MADB :: Rucker :: Security Researcher

      ___           ___           ___           ___           ___           ___     
     /\  \         /\__\         /\  \         /\__\         /\  \         /\  \    
    /::\  \       /:/  /        /::\  \       /:/  /        /::\  \       /::\  \   
   /:/\:\  \     /:/  /        /:/\:\  \     /:/__/        /:/\:\  \     /:/\:\  \  
  /::\~\:\  \   /:/  /  ___   /:/  \:\  \   /::\__\____   /::\~\:\  \   /::\~\:\  \ 
 /:/\:\ \:\__\ /:/__/  /\__\ /:/__/ \:\__\ /:/\:::::\__\ /:/\:\ \:\__\ /:/\:\ \:\__\
 \/_|::\/:/  / \:\  \ /:/  / \:\  \  \/__/ \/_|:|~~|~    \:\~\:\ \/__/ \/_|::\/:/  /
    |:|::/  /   \:\  /:/  /   \:\  \          |:|  |      \:\ \:\__\      |:|::/  / 
    |:|\/__/     \:\/:/  /     \:\  \         |:|  |       \:\ \/__/      |:|\/__/  
    |:|  |        \::/  /       \:\__\        |:|  |        \:\__\        |:|  |    
     \|__|         \/__/         \/__/         \|__|         \/__/         \|__|

The idea is not to “know everything” but to know where to look. Google is a haystack and gems are hard to find (or memorize).

Also you could quickly grep all you need.

curl https://raw.githubusercontent.com/Ruuucker/Ruuucker.github.io/master/_data/madb.json

windows

exploit

DonPAPI Dumping DPAPI credz remotely

Windows Exploits

PoC in GitHub Exploits

noPac noPac with compilen biraries

whatsapp-mitd-mitm PoC and tools for exploiting CVE-2020-6516 (Chrome) and CVE-2021-24027 (WhatsApp)

Introduction Exchange pwn tool

ProxyVulns ProxyLogon/ProxyShell/ProxyOracle

ProxyShell ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

lsarelayx NTLM relaying for Windows made easy

CallbackHell Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CVE-2021-42321 Microsoft Exchange Server Poc

CVE-2021-43224-POC Windows Common Log File System Driver POC

Invoke-noPac

Proxy-Attackchain proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool

pyrdp RDP mitm

spooler-splenumforms-iov spooler PoC exploit

win-brute-logon Crack any Microsoft Windows users password without any privilege (Guest account included)

CVE-2022-21971 PoC for CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability

LyncSniper LyncSniper: A tool for penetration testing Skype for Business and Lync deployments

SpoolSploit A collection of Windows print spooler exploits

GitHub Printer Expoit Toolkit

PetitPotam Another Petit Potam PoC, not yet pathed

Certipy Active Directory Certificate Services to Domain Admin

PetitPotam

noPac CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.

sam-the-admin Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

targetedKerberoast Kerberoast with ACL abuse capabilities

noPac Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

BackupOperatorToDA From Backup Operator To Domain Admin

backup_dc_registry A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY

KrbRelayUp

ldap_shell AD ACL abuse

SpoolSample -> NetNTLMv1 -> NTLM -> Silver Ticket NetNTLM to Silver Ticket

MakeMeEnterpriseAdmin Elevated Domain Admins to Enterprise Admins

gMSADumper gMSADumper, if you user have rights to do it

GitHub creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT

Rubeus Kerberos attacks

SharpLAPS post exploatation LASP password dump via LDAP

DeathStar automate gain of domain admin and uses Empire

ADCSPwn A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

Abusing Kerberos Resource-Based Constrained Delegation

Remote Potato From Domain User to Enterprise Admin

Abusing LNK "Features" for Initial Access and Persistence LNK user-action payload

SharpSpray Pass Spray against all Domain users

PowerShell MachineAccountQuota and DNS exploit tools Machine Account and DNS exploit

SessionGopher Powershell script extracts saved session remote or localy

tokenduplicator Tool to start processes as SYSTEM using token duplication

DFSCoerce

AutoPWN-Suite AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

msdt-follina Codebase to generate an msdt-follina payload

follina.py POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes

CVE-2022.ps1

NoFaxGiven Code Execution & Persistence in NETWORK SERVICE FAX Service

CVE-2021-34527 PrintNightmare (CVE-2021-34527) PoC Exploit

NegoExRelay This tool allows you to relay NegoEx (with PKU2U) authentication to other copmuter and authenticate without knowing the credentials

lnkbomb Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

lateral

SharpRDP Execute commands on remote machine using rdp without screen, cool stuff

wmiexec-RegOut Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.

