The recursive internet scanner for hackers. 🧡

A True Instrumentable Binary Emulation Framework

The FLARE team's open-source tool to identify capabilities in executable files.

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

收集的文章 https://mrwq.github.io/tools/paper/

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Syscall Shellcode Loader (Work in Progress)

六大云存储，泄露利用检测工具

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

Msmap is a Memory WebShell Generator.

A lightweight, optionally typed expression language with a custom grammar for matching arbitrary Python objects.

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

绕过AV/EDR的代码例子（Code example to bypass AV/EDR）

Event Tracing For Windows (ETW) Resources

Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory

针对Navicat的后渗透利用框架

Weaponizing DCOM for NTLM Authentication Coercions

Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

CVE-2025-30208-EXP

Bypass Detection By Randomising ROR13 API Hashes

Write-Ups for HackTheBox

Interactive, dynamic, and realistic LLM honeypots

伪造cs上线流量，实现cs批量上线，欺骗防御

最近很火的SSLvpn的安全设备通杀