best tool for finding SQLi,XSS,LFi,OpenRedirect

Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA …

A Go implementation of Cobalt Strike style BOF/COFF loaders.

Sliver agent rewritten in C++

Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.

Real Time Website Builder

Incredibly fast crawler designed for OSINT.

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allo…

Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…

real time face swap and one-click video deepfake with only a single image

A Bypass Anti-virus Software Lateral Movement Command Execution Tool

.NET assembly loader with patchless AMSI and ETW bypass

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

RDL的堆溢出导致的RCE

绕过AV/EDR的代码例子（Code example to bypass AV/EDR）

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and re…

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

一款集成了DLL-Session0注入，APC注入，映射注入，线程劫持，函数踩踏，提权的工具(支持BIN加解密)

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.