Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

Obfuscator for .NET and Mono, with a customizable engine for building your own obfuscators.

sideloading PoC using onedrive.exe & version.dll

A domain specific language for matching directories and files in network shares

A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily

Simple powershell script to tests for "GHOST" SPN's

Helps defenders find their WSUS configurations in the wake of CVE-2025-59287

Yet another WeChat miniapp debugger on Windows

Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover

A little tool to play with Windows security

Turacos 是一款专业的多数据库安全评估工具，支持 PostgreSQL、MySQL、Redis、MSSQL 等多种数据库的后渗透操作。 为安全研究人员提供系统化、模块化的数据库安全测试能力，助力企业进行安全评估与漏洞验证。

JSFindAPI是一款自动从html页面中获取js链接，并自动访问js提取js中的api路径，然后自动进行api未授权测试的插件，同时也可被动监听，当访问js时自动提取api进行访问，提取api接口主要根据AJAX，XMLHttpRequest，axios，Vue.js等各种api请求的写法去正则提取，准确性和数量都有提升

burp插件,Oss漏洞被动扫描

A fast, simple, recursive content discovery tool written in Rust.

Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

这是一款对chromium源码进行定制的浏览器,支持爬虫/JS逆向工程师进行辅助分析网页

推理算法助手(降维打击)

The DCERPC only printerbug.py version

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

ICP备案信息查询

让fscan再次伟大

A email bomb/fake email tool, by Python

Nexus Maven私服内容下载

DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

🚀 Free HTTP, SOCKS4, & SOCKS5 Proxy List * Updated every 5 minutes *