💬 Chat with anyone on any website.

PrimitiveInjection by using Read, Write and Allocation Primitives.

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks

This code silently installs Chrome extensions on Mac, Windows, and Linux

Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.

Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463

一款办公应用云凭证利用工具

极简且免费的微信消息推送服务 (基于golang)

AppLocker-Based EDR Neutralization

Easily and securely send things from one computer to another 🐊 📦

JavaScript Reverse Tools -- JS逆向工具

Obfuscation library based on C++20 and metaprogramming

Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that functi…

分布式资产安全扫描平台

Supports RSC fingerprinting and exploitation of the React component vulnerability CVE-2025-55182.

HeapDump敏感信息提取工具

智能闲鱼客服机器人系统：专为闲鱼平台打造的AI值守解决方案，实现闲鱼平台7×24小时自动化值守，支持多专家协同决策、智能议价和上下文感知对话。

重构了Cobaltstrike Beacon，行为对国内主流杀软免杀，支持4.1以上的版本。 A cobaltstrike Beacon bypass anti-virus, supports 4.1+ version.

自动化检测 Swagger API 接口未授权访问漏洞工具

一款高颜值、现代化的自动化运维及轻量堡垒机，提供全面的服务器智能运维解决方案。支持资产管理分组、多协议访问(SSH、SFTP、RDP、VNC)、实时系统监控与智能告警、文件上传下载、在线编辑、命令批量执行、多主机文件分发和计划任务配置(通过 cron 表达式)等功能，确保高效安全的运维体验。适用于 Linux 和 Windows 系统的运维管理。

让JavaScript资产分析变得简单而强大

集权利用工具

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

CVE-2025-55182 POC

专注于JVM的运行时防御系统RASP

一个专注于 Java Web 特性、配置和 Trick 的安全谜题集合

Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object to DCOM call of PrintNotify.

Cobalt Strike BOF

Go 代码混淆工具，使用 AST (抽象语法树) 技术实现跨文件的代码混淆，同时保证混淆后的代码可编译和可执行。

Situational Awareness commands implemented using Beacon Object Files