Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

Impacket is a collection of Python classes for working with network protocols.

基于kotlin+tornadoFx的跨平台密码学工具箱.包含编解码,编码转换,加解密, 哈希,MAC,签名,大数运算,压缩,二维码功能,ctf等实用功能,支持插件

Windows 平台提权漏洞大合集，长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time.

An inject tools for injecting js code into electron application

Red Teaming Tactics and Techniques

xp_CAPTCHA_api burp 验证码识别插件 调用接口 准确率更高

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.

Small and highly portable detection tests based on MITRE's ATT&CK.

一个红队知识仓库

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A cheat sheet that contains advanced queries for SQL Injection of all types.

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

GPS is a scanning platform that learns and predicts the location of IPv4 services across all 65K ports.

信息安全方面的书籍书籍

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc

本项目集成了全网优秀的攻防工具项目，包含自动化利用，子域名、敏感目录、端口等扫描，各大中间件，cms漏洞利用工具以及应急响应等资料。

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

awesome cloud security || 收集一些国内外不错的云安全资源，主要是国内

An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.

记录安全方面的笔记/工具/漏洞合集

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

常用安全工具 docker镜像 自动更新仓库

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.