Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary

利用Tor搭建Socks5代理，动态切换IP

CMS和中间件指纹库

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

POC&EXP仓库、hvv弹药库、Nday、1day

LPE exploit for CVE-2023-21768

Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件

🐜🐜🐜 ants is the most powerful and reliable pooling solution for Go.

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

Bypass EDR Create TaskServers

Six Degrees of Domain Admin

A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.

Proof-of-concept code for various bugs

Exchange your privileges for Domain Admin privs by abusing Exchange

SharpWxDump的Go语言版。微信客户端取证，获取信息(微信号、手机号、昵称)，微信聊天记录分析(Top N聊天的人、统计聊天最频繁的好友排行、关键词列表搜索等)

本教程适用于 北京师范大学 珠海 校园网绕过限制

Creating a repository with all public Beacon Object Files (BoFs)

上传漏洞fuzz字典生成脚本

SvnExploit支持SVN源代码泄露全版本Dump源码

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

一个各种方式突破Disable_functions达到命令执行的shell

一个用于隐藏C2的、开箱即用的反向代理服务器。 旨在省去繁琐的配置Nginx服务的过程。

构建优化高效的渗透 fuzz 字典合集

hidden_syscall - syscaller without using syscall instruction in code

Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency

golang免杀捆绑器

将dll exe 等转成shellcode 最后输出exe 可定制加载器模板 支持白文件的捆绑 shellcode 加密

DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

windows kernelmode and usermode IAT hook