PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exc…

Covenant is a collaborative .NET C2 framework for red teamers.

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

掩日 - 免杀执行器生成工具

超级弱口令检查工具是一款Windows平台的弱口令审计工具，支持批量多线程检查，可快速发现弱密码、弱口令账号，密码支持和用户名结合进行检查，大大提高成功率，支持自定义服务端口和字典。

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

这是一个抓取浏览器密码的工具，后续会添加更多功能

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

Scan files or process memory for CobaltStrike beacons and parse their configuration

Windows 权限提升 BadPotato

Modifying SweetPotato to support load shellcode and webshell

sharpwmi是一个基于rpc的横向移动工具，具有上传文件和执行命令功能。

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py

C# 读取本机对外RDP连接记录和其他主机对该主机的连接记录，从而在内网渗透中获取更多可通内网网段信息以及定位运维管理人员主机

伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者

修改的SweetPotato，使之可以用于CobaltStrike v4.0

C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed

Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物

内网渗透中快速获取数据库所有库名，表名，列名。具体判断后再去翻数据，节省时间。适用于mysql，mssql。

New UAC bypass for Silent Cleanup for CobaltStrike

Exchange2010 authorized RCE

Quickly upload files to aliyun OSS by aliyun-oss-csharp-sdk