This is your work, valued
sshdHooker. One-click injection into the SSHD process to record and send the password for ssh login
★ 428oss-stinger. 利用oss实现http转发/cobalt strike上线
★ 371Slacker. 懒鬼插件/审计过的后的渗透插件/我凭本事打的SESSION凭什么还要我自己动手后渗透?
★ 252iatHijackGenerate. 白加黑的快速生成器(针对IAT类型)
★ 115exe2shellcode. Remote Download and Memory Execute for shellcode framework
★ 96BOFRunPortable. BOF内存运行exe
★ 32shellcode. myshellcode
★ 31rsspusher. 推送rss到telegram和web
★ 24linux-pam-backdoor. Linux PAM Backdoor
★ 22manager. BIE的HMP的B/S端的遠控
★ 20GitLabBrute. Gitlab 用户发现并爆破 / GitLab User discovered and brute force cracked
★ 10SecurityRambler. 一个瞎鸡儿乱打EXP的辣鸡爬虫
★ 9How-to-create-a-csgo-cheating-program. CSGO游戏透视自瞄辅助实现教程
★ 7bypassStartup. bypass Startup item
★ 7NSRAC. 百度云转存一体化自动工具
★ 6dict. my dict
★ 5HVNC. 一个正向 HVNC / 适用于代理环境
★ 4tkit. Self-use joker toolkit and Garbage lab
★ 3shellcodeloader. shellcodeloader
★ 2JsLoader. js免杀shellcode,绕过杀毒添加自启
★ 2easy-win32backdoor-example. easy win32 backdoor example. support start from windows service and real time Command echo.
★ 2exploits. Pwn stuff.
★ 19bie.github.io. JavaScript
★ 1MHOLE. 自用代理,打洞,反弹代理一体化便携部署工具
★ 1MySQL-Session-Hijacker. Simple python script to hijack any local MySQL Connection without their username & password.
★ 19bie.
★ 1BehinderClientSource. 冰蝎客户端源码-3.0-BETA6
★ 1bashrc-backdoor. Shell
★ 1go-tiebaReply-auto. auto reply from tieba.
★ 1inject_so. no exp
★ 1go-telnet-bbs. 和朋友弄的一个玩具。练手作品,没有意义的东西。
★ 1py32iat. iat hook in python.
★ 1Awesome-Prompts. 分享一下自创以及打野得到的各种优质prompt
★ 1.4kpretender. Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
★ 1.3kcertipy-merged. Tool for Active Directory Certificate Services enumeration and abuse
★ 167MITM6-Kerberos-CNAME-Abuse. Kerberos CNAME abuse PoC
★ 106GoRedOps. 🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.
★ 669eqgrp-free-file. Free sampling of files from the purported Equation Group hack.
★ 196Defender_Exclusions-BOF. A BOF to determine Windows Defender exclusions.
★ 257ColorOS-CVE-2025-10184. ColorOS短信漏洞,以及用户自救方案
★ 384DeFiHackLabs. Reproduce DeFi hacked incidents using Foundry.
★ 6.6kpipeleek. Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them
★ 21Rabby. The game-changing wallet for Ethereum and all EVM chains
★ 1.9kCyberGroupmate. Code-Driven Social Agent
★ 200bash-pinyin-completion-rs. Simple completion script for pinyin, written in rust.
★ 89go-msrpc. Go client library for Windows MS-RPC and DCOM: DCE/RPC v5, NDR/NDR64, Kerberos/NTLM/SPNEGO, SMB2, and generated stubs for 100+ Windows protocols
★ 166Coercer. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
★ 2.3kEFSRPCrpc. 利用EFSRPC协议批量探测出网
★ 67SharpRDPLog. Windows rdp相关的登录记录导出工具,可用于后渗透中Windows服务器的信息收集阶段。输出内容包括:本地rdp端口、mstsc缓存、cmdkey缓存、登录成功、失败日志事件。
★ 284Chinese-hackers-use-WPS-to-attack. WPS 0day.hen the wps software is running, an api interface with port 4709 will be opened. An attacker can request this interface to execute commands.
