BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.

I started this project years ago, when still exploiting IE 6, 7 and 8. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task.

BrowserSploit use a lot of techniques to bypass anti-virus and is full of featured.

• Javascript obfuscation (XOR, JS Iframe Head, Cookie Encrypted, Split Encrypted Iframe, Base64 random space).
• Advanced exploitation techniques.
• Artificial Intelligence based on traffic learning.
• Multi-Users ready platform
• Filter Antivirus connections
• Evade AV domain filters
• Reverse Honeypot features to trick non legitimate users and sec users
• Bypass Windows DEP / ASLR / UAC
• Advanced polymorphic shellcoding

What it mean for the non-technical people: If you surf the web on your browser and you visit a page infected by an browser exploit pack, then you will likely be infected by malicious software without even notify it.

Next Features:

• Windows 8/8.1/10 CFG bypass.
• Organize sql structure.
• Sql optimisation with memcached.
• Code optimisation to run on heavy loads
• Port perl to php for better scalability (be able to pentest large corporate network)
• Adding recent exploits
• Adding more evasive shellcodes
• Adding more platforms as it's now widely used (linux, MacOS)
• Fixing security bugs...

WARNING: This tool is not for script kiddies or for non-advanced coders. It a platform to jumpstart your own code by adding more exploits, there's a lot of bugs into the platform, some have just been put there to stop non-ethical hacker running this code too easily.