The SnappingTurtle Zero-day Exploit Pack is comprised entirely of web application exploits for zero-day vulnerabilities. Only exploits for critical vulnerabilities such as remote code execution are considered for inclusion in the SnappingTurtle pack.
Plenty of other exploit packs cover publicly known vulnerabilities, including many we've released in the past. For SnappingTurtle, we've opted to focus entirely on zero-days discovered by the AutoSec Tools team, allowing for greater chance of successful exploitation.
As memory corruption becomes more difficult to exploit due to advancements in mitigations and other technologies, web applications remain soft targets. By virtue of the platform, web applications tend to offer extremely open and rich attack surfaces. This means greater opportunity for exploitation, quite often without any interaction on part of the target.
We primarily focus classes of vulnerabilities that can be remotely exploited to either achieve code execution or exfiltrate sensitive data.
Updates are pushed as vulnerabilities are discovered and exploits are developed.