Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Claude Code 免杀 SubAgents

Project N.O.M.A.D, is a self-contained, offline survival computer packed with critical tools, knowledge, and AI to keep you informed and empowered—anytime, anywhere.

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.

Execute commands interactively on remote Windows machines using the WinRM protocol (just faster)

KrbRoastParser is a tool for parsing Kerberos packets from pcap files to extract AS-REQ, AS-REP and TGS-REP hashes

Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data

Damn Vulnerable MCP Server

轻量级的 Active Directory 枚举工具，用于收集域环境中的信息

Physical penetration testing is a critical aspect of security assessment that involves simulating real-world attacks to evaluate the effectiveness of physical security controls.

Smart keylogging capability to steal SSH Credentials including password & Private Key

Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应，帮助安全测试人员更快速地发现潜在的安全漏洞。

Flutter Reverse Engineering Framework

Azure Post Exploitation Framework

Extract and execute a PE embedded within a PNG file using an LNK file.

Code go audit tool with ai

Cobalt Strike 的 CVE-2024-35250 的 BOF。(请给我加个星，谢谢。)

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。

A Reflective Loader for macOS

Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)

Tool to aid in dumping LSASS process remotely

Simple C# Redirector