Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/edoardottt/awesome-hacker-search-engines/llms.txt

Use this file to discover all available pages before exploring further.

Public exploit databases and proof-of-concept repositories play a pivotal role in the security ecosystem. For penetration testers, they provide ready-made reference points to validate whether a disclosed vulnerability is actually exploitable in a client’s environment. For defenders and threat-intelligence analysts, they reveal attacker toolkits before campaigns materialize internally. For researchers and red teams, they serve as benchmarks for detection engineering, threat modeling, and understanding adversary tradecraft. The resources below span canonical exploit archives, living-off-the-land binary catalogs, payload reference collections, and bug-bounty disclosure feeds — everything needed to understand the practical exploitability of modern attack surfaces.
Exploit databases are for authorized security research only. Deploying exploits against systems without written permission is illegal under laws such as the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalent statutes worldwide. Always obtain explicit written authorization before testing.

Exploit Databases

Exploit-DB

Exploit Database — the de facto standard public archive of exploits and vulnerable software, maintained by Offensive Security, and the backbone of the searchsploit command-line tool.

Sploitus

Convenient central place for identifying the newest exploits — aggregates exploit data from Exploit-DB, GitHub, Packet Storm, and other sources into a single searchable interface.

Rapid7 - DB

Vulnerability & Exploit Database — Rapid7’s curated repository of vulnerabilities and Metasploit exploit modules, cross-referenced with CVE and CVSS data.

Vulmon

Vulnerability and exploit search engine — links CVE records directly to known public exploits, enabling quick exploitability triage alongside vulnerability data.

packetstormsecurity.com

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers — one of the longest-running public security resources on the internet.

0day.today

Ultimate database of exploits and vulnerabilities — a large commercial and free exploit marketplace covering remote, local, and web application exploits.

exploitalert.com

Database of Exploits — tracks newly published exploits and security advisories with a searchable, categorized interface.

CVExploits Search

Your comprehensive database for CVE exploits from across the internet — maps CVE identifiers to their available public exploit code and PoC repositories.

exploit.observer

The World’s Largest Exploit & Vulnerability Intelligence Database, freely accessible to all — aggregates exploit intelligence from a wide array of public sources.

VulnCheck XDB

An index of exploit proof-of-concept code in Git repositories — VulnCheck’s cross-database index of PoC code hosted on GitHub and beyond.

VARIoT Exploits

VARIoT IoT exploits database — specialized collection of exploits targeting IoT devices, embedded systems, and connected hardware.

Coalition Exploit Scoring System

Model that dynamically scores new and existing vulnerabilities to reflect their exploit likelihood — useful for prioritizing patching based on real-world exploitability signals.

Hacking the Cloud

Encyclopedia of the attacks, tactics, and techniques that offensive security professionals can use on their next cloud exploitation adventure.

Sploitify

Interactive cheat sheet containing a curated list of public server-side exploits (mostly) — organized for fast lookup during engagements.

CVE PoC Search (jamessawyer)

Search public GitHub repositories containing proof-of-concept exploit code, indexed by CVE identifier.
Use Sploitus as your first stop. Sploitus aggregates exploit data from Exploit-DB, Packet Storm, GitHub security advisories, and other sources simultaneously. A single search there will surface results from multiple databases at once, saving significant time during initial triage. Then drill into the original source for full details, reliability context, and patch information.

Living Off the Land (LOL) Resources

LOLBas — Binaries, Scripts & Libraries

Living Off The Land Binaries, Scripts and Libraries — catalogs Windows built-in binaries, scripts, and libraries that can be abused for execution, download, bypass, and persistence.

GTFOBins

Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems — the Linux/macOS counterpart to LOLBas.

Living Off The Land Drivers (LOLDrivers)

Open-source project that brings together vulnerable, malicious, and known-malicious Windows drivers used by adversaries for BYOVD (Bring Your Own Vulnerable Driver) attacks.

Living Off the Orchard: macOS Binaries (LOOBins)

Detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.

GTFOArgs

Curated list of Unix binaries that can be manipulated for argument injection — extends GTFOBins coverage to argument-injection-specific abuse cases.

Living Off The Land Applications (LOLApps)

Compendium of applications that can be used to carry out day-to-day exploitation — covers commercial and off-the-shelf software abused during attacks.

Living off the Hardware (LOTHardware)

Resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices for offensive operations.

Living Off the Pipeline (LOTPipeline)

How development tools commonly used in CI/CD pipelines can be used to achieve arbitrary code execution — critical for pipeline security assessments.

Living Off The Land ESXi (LOLESXi)

Comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations.

Living Off The Land Active Directory (LOLAd)

Comprehensive collection of Active Directory techniques, commands, and functions that can be used natively to support offensive security operations and Red Team exercises.

Living Off The Land Security Tools (Project-Lost)

Curated list of Security Tools used by adversaries to bypass security controls and carry out attacks — focuses on dual-use security tooling abused offensively.

Living Off The Tunnels (LOTTunnels)

Community-driven project to document digital tunnels that can be abused by threat actors for data exfiltration, persistence, shell access, and more.

LOLGlobs

A searchable catalog of glob-based command obfuscation techniques for Linux, macOS, Windows CMD, and PowerShell.

LOFLCAB

Document every cmdlet, binary, script, and WMI class that can be used for Living Off the Foreign Land techniques — extends LOL coverage to remote/foreign systems.

Payload & Technique References

Payloads All The Things

A list of useful payloads and bypasses for Web Application Security — the go-to cheat sheet for SQLi, XSS, SSRF, command injection, path traversal, and dozens of other web attack classes.

XSS Payloads

The wonderland of JavaScript unexpected usages, and more — a focused payload library for cross-site scripting research and browser exploitation.

Reverse Shell Generator

Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode — generates tailored reverse shell one-liners on demand.

shell-storm.org/shellcode

Shellcodes database for study cases — an extensive archive of shellcode for various architectures and operating systems for low-level exploit development research.

WADComs

Interactive cheat sheet containing a curated list of offensive security tools and their respective commands to be used against Windows/AD environments.

PwnWiki

Collection of TTPs (tools, tactics, and procedures) for what to do after access has been gained — a post-exploitation reference organized by technique and platform.

cspbypass.com

Search for Content Security Policy Bypasses — a database of known CSP bypass techniques and bypasses for specific CDN/domain allowlists.

Bug Bounty & Research Platforms

HackerOne Hacktivity

See the latest hacker activity on HackerOne — a public feed of disclosed and accepted vulnerability reports from HackerOne bug bounty programs, excellent for learning real-world attack patterns.

Bugcrowd Crowdstream

Showcase of accepted and disclosed submissions on Bugcrowd programs — publicly disclosed findings from Bugcrowd’s managed bug bounty and VDP programs.

hackyx.io

The aim of this project is to easily find any resource related to IT security like CTF writeups, articles, or Bug Bounty reports — a curated search engine for offensive security resources.

Build docs developers (and LLMs) love