Stars
A Model Context Protocol server for Excel file manipulation
Exploit for CVE-2025-55182 & CVE-2025-66478
Supports RSC fingerprinting and exploitation of the React component vulnerability CVE-2025-55182.
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…
A professional cross-platform SSH/Sftp/Shell/Telnet/Tmux/Serial terminal.
(MeetC2 a.k.a Meeting C2) - A framework abusing Google Calendar APIs.
Rshell是一款开源的golang编写的支持多平台的C2框架,旨在帮助安服人员渗透测试、红蓝对抗。
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
A declarative, simple, fast, and fun package for building command line tools in Go
icmp隧道远控工具,支持交互式shell(session/beacon)、文件传输,可选通讯加密方式、包步态等,在流量对抗上做了增强。
Using DLL sideloading to hijack the exe main thread before starting it! 使用dll侧载在exe程序主线程启动之前劫持主线程。
Loader Pre-Technology, Main thread hijacking without using API, get ntdll and kernel32 handle without peb. 加载器前置技术,不使用API进行主线程劫持,不使用PEB获取ntdll和kernel32的地址。
CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…