WMEye WMI Event Filter and MSBuild Execution for lateral movement

CheeseTools Lateral Movement

Invoke-TheHash Pass the Hash from powershell

Liquid Snake fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

SharpWSUS

SharpRDPHijack A POC Remote Desktop (RDP) session hijack utility for disconnected sessions

SCShell Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

local

SharpUtils Cobalt Strike sharp extenders

aDLL

Advanced-Process-Injection-Worksho

Embuche Anti-reverse Compilation

NPPSpy

pe_to_shellcode Converts PE into a shellcode

DET (extensible) Data Exfiltration Toolkit (DET)

SharpSelfDelete idk

heaptrace helps visualize heap operations for pwn and debugging

RustSCRunner shellcode runner and injector

Invoke-DLLClone Dll into dll inject (or something like that)

Khepri Khepri is a Cross-platform agent, the architecture and usage like Cobalt Strike but free and open-source.

CertStealer Export certs without touching disk

my-Little-Ransomware easy ransomware module based on csharp

DarkLoadLibrary LoadLibrary for offensive operations (from disk, memory + don't lint to PEB )

GitHub OffSec RPC, I think its for shells and etc

nosferatu Backdoor similar to Skeleton Key but in one single Windows machine via inject DLL into lsass

lsassy Remote dump lsass

HellsGate Rewrote HellsGate in C# for fun and learning

PrivFu Kernel mode WinDbg extension and PoCs for token privilege investigation.

SharpGhosting Process Ghosting in C#

CreateHiddenAccount A tool for creating hidden accounts using the registry

MirrorDump Dump Lsass dump stealty

trufflehog Find credentials all over the place

DumpNParse lsass dumper lsass parser

nanodump lsass dump

MalSeclogon Dump creds via fancy stuff

VX-API Collection of various WINAPI tricks / features used or abused by Malware

pth at master · EddieIvan01/win32api-practice · GitHu

ZipExec A unique technique to execute binaries from a password protected zip

Shellcode-Injection-Techniques

Registry-Recon Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon

SharpBeacon

Backstab A tool to kill antimalware protected processes

lateral Port forwarding via MSRPC (445/tcp) [WIP]

BokuLoader CobaltReflectiveLoader

backdoorme powerful auto-backdooring utility

wmkick MITM tool that targets NTLM authentication message flows in WMI

WindowsPermsPoC A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows

GitHub Passwords from FireFox

GitHub C# reflective loader

Invoke-Vnc - a powershell VNC injector powershell VNC in memory inject

Injector process injection tech things

minhook API hooking library

mimikittenz Get info from memory

RID Hijacking: Maintaining Access on Windows Machines RID persistance

GitHub Virtual Machine Detection

offensiveph User-Mode Bypass via driver install

veeam-creds Collection of scripts to retrieve stored passwords from Veeam Backup

GitHub Bypass UAC

NetRipper

DoUCMe Invisible user

Spraykatz Retrieve credentials on Windows

RdpThief Retrieve credentials from RDP

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS Get hashes without lsass.exe

forkatz Creds dump with SeTrustedCredmanAccessPrivilege

community experiment. Dont use this for now unless it is for testing or submitting a PR. RDP creds dump

SharpSploit SharpSploit

Invoker Red Team injection and process and other things tool

SharpImpersonation A User Impersonation tool - via Token or Shellcode injection

GitHub Dump lsass with direct WinAPI calls bypassing EDR and API hooking

GitHub Reflect DLL injection

MemoryModule Memory DLL loading

Blackbone Memory Hijack lib

Mapping-Injection another windows process injection

BypassUAC UAC bypass

Empire Post Exp Framework, agents on pure powershell

SafetyKatz A bit modified mimikatz

DueDLLigence DLL side loading

GitHub ShellCode generation

RuralBishop ShellCode generation

Seatbelt C# sec checks

GitHub A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts

PowerLsassSilentProcessExit Powershell Lsass Silent proc dump

LsassSilentProcessExit Lsass Silent proc dump

SharpHook OffSec api hooking

EDRHunt Recon EDRs and AVs on Windows

GitHub Process Inject .NET

EDRs Where EDRs puts hooks

Beaconator Cobalt Strike generator

HatVenom HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

PowerRemoteDesktop Remote Desktop entirely coded in PowerShell.

README.md C# and Beacon Object File to capture creds

CallStackSpoofer

Dumpy Reuse opened handles to dynamically dump LSASS using Dinvoke_rs.

NlsCodeInjectionThroughRegistry Dll injection through code page id modification in registry. Based on jonas lykk research

PPLdump Dump the memory of a PPL with a userland exploit

revbshell ReVBShell - Reverse VBS Shell

Nidhogg Nidhogg is an all-in-one simple to use rootkit for red teams.

SharpEventPersist Persistence by writing/reading shellcode from Event Log

hygieia Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.

ICMP-TransferTools Transfer files to and from a Windows host via ICMP in restricted network environments.

