Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it wi…

One-click injection into the SSHD process to record and send the password for ssh login

improved shellcode template for b1tg/rust-windows-shellcode

Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading

COFF and BOF Loader written in Nim

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A C2 post-exploitation framework

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.

Gather and update all available and newest CVEs with their PoC.

UDP implant

Inject .NET assemblies into an existing process

域渗透脑图中文翻译版

Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.

重点系统指纹识别的工具

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis一键利用，mysql数据库查询，winrm横向利用，多种服务利用支持socks5代理执行）

免杀，bypassav，免杀框架，nim，shellcode，使用nim编写的shellcode加载器

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)

Beacon.dll reverse

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

dubbo快速利用exp，基本上老版本覆盖100%。

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

BloodyAD is an Active Directory Privilege Escalation Framework

Modern tactical exploitation toolkit.

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!