  |
Security Focus - http://www.securityfocus.com
Provides security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. |
| |
VUPEN Exploits and PoCs - http://www.vupen.com/exploits/
Archive of private exploits and proof-of-concept codes developed in-house by VUPEN Security. |
| |
Canvas Exploit Platform - http://www.immunitysec.com/index.shtml
A commercial exploit platform similar to metasploit. Has built in memory resident shells that are cleared when the machine is rebooted. Perfect for cleaning up after a penetration test. |
| |
PacketStorm Security - http://www.packetstormsecurity.org/
Packet Storm is a non-profit organization comprising computer security professionals that are dedicated to providing the information necessary to secure the networks world-wide. It publishes new security information on a global network of websites. The organization offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. It provides network security professionals, researchers, and all other interested individuals with the ability to analyze and learn from the tools, processes and mindsets of their opponents, as well as offering the tools needed to build and test defenses against them. |
| |
Security Tracker - http://www.securitytracker.com
Archive of exploits and security advisories |
| |
Fyodor's Exploit World - http://insecure.org/sploits.html
A large and descriptive exploit archive organized by affected operating systems. |
| |
Security-Protocols Exploit News - http://www.security-protocols.com
A up to date security and exploit portal, provides commentary on many popular exploits as they develop in the wild. |
| |
Metasploit Project - http://metasploit.org
The Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research. |
| |
Ethical Hacking Course - http://www.infosecinstitute.com/courses/ethical_hacking_training.html
Commercial hacker training course on how to write and use exploits. |
| |
malware.com - http://www.malware.com/
A group that develops as well as discloses software exploits on many of the security mailing lists. Mainly specializing with Microsoft Office and Internet Explorer Vulnerabilitys. |
| |
SecWatch - http://secwatch.org/
A site dedicated to the latest in security - all the latest and archived exploits and vulnerabilities. |
| |
Exploiting Caller ID - http://www.artofhacking.com/orange.htm
The Software Orange Box is a free proof-of-concept tool which can spoof most forms of North American Caller ID. |
| |
0-Day Exploits and Tutorials - http://www.datastronghold.com
DataStroghold.com Unveils how exploits and other hacking techniques are performed, in a clear and concise method. Frequently updated and always interesting. |
 |
milw0rm.com - http://www.milw0rm.com
Exploit database separated by exploit type (local, remote, DoS, etc.) |
| |
PullThePlug WarGames - http://www.pulltheplug.org/
Place for Programmers and Hackers to hone their technical skills by completing challenging wargames and Programming Challenges. Including Network Programming, Defeating PaX, Buffer/Heap Overflows, Format Strings etc. |