Default welcome msg!

ExploitHub - a marketplace for vulnerability testing

The goal is to close the capabilities gap between the cyber-criminals and white hats, by enabling defenders to perform more comprehensive testing of their defenses

The Problem

As more corporate assets migrate to the digital world, the quality of the systems that house and protect the data become increasingly important. Cybercriminals utilize exploits predominantly against the thousands of publicly disclosed non-zero-day vulnerabilities to compromise systems. The result is an asymmetric war in which the black hats have more tools at their disposal than the white hats.

Security or penetration testing is the most deterministic method of evaluating the actual effectiveness of any protective system, but it is difficult to do properly and can impact production systems. In addition, current pen testing tools only provide coverage for about 10% of the 15,000 published vulnerabilities. Thus, pen tests are neither comprehensive nor adequate for determining the secured state of any system.

The Solution

ExploitHub is a community-driven marketplace made up of a diverse group of expert security researchers contributing to solve the problem.

  • Increase data security and level the playing field by improving security testing resources of white hats
  • Create an economically sustainable ecosystem for ongoing vulnerability testing
  • Support the professionalization of security researchers, and make it economically rational to do good
  • Advance the state of the art of security product development, deployment and testing



  • Penetration Testers

    Penetration testers and buyers
  • Security Researchers/Exploit Developers Sellers

    Penetration testers and buyers


  • Access more exploits in order to perform more comprehensive penetration testing
    Reduce time and increase margins by increasing efficiency and lowering the cost of engagements
    For internal IT auditors: prepare for a pen test or assessment to reduce surprises and the costs of remediation
    Use the Request System to solicit the development of exploits for specific vulnerabilities
  • Earn additional income by selling your research and exploit code
    Enhance career opportunities by showcasing your work
    Receive guidance and bounties for exploit development from the Request System

How it works

  • Apply for a customer account to purchase exploits
    Browse the marketplace and purchase content
    Purchase, download, Pwn.
  • Sign up for an author account
    Submit content and name your price
    Receive revenue as your exploits are purchased


"The NSS approach sounds like a great way for exploit developers to profit from their work and an excellent source of useful tools for penetration testers everywhere. Since they are only dealing with exploits for which vulnerability details are already available, it's less about safeguarding sensitive information and more about creating a market for exploit tools."
- HD Moore, chief security officer at Rapid7 and creator of Metasploit
"From a tester side, I'd be more than happy to invest in this because it's going to save some time of my guys developing exploits with Metasploit or Core plug-ins ... And it's going to give developers a more secure place to put their exploits. The ExploitHub is a place to further the progress of detection, analysis and structure of defense."
- Chris Nickerson, Lares Consulting
"If they do it right this gives guys in my position a venue to put our stuff out there and make some money."
- Pen Tester

Contact Us

You can reach us by email at info at
Privacy Protected