Exploit Pack
Exploit Pack
Exploit Pack
Gain access to a massive collection of over 39,500 exploit modules and zero-days from our lab. Build, customize, and deploy advanced testing scenarios to enhance the effectiveness of your engagements. With Exploit Pack, your next professional pentest becomes more powerful, precise, and efficient
Single‑user, single machine. Each license is watermarked and tied to the email used at purchase; one license per person, one machine per license.
Renewals: Special pricing is available for customers with an active license. Please contact support@exploitpack.com
Couldn't load pickup availability
The most advanced offensive framework
Developed by a small team of exploit developers, Exploit Pack is a highly sophisticated exploitation framework with a massive library of 39,500+ exploits and 0-days directly from our lab.
It includes a robust set of tools for payload generation, post-exploitation, evasion, and automation, making it a core component of offensive security workflows.
With a yearly license of Exploit Pack Framework, you also get access to monthly updates, 0-days, and technical support for you and your team.
Do you need a quote? Contact us
Key Features
-
Exploit database and research
Exploit Pack provides access to an internal exploit database maintained by the Exploit Pack research lab, containing more than 39,000 exploits and 0-days from our own lab. These exploits are categorized to support controlled exploitation during security assessments, offering broad coverage across platforms, services, and vulnerability types for testing and validation purposes.
-
CVE lookup and reporting
Exploit Pack includes helpers for referencing known CVEs during exploitation work, allowing users to correlate exploit modules with public vulnerability identifiers. In addition, a built-in HTML penetration testing report generator enables structured documentation of exploitation results, supporting clear communication of findings and impact in assessment reports.
-
Sidekick Feature
Deploy a helper application (Sidekick) on Windows. When connected to the Sidekick app, you can run your exploit on the target system and receive the output directly in Exploit Pack. The exploit can be debugged remotely using Ghidra or WinDBG with the Sidekick plugin. Instead of manually transferring files, running payloads, and collecting output, Sidekick acts as a bridge between your development environment and Exploit Pack.
-
Exploit Editor
A built-in exploit editor designed to support the creation, modification, and testing of exploit code within the framework. The editor provides a structured environment with syntax highlighting and direct integration with the module system, allowing users to edit exploits, manage metadata, and execute modules without leaving the platform. This integration helps streamline exploit development and iterative testing.
-
AutoPwn and Network Scanning
The framework provides integrated network scanning capabilities combined with AutoPwn-style workflows. Discovered services can be automatically matched against available exploit modules, enabling rapid transition from service identification to exploitation attempts. These workflows are designed to streamline repetitive tasks while still allowing manual control and validation at each stage.
-
Fuzzing tools
Exploit Pack includes fuzzing tools for remote TCP services, local file-based targets, and socket-based communication. Supporting utilities such as pattern and offset generators help identify crash offsets during exploit development, while UTF locator tools assist in locating payloads within memory. Together, these features support both vulnerability discovery and exploit reliability testing.
Latest changelog version 19.05:
- Loading times are now faster
- Dark-mode is now available Help -> Dark-mode
- New feature: Sidekick. Deploy a Side-Kick app in Windows that will assist you during your Exploit Development process, when connected to the side-kick app you can run your exploit on the target from your editor and get the output back to EP, the exploit can be debugged remotely with Ghidra, using the side-kick plugin for it. The side-kick app has lots of features to discover and more to come!
- General improvements in the GUI and menus
- Bug-fix: When selecting Utilities the tab was incorrectly set.
- Bug-fix: Selecting an exploit, xml without code file throws an error.
- Bug-fix: Exporting exploits folder to zip file crashes in certain conditions: file not found, name error.
- Bug-fix: Importing exploits from a .zip file crashes in certain conditions: file not found, name error.
Questions About This Product
What type of license is included?
All our tools are provided under an annual license.
Do licenses renew automatically?
No. Licenses are not automatically renewed. You may choose to renew each year at your own convenience.
How many users can use one license?
Each license is issued on a single-user basis. Sharing between multiple individuals is not permitted.
Integration with other tools
After you gain initial access with Exploit Pack, the workflow continues seamlessly: deploy a Control Pack agent to consolidate access, collect information, and integrate findings into your reporting flow. Designed to hand off cleanly to post-exploitation tooling while preserving auditability.
Can I use the license against multiple targets?
Yes. While some tools in the industry restrict you to a limited number of targets, our licenses allow you to use the tool against as many machines as needed within your authorised engagements.
Delivery of licenses
Licenses are delivered digitally to the email used at purchase. Since they are sent manually, delivery may take up to 24 hours (usually faster).
Once the order is confirmed and the license has been delivered, it cannot be transferred, and refunds will not be issued.