For those wanting an all-in-one solution, (or as close as we can get it), there exists larger frameworks that contain a multitude of tools and utilties to perform far more than just initial exploitation.
After your all your active and passive scanning is finished, you should have a a pretty good understanding of the technology that makes up your target. The next step is to look for weaknesses in those technologies. Vulnerability databases are a trove of information on what versions of different technologies have vulnerabilities that can be exploited. Some vulnerability entries will even have information on and links to, the exploit coded for the target vulnerability.
Vulnerability Research Databases
National Vulnerability DB - The NIST NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
CVE details - Vulnerability database with some enrichment around the vulnerability
Zero Day DB - Research and data repository for Zero-Day vulnerability discoveries.
Security Focus - The SecurityFocus Vulnerability Database provides security professionals with the most up-to-date information on vulnerabilities for all platforms and services.
Vulners.com - Your Search Engine for Security Intelligence
opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities
https://vulmon.com/ - Vulmon is a vulnerability search engine with vulnerability intelligence features. Vulmon conducts full text search in its database; therefore, you can search everything related to vulnerabilities. It includes CVE ID, vulnerability types, vendors, products, exploits, operating systems and anything else related to vulnerabilities.
https://hpi-vdb.de/vulndb/ - a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from Internet is evaluated, normalized, and centralized in the high performance database.
https://snyk.io/vuln/ - Detailed information and remediation guidance for known vulnerabilities.
VulnIQ - Vulnerability intelligence and management solution
Vulners DB - Lucene based search engine to parse the largest database of vulnerabilities and exploits available.
Rapid 7 Exploit DB - A curated repository of vetted computer software exploits and exploitable vulnerabilities.
CX Exploit DB - BugTraq, Search for published entries of vulnerabilities and related exploits
Packet Storm Exploits - Collection of vulnerabilities and exploits pulled from across the web.
Securiteam - A central Security web site containing all the newest security information from various mailing lists, hacker channels, tools, and knowledge.
FullDisclosure - A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community.
Shodan Exploits - Use Shodan searching capabilities to search vulnerabilities and exploits across multiple platforms
SploitUs - Vulnerability and Exploit search engine powered by Vulners. Bonus: it has dark mode.
Exploit Evaluation
https://attackerkb.com - When a new vulnerability prompts discussion on Twitter or hits media outlets, it can be difficult for security teams to wade through all the hype to determine risk and priority. How pervasive is the vulnerability? Is the expected shelf life long enough that it’s worth developing an exploit for? Is it worth dropping everything to patch or mitigate? Does an adversary or threat actor have a desire or motive to exploit the opportunity? Or is it actually… not useful or interesting?
Security researchers and hackers are almost always the first to shed light on the specific conditions and characteristics that make a vulnerability not just exploitable, but actually useful to attackers. AttackerKB was built to capture, highlight, and expand that knowledge for the whole security community.
Pompem - Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database and more.
NSE exploit scripts - Search for exploits available in NSE
# cd /usr/share/nmap/scripts
# grep Exploits *.nse
Exploit Payloads
An Exploit Payload is a piece of code or a sequence of commands which is used to exploit a vulnerability or weakness in a system or software. It is usually delivered by an Exploit, which is a program or code that takes advantage of a vulnerability in a system or software. The payload is the part of the exploit which is responsible for performing the malicious action once the vulnerability has been exploited.
The payload can vary depending on the type of exploit, but it generally involves executing code or commands on the system. It can be used to install malware, gain access to a system, or even delete data and files. In some cases, the payload can be used to alter the system’s configuration or settings.
The payload can be written in any language and is typically tailored to the specific exploit and system being attacked. This ensures that the payload will be successful in exploiting the vulnerability. It is important to note that the payload is only one part of the exploit and must be used in conjunction with other components such as the exploit code or shellcode in order to be successful.
PayloadAllTheThings - The largest and greatest collection of shells and shell commands on the web.
unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
ads-payload - Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using environment variables, alternating data streams and wmic.
shellnoob - convert shellcode between different formats and sources.
Misc Loader, Stagers, and Utility
EncryptedReaper - A program to encrypt a binary to bypass static detection and aid in loader or dropper development and hide your payload in the resource section.
TerraLdr - A Payload Loader Designed With Advanced Evasion Features
obscureV4 - Obscure an IPv4 address into over 100 different formats that still work for connecting to network resources. Useful for bypassing web application firewalls and intrusion detection systems.
DNSStager - DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting it into chunks and encoding the payload using different algorithms.
BashObfuscator - BashObfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand.
Exploit Obfuscation is a method of making malicious software or code harder to detect and analyze. This technique can be used to evade antivirus software and make it more difficult to identify and remove malicious code. There are various methods used to obfuscate code, such as changing the code structure, using alternate coding languages, and using encryption.
https://github.com/optiv/Freeze - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
Veil-Framework - Veil is a tool designed to generate Metasploit payloads that bypass common anti-virus solutions.
Use the Veil payload with a meterpreter session
Can take pre-armored shellcode and use it to create a robust executable
Securing non-armored shellcode with AES encryption to create a compiled python executable
HideMyPS - This is a custom PowerShell Obfuscator used in The Hacker Playbook 3 (THP3). Please refer to THP3 for further details.
Shells
One of the most common goals of an initial exploitation is to get a remote shell on your target. This essentially allows you remote command line access to it. When crafting your payloads, the contents will often be instructions to establish your inital shell.
In the absense of specifically identified vulnerabilities, there are many tools that can be used for enumeration and exploitation for specific protocols, services, and applications.
Exploitation by port will show you common ports that you may find and some tools/commands to use to attack them.
When exploiting a web based resource, there many different vulnerabilities to take advantage of. Here is a list of common vulnerabilities with resources on how to exploit them.
Needing its own section, there is a huge list of different technologies used in web applications. Here is a list of commonly used web technologies and some resources on how to exploit them.
Some times you will encounter unusual targets such as networking devices, VOIP services, and even mobile devices. Many have thier own tools and methodologys to use against them.