微信客户端取证，可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录))；支持获取多用户信息，不定期更新新版本偏移，目前支持所有新版本、正式版本

Fast passive subdomain enumeration tool.

OneForAll是一款功能强大的子域收集工具

Some demos to bypass EDRs or AVs by 78itsT3@m

AV/EDR evasion via direct system calls.

THIS PROJECT HAS BEEN DELETED

Pull some Malware samples here for other security researchers/malware analyst's to analyze and play with.

Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WM…

内网渗透工具

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

🔥 Web-application firewalls (WAFs) from security standpoint.

An Easy / Quick / Cheap Integrated Platform

Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)

SQLI labs to test error based, Blind boolean based, Time based.

Some tools for CTF off line

Extracting Clear Text Passwords from mstsc.exe using API Hooking.

This is a webshell open source project

Pre-Built Vulnerable Environments Based on Docker-Compose

Impacket is a collection of Python classes for working with network protocols.

CTF Training 经典赛题复现环境

Burp被动扫描流量转发插件

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Burpsuite-Plugins-Usage

Web Pentesting Fuzz 字典,一个就够了。

The ultimate WinRM shell for hacking/pentesting

A tool to abuse Exchange services

List of Awesome Asset Discovery Resources

Gitbook