Stars
金刚狼:首款支持多层内网级联的ASPX、ASHX高级WebShell管理工具,AES加密通信,无需代理,内存加载渗透工具,无文件落地隐蔽渗透目标,动态代码执行,ShellCode加载(Metasploit/Cobalt Strike),反弹Shell,Socks代理,内存马
Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
A tool to dump a git repository from a website
Username tools for penetration testing
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
OSS-Fuzz - continuous fuzzing for open source software.
Tiny SHell Go - An open-source backdoor written in Go
ConPtyShell - Fully Interactive Reverse Shell for Windows
Tools and Techniques for Red Team / Penetration Testing
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
This repo contains some Amsi Bypass methods i found on different Blog Posts.
This repo covers some code execution and AV Evasion methods for Macros in Office documents
dnSpyEx / dnSpy
Forked from dnSpy/dnSpyUnofficial revival of the well known .NET debugger and assembly editor, dnSpy
Open-Source Remote Administration Tool For Windows C# (RAT)
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…
Run PowerShell with rundll32. Bypass software restrictions.
FofaMap是一款基于Python3开发的跨平台FOFA API数据采集器,支持普通查询、网站存活检测、统计聚合查询、Host聚合查询、网站图标查询、批量查询等查询功能。同时FofaMap还能够自定义查询FOFA数据,并根据查询结果自动去重和筛选关键字,生成对应的Excel表格。另外春节特别版还可以调用Nuclei对FofaMap查询出来的目标进行漏洞扫描,让你在挖洞路上快人一步。
scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…