★ 101NacosExploit. NacosExploit 命令执行 内存马等利用
★ 218el-buildtool. EPL(Easy Programming Language(易語言) CI/CD buildtool
★ 16ChatViewTools. 红队的微信聊天记录取证工具
★ 262CVE-2024-0044. CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13
★ 331mssqlproxy. mssqlproxy python3.5+ 并修复bug
★ 66CVE-2024-1086. Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
★ 2.5kDecryptTools. DecryptTools-综合解密
★ 1.3kutf-8-overlong-encoding. 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组
★ 141Maestro. Multilingual backdoor
★ 67wxapkg. 跨平台微信小程序反编译 GUI 工具,.wxapkg 文件扫描 + 解密 + 解包工具
★ 3.7kgo-smb. A client library to interact with Windows RPC services such as MS-SRVS and MS-RRP.
★ 79fuckhoneypot. FuckHoneypot is 去他妈的蜜罐
★ 58Pillager. Pillager是一个适用于后渗透期间的信息收集工具
★ 1.3kgitlab-version. detect gitlab detail version
★ 57pandora. A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.
★ 797chrome_password.js. Get username & password from Chrome.
★ 79CVE-2023-4863. C
★ 316exploits. Repository to store exploits created by Assetnotes Security Research team
★ 184WeblogicTool. WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执行、内存马注入、密码解密等(深信服深蓝实验室天威战队强力驱动)
★ 1.8kfastjson_payload. Java
★ 249zerologon-Shot. Zerologon exploit with restore DC password automatically
★ 146patchelf. A small utility to modify the dynamic linker and RPATH of ELF executables
★ 4.2kGodPotato_CLR. A Custom CLR Assembly for MSSQL of the popular tool GodPotato
★ 83gost. GO Simple Tunnel - a simple tunnel written in golang
★ 7.1kRustHound. Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
★ 1.2kVulnerability_PoC. C++
★ 334ScreenshotBOFPlus. Take a screenshot without injection for Cobalt Strike
★ 205XinXun-wifi.
★ 9Struts2-Scan. Struts2全漏洞扫描利用工具
★ 2.2kBLACKHAT_Asia2023. Black Hat Asia 2023 PDF Public
★ 583LTProxy. Linux Transparent Proxy (Similar to Proxifiter)
★ 33go-shadowsocks2. Modern Shadowsocks in Go
★ 4.7kpoc2jar. Java编写,Python作为辅助依赖的漏洞验证、利用工具,添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块,加快测试效率
★ 761SharpExchangeKing. Exchange 服务器安全性的辅助测试工具
★ 333Apt_t00ls. 高危漏洞利用工具
★ 1.8kLocalroot-ALL-CVE. Localroot-ALL-CVE~
★ 155r0capture. 安卓应用层抓包通杀脚本
★ 7.7kwmiexec-Pro. New generation of wmiexec.py
★ 1.3kDropLabTools. 一个垃圾利用工具,半自动发包机器
★ 227npscrack. 蓝队利器、溯源反制、NPS 漏洞利用、NPS exp、NPS poc、Burp插件、一键利用
★ 706CallStackMasker. A PoC implementation for dynamically masking call stacks with timers.
★ 314SSRFmap. Automatic SSRF fuzzer and exploitation tool
★ 3.6kcertsync. Dump NTDS with golden certificates and UnPAC the hash
★ 651HackingKubernetes. This repository contain any information that can be used to hack Kubernetes
★ 113tabby. A CAT called tabby ( Code Analysis Tool )
★ 1.7kwmiexec-RegOut. Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.
★ 275chatViewTool. 基于Java实现的图形化微信聊天记录解密查看器
★ 581jattach. JVM Dynamic Attach utility
★ 1.1kJDumpSpider. HeapDump敏感信息提取工具
★ 1.7klamda. Android Full-Stack Device Control Platform: WebRTC/H.264 remote desktop, UI/OCR/image-matching automation, one-click MITM, built-in Frida, proxy/VPN/frp/P2P networking, MCP/Agent, 160+ APIs, designed for multi-device clusters and engineered deployments.
★ 7.9kcve-2022-31705. CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC
★ 120mssqlproxy. mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
★ 770WeaverScan. 泛微oa漏洞利用工具
★ 257BypassUAC. Use ICMLuaUtil to Bypass UAC!
★ 644DCOMPotato. Some Service DCOM Object and SeImpersonatePrivilege abuse.
