- Rust
- Python
- Go
- miscellaneous
- C
- C#
- Java
- JavaScript
- C++
- BlitzBasic
- Assembly
- Objective-C
- PowerShell
- TypeScript
- Lua
- Ruby
- Shell
- Jupyter Notebook
- Makefile
- Vim Script
- Dockerfile
- Batchfile
- Scala
- Vue
- Thanks
neonmoe/minreq - Simple, minimal-dependency HTTP client.
YDHCUI/taskschd - 一个windows计划任务库
Kudaes/Shelter - ROP-based sleep obfuscation to evade memory scanners
BlackSnufkin/Rusty-Playground - Some Rust program I wrote while learning Malware Development
Kudaes/RustChain - Hide memory artifacts using ROP and hardware breakpoints.
joaoviictorti/RustRedOps - 🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language. (In Construction)
d0ntrash/load_library_rs - Basic implementation of the Windows loader in Rust
sha0coder/libscemu - SCEMU The crates.io lib, x86 cpu and systems emulator focused mainly for anti-malware
BlWasp/rs-shell - A dirty PoC for a reverse shell with cool features in Rust
yamakadi/clroxide - A rust library that allows you to host the CLR and execute dotnet binaries.
not-matthias/defmt-windows - Crates to support using defmt on Windows.
Valthrun/Valthrun - Valthrun an open source external CS2 read only kernel gameplay enhancer.
2vg/blackcat-rs - Black cat magic ฅ(^・ω・^ฅ ✿)
Jaxii/net-assembly-loader-rs - Loads .NET assemblies, kind of.
libp2p/rust-yamux - Multiplexer over reliable, ordered connections.
nwtgck/yamux-cli-rust - CLI of multiplexing TCP and UDP using yamux
Matrix-Zhang/kcp - Reliable-UDP Library for Rust
b23r0/rsocx - A bind/reverse Socks5 proxy server.
evilsocket/medusa - A fast and secure multi protocol honeypot.
b1tg/rust-windows-shellcode - Windows shellcode development in Rust
trickster0/EDR_Detector - EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.
jiushill/FuckVM - Rust Fuck VM
ast-grep/ast-grep - ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
ekzhang/sshx - Fast, collaborative live terminal sharing over the web
tyrchen/conceal - conceal your secret files for individual receiver
g0h4n/REC2 - REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust. 🦀
rustdesk/rustdesk-server-demo - A working demo of RustDesk server implementation
janoglezcampos/rust_syscalls - Single stub direct and indirect syscalling with runtime SSN resolving for windows.
0xlane/wechat-dump-rs - 该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。
CasualX/obfstr - Compiletime string literal obfuscation for Rust.
m3f157O/combine_harvester - Rust in-memory dumper
cursey/x64-virtualizer-rs - x86-64 virtualizing obfuscator written in Rust
0xor0ne/debugoff - Linux anti-debugging and anti-analysis rust library
enigo-rs/enigo - Cross platform input simulation in Rust
editso/fuso - 一款体积小, 快速, 稳定, 高效, 轻量的内网穿透, 端口转发工具 支持多连接,级联代理,传输加密 (A small volume, fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption)
wildbook/hwbp-rs - A thin Rust wrapper around Windows' hardware breakpoints.
b1nhack/rust-shellcode - 🤖 windows-rs shellcode loaders 🤖
vi3t1/qq-tim-elevation - CVE-2023-34312
hakaioffsec/coffee - A COFF loader made in Rust
Devolutions/IronRDP - Rust implementation of the Microsoft Remote Desktop Protocol (RDP)
x1tan/rust-uefi-runtime-driver - Template for UEFI runtime drivers written in Rust with serial logging and debugging support.
not-matthias/mmap - Simple manual mapper written in Rust.
rmccrystal/memlib-rs - A cross platform memory hacking library written in Rust aimed at cheat development.
memN0ps/bootkit-rs - Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
CertainLach/vmprotect - Unofficial Rust SDK for VMProtect
BloopAI/bloop - bloop is a fast code search engine written in Rust.
Kudaes/Split - Apply a divide and conquer approach to bypass EDRs
johnlui/PPHC - 📙《高并发的哲学原理》开源图书(CC BY-NC-ND)https://pphc.lvwenhan.com
rust-headless-chrome/rust-headless-chrome - A high-level API to control headless Chrome or Chromium over the DevTools Protocol. It is the Rust equivalent of Puppeteer, a Node library maintained by the Chrome DevTools team.
crablang/crab - A community fork of a language named after a plant fungus. All of the memory-safe features you love, now with 100% less bureaucracy!
Neo23x0/Loki2 - LOKI2 - Simple IOC and YARA Scanner
rapiz1/rathole - A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
GyulyVGC/sniffnet - Application to comfortably monitor your Internet traffic 🕵️♂️
launchbadge/sqlx - 🧰 The Rust SQL Toolkit. An async, pure Rust SQL crate featuring compile-time checked queries without a DSL. Supports PostgreSQL, MySQL, and SQLite.
memN0ps/arsenal-rs - Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust
immunant/c2rust - Migrate C code to Rust
b1tg/cobaltstrike-beacon-rust - CobaltStrike beacon in rust
optiv/Freeze.rs - Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
spellshift/realm - Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.
zu1k/Good-MITM - Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.
epi052/feroxfuzz - A structure-aware HTTP fuzzing library
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
foundry-rs/foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
nccgroup/scrying - A tool for collecting RDP, web and VNC screenshots all in one place
PyO3/maturin - Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages
citronneur/rdp-rs - Remote Desktop Protocol in RUST
AFLplusplus/LibAFL - Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
seqre/rast - A cross platform C2 server written in Rust!
pola-rs/polars - Dataframes powered by a multithreaded, vectorized query engine, written in Rust
cr7pt0pl4gu3/Pestilence - Shellcode loader designed for evasion. Coded in Rust.
dRAT3/merter - Bounty hunting tool for eth and bsc, using the MythX API.
vectordotdev/vector - A high-performance observability data pipeline.
PyO3/pyo3 - Rust bindings for the Python interpreter
mcginty/snow - A Rust implementation of the Noise Protocol Framework
rayon-rs/rayon - Rayon: A data parallelism library for Rust
nccgroup/dirble - Fast directory scanning and scraping tool
0xor0ne/qscan - Quick network scanner library. https://crates.io/crates/qscan
MichalGniadek/klask - Automatically create GUI applications from clap3 apps
aya-rs/aya - Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.
