BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.
Switch branches/tags
Nothing to show
Clone or download

README.md

browsersploit

BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.

I started this project years ago, when still exploiting IE 6, 7 and 8. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task.

BrowserSploit use a lot of techniques to bypass anti-virus and is full of featured.

  • Javascript obfuscation (XOR, JS Iframe Head, Cookie Encrypted, Split Encrypted Iframe, Base64 random space).
  • Advanced exploitation techniques.
  • Artificial Intelligence based on traffic learning.
  • Multi-Users ready platform
  • Filter Antivirus connections
  • Evade AV domain filters
  • Reverse Honeypot features to trick non legitimate users and sec users
  • Bypass Windows DEP / ASLR / UAC
  • Advanced polymorphic shellcoding

What it mean for the non-technical people: If you surf the web on your browser and you visit a page infected by an browser exploit pack, then you will likely be infected by malicious software without even notify it.

Next Features:

  • Windows 8/8.1/10 CFG bypass.
  • Organize sql structure.
  • Sql optimisation with memcached.
  • Code optimisation to run on heavy loads
  • Port perl to php for better scalability (be able to pentest large corporate network)
  • Adding recent exploits
  • Adding more evasive shellcodes
  • Adding more platforms as it's now widely used (linux, MacOS)
  • Fixing security bugs...

WARNING: This tool is not for script kiddies or for non-advanced coders. It a platform to jumpstart your own code by adding more exploits, there's a lot of bugs into the platform, some have just been put there to stop non-ethical hacker running this code too easily.