★ 369PrintNotifyPotato. PrintNotifyPotato
★ 539CVE-2022-33679. One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
★ 415SpringBootVulExploit. SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
★ 6.1kRedCaddy. C2 redirector base on caddy
★ 212RmEye. 戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
★ 534CrackMapExec-Extension. CrackMapExec extension module/protocol support
★ 43ShiroAttack2. shiro反序列化漏洞综合利用(仅限授权测试使用)
★ 2.6kJuicyPotatoNG. Another Windows Local Privilege Escalation from Service Account to System
★ 961LDAPShell. A wrapper of ldap_shell.py module which in ntlmrelayx
★ 62iatHijackGenerate. 白加黑的快速生成器(针对IAT类型)
★ 115nopen. NOPEN Tool 又名“morerats” 莫雷斯特,是方程式工具包里的工具。
★ 49PrintSpoofer. Abusing impersonation privileges through the "Printer Bug"
★ 2.3kPrintSpoofer. PrintSpoofer的反射dll实现,结合Cobalt Strike使用
★ 87TaskSchedulerMisc. Misc TaskScheduler Plays
★ 237PHP-binary-bugs. PHP binary bugs advisory
★ 175cve-2022-23131. cve-2022-23131
★ 29yingji. 应急相关内容积累
★ 1.2kHVVExploitApply. 遵守规章制度关闭项目-使用JAVAFX图形化界面检测对HVV中常见的重点CMS系统和OA系统的已公开的漏洞进行验证。
★ 334NoNetCmdEcho-FileW.e. 应对渗透中极限环境下命令回显 & 文件落地
★ 133CVE-2022-34265. PoC for CVE-2022-34265 (Django)
★ 124transfer.sh. Easy and fast file sharing from the command-line.
★ 16kfastjson-exp. fastjson利用,支持tomcat、spring回显,哥斯拉内存马;回显利用链为dhcp、ibatis、c3p0。
★ 329DFSCoerce. Python
★ 842shiroPoc. Java
★ 318inject_got. Rewrite GOT entry to hook libc function to your owns.
★ 12Test_UEFI.
★ 13exe2shellcode. Remote Download and Memory Execute for shellcode framework
★ 96re0-kubernetes-sec-archive. :atom: [WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐
★ 3.2kHello-Java-Sec. ☕️ Java Security,安全编码和代码审计
★ 1.8kBrowserGhost. 这是一个抓取浏览器密码的工具,后续会添加更多功能
★ 1.5kNTLMRawUnHide. NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl
★ 393Packer-Fuzzer. Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
★ 3.3kcaptcha_trainer. [验证码识别-训练] This project is based on CNN/ResNet/DenseNet+GRU/LSTM+CTC/CrossEntropy to realize verification code identification. This project is only for training the model.
★ 3.2kPySharpSphere. Yet another SharpSphere
★ 227Invoke-sAMSpoofing. CVE-2021-42287/CVE-2021-42278 exploits in powershell
★ 39cdb-wds. 利用白名单文件 cdb.exe 执行 shellcode
★ 213SCFProxy. A proxy tool based on cloud function.
★ 1kaliyun-accesskey-Tools. 阿里云accesskey利用工具
★ 1.2kcve-2022-23131. cve-2022-23131 zabbix-saml-bypass-exp
★ 154pocV. Compatible with xray and nuclei poc framework
★ 199Knowledge-Base. Knowledge Base 慢雾安全团队知识库
★ 4.6kPerfusion. Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
★ 427CVE-2022-20699. Cisco Anyconnect VPN unauth RCE (rwx stack)
★ 238KrbRelay. Framework for Kerberos relaying
★ 952php-totp. HOTP and TOTP token generation
★ 85mt3. MT3: Multi-Task Multitrack Music Transcription
★ 1.7kbashrc-backdoor. Shell
★ 20bashrc-backdoor.
★ 1noPac. CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
★ 1.4kgodzilla_decode. Godzilla java Decode,哥斯拉jsp(内存马)流量解密
★ 113Gitlab-CVE-2021-22205. Python
★ 181HVNC. 基于Tinynuke修复得到的HVNC
★ 196Beacon.dll. Beacon.dll reverse
★ 140SigFlip. SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
★ 1.3kcnn_captcha. use cnn recognize captcha by tensorflow. 本项目针对字符型图片验证码,使用tensorflow实现卷积神经网络,进行验证码识别。
★ 2.9kBeacon_re.
