High-quality exploits for validating vulnerability repair tools are scarce, costly to construct manually, and require specialized expertise. Method: This study conducts the first systematic literature review (SLR) on exploit generation techniques, analyzing 128 publications to map state-of-the-art approaches for C/C++ memory-safety vulnerabilities and PHP/Java web injection vulnerabilities. We propose a novel, structured taxonomy categorizing methods into four classes—automatic exploit generation, security testing, fuzzing-based exploitation, and hybrid techniques—and perform the first empirical usability assessment across open-source availability, reproducibility, and industrial deployability. Contribution/Results: Our analysis uncovers critical bottlenecks, including low open-source adoption and poor industrial integration. The work delivers a reusable research framework and evidence-based tool selection guidelines, significantly enhancing the feasibility and efficiency of automated vulnerability repair validation and testing.

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools. However, the vulnerability exploits are often unavailable and require time and expert knowledge to craft. Obtaining them from the exploit generation techniques is another potential solution. The goal of this survey is to aid the researchers and practitioners in understanding the existing techniques for exploit generation through the analysis of their characteristics and their usability in practice. We identify a list of exploit generation techniques from literature and group them into four categories: automated exploit generation, security testing, fuzzing, and other techniques. Most of the techniques focus on the memory-based vulnerabilities in C/C++ programs and web-based injection vulnerabilities in PHP and Java applications. We found only a few studies that publicly provided usable tools associated with their techniques.