Impack-only implementation of WinRM protocol with support for NTLM and Kerberos auth

Active Directory Mindmap Recipes: A Compromise à la Carte

FFmpeg Assembly Language Lessons

GLPI vulnerabilities checking tool

A complete terminal user interface (TUI) for LDAP.

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework.

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Admin to Kernel code execution using the KSecDD driver

A proof-of-concept Remote Desktop (RDP) session hijack utility

Partial python implementation of SharpGPOAbuse

The Network Execution Tool

This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3. May be updated periodically.

Pentest Report Generator

Fully featured and community-driven hacking environment

A swiss army knife for pentesting networks

Simple EDR implementation to demonstrate bypass

CVE-2023-32233: Linux内核中的安全漏洞

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

WebGoat is a deliberately insecure application

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

An intentionally vulnerable NGINX setup

Generate graphs and charts based on password cracking result

Rusty Impersonate

Dump NTDS with golden certificates and UnPAC the hash

A python tool to automate KeePass discovery and secret extraction.

ACL abuse swiss-knife

Six Degrees of Domain Admin