EddieIvan01/memexec - A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
rustdesk/rustdesk - An open-source remote desktop, and alternative to TeamViewer.
trickster0/OffensiveRust - Rust Weaponization for Red Team Engagements.
grantshandy/claui - A GUI generator for clap-rs using egui
ihciah/clean-dns-bpf - 基于 Rust + eBPF 丢弃 GFW DNS 污染包
Privoce/vocechat-server-rust - VoceChat is a superlight rust written social server. Easy integration to your site/app.
segeljakt/xterm-js-rs - Rust-WebAssembly bindings to the xterm-js Javascript library
aress31/raadef - An extensible Rust-based exploitation framework designed to audit/attack AzureAD environments.
dwisiswant0/ppfuzz - A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
Esc4iCEscEsc/skanuvaty - Dangerously fast DNS/network/port scanner
Sndav/WeChatDB-Rust - 用Rust语言编写,使用特征值从微信内存中提取数据库密钥的工具
fornwall/rust-script - Run Rust files and expressions as scripts without any setup or compilation step.
rusty-celery/rusty-celery - 🦀 Rust implementation of Celery for producing and consuming background tasks
kkocdko/ricq - 用 Rust 实现的高性能 QQ 协议库
zblurx/impersonate-rs - Rusty Impersonate
0xlane/com-process-inject - Process Injection via Component Object Model (COM) IRundown::DoCallback().
MaulingMonkey/firehazard - Unopinionated low level API bindings focused on soundness, safety, and stronger types over raw FFI.
memN0ps/rootkit-rs - Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
svenstaro/miniserve - 🌟 For when you really just want to serve some files over HTTP right now!
TheBotlyNoob/Rust-Privesc - privilege escalation POCs built in Rust.
Idov31/FunctionStomping - A new shellcode injection technique. Given as C++ header, standalone Rust program or library.
b23r0/Heroinn - A cross platform C2/post-exploitation framework.
m4b/goblin - An impish, cross-platform binary parsing crate, written in Rust
mgostIH/process_list - Rust crate to get the processes list on the operating system, with their name and id
postrequest/link - link is a command and control framework written in rust
darkarp/chromepass - Chromepass - Hacking Chrome Saved Passwords
NH-RED-TEAM/RustHound - Active Directory data collector for BloodHound written in Rust. 🦀
YDHCUI/manjusaka - 牛屎花 一款基于WEB界面的远程主机管理工具
skerkour/black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
maxDcb/C2TeamServer - TeamServer of Exploration C2
xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability - Microsoft-Outlook-Remote-Code-Execution-Vulnerability
knqyf263/dnspooq - DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
Tw1sm/PySQLRecon - Offensive MSSQL toolkit written in Python, based off SQLRecon
stlewandowski/GitMAD - Monitor, Alert, and Discover sensitive info and data leakage on Github.
malwaredllc/byob - An open-source post-exploitation framework for students, researchers and developers.
hi-KK/VulDB_Spider - vulnerability database spider 爬取NVD、CNVD、CNNVD等漏洞数据库
cilame/vthread - python 更加方便的多线程库,以最小的代码侵入,做到最高效的多线程、线程池 coding 效率。在不改变源代码的情况下,一行代码即可实现线程池操作。
xinyisleep/pocscan - 继承大量poc检查 包含oa 如 泛微 通达 致远 万户 等。
DawnFlame/POChouse - POC&EXP仓库、hvv弹药库、Nday、1day
DSO-Lab/passets - Passets 是一套开源的被动资产识别框架。
liguodongiot/llm-action - 本项目旨在分享大模型相关技术原理以及实战经验。
hanc00l/some_pocsuite - 用于漏洞排查的pocsuite3验证POC代码
jonatanSh/shelf - Python library to convert elf to os-independent shellcodes
HG-ha/ICP_Query - 从工业和信息化部政务服务平台抓取实时数据,提供本地API,自动过验证码,支持Web、APP、小程序、快应用名称查询,违法违规应用查询,支持根据备案号查询,支持根据企业名称查询
LC044/WeChatMsg - 提取微信聊天记录,将其导出成HTML、Word、CSV文档永久保存,对聊天记录进行分析生成年度聊天报告
r1is/xiaolanben_h_sign - 小蓝本(https://www.xiaolanben.com/) 爬虫的 h_sign 签名JSRPC实现。nodejs 补环境也实现了
jianchang512/clone-voice - A sound cloning tool with a web interface, using your voice or any sound to record audio / 一个带web界面的声音克隆工具,使用你的音色或任意声音来录制音频
OpenEthan/SMSBoom - 【重制中 Repairing】短信轰炸 / 短信测压 | 一个健壮免费的python短信轰炸程序,专门炸坏蛋蛋,百万接口,多线程全自动添加有效接口,支持异步协程百万并发,全免费的短信轰炸工具!
protectai/ai-exploits - A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
gubeihc/fingerprint - 一个简单的指纹识别小工具
XiaoliChan/PetitPotam-V2 - More EFS coerced authentication method with PetitPotam.py
CodeXTF2/PyHmmm - Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample
Pennyw0rth/NetExec - The Network Execution Tool
XiaoliChan/CrackMapExec - A swiss army knife for pentesting networks
MD-SEC/MDPOCS - 猫蛋儿安全团队编写的poc能报就能打。企业微信、海康、Metabase、Openfire、泛微OA......
opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
blacklanternsecurity/bbot - A recursive internet scanner for hackers.
openeasm/ICP-API - ICP备案查询 API
chatanywhere/GPT_API_free - Free ChatGPT API Key,免费ChatGPT API,支持GPT4 API(免费),ChatGPT国内可用免费转发API,直连无需代理。可以搭配ChatBox等软件/插件使用,极大降低接口使用成本。国内即可无限制畅快聊天。
dashingsoft/pyarmor - A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.
Amulab/CAudit - 集权设施扫描器
Ridter/PySQLTools - Mssql利用工具
fin3ss3g0d/cypherhound - Python3 terminal application that contains 400 Neo4j cyphers for BloodHound data sets and 383 GUI cyphers
WingsSec/Meppo - 漏洞检测框架 Meppo | By WingsSec
WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
Qihoo360/Luwak - 利用预训练语言模型从非结构化威胁报告中提取 MITRE ATT&CK TTP 信息
StarfireLab/AutoZerologon - Zerologon自动化脚本
Wrin9/weaverOA_sql_RCE - 泛微OA_V9全版本的SQL远程代码执行漏洞
dinosn/hikvision - Hikvision log4j PoC
FeeiCN/Cobra - Source Code Security Audit (源代码安全审计)
chriskiehl/Gooey - Turn (almost) any Python command line program into a full GUI application with one line
Ridter/GetMail - 利用NTLM Hash读取Exchange邮件
lemonlove7/dirsearch_bypass403 - 目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
ZacharyZcR/SecGPT - A Test Project for a Network Security-oriented LLM Tool Emulating AutoGPT
koutto/web-brutator - Fast Modular Web Interfaces Bruteforcer
XiaoliChan/zerologon-Shot - Zerologon exploit with restore DC password automatically
tr0uble-mAker/POC-bomber - 利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
Valerian7/Proxifier_ProxyPool - Proxifier批量添加代理服务器
LandGrey/pydictor - A powerful and useful hacker dictionary builder for a brute-force attack
Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT - CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit
molly/gh-dork - Github dorking tool
madhavmehndiratta/dorkScanner - A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.
jborean93/pypsrp - PowerShell Remoting Protocol for Python
hpcaitech/ColossalAI - Making large AI models cheaper, faster and more accessible
six2dez/dorks_hunter - Simple Google Dorks search tool
hayabhay/frogbase - Transform audio-visual content into navigable knowledge.
snehankekre/streamlit-d3graph - A simple component to display d3graph network graphs in Streamlit apps.
laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT
thewhiteninja/deobshell - Powershell script deobfuscation using AST in Python
streamlit/streamlit - Streamlit — A faster way to build and share data apps.
