A list of public penetration test reports published by several consulting firms and academic security groups.

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Automate the creation of a lab environment complete with security tooling and logging best practices

Windows Events Attack Samples

HTTPLeaks - All possible ways, a website can leak HTTP requests

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

A curated list of useful resources that cover Offensive AI.

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM

A Nmap XSL implementation with Bootstrap.

E-Mail Header Analyzer

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Embed and hide any file in an HTML file

A fully functional DanderSpritz lab in 2 commands

Drltrace is a library calls tracer for Windows and Linux applications.

Easy-to-use live forensics toolbox for Linux endpoints

Content hijacking proof-of-concept using Flash, PDF and Silverlight

Tools for information gathering

Mozilla Observatory (Website)

一些实用的python脚本

主机资产自动化扫描绘测

dynamic crawler for web vulnerability scanner

kali linux 工具使用中文说明书

兄弟域名查询

Site source for linuxtoy.org.

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

📖本地文件包含漏洞实践源码及相应协议利用指南

Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment

通过获取到的webshell流量、url、key来还原攻击者使用webshell所做的操作。

SMTP Netcat , test SMTP protocol