
shellcodecs|0.1|A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.|http://www.blackhatlibrary.net/Shellcodecs
shellme|3.8c7919d|Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.|https://github.com/hatRiot/shellme
shellsploit-framework|250.a5fd60c|New Generation Exploit Development Kit.|https://github.com/b3mb4m/shellsploit-framework
shocker|60.239286f|A tool to find and exploit servers vulnerable to Shellshock.|https://github.com/nccgroup/shocker
snarf-mitm|40.49cc8cb|SMB Man in the Middle Attack Engine / relay suite.|https://github.com/purpleteam/snarf
sqlninja|0.2.999|A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.|http://sqlninja.sourceforge.net/
sqlsus|0.7.2|An open source MySQL injection and takeover tool, written in perl|http://sqlsus.sourceforge.net/
stackflow|2.2af525d|Universal stack-based buffer overfow exploitation tool.|https://github.com/d4rkcat/stackflow
subterfuge|5.0|Automated Man-in-the-Middle Attack Framework|http://kinozoa.com
tcpjunk|2.9.03|A general tcp protocols testing and hacking utility.|http://code.google.com/p/tcpjunk
unibrute|1.b3fb4b7|Multithreaded SQL union bruteforcer.|https://github.com/GDSSecurity/Unibrute
viproy-voipkit|2.99.1|VoIP Pen-Test Kit for Metasploit Framework|http://viproy.com/
webexploitationtool|155.85bcf0e|A cross platform web exploitation toolkit.|https://github.com/AutoSecTools/WebExploitationTool
websploit|3.0.0|An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks|http://code.google.com/p/websploit/
wildpwn|9.379f0da|Unix wildcard attacks.|https://github.com/localh0t/wildpwn
wsuspect-proxy|22.0f79a2f|A tool for MITM'ing insecure WSUS connections.|https://github.com/ctxis/wsuspect-proxy
xcat|0.7.1|A command line tool to automate the exploitation of blind XPath injection vulnerabilities.|https://github.com/orf/xcat
xpl-search|42.d4dbc97|Search exploits in multiple exploit databases!.|https://github.com/CoderPirata/XPL-SEARCH
xxeinjector|51.55015d1|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|https://github.com/enjoiz/XXEinjector
yinjector|0.1|A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.|http://packetstormsecurity.com/files/98359/yInjector-MySQL-Injection-Tool.html
zarp|0.1.8|A network attack tool centered around the exploitation of local networks.|https://defense.ballastsecurity.net/wiki/index.php/Zarp