🗽 基于Socket RAW，利用 NTLMSSP 探测 Windows远程主机信息

🧠碎片化知识

RCE 0-day for GhostScript 9.50 - Payload generator

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Potentially dangerous files

An implementation of NSA's ExplodingCan exploit in Python

本项目是一个远程控制应用，使用 Golang 开发，允许用户通过 Web 界面远程控制和屏幕监控其他计算机。主要功能包括屏幕共享、鼠标和键盘控制以及键盘记录。

复杂请求下的Shiro反序列化利用工具

xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作，上传，job等相应操作。

一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

最好用最智能最可控的目录爆破工具 | The most powerful, user-friendly, intelligent, and precise HTTP buster.

Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

sqlmap Xplus 基于 sqlmap，对经典的数据库注入漏洞利用工具进行二开！

Check your ranking in GitHub! Don't forget to star ⭐ this repository.

Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels

eBPF Developer Tutorial: Learning eBPF Step by Step with Examples

The useful exploit finder

the LLM vulnerability scanner

IoT固件漏洞复现环境

汽车/安卓/固件/代码安全测试工具集

一款lcx.exe在golang下的实现, 可用于内网穿透, 建立TCP反弹隧道用以绕过防火墙入站限制等, This tool is used to establish reverse tunnel in NAT network environment, it can bypass firewall inbound restriction, support all functions of …

Thinkphp3/5 Log文件泄漏利用工具

Cobalt Strike random C2 Profile generator

Security & Development

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

OSINT tool for finding profiles by username

一款适用于以APP病毒分析、APP漏洞挖掘、APP开发、HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、鸿蒙)辅助分析工具

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!