A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Struts2全漏洞扫描利用工具

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelistin…

⛔ offsec batteries included

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

Web vulnerability scanner written in Python3

Python3编写的CMS漏洞检测框架

Flutter Reverse Engineering Framework

Powerful Python tool to analyze PDF documents

Quick SQLMap Tamper Suggester

Proof of Concepts

IoT固件漏洞复现环境

Enumerate the permissions associated with AWS credential set

一键ThinkPHP漏洞检测

Shiro<=1.2.4反序列化，一键检测工具

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描

Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

Türk kullanıcıların parola seçimlerinin analizi için yapılmış bir çalışmadır

一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo

Credentials gathering tool automating remote procdump and parse of lsass process.

Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported.

A tool to make socks connections through HTTP agents

A tool for testing for certificate validation vulnerabilities of TLS connections made by a client device or an application.

RCE 0-day for GhostScript 9.50 - Payload generator

Security Auditor Utility for GraphQL APIs