MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

IDA Hexrays To CodeQL

IDA Hexrays To Joern

Python PTY backdoors - full PTY or nothing!

Python implementation for PetitPotam

This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users…

自动化批量发送钓鱼邮件（横戈安全团队出品）

《云原生安全：攻防实践与体系构建》资料仓库

RouterOS Security Research Tooling and Proof of Concepts

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities

AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.

Small and highly portable detection tests based on MITRE's ATT&CK.

An open-source PAM tool alternative to CyberArk. 广受欢迎的开源堡垒机。

A dancing with interpreter and compiler

A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno RAT, and cloned/derivative RAT families.

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

ebpfkit is a rootkit powered by eBPF

LKM Linux rootkit

Linux kernel rootkit

PowerRunAsSystem is a PowerShell script, also available as an installable module through the PowerShell Gallery, designed to impersonate the NT AUTHORITY/SYSTEM user and execute commands or launch …

Azure AD (Entra ID) enumeration tool. Find related domains and tenant information in a simple way.

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

User Mode Windows Rootkit

A zero dependency and customizable Python library for scanning Windows and Linux process memory.

Bypass LSA protection using the BYODLL technique

dump Chrome cookies remotely with atexec and CDP

We developed GRAT2 Command & Control (C2) project for learning purpose.