Security Research

A DNS rebinding attack framework.

自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch)，包含未授权访问及常规弱口令检测

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Exploit for CVE-2019-11043

The new Windows Terminal and the original Windows console host, all in the same place!

HomePwn - Swiss Army Knife for Pentesting of IoT Devices

Sandbox for automated Linux malware analysis.

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

Collection of scripts and writeups

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

渗透 超全面的渗透资料💯 包含：0day，xss，sql注入，提权……

Penetration tests guide based on OWASP including test cases, resources and examples.

Checklist of the most important security countermeasures when designing, testing, and releasing your API

the Network Protocol Fuzzer that we will want to use.

Python3 script to parse txt files containing Mimikatz output

Win32k Elevation of Privilege Poc

Red Teaming Tactics and Techniques

Tool Information Gathering Write By Python.

CVE-2019-5418 - File Content Disclosure on Ruby on Rails

Find exploit tool

📃 A list of practical projects that anyone can solve in any programming language.

📟 Links to others' solutions to Projects (https://github.com/karan/Projects/)

Ghidra is a software reverse engineering (SRE) framework

The Shadow Attack Framework

My simple Swiss Army knife for http/https troubleshooting and profiling.

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

CVE-2018-8581

Exchange your privileges for Domain Admin privs by abusing Exchange