HavocFramework/havoc-py - Havoc python api
bigb0sss/RedTeam-OffensiveSecurity - Tools & Interesting Things for RedTeam Ops
grimlockx/ADCSKiller - An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
Mr-Un1k0d3r/PowerLessShell - Run PowerShell command without invoking powershell.exe
langchain-ai/langchain - 🦜🔗 Build context-aware reasoning applications
georgesotiriadis/Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities
dr0op/WeblogicScan - 增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持
smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
OpenLMLab/MOSS - An open-source tool-augmented conversational language model from Fudan University
dadevel/mssql-spider - Automated exploitation of MSSQL servers at scale
shmilylty/OneForAll - OneForAll是一款功能强大的子域收集工具
ymcui/Chinese-LLaMA-Alpaca - 中文LLaMA&Alpaca大语言模型+本地CPU/GPU训练部署 (Chinese LLaMA & Alpaca LLMs)
ztgrace/changeme - A default credential scanner.
citronneur/rdpy - Remote Desktop Protocol in Twisted Python
orleven/Hamster - Hamster是基于mitmproxy开发的异步被动扫描框架,基于http代理进行被动扫描,主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能(开发中)。
skelsec/aardwolf - Asynchronous RDP client for Python (headless)
XiaoliChan/wmiexec-Pro - New generation of wmiexec.py
zblurx/dploot - DPAPI looting remotely in Python
hexian2001/HRP-Nnepnep-auto-pwn - 基于pwntools+angr的简单CTF AMD64 PWN AUTO FUZZ
THUDM/ChatGLM-6B - ChatGLM-6B: An Open Bilingual Dialogue Language Model | 开源双语对话语言模型
karust/cuckoo-docker - Dockerized Cuckoo sandbox
mohamedbenchikh/MDML - Malware Detection using Machine Learning (MDML)
huggingface/peft - 🤗 PEFT: State-of-the-art Parameter-Efficient Fine-Tuning.
huggingface/transformers - 🤗 Transformers: State-of-the-art Machine Learning for Pytorch, TensorFlow, and JAX.
deep-diver/LLM-As-Chatbot - LLM as a Chatbot Service
crytic/solc-select - Manage and switch between Solidity compiler versions
Consensys/mythril - Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
davidefiocco/streamlit-fastapi-model-serving - Simple web app example serving a PyTorch model using streamlit and FastAPI
Ciyfly/mullet - 总要写一款自己的扫描器
SpiderClub/haipproxy - 💖 High available distributed ip proxy pool, powerd by Scrapy and Redis
djhons/mssqlproxy - mssqlproxy python3.5+ 并修复bug
Stability-AI/stablediffusion - High-Resolution Image Synthesis with Latent Diffusion Models
BlinkDL/ChatRWKV - ChatRWKV is like ChatGPT but powered by RWKV (100% RNN) language model, and open source.
lxflxfcl/monitor - 漏洞监控平台——Monitor。目前实现了监控GitHub、微软、CNNVD三者的漏洞信息,并使用企业微信实时推送。还可以使用邮箱推送,默认关闭。
Y4hL/PyDoor - Multi-client Cross-platform Python Backdoor/Reverse Shell/RAT with AES Encryption
machine1337/fudrat - Generate Undetectable Metasploit Payload in a simple way
PrefectHQ/prefect - Prefect is a workflow orchestration tool empowering developers to build, observe, and react to data pipelines
FunnyWolf/pystinger - Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
Jumbo-WJB/PTH_Exchange - If you only have hash, you can still operate exchange
z-bool/CVE-2022-40684 - 一键枚举所有用户名以及写入SSH公钥
refraction-ray/xalpha - 基金投资管理回测引擎
w-digital-scanner/w12scan-client - 网络资产搜索发现引擎,w12scan 扫描端程序
Kanaries/pygwalker - PyGWalker: Turn your pandas dataframe into an interactive UI for visual analysis
machine1337/gmailc2 - A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions
mymarilyn/clickhouse-driver - ClickHouse Python Driver with native interface support
balki97/OWASSRF-CVE-2022-41082-POC - PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers
YinWC/2021hvv_vul - 2021hvv漏洞汇总
klezVirus/SysWhispers3 - SysWhispers on Steroids - AV/EDR evasion via direct system calls.
ShutdownRepo/pywhisker - Python version of the C# tool for "Shadow Credentials" attacks
1in9e/icp-domains - 输入一个域名,输出ICP备案所有关联域名
jellever/CyberArkTools - Some Python tooling to for example try to decrypt CyberArk .cred credential files
qianxiao996/R-Knife - R-Knife 综合渗透工具箱
Cl0udG0d/Fofa-hack - 非付费会员,fofa数据采集工具
YagamiiLight/Cerberus - 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
dgh05t/VMware_ESXI_OpenSLP_PoCs - CVE-2020-3992 & CVE-2019-5544
styczynski/chatdb - ChatGPT-based database, wait... WHAT?
Ukenn2112/ChatGPTelegramBot - ChatGPTelegramBot 支持私聊群组单会话
lucasmccabe/emailGPT - a quick and easy interface to generate emails with ChatGPT
Pab450/ana - OpenAI chatGPT twitter bot
shiyemin/ChatGPT-MS - This repo is named by ChatGPT for Multi-Session ChatGPT API.
n3d1117/chatgpt-telegram-bot - 🤖 A Telegram bot that integrates with OpenAI's official ChatGPT APIs to provide answers, written in Python
rawandahmad698/PyChatGPT - ⚡️ Python client for the unofficial ChatGPT API with auto token regeneration, conversation tracking, proxy support and more.
pedrorito/ChatGPTSlackBot - 🤖 A Slack bot that integrates with OpenAI's ChatGPT to provide answers, written in Python
platelminto/chatgpt-conversation - Have a conversation with ChatGPT using your voice, and have it talk back.
