The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

Impacket is a collection of Python classes for working with network protocols.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

This project aims to compare and evaluate the telemetry of various EDR products.

Cross-platform asynchronous I/O

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

Set of tools to analyze Windows sandboxes for exposed attack surface.

New generation of wmiexec.py

Python bindings for Win32 API generated from win32metadata.

Fix DecodePointer, EncodePointer,RegDeleteKeyEx etc. APIs not found in Windows XP RTM.

DudeSuite Web Security Tools

[WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

Extract credentials from lsass remotely

A Go compiler based on LLVM in order to better integrate Go with the C ecosystem including Python and JavaScript

PoCs for Kernelmode rootkit techniques research.

Adversary Emulation Framework

The Network Execution Tool

蓝队分析研判工具箱，功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端口连接分析、各种编码/解码功能、蓝队分析常用网址、java反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索等。

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

基于NPS 0.26.10 版本二开而来，NPS接力项目。免费NPS节点：https://natnps.com

一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入

smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares

Dominate Active Directory with PowerShell.

A .NET Framework 4.0 Windows Agent

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

Red-Team Linux kernel rootkit

Living Off The Land Drivers

Malware?

Now You See Me, Now You Don't