A list of public penetration test reports published by several consulting firms and academic security groups.

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Automate the creation of a lab environment complete with security tooling and logging best practices

Windows Events Attack Samples

HTTPLeaks - All possible ways, a website can leak HTTP requests

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

A curated list of useful resources that cover Offensive AI.

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM

A Nmap XSL implementation with Bootstrap.

E-Mail Header Analyzer

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Embed and hide any file in an HTML file

A fully functional DanderSpritz lab in 2 commands

Drltrace is a library calls tracer for Windows and Linux applications.

Content hijacking proof-of-concept using Flash, PDF and Silverlight

Tools for information gathering

一些实用的python脚本

主机资产自动化扫描绘测

kali linux 工具使用中文说明书

📖本地文件包含漏洞实践源码及相应协议利用指南

Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment

通过获取到的webshell流量、url、key来还原攻击者使用webshell所做的操作。

SMTP Netcat , test SMTP protocol

A very simple bridge for performing Flash HTTP requests with JavaScript

A Java serializer in JavaScript

Transform NMap Scans to an D3.js HTML Table

Demo of CloudPets toy functionality using Web Bluetooth