Zero6992/chatGPT-discord-bot - Integrate ChatGPT into your own discord bot
ausbitbank/ChatGPTDiscord - Discord bot for interacting with ChatGPT's API by OpenAI
nonebot/nonebot2 - 跨平台 Python 异步聊天机器人框架 / Asynchronous multi-platform chatbot framework written in Python
y1nglamore/IDOR_detect_tool - 一款API水平越权漏洞检测工具
doscriptsite/ZSXQ-Spider - 爬取知识星球内容,并制作成PDF电子书。
mogwailabs/mjet - MOGWAI LABS JMX exploitation toolkit
r0ysue/r0capture - 安卓应用层抓包通杀脚本
yumusb/coremail_export - 导出coremail联系人
Le0nsec/zyte_crawler - A crawler for xz.aliyun.com、paper.seebug.org、tttang.com powered by zyte.
wuerror/pocsuite3_pocs - pocsuite3 poc&exp
LAION-AI/Open-Assistant - OpenAssistant is a chat-based assistant that understands tasks, can interact with third-party systems, and retrieve information dynamically to do so.
moyuwa/wechat_appinfo_wxapkg - 渗透测试:微信小程序信息在线收集,wxapkg源码包内提取信息
xnuinside/airflow_in_docker_compose - Apache Airflow in Docker Compose (for both versions 1.10.* and 2.*)
guardicore/monkey - Infection Monkey - An open-source adversary emulation platform
mitre/caldera - Automated Adversary Emulation Platform
aniqfakhrul/powerview.py - Just another Powerview alternative
icyguider/MoreImpacketExamples - More examples using the Impacket library designed for learning purposes.
hakril/PythonForWindows - A codebase aimed to make interaction with Windows and native execution easier
Litt1eQ/aliyundrive-api - 阿里云盘PythonAPI
APTRS/APTRS - Automated Penetration Testing Reporting System
localstack/localstack - 💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline
XiaoliChan/RedCaddy - C2 redirector base on caddy
LiAoRJ/CS_fakesubmit - 一个可以伪装上线Cobaltstrike的脚本
aStrowxyu/Pysoserial - Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.
xz-zone/Webpackfind - Webpack自动化信息收集
pyodide/pyodide - Pyodide is a Python distribution for the browser and Node.js based on WebAssembly
embee-research/Randomise-api-hashes-cobalt-strike - Bypass Detection By Randomising ROR13 API Hashes
mandiant/speakeasy - Windows kernel and user mode emulation.
w5teams/w5 - Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
zbnio/zbn - 安全编排与自动化响应平台
fpoli/python-asdl - ASDL parser taken from CPython 3.5
noob-Engle/DumpDex - 简易脱壳小工具
XiaoliChan/PRET.go - Printer Exploitation Toolkit with golang
INotGreen/XiebroC2 - Go编写的多人运动渗透测试图形化框架、支持lua插件扩展、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能
madneal/gshark - Scan for sensitive information easily and effectively.
qiwentaidi/Slack - 一款Go Wails实现的GUI工具,功能涵盖网站扫描、端口扫描、企业信息收集、子域名暴破、空间引擎搜索、CDN识别等
Q16G/npsmodify - 这是nps的魔改,进行了流量特征的魔改,并且进行了漏洞的修复
yhy0/ChYing - 承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能
Enelg52/OffensiveGo - Golang weaponization for red teamers.
no-one-sec/idea-project-fish-exploit - JetBrains系列产品.idea钓鱼反制红队
LeakIX/estk - ES ToolKit is a standalone solution to navigate and backup data for a wide range of Elasticsearch and Kibana versions.
niudaii/zpscan - 一个有点好用的信息收集工具。A somewhat useful information gathering tool.
selinuxG/Golin - 弱口令检测、 漏洞扫描、端口扫描(协议识别,组件识别)、web目录扫描、等保模拟定级、自动化运维、等保工具(网络安全等级保护现场测评工具)内置3级等保核查命令、基线核查工具
chainreactors/gogo - 面向红队的, 高度可控可拓展的自动化引擎
wgpsec/ENScan_GO - 一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
X1r0z/frp - 基于原版 frp 二开, 添加了一些小功能
crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台,支持任何语言和框架
sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
nicocha30/ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Pizz33/GobypassAV-shellcode - shellcode免杀加载器,使用go实现,免杀bypass火绒、360、核晶、def等主流杀软
JKme/cube - 内网渗透测试工具,弱密码爆破、信息收集和漏洞扫描
qi4L/WeblogicScan.go - WeblogicScan一键检测
xo/usql - Universal command-line interface for SQL databases
cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
YutuSec/ActiveMQ_Crack - ActiveMQ系列漏洞探测利用工具,包括ActiveMQ 默认口令漏洞及ActiveMQ任意文件写入漏洞(CVE-2016-3088),支持批量探测利用。
zan8in/afrog - A Security Tool for Bug Bounty, Pentest and Red Teaming.
zhaoyumi/WeaverExploit_All - 泛微最近的漏洞利用工具(PS:2023)
i11us0ry/goon - goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含:ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如netbios探测等功能。
trufflesecurity/trufflehog - Find and verify credentials
xiaoyaochen/flowscan - 通过管道(|)串联来完成各种自定义扫描,包括端口存活探测、协议指纹探测、服务弱口令爆破等
Josue87/gotator - Gotator is a tool to generate DNS wordlists through permutations.
hanc00l/pocGoby2Xray - 将Goby的json格式Poc转为xray的yaml格式Poc
xiaoyaochen/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Goqi/Erfrp - Erfrp-frp二开-免杀与隐藏
projectdiscovery/katana - A next-generation crawling and spidering framework.
LeakIX/l9explore - l9explore - Digs the dirt
yqcs/ZheTian - ::ZheTian / 强大的免杀生成工具,Bypass All.
BishopFox/sliver - Adversary Emulation Framework
Aquilao/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
pingc0y/go_proxy_pool - 无环境依赖开箱即用的代理IP池
subfinder/goaltdns - A permutation generation tool written in golang
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
DataDog/go-python3 - Go bindings to the CPython-3 API
d3mondev/puredns - Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
zu1k/proxypool - Automatically crawls proxy nodes on the public internet, de-duplicates and tests for usability and then provides a list of nodes
k8gege/LadonGo - Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
oschwald/geoip2-golang - Unofficial MaxMind GeoIP2 Reader for Go
projectdiscovery/asnmap - Go CLI and Library for quickly mapping organization network ranges using ASN information.
glebarez/cero - Scrape domain names from SSL certificates of arbitrary hosts
AbelChe/evil_minio - EXP for CVE-2023-28434 MinIO unauthorized to RCE
projectdiscovery/aix - AIx is a cli tool to interact with Large Language Models (LLM) APIs.
ZhuriLab/Yi - 项目监控工具 以及 Codeql 自动运行
ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
lwch/natpass - 🔥居家办公,远程开发神器
RickGray/vscan-go - golang version for nmap service and application version detection (without nmap installation)
Metarget/cloud-native-security-book - 《云原生安全:攻防实践与体系构建》资料仓库
chushuai/wscan - Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.
liamg/traitor - ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
zt2/uncover-turbo - 一个简单的测绘引擎巴别塔
SpenserCai/GoWxDump - SharpWxDump的Go语言版。微信客户端取证,获取信息(微信号、手机号、昵称),微信聊天记录分析(Top N聊天的人、统计聊天最频繁的好友排行、关键词列表搜索等)
Brum3ns/firefly - Black box fuzzer for web applications
jpillora/chisel - A fast TCP/UDP tunnel over HTTP
deepflowio/deepflow - 🐝 🚀⚡ eBPF-Powered Observability & Zero-Code Distributed Tracing
Ggasdfg321/SmallProxyPool - 一个免费高质量的小代理池,解决一些站点有WAF的情况下,进行目录扫描或者字典爆破
Gourds/upload2remote - 上传文件到对象存储(OSS、OBS、S3、KS3)
chaitin/veinmind-tools - veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
ginuerzh/gost - GO Simple Tunnel - a simple tunnel written in golang
HavocFramework/Havoc - The Havoc Framework.
