The Browser Exploitation Framework Project

bloodhound 汉化及规则

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

The SpecterOps project management and reporting engine

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Domain Password Audit Tool for Pentesters

Never ever ever use pixelation as a redaction technique

HTB Certified Penetration Testing Specialist CPTS Study

A tool for exporting Yuque documents as markdown.

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台

WhiteWinterWolf's PHP web shell

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A flexible scanner

Software to identify the different types of hashes used to encrypt data and especially passwords

my oscp notes

AntSword 自定义编(解)码器分享

ImTip 智能桌面助手：仅 818 KB，提供输入跟踪提示 + 超级热键，可将各种桌面应用快速接入 AI 大模型

Command-line program to download videos from YouTube.com and other video sites

Check your WAF before an attacker does

Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/

一个基于 Android 调试 API + 百度地图实现的虚拟定位工具，并且同时实现了一个可以自由移动的摇杆

🦄️ 🎃 👻 Clash Premium 规则集(RULE-SET)，兼容 ClashX Pro、Clash for Windows 等基于 Clash Premium 内核的客户端。

渗透测试报告生成工具

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

弱口令检测、 漏洞扫描、端口扫描（协议识别，组件识别）、web目录扫描、等保模拟定级、自动化运维、等保工具（网络安全等级保护现场测评工具）内置3级等保核查命令、基线核查工具、键盘记录器

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。