Various tips & tricks

Shielder's public proof of concepts collection

Contextual Content Discovery Tool

Just Ceal It (可用于无代理合法抵御网络中间人攻击)

Erlang distribution weaknesses and tooling

配合 CVE-2023-22515 后台上传jar包实现RCE

CVE-2023-22527 内存马注入工具

Accept URLs on stdin, replace all query string values with a user-supplied value

Mac OS X Keychain Forensic Tool

Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.

免杀webshell生成工具

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境

Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information g…

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Collection of wordlists

Go scripts for checking API key / access token validity

PoC of how to exploit a RCE vulnerability of the example DAGs in Apache Airflow <1.10.11

A windows token impersonation tool

IP to ASN list

gRPC-Web Pentesting Suite + Burp Suite Extension

Authenticated SSRF in Grafana

All about bug bounty (bypasses, payloads, and etc)

Secret and/or credential patterns used for gf.

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.

PingCastle - Get Active Directory Security at 80% in 20% of the time

Covenant is a collaborative .NET C2 framework for red teamers.