TheKingOfDuck/geacon - 修改自geacon的多功能linux运维管理工具
xiaoyaochen/yscan - yscan是一款基于go写的端口扫描工具,集masscan+nmap+wappalyzer+证书于一体
ac0d3r/Hyuga - Hyuga 是一个用来监控带外(Out-of-Band)流量的工具。🪤
lionsoul2014/ip2region - Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming languages
dubek/rabbitmq-dump-queue - Dump messages from a RabbitMQ queue to files, without affecting the queue.
chromedp/chromedp - A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.
3bl3gamer/tg_history_dumper - Exports messages and media from Telegram dialogs, groups and channels
AYcg/poc -
gmh5225/rust-mordor-rs - Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library
0x727/MetasploitCoop_0x727 - 基于msf的后渗透协作平台
yuankong666/Ultimate-RAT-Collection - For educational purposes only, samples of old & new malware builders including screenshots!
K3rnel-Dev/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
al0ne/suricata-rules - Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
iamHuFei/HVVault - 梳理【护网高利用率POC】并集成Nuclei模板仓库,针对解决网上同一资产漏洞一键检测工具参次不齐问题。
StayBeautiful-collab/EternalHushFramework - EternalHush - new free open-source c2 framework
RATandC2/FileLessRemoteShellcode - Run Fileless Remote Shellcode directly in memory with Module Unhooking , Module Stomping, No New Thread. This repository contains the TeamServer and the Stager
veo/ebpf_shell - ebpf WebShell/内核马,一种新型内核马/WebShell技术
7hang/--Java - 代码审计知识点整理-Java
TianWen-Lab/TranSec - Internet of Vehicles Penetration testing OS.车联网渗透测试系统,开箱即用的测试环境,包含上百个常见用于车联网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、蓝牙、云平台等安全测试
LoopDns/Fuck-you-MIUI - fuck you, MI
Maverickfir/RuoYi-v4.6-vulnerability - RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via the component /system/dept/edit
wafinfo/NCTOOls - 一款针对用友NC综合漏洞利用工具
UnaPibaGeek/honeypots-detection - Nuclei templates for honeypots detection.
ras-it/Win11-OneDrive-DLL-injection-vulnerability - OneDrive, operating on Microsoft Windows 11 Pro is vulnerable to DLL hijacking.
No-Github/ActiveMqRCE - 用java实现构造openwire协议,利用activeMQ < 5.18.3 RCE 回显利用 内存马注入
0range-x/gpts - 学习gpt的一些小玩意
yggo/SmartBIAttackTool - SmartBI 登录代码逻辑漏洞导致的远程代码执行利用工具
yhy0/nucleiY - 承影用的 nuclei 漏扫模板
TonyNPham/GodzillaPlugin-Suo5-MemProxy - 一款高性能 HTTP 内存代理 | 哥斯拉插件 | readteam | 红队 | 内存马 | Suo5 | Godzilla | 正向代理
y11en/schtask-bypass - 免杀计划任务进行权限维持,过主流杀软。 A schtask tool bypass anti-virus
dyweb/awesome-resume-for-chinese - 📄 适合中文的简历模板收集(LaTeX,HTML/JS and so on)由 @hoochanlon 维护
shmilylty/Awesome-POC - 一个各类漏洞POC知识库
Threekiii/Awesome-POC - 一个漏洞POC知识库
Sec-Fork/vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
boy-hack/go-strip - 清除Go编译时自带的信息
UltimateSec/ultimaste-nuclei-templates - 极致攻防实验室 nuclei 检测 POC
wafinfo/Hikvision - 海康威视综合安防平台后渗透利用工具
cipher387/Dorks-collections-list - List of Github repositories and articles with list of dorks for different search engines
projectdiscovery/fuzzing-templates - Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
JDArmy/DCSec - 域控安全one for all
jxpsx/AV-EDR-WIN32-API-Hooking-List - Depending on the AV/EDR we will check which Windows APIs are hooked by the AV/EDR
biggerduck/RedTeamNotes - 红队笔记
woodpecker-framework/woodpecker-framework-release - 高危漏洞精准检测与深度利用框架
pen4uin/java-memshell-generator-release - 一款支持高度自定义的 Java 内存马生成工具
pashangshangpo/AI-Create-Video - AI批量文本一键生成短视频工具,傻瓜式图文生成视频软件,智能配图、智能配音、视频字幕。
netlas-io/netlas-dorks - A list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.
veo/vshell - vshell 是一款go编写的主机管理工具 vshell is a Remote Administation tool written in Go (C2)
KathanP19/HowToHunt - Collection of methodology and test case for various web vulnerabilities.
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
tib36/PhishingBook - 红蓝对抗:钓鱼演练资源汇总&备忘录
KimJun1010/WeblogicTool - WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执行、内存马注入、密码解密等(深信服深蓝实验室天威战队强力驱动)
nomi-sec/PoC-in-GitHub - 📡 PoC auto collect from GitHub.
⚠️ Be careful Malware. -
magnologan/awesome-k8s-security - A curated list for Awesome Kubernetes Security resources
xx025/carrot - Free ChatGPT Site List 这儿为你准备了众多免费好用的ChatGPT镜像站点
zijie0/HumanSystemOptimization - 健康学习到150岁 - 人体系统调优不完全指南
sulab999/AppMessenger - 一款适用于以APP病毒分析、APP漏洞挖掘、APP开发、HW行动/红队/渗透测试团队为场景的移动端(Android、iOS)辅助分析工具
n0kovo/n0kovo_subdomains - An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
tdragon6/Supershell - Supershell C2 远控平台,基于反向SSH隧道获取完全交互式Shell
xiaoyaochen/funboost - pip install funboost,python万能分布式函数调度框架,。python函数加速器。旧名字是function_scheduling_distributed_framework
ASTTeam/CodeQL - 《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Virus-Samples/Malware-Sample-Sources - Malware Sample Sources
jrieke/best-of-streamlit - 🏆 A ranked gallery of awesome streamlit apps built by the community
AabyssZG/WebShell-Bypass-Guide - 从零学习Webshell免杀手册
0xPugazh/fuzz4bounty - 1337 Wordlists for Bug Bounty Hunting
Al1ex/Alibab-Nacos-Unauthorized-Login - Alibab Nacos Unauthorized Login
reallys/pentest-domain - 域控 学习+攻击大纲
aress31/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
recorder1013/pinduoduo_backdoor_recorder - 拼多多利用漏洞攻击用户手机材料汇总&存证
Avik-Jain/100-Days-Of-ML-Code - 100 Days of ML Coding
k8gege/ChatLadon - Ladon渗透机器人,说人话自动GetShell ChatGPT编写Ladon渗透工具插件视频教程
davinci1010/pinduoduo_backdoor - 拼多多apk内嵌提权代码,及动态下发dex分析
netbiosX/Checklists - Red Teaming & Pentesting checklists for various engagements
phith0n/Mind-Map - 各种安全相关思维导图整理收集
Lorna-Dane/Blue-Team - 一些个人学习的蓝队以及取证笔记
jimsonzhang/Ortau - 一个用于隐藏C2的、开箱即用的反向代理服务器。旨在省去繁琐的配置Nginx服务的过程。
ibaiw/joomla_CVE-2023-23752 - 未授权访问漏洞
liuhuanyong/DomainWordsDict - DomainWordsDict, Chinese words dict that contains more than 68 domains, which can be used as text classification、knowledge enhance task。涵盖68个领域、共计916万词的专业词典知识库,可用于文本分类、知识增强、领域词汇库扩充等自然语言处理应用。
ARaChn3/keylogger - A keylogging utility for linux/UNIX and windows
yuyan-sec/druid_sessions - 获取 alibaba druid 一些 sessions , sql , urls
toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
Al1ex/Red-Team - Red-Team Attack Guid
xzxxzzzz000/impacket-programming-manual - impacket编程手册
NHPT/Xray_Cracked - Update Xray1.9.11 Cracked for Windows,Linux and Mac OS.
