BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.
I started this project years ago, when still exploiting IE 6, 7 and 8. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task.
BrowserSploit use a lot of techniques to bypass anti-virus and is full of featured.
- Javascript obfuscation (XOR, JS Iframe Head, Cookie Encrypted, Split Encrypted Iframe, Base64 random space).
- Advanced exploitation techniques.
- Artificial Intelligence based on traffic learning.
- Multi-Users ready platform
- Filter Antivirus connections
- Evade AV domain filters
- Reverse Honeypot features to trick non legitimate users and sec users
- Bypass Windows DEP / ASLR / UAC
- Advanced polymorphic shellcoding
What it mean for the non-technical people: If you surf the web on your browser and you visit a page infected by an browser exploit pack, then you will likely be infected by malicious software without even notify it.
Next Features:
- Windows 8/8.1/10 CFG bypass.
- Organize sql structure.
- Sql optimisation with memcached.
- Code optimisation to run on heavy loads
- Port perl to php for better scalability (be able to pentest large corporate network)
- Adding recent exploits
- Adding more evasive shellcodes
- Adding more platforms as it's now widely used (linux, MacOS)
- Fixing security bugs...
WARNING: This tool is not for script kiddies or for non-advanced coders. It a platform to jumpstart your own code by adding more exploits, there's a lot of bugs into the platform, some have just been put there to stop non-ethical hacker running this code too easily.