Exploitation
64 tools
Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes advanced post-exploitation features.
Atomic-operator is a module to execute Atomic Red Team tests across multiple operating system environments. It enables security professionals to test detection and defensive capabilities against prescribed techniques.
BeEF is the Browser Exploitation Framework, a penetration testing tool focusing on web browser vulnerabilities. It hooks browsers to launch client-side attacks and assess security from within the browser context.
Active Directory privilege escalation framework that performs specific LDAP calls to domain controllers. Supports authentication via cleartext passwords, pass-the-hash, pass-the-ticket, or certificates.
Scalable Automated Adversary Emulation Platform. Automates adversary emulation, assists manual red-teams, and automates incident response.
Certi is a utility for interacting with Active Directory Certificate Services (ADCS) to request certificates and discover templates. It serves as the impacket equivalent of the Certify tool.
Offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS). Used to attack AD Certificate Services by managing accounts, certificates, and CAs.
Cisco Global Exploiter (CGE) is an advanced, simple and fast security testing tool for exploiting various Cisco vulnerabilities. It targets multiple Cisco devices and IOS versions with specific exploit numbers.
Coercer is a Python script that automatically forces a Windows server to authenticate on an arbitrary machine using various coercion methods. It supports scanning, coercing, and fuzzing modes to test and trigger NTLM authentications.
Copies configuration files from Cisco devices running SNMP to a TFTP server. Companion tool merges configs from TFTP server back to the router.
Cosign is a tool for signing, verifying, and storing OCI containers and artifacts using Sigstore. It supports keyless signing, hardware/KMS signing, and custom keypairs for container integrity and supply chain security.
Cymothoa is a stealth backdooring tool that injects backdoor shellcode into an existing process. It uses the ptrace library to manipulate and infect processes on *nix systems.
dbd is a portable Netcat clone with strong AES-CBC-128 + HMAC-SHA1 encryption. It supports program execution, continuous reconnection, and daemon mode on Unix-like systems and Windows.
Donut generates position-independent shellcode that enables in-memory execution of VBScript, JScript, EXE, DLL files, and dotNET assemblies. Modules can be staged from HTTP servers or embedded, with optional encryption and features like AMSI/WLDP patching.
Expect automates interactive applications by scripting expected prompts and responses. It enables testing of applications and wrapping them in X11 GUIs using Tk.
Searchable archive from The Exploit Database for locating exploits. Provides command-line tool searchsploit to query local exploit database.
The Exploit Database’s archive of binary exploits. Provides searchable binary exploits from The Exploit Database.
FakeIKEd (fiked) is a fake IKE daemon that impersonates Cisco VPN gateways to capture XAUTH login credentials in a semi MitM attack against insecure PSK+XAUTH IPsec setups. It supports just enough IKE standards and Cisco extensions for this purpose.
Command line utility for searching and downloading exploits from popular collections like Exploit-DB, Metasploit, and Packetstorm. Allows immediate download of exploit source code to the working directory.
go-donut is a pure Go implementation of the Donut Injector that converts VBS/JS or PE/.NET EXE/DLL files into shellcode. It generates the binary go-donut from the github-binject-go-donut package.
GSS-NTLMSSP is a GSSAPI mechanism plugin that implements the NTLMSSP protocol for NTLM and NTLMv2 challenge-response authentication. It provides a loadable module compatible with MIT Kerberos GSSAPI.
HexStrike AI is an AI-powered MCP cybersecurity automation platform featuring a multi-agent architecture with autonomous AI agents for intelligent decision-making and vulnerability intelligence. It provides an automated pipeline for reconnaissance, exploitation, and analysis tailored for bug bounty hunting, CTFs, red teaming, and zero-day research.
Hoaxshell is a Windows reverse shell payload generator and handler that abuses the HTTP(S) protocol to establish a beacon-like reverse shell. It generates payloads and handles sessions over standard web protocols.
Hotpatch dynamically loads a shared library (.so) into a running Linux process without affecting its execution. It provides a C/C++ API for hot patching executables via the hotpatcher utility.
htshells provides self-contained .htaccess-based web shells and attacks for remote code execution and information disclosure. It is designed for penetration tests against CMS systems that restrict uploads by extension.
iaxflood is a VoIP flooder tool that sends IAX packets to overwhelm Asterisk IP PBX systems. It uses a captured UDP Inter-Asterisk_eXchange packet as payload to force more processing than a basic UDP flood.
inviteflood is a tool for SIP/SDP INVITE message flooding over UDP/IP to target SIP systems. It sends multiple INVITE packets to overwhelm a specified flood target.
Evilgrade is a modular framework for injecting fake updates by exploiting poor upgrade implementations. It includes pre-made binaries, a WebServer, DNSServer, and autoconfiguration for rapid pentests.
JBoss script that deploys a JSP shell on target JBoss AS servers to obtain remote shell access. Supports multiplatform targets including Windows, Linux, and Mac with bind/reverse shells and Meterpreter/VNC for Windows.
Kali Autopilot is a tool to help develop automatic attack scripts for red and purple teaming. It is primarily intended for creating scripts that attack vulnerable machines in the Kali Purple platform for detection and response training.
Kerberos relaying and unconstrained delegation abuse toolkit. This tool can add/remove/modify Service Principal Names on accounts in AD over LDAP.
Laudanum is a collection of injectable web files designed for pentests when SQL injection flaws are discovered. It provides functionality such as shell access, DNS queries, LDAP retrieval, and others across multiple languages and environments.
Semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems. Legion is a fork of SECFORCE’s Sparta.
The Metasploit Framework is an open source platform for vulnerability research, exploit development, and creation of custom security tools. It includes msfconsole, msfvenom, and various utilities for generating payloads and managing exploits.
Version 2 of the Metasploit Framework, no longer updated but still useful for shellcode generation and exploitation tasks. It provides a collection of exploits, payloads, encoders, and related tools.
MCP Server for Metasploit Framework integration. A Model Context Protocol (MCP) server that enables streamlined communication with Metasploit.
MSFvenom Payload Creator (MSFPC) is a quick way to generate various basic Meterpreter payloads using msfvenom from the Metasploit framework. It automates payload creation with options for different platforms, connection types, and protocols.
NetExec (AKA nxc) is a network service exploitation tool that helps automate assessing the security of large networks. It is the continuation of CrackMapExec.
Metapackage collection providing resources and dependencies for Offensive Security courses. Includes specialized packages for AWAE/WEB-300, EXP-100, EXP-301, PEN-300, and PWK/PEN-200 training paths.
OpenSSL is a robust toolkit for implementing SSL and TLS protocols, providing cryptographic utilities for secure communication over the Internet. It includes command-line tools for key generation, certificate management, encryption, and testing SSL/TLS clients and servers.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments. It enables penetration testers to exploit configuration flaws in AWS accounts using modular functionality.
Peirates is a Kubernetes penetration testing tool that enables attackers to escalate privileges and pivot through a cluster. It automates techniques to steal service accounts, achieve code execution, and gain cluster control.
Provides methods for manipulating the running-config of Cisco devices running IOS via SNMP directed TFTP. Handy for making changes or backups on many devices without logging into each one.
PHPGGC generates payloads that exploit unsafe object deserialization vulnerabilities in PHP applications. It provides a library of gadget chains and a command-line tool for creating serialized payloads.
Pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework. It provides a powerful PoC engine and features for penetration testers and security researchers.
Powercat is a PowerShell version of Netcat that reads and writes data across network connections using DNS or UDP protocols. It implements Netcat features with extras like built-in relays, PowerShell execution, and a dnscat2 client.
PowerShell is an automation and configuration management platform consisting of a cross-platform command-line shell and associated scripting language.
Proxychains-ng is a tool that forces TCP connections from applications to go through SOCKS4a/5 or HTTP proxies. It hooks libc functions via LD_PRELOAD to redirect network traffic transparently.
pwnat is a tool that enables communication between clients and a server, both behind NATs, without requiring port forwarding or DMZ setup on routers. It allows direct connectivity where traditional methods fail.
pwncat is an enhanced Netcat implementation with firewall and IDS/IPS evasion capabilities, supporting bind and reverse shells, self-injecting shells, and port forwarding. It is fully scriptable with Python (PSE).
Rebind is a DNS rebinding tool that implements multiple A record attacks to bypass network restrictions. It targets routers or public IP addresses by providing external access to internal web interfaces.
Ropper is a ROP gadget finder and binary information tool that displays info about files in different formats and finds gadgets to build ROP chains for various architectures including x86/x86_64, ARM/ARM64, MIPS, and PowerPC. It uses the Capstone Framework for disassembly.
RouterSploit is an open-source exploitation framework for embedded devices like routers. It includes exploits, scanners, credential testing modules, payloads, and generic attacks.
Rubeus is a C# toolset for raw Kerberos interaction and abuses. It enables attacking Active Directory authentication mechanisms.
Shellfire is an exploitation shell designed for exploiting LFI, RFI, and command injection vulnerabilities. It provides a focused interface for leveraging these web vulnerabilities to gain shell access.
Shellter is a dynamic shellcode injection tool and PE infector for injecting shellcode into native Windows applications. It preserves the original PE structure to evade antivirus detection.
Sickle is a payload development kit for crafting shellcode and non-binary payloads for exploits. It supports modules primarily aimed at assembly but is not limited to shellcode.
Socat is a multipurpose relay for bidirectional data transfer between two byte streams. It supports files, pipes, devices, and sockets including Unix, IPv4, IPv6, raw, UDP, TCP, and SSL.
TeamSploit is a suite of tools for the Metasploit Framework that enables group-based penetration testing with real-time collaboration and automation. It automates common tasks like exploitation, post-exploitation, and information gathering while supporting session sharing.
Termineter is a Python framework for security testing of smart meters using C1218 and C1219 protocols over an ANSI type-2 optical probe. It supports modules for tasks like brute forcing credentials, enumerating tables, and dumping data from C12.19 compliant devices.
Comprehensive IPv6 and ICMPv6 attack toolkit for testing protocol weaknesses, network discovery, and denial-of-service attacks. Includes tools for scanning, spoofing, flooding, and exploiting IPv6 implementations.
Unicorn Magic is a tool for performing PowerShell downgrade attacks and injecting shellcode directly into memory. It generates PowerShell commands for payloads like Meterpreter or download/exec, usable in various attack vectors including macros, HTA, and DDE.
Veil generates Metasploit payloads designed to bypass common anti-virus solutions. It replaces the older veil-evasion package.
wmi is a DCOM/WMI client implementation based on Samba4 sources for interacting with WMI services on Windows systems. It provides a command line client to perform remote command execution on Windows 2000/XP/2003 machines.