indianajson/can-i-take-over-dns - "Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
Tencent/secguide - 面向开发人员梳理的代码安全指南
storerjeremy/browserless-docker-compose - a docker compose file for running Browserless
N7WEra/BofAllTheThings - Creating a repository with all public Beacon Object Files (BoFs)
TryGOTry/CobaltStrike_Cat_4.5 - 猫猫Cs:基于Cobalt Strike[4.5]二开 (原dogcs二开移植)
cjh0613/tencent-sensitive-words - 腾讯的离线敏感词库
HackingCost/AD_Pentest - 红队|域渗透重要漏洞汇总(持续更新)
Cracked5pider/KaynLdr - KaynLdr is a Reflective Loader written in C/ASM
stephenfewer/ReflectiveDLLInjection - Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
h3xduck/TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
czs108/Windows-PE-Packer - 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering.
Cracked5pider/Stardust - A modern 64-bit position independent implant template
ekknod/EC - open-source CS:GO/CS2 cheat
hackerhouse-opensource/Artillery - CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.
veo/nginx_shell - nginx WebShell/内存马,更优雅的nignx backdoor
LloydLabs/delete-self-poc - A way to delete a locked file, or current running executable, on disk.
netero1010/GhostTask - A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
maliciousgroup/RDI-SRDI - This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
fancycode/MemoryModule - Library to load a DLL from memory.
TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Cracked5pider/LdrLibraryEx - A small x64 library to load dll's into memory.
antirez/smallchat - A minimal programming example for a chat server
fortra/No-Consolation - A BOF that runs unmanaged PEs inline
leesh3288/CVE-2023-4911 - PoC for CVE-2023-4911
bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
wangfly-me/LoaderFly - 助力每一位RT队员,快速生成免杀木马
Visgean/Zeus - NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. This repository is for study purposes only, do not message me about your lame hacking attempts.
4ra1n/java-gate - Java JNI HellsGate/HalosGate/TartarusGate/RecycledGate/SSN Syscall/Many Shellcode Loaders
AgeloVito/self_delete_bof - BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the current process.
evilashz/PigScheduleTask - 添加计划任务方法集合
ldpreload/BlackLotus - BlackLotus UEFI Windows Bootkit
WKL-Sec/HiddenDesktop - HVNC for Cobalt Strike
eunomia-bpf/bpf-developer-tutorial - eBPF Developer Tutorial: Learning eBPF Step by Step with Examples
kingToolbox/WindTerm - A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.
therealdreg/shellex - C-shellcode to hex converter, handy tool for paste & execute shellcodes in IDA PRO, gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor
oferchen/POC-CVE-2023-32233 - Use-After-Free in Netfilter nf_tables when processing batch requests CVE-2023-32233
googleprojectzero/winafl - A fork of AFL for fuzzing Windows binaries
hexsen929/xmap - XMap是一款快速网络扫描仪,专为执行互联网范围的IPv6和IPv4网络研究扫描而设计。
realoriginal/bootlicker - A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.
realoriginal/bootdoor - An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot
mertdas/PrivKit - PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
paranoidninja/Process-Instrumentation-Syscall-Hook - A simple program to hook the current process to identify the manual syscall executions on windows
paranoidninja/Proxy-Function-Calls-For-ETwTI - The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
wh0amitz/PetitPotato - Local privilege escalation via PetitPotam (Abusing impersonate privileges).
saucer-man/ecapture - capture SSL/TLS text content without CA cert using eBPF. supports Linux/Android x86_64/Aarch64.
helloexp/0day - 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
infoskirmish/hive - The CIA Hive source code as released by Wikileaks
netdata/netdata - The open-source observability platform everyone needs!
Esonhugh/sshd_backdoor - /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
paranoidninja/Proxy-DLL-Loads - The code is a pingback to the Dark Vortex blog:
ajkhoury/UEFI-Bootkit - A small bootkit which does not rely on x64 assembly.
quarkslab/dreamboot - UEFI bootkit
Cracked5pider/Ekko - Sleep Obfuscation
LethalSnake1337/PE-Loader-exercise - A simple PE loader.
jas502n/coremail-checkwkpass - enc8 密码碰撞脚本
redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
blackarrowsec/redteam-research - Collection of PoC and offensive techniques used by the BlackArrow Red Team
kyleavery/inject-assembly - Inject .NET assemblies into an existing process
openwall/john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
qwqdanchun/Pillager - Pillager是一个适用于后渗透期间的信息收集工具
moom825/visualstudio-suo-exploit - This repository is a tool to create a .suo that when run by visual studio's will achieve code execution
Flangvik/SharpProxyLogon - C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
daem0nc0re/PrivFu - Kernel mode WinDbg extension and PoCs for token privilege investigation.
ironmansoftware/code-conversion - Code conversion command line tool for PowerShell and C#
uknowsec/SharpEventLog - c# 读取登录过本机的登录失败或登录成功(4624,4625)的所有计算机信息,在内网渗透中快速定位运维管理人员。
m3rcer/Chisel-Strike - A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
matterpreter/OffensiveCSharp - Collection of Offensive C# Tooling
3lpsy/FactionCore - Faction C2 Framework Core Server
WesleyWong420/RedTeamOps-Havoc-101 - Materials for the workshop "Red Team Ops: Havoc 101"
malcomvetter/CSExec - An implementation of PSExec in C#
sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY - Exploit for the CVE-2023-23397
FSecureLABS/SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
qwqdanchun/DcRat - A simple remote tool in C#.
