Exploit refers to a piece of code or technique that takes advantage of a security vulnerability in a system, application, or network to cause unintended behavior. Exploits can be used by attackers to gain unauthorized access, escalate privileges, execute arbitrary code, or cause a denial of service. This topic covers the various types of exploits, such as zero-day exploits, remote code execution, and privilege escalation. It also explores the lifecycle of an exploit, from discovery and development to deployment and mitigation, and highlights the importance of vulnerability management and patching in preventing exploits.

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check:https://hackertraining.org

• UpdatedDec 11, 2025
• Jupyter Notebook

A collection of hacking / penetration testing resources to make you better!

• UpdatedMar 12, 2024

CTF framework and exploit development library

• UpdatedDec 15, 2025
• Python

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

• UpdatedDec 10, 2025
• Shell

List of free GPTs that doesn't require plus subscription

• UpdatedNov 8, 2024

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

• UpdatedDec 4, 2025
• Java

windows-kernel-exploits Windows平台提权漏洞集合

• UpdatedJun 11, 2021
• C

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

• UpdatedDec 5, 2025
• Python

Gather and update all available and newest CVEs with their PoC.

• UpdatedDec 17, 2025
• HTML

📡 PoC auto collect from GitHub.⚠️ Be careful Malware.

• UpdatedDec 17, 2025

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

• UpdatedDec 5, 2025
• HTML

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

• UpdatedMar 12, 2024
• Go

Cyber Security ALL-IN-ONE Platform

• UpdatedDec 17, 2025
• TypeScript

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

• UpdatedNov 6, 2025
• Python

A collection of links related to Linux kernel security and exploitation

• UpdatedNov 6, 2025

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

• UpdatedJan 25, 2025
• PowerShell

linux-kernel-exploits Linux平台提权漏洞集合

• UpdatedJul 13, 2020
• C

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

• UpdatedApr 19, 2024
• Python

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等，大量高危漏洞检测模块MS17010、Zimbra、Exchange

• UpdatedMar 24, 2025
• C#

Automated Mass Exploiter

• UpdatedMay 22, 2023
• Python