Stars
OpenTelemetry JavaScript Client
常见的攻击行为监测特征及方法,涵盖端点和流量,未包含PowerShell和Sysmon。预祝运营生活愉快!
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
In-depth attack surface mapping and asset discovery
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Do you think you are safe using private browsing or incognito mode?. 😄 👿 This will prove that you're wrong. Previously hosted at nothingprivate.ml
Google's Engineering Practices documentation
Study Notes For Web Hacking / Web安全学习笔记
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
The new Windows Terminal and the original Windows console host, all in the same place!
bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.
All ctf challs and scripts (and writeup, maybe) from 0ops.
Protocol Buffers - Google's data interchange format
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
RottenPotato local privilege escalation from service account to SYSTEM
Wiki to collect Red Team infrastructure hardening resources