Stars
微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录));支持获取多用户信息,不定期更新新版本偏移,目前支持所有新版本、正式版本
Fast passive subdomain enumeration tool.
Some demos to bypass EDRs or AVs by 78itsT3@m
AV/EDR evasion via direct system calls.
Pull some Malware samples here for other security researchers/malware analyst's to analyze and play with.
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WM…
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
🔥 Web-application firewalls (WAFs) from security standpoint.
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)
SQLI labs to test error based, Blind boolean based, Time based.
Extracting Clear Text Passwords from mstsc.exe using API Hooking.
Pre-Built Vulnerable Environments Based on Docker-Compose
Impacket is a collection of Python classes for working with network protocols.
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
The ultimate WinRM shell for hacking/pentesting
List of Awesome Asset Discovery Resources