Exploit

Tools designed to assist with the exploitation of systems

Tool

Description

Source

Armitage

Gui for metasploit

https://github.com/rsmudge/armitage

AutoSploit

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts

https://github.com/NullArray/AutoSploit

Avet

Anti-Virus Evasion Tool

https://github.com/govolution/avet

Chimera

PowerShell Obfuscation Script

https://github.com/tokyoneon/Chimera

espoofer

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails.

https://github.com/chenjj/espoofer

Evil-WinRM

WinRM shell for hacking/pentesting. Used to connect to and use WinRM from Linux

https://github.com/Hackplayers/evil-winrm

evilginx2

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.

https://github.com/kgretzky/evilginx2

fireELF

fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads

https://github.com/rek7/fireELF

HERCULES

Customizable Payload Generator

https://github.com/EgeBalci/HERCULES

Invoke-Obsfucation

PowerShell Payload Obfuscation Script

https://github.com/danielbohannon/Invoke-Obfuscation

KRACK-toolkit

This is a collection of scripts and tools that exploits the WPA vulnerability in Wi-Fi

https://github.com/omaidf/KRACK-toolkit

Legion

Network pentest framework with GUI

https://github.com/GoVanguard/legion

MetaSploit

Multipurpose attack tool

https://metasploit.com

NEMESIS

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems

https://github.com/libnet/nemesis

NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database.

https://github.com/codingo/NoSQLMap

Offensive Wi-Fi Toolkit

This tool compiles 6 different attack modes for basic Wireless Network hacking combined with a U.I. for easy use all compacted in a minimal file size.

https://github.com/clu3bot/owt

OfficeBreaker

Officer Breaker is a simple program that removes the password from read-only protected files that belong to the Office Open XML format family (.pptx/.xlsx/.docx file types).

https://github.com/nedlir/OfficerBreaker

PowerLessShell

PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.

https://github.com/Mr-Un1k0d3r/PowerLessShell

PRET

Printer Exploitation Toolkit

https://github.com/RUB-NDS/PRET

PwnCat

NetCat on steroids

https://github.com/cytopia/pwncat

Reaver WPS

Automated exploiter for Wi-Fi WPS

https://code.google.com/archive/p/reaver-wps/downloads

routersploit

Automated exploiter for routers

https://github.com/threat9/routersploit

SET

Social Engineering Toolkit

https://github.com/trustedsec/social-engineer-toolkit

Seth

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials

https://github.com/SySS-Research/Seth

ShellPop

Automated shellcode generator for pentests

https://github.com/0x00-0x00/shellpop

Smuggler

An HTTP Request Smuggling / Desync testing tool written in Python 3

https://github.com/defparam/smuggler

Smuggler (different tool)

Smuggler is a free software tool to detect and exploit -HTTP Smuggling- vulnerabilities

https://github.com/epsylon/Smuggler

sqlmap

Semi-automatic sql injection tool - Some features require Metasploit