Chrome browser extension-based Command & Control

SQL Injection Scout 是一个用于 Burp Suite 的扩展，专为帮助安全研究人员和开发人员检测和分析 SQL 注入漏洞而设计。该扩展提供了丰富的配置选项和直观的用户界面，便于用户自定义扫描和分析过程。

AutoFuzz是一款安全测试的辅助型BurpSuite插件，主要用于自动识别请求中的参数，根据预设的payload逐个发包测试，从而提高测试效率。

Audits an AppLocker policy XML and reports weak/misconfigured/risky settings, including actual ACL checks.

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them.

ScriptSentry finds misconfigured and dangerous logon scripts.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.

🖥️ Run AI Agent in your browser.

real time face swap and one-click video deepfake with only a single image

Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s …

微舆：人人可用的多Agent舆情分析助手，打破信息茧房，还原舆情原貌，预测未来走向，辅助决策！从0实现，不依赖任何框架。

The official repo of MiniMax-Text-01 and MiniMax-VL-01, large-language-model & vision-language-model based on Linear Attention

Windows remote execution multitool

Ready to go Phishing Platform

evilginx3 + gophish

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

smbclient-ng, a fast and user friendly way to interact with SMB shares.

让fscan再次伟大

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…

Github as C2 Demonstration , free API = free C2 Infrastructure

This is the tool to dump the LSASS process on modern Windows 11

Collection of UAC Bypass Techniques Weaponized as BOFs

A tool to transform Chromium browsers into a C2 Implant

Interesting APT Report Collection And Some Special IOCs

Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :)

HVNC for Cobalt Strike

用于windows下通过NTFS MFT快速查找文件名中带有敏感词的文件