BeichenDream/SharpToken - Windows Token Stealing Expert
Hzllaga/ShellcodeLoader - 将shellcode用rsa加密并动态编译exe,自带几种反沙箱技术。
JDArmy/SharpSpray - 域内密码喷射工具
icsharpcode/AvaloniaILSpy - Avalonia-based .NET Decompiler (port of ILSpy)
cube0x0/CVE-2021-1675 - C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
1y0n/AV_Evasion_Tool - 掩日 - 免杀执行器生成工具
mabangde/SharpGetUserLoginIPRPC - 提取域控日志,支持远程提取
NYAN-x-CAT/AsyncRAT-C-Sharp - Open-Source Remote Administration Tool For Windows C# (RAT)
TartarusLabs/Coyote - Coyote is a standalone C# post-exploitation implant for maintaining access to compromised Windows infrastructure during red team engagements using DNS tunneling.
AdminTest0/SharpWxDump - 微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录));支持获取多用户信息,不定期更新新版本偏移,目前支持所有新版本、正式版本
Boogipop/CVE-2023-22527-Godzilla-MEMSHELL - CVE-2023-22527 内存马注入工具
MountCloud/BehinderClientSource - ❄️冰蝎客户端源码-V4.0.6🔞
MinaMichita/AntiAntiDefraud - Stop uploading my installed app list! Miui!
pen4uin/java-echo-generator - 一款支持高度自定义的 Java 回显载荷生成工具
pykiller/API-T00L - 互联网厂商API利用工具。
yuyan-sec/DBeaver-decrypter - 解密DBeaver数据库软件保存的密码
doyensec/burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
c0olw/NacosRce - Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用
pap1rman/postnacos - 哥斯拉nacos后渗透插件 maketoken adduser
1n7erface/PocList - Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
safe6Sec/ShellManageTool - 在网传的哥斯拉&冰蝎源码基础上加了一点注释
yzddmr6/Java-Shellcode-Loader - 基于Java实现的Shellcode加载器
altEr1125/ShiroAttack2 - 一款针对Shiro550漏洞进行快速漏洞利用工具。 对 @SummerSec 大佬的项目https://github.com/SummerSec/ShiroAttack2 进行了一些改进。
lqs1848/AllatoriCrack - 破解 Java 混淆工具 Allatori
lsieun/learn-java-asm - 🐛 Java ASM
0x727/BypassPro - 对权限绕过自动化bypass的burpsuite插件
4ra1n/jar-analyzer-gui - 建议使用新版:https://github.com/jar-analyzer/jar-analyzer
coderabbit214/bibliothecarius - Quickly build services to integrate your local data and AI models.
Mr-xn/RedTeam_BlueTeam_HW - 红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
0xf4n9x/CVE-2023-0669 - CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
phith0n/JavaThings - Share Things Related to Java - Java安全漫谈笔记相关内容
FFreestanding/JavaUnserializeChain - 自己积累的一些Java反序列化利用链
KrystianLi/ExchangeOWA - 一款OutLook信息收集工具
PlexPt/chatgpt-java - ChatGPT Java SDK。支持 GPT3.5、 GPT4 API。开箱即用。
qtc-de/beanshooter - JMX enumeration and attacking tool.
momosecurity/rhizobia_J - JAVA安全SDK及编码规范
wh1t3p1g/tabby - A CAT called tabby ( Code Analysis Tool )
pandening/Java-debug-tool - Java dynamic debug tool
woj-ciech/LeakLooker-X - LeakLooker GUI - Discover, browse and monitor database/source code leaks
zeoxisca/gamma-gui - a tool help you write gamma poc
Mzzzj/CS2_DMA_Radar - CS2 DMA 雷达
aceimnorstuvwxz/openwebmonitor - 万能网页监控器,监控物价、订单、出货、外汇、折扣、彩票...无所不能
djerryz/electron_shell - Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it with remote control methods.
AntSwordProject/AwesomeEncoder - AntSword 自定义编(解)码器分享
Orange-Cyberdefense/GOAD - game of active directory
projectdiscovery/nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
AI-Yash/st-chat - Streamlit Component, for a Chatbot UI
OpenZeppelin/ethernaut - Web3/Solidity based wargame
qfdk/EasyDockerWeb - A simple Web Ui for Docker using xterm.js, Node.js, dockerode and Socket.io
Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
barretlee/cloudflare-proxy - Cloudflare Worker 代理请求 ChatGPT API,支持 Stream 流式输出
lyxhh/lxhToolHTTPDecrypt - Simple Android/iOS protocol analysis and utilization tool
vaxilu/x-ui - 支持多协议多用户的 xray 面板
openspug/spug - 开源运维平台:面向中小型企业设计的轻量级无Agent的自动化运维平台,整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
Coalfire-Research/npk - A mostly-serverless distributed hash cracking platform
trazyn/weweChat - 💬 Unofficial WeChat client built with React, MobX and Electron.
chenchenwuai/vscode-binance-price-watch - vscode-binance-price-watch
sechacking/sgk - 仿findmima的社工库代码,基于elasticsearch和PHP构建
TianNaYa/WallPaper - Set html file to desktop
jafarlihi/serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
evilashz/RemoteMemorymodule - Load the evilDLL from socket connection without touch disk
tandasat/CVE-2024-21305 - Report and exploit of CVE-2024-21305.
vaye-dev/cs2-dma-radar - Scuffed external radar built with C++ and NodeJS.
xdnice/PCShare - PCShare是一款强大的远程控制软件,可以监视目标机器屏幕、注册表、文件系统等。
nefarius/HidHide - Gaming Input Peripherals Device Firewall for Windows.
lainswork/shellcode-factory - shellcode 生成框架
hasherezade/masm_shc - A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
Mzzzj/CS2_DMA_Extrnal - 基于 CS2_Extrnal 的DMA版
SafeBreach-Labs/PoolParty - A set of fully-undetectable process injection techniques abusing Windows Thread Pools
trickster0/LdrLoadDll-Unhooking - LdrLoadDll Unhooking
je5442804/CreateProcessInternalW-Full - Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
Xacone/BestEdrOfTheMarket - Little AV/EDR bypassing lab for training & learning purposes
SaadAhla/D1rkInject - Another approach of Threadless injection discovered by @EthicalChaos in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state
myzxcg/RealBlindingEDR - Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Hackerl/pangolin - Inject ELF into remote process
improsec/BackupOperatorToolkit - The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin
NytroRST/ShellcodeCompiler - Shellcode Compiler
deepinstinct/ContainYourself - A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
S12cybersecurity/RDPCredentialStealer - RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
RtlDallas/KrakenMask - Sleep obfuscation
yuanyuanxiang/SimpleRemoter - 基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。项目代码仅限于学习和交流用途。
hasherezade/pe_to_shellcode - Converts PE into a shellcode
ZeroMemoryEx/Terminator - Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
Dec0ne/HWSyscalls - HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
lsecqt/OffensiveCpp - This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
itm4n/PPLmedic - Dump the memory of any PPL with a Userland exploit chain
XaFF-XaFF/Black-Angel-Rootkit - Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
ldsaiyan/EventLogPersist - A Simple Proof Code for Extracting and Executing Shellcode from Event Logs
LordNoteworthy/al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
mrexodia/lolbin-poc - Small PoC of using a Microsoft signed executable as a lolbin.
