Official-ish Fork of Shell In A Box

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

警惕 一种针对红队的新型溯源手段!

一个攻防知识仓库 Red Teaming and Offensive Security

WebCrack是一款web后台弱口令/万能密码批量检测工具，在工具中导入后台地址即可进行自动化检测。

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

Android real-time display control software

Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境

一个拦截 XSSI & 识别Web蜜罐的Chrome扩展

一款可以检测WEB蜜罐并阻断请求的Chrome插件

一款完全被动监听的谷歌插件，用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Ypora 最新版激发教程

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

A pleasant note-taking platform in native C++.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.

备考 OSCP 的各种干货资料/渗透测试干货资料

A Swiss Army knife for developers.

my oscp notes

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

镜像网站合集

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.

学习OSCP时不认识的单词汇总整理成此表。