• Stars
    star
    323
  • Rank 130,051 (Top 3 %)
  • Language
    Perl
  • License
    GNU General Publi...
  • Created over 8 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.

browsersploit

BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.

I started this project years ago, when still exploiting IE 6, 7 and 8. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task.

BrowserSploit use a lot of techniques to bypass anti-virus and is full of featured.

  • Javascript obfuscation (XOR, JS Iframe Head, Cookie Encrypted, Split Encrypted Iframe, Base64 random space).
  • Advanced exploitation techniques.
  • Artificial Intelligence based on traffic learning.
  • Multi-Users ready platform
  • Filter Antivirus connections
  • Evade AV domain filters
  • Reverse Honeypot features to trick non legitimate users and sec users
  • Bypass Windows DEP / ASLR / UAC
  • Advanced polymorphic shellcoding

What it mean for the non-technical people: If you surf the web on your browser and you visit a page infected by an browser exploit pack, then you will likely be infected by malicious software without even notify it.

Next Features:

  • Windows 8/8.1/10 CFG bypass.
  • Organize sql structure.
  • Sql optimisation with memcached.
  • Code optimisation to run on heavy loads
  • Port perl to php for better scalability (be able to pentest large corporate network)
  • Adding recent exploits
  • Adding more evasive shellcodes
  • Adding more platforms as it's now widely used (linux, MacOS)
  • Fixing security bugs...

WARNING: This tool is not for script kiddies or for non-advanced coders. It a platform to jumpstart your own code by adding more exploits, there's a lot of bugs into the platform, some have just been put there to stop non-ethical hacker running this code too easily.