ZeroMemoryEx/APT38-0day-Stealer - APT38 Tactic PoC for Stealing 0days from security professionals
SaadAhla/FilelessPELoader - Loading Remote AES Encrypted PE in memory , Decrypted it and run it
wanttobeno/SunDaySearchSignCode - 基于sunday算法的内存快速搜索,搜索2GB内存只需1秒
SaadAhla/Shellcode-Hide - This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)
baiyies/CppWeixinHunter - 微信解密 c++实现。可获取自己电脑上已登录微信的微信号,wxid,手机号,sqlite解密密钥。Search information of Wechat from memory.
matthieu-hackwitharts/Win32_Offensive_Cheatsheet - Win32 and Kernel abusing techniques for pentesters
cxasm/cc-compare - 一款可替换beycond compare, 免费使用的代码同步对比工具,来自中国。
wh0amitz/BypassCredGuard - Credential Guard Bypass Via Patching Wdigest Memory
fuckhoneypot/fuckhoneypot - FuckHoneypot is 去他妈的蜜罐
mthcht/ThreatHunting-Keywords - Awesome list of keywords and artefacts for Threat Hunting sessions
ybdt/exp-hub - 漏洞检测、漏洞利用
ddzipp/AutoAudit - AutoAudit—— the LLM for Cyber Security 网络安全大语言模型
LianjiaTech/BELLE - BELLE: Be Everyone's Large Language model Engine(开源中文对话大模型)
tanjiti/sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
roottusk/vapi - vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
sense-of-security/ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
ilovexjp/health-code-index - 健康码模拟 - 索引
Qihoo360/WatchAD2.0 - WatchAD2.0是一款针对域威胁的日志分析与监控系统
- enkomio/AlanFramework - A C2 post-exploitation framework
- jhftss/POC - A public collection of POCs & Exploits for the vulnerabilities I discovered
cckuailong/reapoc - OpenSource Poc && Vulnerable-Target Storage Box.
ProbiusOfficial/Hello-CTF - 【Hello CTF】题目配套,免费开源的CTF入门教程,针对0基础新手编写,同时兼顾信息差的填补,对各阶段的CTFer都友好的开源教程,致力于CTF和网络安全的开源生态!
chris-koch-penn/gpt3_security_vulnerability_scanner - GPT-3 found hundreds of security vulnerabilities in this repo
mattifestation/PIC_Bindshell - Position Independent Windows Shellcode Written in C
monoxgas/sRDI - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
XiaoliChan/Invoke-sAMSpoofing - CVE-2021-42287/CVE-2021-42278 exploits in powershell
safebuffer/vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Marshall-Hallenbeck/red_team_attack_lab - Red Team Attack Lab for TTP testing & research
danielbohannon/Invoke-Obfuscation - PowerShell Obfuscator
61106960/adPEAS - Powershell tool to automate Active Directory enumeration.
peewpw/Invoke-WCMDump - PowerShell Script to Dump Windows Credentials from the Credential Manager
IAMinZoho/OFFSEC-PowerShell - My Favorite Offensive Security Scripts
rasta-mouse/Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
0xBallpoint/LOAD - Lord Of Active Directory - automatic vulnerable active directory on AWS
jaredcatkinson/PSReflect-Functions - Module to provide PowerShell functions that abstract Win32 API functions
Disassembler0/Win10-Initial-Setup-Script - PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
3gstudent/Homework-of-Powershell - powershell codes of my blog.
scipag/HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
LibNyanpasu/clash-nyanpasu - Clash Nyanpasu! (∠・ω< )⌒☆
zzzgydi/clash-verge - A Clash GUI based on tauri. Supports Windows, macOS and Linux.
okld/streamlit-elements - Create a draggable and resizable dashboard in Streamlit, featuring Material UI widgets, Monaco editor (Visual Studio Code), Nivo charts, and more!
Privoce/vocechat-web - VoceChat Web App
alibaba/lowcode-demo - An enterprise-class low-code technology stack with scale-out design / 一套面向扩展设计的企业级低代码技术体系
appsmithorg/appsmith - Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
ainrm/cobaltstrike-suricata-rules - 17条检测cobaltstrike的suricata-ids规则
NvChad/NvChad - Blazing fast Neovim config providing solid defaults and a beautiful UI, enhancing your neovim experience.
LunarVim/Launch.nvim - 🚀 Launch.nvim is modular starter for Neovim.
M507/nmap-vulnerability-scan-scripts - nmap detection scripts for CVE-2022-45477, CVE-2022-45479, CVE-2022-45482, CVE-2022-45481
r0eXpeR/fingerprint - 各种工具指纹收集分享
sinsinology/CVE-2023-20887 - VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)
neargle/my-re0-k8s-security -
[WIP] 整理过去的分享,从零开始的Kubernetes攻防 🧐
1N3/BruteX - Automatically brute force all services running on a target.
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Ridter/warp_proxy - cloudflare socks5 server
iredmail/dockerized - Official dockerized iRedMail.
xubiaolin/docker-zerotier-planet - 一分钟私有部署zerotier-planet服务
heweiye/v2ray-233boy - 最好用的 V2Ray 一键安装脚本 & 管理脚本
machine1337/win-rat - A Fully Undectable RAT for Windows that bypass every kind of Antivirus Protections and will give u a CMD shell in your terminal
n3m1sys/CVE-2023-22809-sudoedit-privesc - A script to automate privilege escalation with CVE-2023-22809 vulnerability
angristan/openvpn-install - Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
aplura/Tango - Honeypot Intelligence with Splunk
rtwillett/DorkLab - Web app tool for helping compose advance search operators (aka Google dorking AKA boolean searches) for a variety of search engines
unit-mesh/unit-minions - 《AI 研发提效研究:自己动手训练 LoRA》,包含 Llama (Alpaca LoRA)模型、ChatGLM (ChatGLM Tuning)相关 Lora 的训练。训练内容:用户故事生成、测试代码生成、代码辅助生成、文本转 SQL、文本生成代码……
LC1332/Luotuo-Chinese-LLM - 骆驼(Luotuo): Open Sourced Chinese Language Models. Developed by 陈启源 @ 华中师范大学 & 李鲁鲁 @ 商汤科技 & 冷子昂 @ 商汤科技
tloen/alpaca-lora - Instruct-tune LLaMA on consumer hardware
pycaret/pycaret - An open-source, low-code machine learning library in Python
- richfelker/musl-cross-make - Simple makefile-based build for musl cross compiler
- neovim/neovim - Vim-fork focused on extensibility and usability
- OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
- sagishahar/lpeworkshop - Windows / Linux Local Privilege Escalation Workshop
- twitter/the-algorithm - Source code for Twitter's Recommendation Algorithm
- AbelChe/cola_dnslog - Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探测辅助平台 完全开源 dnslog httplog ldaplog rmilog 支持dns http ldap rmi等协议 提供API调用方式便于与其他工具结合 支持钉钉机器人、Bark等提醒 支持docker一键部署 后端完全使用python实现 前端基于vue-element-admin二开
- generated with simonecorsi/mawesome