Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

4个 .soap 版本的WebShell（持续更新维护），优点：可以运行于子目录，突破了过去只能运行于根目录的限制。4个脚本分别支持调用cmd.exe/哥斯拉/冰蝎/天蝎 客户端。

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件

elevate -- start elevated processes from the command line

PyWxDump 的超级简化版

A BOF that runs unmanaged PEs inline

Pillager是一个适用于后渗透期间的信息收集工具

Generic PE loader for fast prototyping evasion techniques

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本（动态执行Java/Js代码并获得回显）

加载 BOF & ShellCode 无需可执行权限内存。Loading BOF & ShellCode without executable permission memory.

Collection of UAC Bypass Techniques Weaponized as BOFs

Command line interface for (running) BOFs

Automatically created C2 Feeds

Cobalt Strike UDRL for memory scanner evasion.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

PingCastle - Get Active Directory Security at 80% in 20% of the time

域信息收集工具

Get the unique machine id of any host (without admin privileges)

C# Data Collector for BloodHound

无Windows API的新型恶意程序：自缺陷程序利用堆栈溢出的隐匿稳定攻击技术研究，A new type of malicious program without Windows API

The best HTTP Static File Server, write with golang+vue

A simple http server built in golang

Fast HTTP enumerator

UltraVNC Server, UltraVNC Viewer and UltraVNC SC | Official repository: https://github.com/ultravnc/UltraVNC

An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

Microsoft Spy++

自动化dll劫持测试工具。Automated dll hijacking testing tool