Starkiller is a Frontend for PowerShell Empire.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Remote Code Injection In Log4j

scalpel是一款命令行漏洞扫描工具，支持深度参数注入，拥有一个强大的数据解析和变异算法，可以将常见的数据格式（json, xml, form等）解析为树结构，然后根据poc中的规则，对树进行变异，包括对叶子节点和树结构 的变异。变异完成之后，将树结构还原为原始的数据格式。

基于python实现http服务器，支持文件夹/文件上传和下载

Cobalt Strike Malleable C2 Design and Reference Guide

Smart Activation Script

a lightweight, flexible and novel open source poc verification framework

一个LDAP请求监听器，摆脱dnslog平台

Redis-Attack By Replication (通过主从复制攻击Redis)

🍯 A Most Convenient Honeypot Platform. 🐝🐝🐝 🐝🐝

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetN…

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

1000+ Github Security Resource Collection Repos.

The Rogue Access Point Framework

Fluxion is a remake of linset by vk496 with enhanced functionality.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感字检测、DNS监测、网站可用性监测、漏洞库管理、安全预警等等~

A collection of hacking / penetration testing resources to make you better!

fiddler output to pcap

a very fast brute force webshell password tool

PHP安全SDK及编码规范

JAVA安全SDK及编码规范