Uncategorized
- Naturehi666/searchall - searchall3.5可以快速搜索服务器中的有关username,passsword,账号,口令的敏感信息还有浏览器的账户密码
- HyperSine/forensic-qqtoken - QQ安全中心 - 动态口令的生成算法 - 2020停更
- c1y2m3/ATAttack - 每获取一台机器权限,如果每次都手动操作重复一样的信息收集工作,无疑加大了工作量
- streaak/keyhacks - a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid
- BeetleChunks/redsails - a Python based post-exploitation project aimed at bypassing host based security monitoring and logging
- ElevenPaths/ibombshell - a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities (and in some cases exploitation)
- GhostPack/Seatbelt - a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives - 主机信息采集工具
- akayn/PostExploits - dll injection, process hollowing, RunPe, Keyloggers, UacByPass etc..
- MooseDojo/apt2 - automated penetration toolkit
- needmorecowbell/Hamburglar - collect useful information from urls, directories, and files
- mubix/post-exploitation
- nopernik/SSHPry2.0 - SSHPry v2 - Spy & Control os SSH Connected client's TTY - python实现,2017停更
- dmaasland/mcafee-config-decrypt - McAfee Config Decryptor, Tested up to version 10.7.0.667.17 of McAfee Endpoint Security
- m4ll0k/SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Desktop Apps
- OG-Sadpanda/SharpCalendar - .NET Assembly to Retrieve Outlook Calendar Details
- fasnow/idebug - 企业微信、企业飞书接口调用工具 - 没开源,谨慎使用!
Windows
- huntandhackett/concealed_code_execution - Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows
- S3cur3Th1sSh1t/SharpImpersonation - A User Impersonation tool - via Token or Shellcode injection
- lanKalendarov/SharpHook - inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials
- BambiZombie/SamAddUser - 利用 Samr 添加用户的 C# 版本
- Ben0xA/DoUCMe - leverages the NetUserAdd Win32 API to create a new computer account
- EquiFox/KsDumper - Dumping processes using the power of kernel space - 驱动没签名,得用capcom加载
- Rvn0xsy/PDacl - Play Doh Windows ACL Tools
- S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security - 1.1K star
- leftp/VmdkReader - .NET 4.0 Console App to browse VMDK images and extract files
- hlldz/Invoke-Phant0m - Windows Event Log Killer - 实战无意义,仅作为参考
- vysec/Invoke-ProcessScan - Gives context to a system - 识别主机里的进程,尤其是安全软件
- 3gstudent/List-RDP-Connections-History - Use powershell to list the RDP Connections History of logged-in users or all users
- djhohnstein/EventLogParser - Parse PowerShell and Security event logs for sensitive information
- mwrlabs/SharpClipHistory - read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build
- funkandwagnalls/ranger - A tool for security professionals to access and interact with remote Microsoft Windows based systems
- Pennyw0rth/NetExec - The Network Execution Tool - CME停止维护,换成这个了
- k0fin/eternalrelayx - Non-Admin NTLM Relaying & ETERNALBLUE Exploitation
- 411Hall/JAWS - Just Another Windows (Enum) Script
- dafthack/HostRecon - This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
- klsecservices/Invoke-Vnc - Powershell VNC injector
- infosecn1nja/SharpDoor - is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file
- BlackDiverX/cqtools - Unpacked tools of CQAcademy - 各种神器,少数工具原理不清楚
- QAX-A-Team/EventLogMaster - RDP日志取证&清除 - PS、CNA实现,eventlog进程处理不完善
- 0x09AL/RsaTokenExtractor - A simple toolkit on extracting RSA Software Tokens from RSA SecureID
- RedLectroid/SearchOutlook - A C# tool to search through a running instance of Outlook for keywords
- RedLectroid/OutlookSend - A C# tool to send emails through Outlook from the command line or in memory
- 3gstudent/easBrowseSharefile - browse the share file by eas(Exchange Server ActiveSync)
- twogood/unshield - Tool and library to extract CAB files from InstallShield installers
- SafeBreach-Labs/BITSInject - A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account
- quarkslab/quarkspwdump - Dump various types of Windows credentials without injecting in any process
- TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk
WSL
DPAPI
- login-securite/DonPAPI - Dumping DPAPI credz remotely
- GhostPack/SharpDPAPI - a C# port of some Mimikatz DPAPI functionality
RAM tools
- daddycocoaman/dumpscan - a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3
- cryptolok/CryKeX - Linux Memory Cryptographic Keys Extractor
- GhostPack/SafetyKatz - SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Loader
- bhdresh/lazykatz - an automation developed to extract credentials from remote targets - 通过smb、wmi等方式,直接将cs源代码复制过去编译执行,再通过共享复制回来
- TarlogicSecurity/tickey - Tool to extract Kerberos tickets from Linux kernel keys
- putterpanda/mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory
HTML/API tools
- D4Vinci/PasteJacker - Add PasteJacking to web-delivery attacks
- siemens/confluence-dumper - Tool to export Confluence spaces and pages recursively via its API
- clr2of8/SlackExtract - A PowerShell script to download all files, messages and user profiles that a user has access to in slack
- ejedev/SlackAttack - Python software with a PHP webpanel that injects a JS keylogger into the Slack desktop client - 分分钟失效的方案
- PaperMtn/slack-watchman - Monitoring you Slack workspaces for sensitive information
Linux
- jm33-m0/emp3r0r - linux post-exploitation framework made by linux user
- kernc/logkeys - A GNU/Linux keylogger that works
- Kabot/mig-logcleaner-resurrected - Resurrecting and updating the best log cleaner - 暴力清理,不推荐
- TheSecondSun/Bashark - Bash post exploitation toolkit
- kacperszurek/gpg_reaper - Obtain/Steal/Restore GPG Private Keys from gpg-agent cache/memory
- portcullislabs/linikatz - a tool to attack AD on UNIX
- r3vn/punk.py - unix SSH post-exploitation 1337 tool - 枚举本机的私钥
- JusticeRage/FFM - Freedom Fighting Mode: open source hacking harness
- zMarch/Orc - Orc is a post-exploitation framework for Linux written in Bash
- feexd/vbg - Visual Basic GUI: A Tool to Inject Keystrokes on a SSH Client via an X11 Forwarded Session - 利用XTEST反向攻击客户端
- JusticeRage/freedomfighting - A collection of scripts which may come in handy during your freedom fighting activities
- Rizer0/Log-killer - Clear all your logs in linux/windows servers - shred方式全删,实战价值不大
- re4lity/logtamper - python修改linux日志
Mac
- n00py/pOSt-eX - Post-exploitation scripts for OS X persistence and privesc
- LinusHenze/Keysteal - a macOS <= 10.14.3 Keychain exploit that allows you to access passwords inside the Keychain without a user prompt
Surveillance
- jkctech/Telegram-Trilateration - Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
- ggerganov/kbd-audio - Tools for capturing and analysing keyboard input paired with microphone capture
- n0a/telegram-get-remote-ip - Get IP address on other side audio call in Telegram