This is your work, valued
RdpThief. Extracting Clear Text Passwords from mstsc.exe using API Hooking.
1.5kraven. raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
798IIS-Raid. A native backdoor module for Microsoft IIS (Internet Information Services)
555WordSteal. This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
253DNS-Persist. DNS-Persist is a post-exploitation agent which uses DNS for command and control.
208CVE-2018-8174-msf. CVE-2018-8174 - VBScript memory corruption exploit.
168DropboxC2C. DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.
153go-deliver. Go-deliver is a payload delivery tool coded in Go.
114Browser-C2. Post Exploitation agent which uses a browser to do C2 operations.
103CVE-2017-11882-metasploit. This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.
98AzureCLI-Extractor. A tool to extract and abuse access tokens from AzureCLI for bypassing 2FA/MFA.
47RsaTokenExtractor. A simple toolkit on extracting RSA Software Tokens from RSA SecureID
42my-exploits. My public exploit collection.
31Infosec_Reference. An Information Security Reference That Doesn't Suck
8SauronEye. Search tool to find specific files containing specific words, i.e. files containing passwords..
5evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
5windows-kernel-exploits. windows-kernel-exploits Windows平台提权漏洞集合
4AD-Attack-Defense. Active Directory Security For Red & Blue Team
4Pentest-and-Development-Tips. A collection of pentest and development tips
4StudentResources. A repository for cybersecurity students
3CVE-2019-0604. cve-2019-0604 SharePoint RCE exploit
3CVE-2018-8120. CVE-2018-8120 Windows LPE exploit
3MaliciousMacroGenerator. Malicious Macro Generator
3Awesome-Advanced-Windows-Exploitation-References. List of Awesome Advanced Windows Exploitation References
3smbdoor. kernel backdoor via registering a malicious SMB handler
3blueborne. Contains PoC scripts demonstrating the BlueBorne vulnerabilities
3sRDI. Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
3CVE-2018-8897. Arbitrary code execution with kernel privileges using CVE-2018-8897.
3Inveigh. Inveigh is a Windows PowerShell LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool
3awesome-cve-poc. ✍️ A curated list of CVE PoCs.
3OneLogicalMyth_Shell. A HTA shell to assist with breakout assessments.
2CVE-2020. 2020一些漏洞
2PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
2donut. Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies from memory and runs them with parameters
2Whisker. Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
2cve-2019-1040-scanner. Python
2PrivExchange. Exchange your privileges for Domain Admin privs by abusing Exchange
20x09al.github.io. Ruby
2Windows-Hunting.
2RCEvil.NET. C#
2vmware_vcenter_cve_2020_3952. Exploit for CVE-2020-3952 in vCenter 6.7
2recaptcha-phish. Phishing with a fake reCAPTCHA
2ad-ldap-enum. An LDAP based Active Directory user and group enumeration tool
2Awesome-Vulnerability-Research. 🦄 A curated list of the awesome resources about the Vulnerability Research
2ctf. Python
2SharpHound. The BloodHound C# Ingestor
2PowerPriv. A Powershell implementation of PrivExchange designed to run under the current user's context
2Blacklist3r. project-blacklist3r
2fracker. PHP function tracker
2labs. Vulnerability Labs for security analysis
2CTF-Challenge. Simple challenge.
1go-agent. New Relic Go Agent
1ccat. Cisco Config Analysis Tool
1jdbc-backdoor. A fake JDBC driver that allows OS command execution.
1DecryptTeamViewer. Enumerate and decrypt TeamViewer credentials from Windows registry
1C2-Tool-Collection. A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
1CVE-2018-8581. CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability
1