Skip to content
for concurrent exploiting
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf check root before installation, set default work dir Dec 24, 2017
output add output dir Nov 22, 2017
screenshot fix #33 Nov 25, 2018
tools re-order modules Jun 9, 2017
.gitignore use python virtualenv for mec Apr 17, 2019
LICENSE Initial commit Mar 9, 2017 update url to github repo Apr 17, 2019


a collection of hacking tools with a cli ui


take a look at mec-ng



  • please use this tool only on authorized systems, im not responsible for any damage caused by users who ignore my warning
  • exploits are adapted from other sources, please refer to their author info
  • please note, due to my limited programming experience (it's my first Python project), you can expect some silly bugs


  • an easy-to-use cli ui
  • execute any adpated exploits with process-level concurrency
  • some built-in exploits (automated)
  • hide your ip addr using proxychains4 and ss-proxy (built-in)
  • zoomeye host scan (10 threads)
  • a simple baidu crawler (multi-threaded)
  • censys host scan
  • built-in ssh bruteforcer

getting started

git clone --depth=1 && cd massExpConsole && ./
  • type proxy command to run a pre-configured Shadowsocks socks5 proxy in the background, vim ./data/ss.json to edit proxy config. and, ss-proxy exits with


  • supports Ubuntu, Debian, Kali, Linux Mint, Fedora, CentOS, RHEL, Arch. for CentOS/RHEL, you might need to manually configure python3 environment before installing
  • Python 3.5 or later
  • proxychains4 (in $PATH), used by mec core, requires a working socks5 proxy (you can modify its config in
  • Java is required when using Java deserialization exploits
  • note that you have to install all the deps of your exploits or tools as well


  • just run mec, if it complains about missing modules, install them
  • if you want to add your own exploit script (or binary file, whatever):
    • cd exploits, mkdir <your_exploit_dir>
    • your exploit should take the last argument passed to it as its target, dig into to know more
    • chmod +x <exploit> to make sure it can be executed by current user
    • use attack command then m to select your custom exploit
  • type help in the console to see all available features
  • zoomeye requires a valid user account config file zoomeye.conf

how to contribute

You can’t perform that action at this time.