一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Play Doh Windows ACL Tools

信息安全面试题汇总

A method of bypassing EDR's active projection DLL's by preventing entry point exection

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

通过WindowsAPI获取用户凭证，并保存到文件中

A basic emulation of an "RPC Backdoor"

Protect and discover secrets using Gitleaks 🔑

GetWeChat DBPassword&&UserInfo(获取PC数据库密码以及相关微信用户信息支持多系统数据库解密)

geacon:简单适配了一个profile配置文件,可直接拿来修改使用,用于cs上线linux.

手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新：2023年02月

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

MS-FSRVP coercion abuse PoC

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Misc TaskScheduler Plays

应对渗透中极限环境下命令回显 & 文件落地

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

captcha-killer的修改版，主要用于验证码爆破，适配新版Burpsuite

👻Stowaway -- Multi-hop Proxy Tool for pentesters

BloodyAD is an Active Directory Privilege Escalation Framework

gitlab version index

Windows Token Stealing Expert

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Interesting APT Report Collection And Some Special IOC

cs4.4修改去特征狗狗版(美化ui,去除特征,自带bypass核晶截图等..)

替代PrintBug用于本地提权的新方式，主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized