⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）

Cobalt Strike Aggressor Scripts

Unofficial dex2jar builds

smalidea is a smali language plugin for IntelliJ IDEA

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources a…

EHole(棱洞)-红队重点攻击系统指纹探测工具

weaponized tool for CVE-2020-17144

Web Security Dictionary

Java web and command line applications demonstrating various security topics

The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.

Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具，采用JDK 1.8+NetBeans8.2开发，软件运行必须安装JDK 1.8或者以上版本。 支持：weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-2019-2725检查。

安卓应用层抓包通杀脚本

A Flash Player emulator written in Rust

通过 Redis 主从写出无损文件

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Reference：https://www.w2n1ck.com/article/44/

JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具

Repo with random useful scripts, utilities, prompts and stuff

A email bomb/fake email tool, by Python

MOGWAI LABS JMX exploitation toolkit

java内存对象搜索辅助工具

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A helpful Java Deserialization exploit framework.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

与反病毒软件老大哥们的打闹日常

安全、可靠、简单、免费的企业级蜜罐

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.