A utility that, when given a CVE searches Github for a PoC of the vulnerability.
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
The project collects legitimate functions of Unix binaries that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
An impressive collection of research papers, exploits, and utilities.
A framework used by penetration testers for building custom exploits for infiltrating systems. Written in Ruby. Comes with a large library of payloads and other nifty and fascinating tools. It's worth learning to use if you're serious about penetration testing or exploit development. Also, the cutting edge of attack technologies winds up coming out of the Metasploit project.
A development library which makes it easier to develop and package your own shellcode for remote exploits. It even includes an ncurses-based front end.
A handy cheatsheet for crafting SQL injection attacks against web applications.
Offensive Security Training has taken over where Milw0rm left off in their archival of live exploits, vulnerability descriptions, attacks, and whitepapers.
A basic framework for forcing heap overflow vulnerabilities in the Linux kernel. This is for the purpose of learning to write heap overflow exploits in the Linux kernel as well as for developing the techniques to find and exploit them. It is entirely possible that this library may destabilize the kernel so practice on a virtual machine that you can revert to a known-stable state when you're done.
Github repo for a tutorial on writing kernel exploits.
Awesome list of curated hacking infosec pentesting resources.
4223 links, including 281 private