★ 88pop-master-go. 强网杯pop_master go解法
★ 31RedisWriteFile. 通过 Redis 主从写出无损文件
★ 718CVE-2021-1675. C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
★ 2kDoughnuts. A webshell manager for php🍩
★ 84onirii. Universal queue SDK
★ 26csplugin. 自己开的cs插件
★ 247acm. AsCii Movie (asciimation) https://ascii.moe
★ 16svnExploit. SvnExploit支持SVN源代码泄露全版本Dump源码
★ 1kTrackRay. 溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
★ 2.1kCVE-2021-31166. Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
★ 826f8x. 红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
★ 2.1kcaeruleum. Retrofit inspired Http client base on ktor-client
★ 17pystinger. Bypass firewall for traffic forwarding using webshell
★ 1.4kkscan. Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
★ 4.3kInvoke-Obfuscation. PowerShell Obfuscator
★ 4.3kscf-proxy. 云函数代理服务
★ 420nsroot. `chroot`, `mount --bind` without privilege
★ 34webwaf. 好好打比赛、、、emmmm 投机取巧是不好的
★ 30CVE-2021-21972-vCenter-6.5-7.0-RCE-POC. Python
★ 137mbtm. 攻击流量模拟 用于迷惑蓝队 分散蓝队精力 混淆真实攻击流量
★ 196Cooolis-ms. Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码,帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
★ 930Sunflower_get_Password. 一款针对向日葵的识别码和验证码提取工具
★ 923flask_memory_shell. Flask 内存马
★ 314WindowsElevation. Windows Elevation(持续更新)
★ 666DarkGuardian. RDP远程登录挂盘监控工具
★ 2gophish. Open-Source Phishing Toolkit
★ 14kNeo-reGeorg. Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
★ 3.4kCVE-2021-1732-Exploit. CVE-2021-1732 Exploit
★ 425PhishingInstall. 发信平台自动化部署
★ 64go-memory-allocator-visual-guide. Go 语言内存分配可视化指南(A visual guide to Go Memory Allocator from scratch (Golang))
★ 207DuckMemoryScan. 检测绝大部分所谓的内存免杀马
★ 732CVE-2021-21972. CVE-2021-21972 Exploit
★ 501mhydump. C++
★ 21Candy2. Archived
★ 92ReflectiveDLLInjection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
★ 3.3kShellCodeFrame. 使用纯C/C++编写的ShellCode生成框架
★ 454CVE-Exploits. PoC exploits for software vulnerabilities
★ 688redtool. 日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
★ 1.4kinject_shellcode_message_hook. inject shellcode into remote process via message hook
★ 15fscan. 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)
★ 14kZ1-AggressorScripts. 适用于Cobalt Strike的插件
★ 559bylibrary. 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
★ 1.5kSMBGhost_RCE_PoC. Python
★ 1.4kcpr. C++ Requests: Curl for People, a spiritual port of Python Requests.
★ 7.4kNetTracer. This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.
★ 52Kernelhub. :palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
★ 3.2kErebus. CobaltStrike后渗透测试插件
★ 1.6kcpp-httplib. A C++ header-only HTTP/HTTPS server and client library
★ 17kHTTPRequest. Single-header C++ HTTP request class
★ 969Windows-Exploit-Suggester. This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
★ 4.2klinux-exploit-suggester. Linux privilege escalation auditing tool
★ 6.6kMySQL-Session-Hijacker. Simple python script to hijack any local MySQL Connection without their username & password.
★ 12go-ReflectiveDLL. ReflectiveDLL
★ 154Mhyprot2DrvControl. A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
★ 363CTF-All-In-One. CTF竞赛权威指南
★ 4.5kRDPInception. A proof of concept for the RDP Inception Attack
★ 355eggos. A Go unikernel running on x86 bare metal
★ 2.3ktencentyun_FaaS. easy to create web application in tencent yun FaaS
★ 2ew. 内网穿透(跨平台)
★ 1.1kzfxfzb-code-data. 正方系统验证码生成器
★ 7pydictor. A powerful and useful hacker dictionary builder for a brute-force attack
★ 3.6ktaowu-cobalt_strike.
★ 1.8kcrawlergo_x_XRAY. 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
★ 1.2ktphack. Thinkphp3/5 Log文件泄漏利用工具
★ 60Intranet_Penetration_Tips. 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
★ 4.6kJuggler. A system that may trick hackers. 针对黑客的拟态欺骗系统。
★ 454WMIHACKER. A Bypass Anti-virus Software Lateral Movement Command Execution Tool
★ 1.5kssdt.Recover.21yu3. 绕过卡巴斯基主动防御,加载驱动,unhook所有ssdt hook及shadow ssdt hook
★ 38TempestSDR. Remote video eavesdropping using a software-defined radio platform
★ 1.6kFake-flash.cn. flash.cn钓鱼页(中文+英文)
★ 444NetLoader. Loads any C# binary in mem, patching AMSI + ETW.
★ 850