By write list bypassuac

一款代理扫描器

Burpsuite - Js Route Scan 正则匹配获取响应中的路由进行被动探测与递归目录探测的burp插件

An integrated BurpSuite vulnerability detection plug-in.

A email bomb/fake email tool, by Python

game of active directory

A book series on JavaScript. @YDKJS on twitter.

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

A list for Web Security and Code Audit

已集成到 jar-analyzer 中 https://github.com/jar-analyzer/jar-analyzer

模仿着写一个 chrome 插件，用来快速调试前端 js 代码。

xia Liao（瞎料）burp插件 用于Windows在线进程/杀软识别 与 web渗透注册时，快速生成需要的资料用来填写，资料包含：姓名、手机号、身份证、统一社会信用代码、组织机构代码、银行卡，以及各类web语言的hello world输出和生成弱口令字典等。

原汁原味的ARL灯塔，在基础上进行了魔改优化

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Windows Token Stealing Expert

反向socks5代理, 关键词: go htran 重复造轮子 ssocks ew

GO Simple Tunnel - a simple tunnel written in golang

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

无状态子域名爆破工具

A Security Tool for Bug Bounty, Pentest and Red Teaming.

SharpSQLTools 和@Rcoil一起写的小工具，可上传下载文件，xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。

Linux privilege escalation auditing tool

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

Exploit for zerologon cve-2020-1472

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

对密码已保存在 Windwos 系统上的部分程序进行解析,包括：Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品（Xshell,Xftp)。源码：https://github.com/RowTeam/SharpDecryptPwd

This is a repo to tell you how Xmanager (XFtp, XShell) encrypt password. Transferred from https://github.com/DoubleLabyrinth/how-does-Xmanager-encrypt-password

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).