WindowsExploitationResources Resources for Windows exploit development

siofra DLL Hijacking vuln searcher and exploiter

FlavorTown Various ways to execute shellcode

<a href="https://github.com/eladshamir/RPC-Backdoor" title="A basic emulation of an "RPC Backdoor"">RPC-Backdoor</a> A basic emulation of an "RPC Backdoor"

Suborner Invisible account

RIPPL RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows

PSAsyncShell PowerShell Asynchronous TCP Reverse Shell

hoaxshell Rev shell with https and MS WD evasion

lpe

NTLMRelay2Self An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation WinPEAS

HiveNightmare LPE via incorrect SAM reading permission

BeRoot For Windows BeRoot windows

Petitpotam & Potato exploit

DESCRIPTION Win exploit suggester

HandleKatz IC lsass dumper using cloned handles

CVE-2022-21882 win32k LPE

Auto-Elevate

GitHub UAC bypass, Elevate, Persistence methods

RoguePotato Another Potato

JuicyPotato

MultiPotato

CVE-2021-1732 at master · Al1ex/WindowsElevation · GitHub

InstallerFileTakeOver LPE

RogueWinRM Windows Local Privilege Escalation from Service Account to System

PrintSpoofer Abusing Impersonation Privileges on Windows 10 and Server 2019

LeakedHandlesFinder Leaked Windows processes handles identification tool

CdpSvcLPE Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)

UACHooker

RunAsWinTcb Search and inject DLL into higher processes

recon

KnockOutlook Outlook recon tool, extract mails, contacts

SharpSniper Get IP from creds

nextnet Scan window's 137 udp to get interfaces and hostname

NtdsAudit Show statistic about accounts and passwords

Invoke-ACLpwn ACL attack in AD

Active Directory Integrated DNS dump tool Dump AD dns records

SharpOxidResolver Nextnet of AD, tells network devices via DCOM

Ping Castle AD scanner script with many checks

AD Explorer Legit tool for AD recon, nice as a BloodHound replace

Kerbrute Bruteforce usernames in AD via kerb pre-auth

LDAP Monitor Monitor creation, deletion and changes to LDAP objects live during your pentest.

PlumHound Bloodhound for Blue and Purple Teams

MAN-SPIDER SMB share file searcher

Download from https://github.com/adrecon/ADRecon AD Recon

adPEAS Powershell tool to automate Active Directory enumeration.

Snaffler Find everything on file shares across AD

LdapRelayScan

adalanche: Active Directory ACL Visualizer and Explorer Active Directory ACL Visualizer - who's really Domain Admin?

PywerView Powerview but remote and python!

AD ACL Scanner ACL scanner in AD

ACLight Search for admins in AD, even Shadow Admins

SharpView PowerView but Sharp

powerview.py PowerView alternative

ldeep In-depth ldap enumeration utility

aced Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL

SauronEye Search tool to find specific files containing specific words, i.e. files containing passwords..

Max Maximizing BloodHound. Max is a good boy.

FindUncommonShares

smb2os Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019

ExchangeFinder Find Microsoft Exchange instance for a given domain and identify the exact version

VulnerabilitiesDataImport BloodHound extension

windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

What is Impacket?

LazySign Fake certs for windows binaries

RandomPS-Scripts

Active-Directory-Exploitation-Cheat-Sheet A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Active-Directory-Wordlists Active Directory Wordlists

malicious-pdf

Nishang All in one tool for everything in powershell

Weaponry

RedRabbit

CredPhish PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS

Misc-PowerShell Nice tools

DSInternals Directory Services Internals (DSInternals) PowerShell Module and Framework

Sharp-Suite

CrackMapExec crackmapexec

PowerShellArmoury A PowerShell armoury for security guys and girls

0 to 0.9 EVERYTHING you need to pwn AD

Lucifer Multi-tool

Firewall_Walker_BOF A BOF to interact with COM objects associated with the Windows software firewall.

cqtools Nice toolkit for all things that you need

LOLBAS Everyfind you need when u live off the land

powercat NetCat for windows

Generator Payload Generation

GoFetch Nice stuff to automate post-bloodhound activity

SharpSystemTriggers Collection of remote authentication triggers in C#

About BloodHound BloodHound

PowerShx Run Powershell without software restrictions.

ForgeCert Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory

Windows & Active Directory Exploitation Cheat Sheet and Command Reference Windows & Ad exploitation Cheat Sheet

WinPwn

Microsoft Wont-Fix-List MS wont fix vulners list

GitHub PowerSploit

microsoft-rpc-fuzzing-tools

Coercer

Privilege

PowerShell-Red-Team Collection of PowerShell functions a Red Teamer may use in an engagement

SilentHound BloodHound but only with LDAP options?

Masky Dump user credentials using only ADCS! No lsass.exe is needed anymore

krbrelayx Kerberos unconstrained delegation abuse toolkit

Certipy Tool for Active Directory Certificate Services enumeration and abuse

linux

exploit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

CVE-2021-4034 Exploit for CVE-2021-4034

local

MimiPenguin 2.0 Get creds from current user session

ProcDump proc dump for Linux

ssh-backdoo ssh-bachdoor

casper-fs Custom Hidden Linux Kerbel Module generator

HiddenWall Linux Kerbel hidden firewall

GitHub Tool for making your nc reverse shell more friendly

GTFOBins LPE and usefull stuff

dismember Memory search and dump

TripleCross

certificate-ripper Cross platform cert ripper

zapret Обход DPI в linux

Sandman Sandman is a NTP based backdoor for red team engagements in hardened networks.

lpe

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation LinPEAS

emp3r0r

BeRoot For Linux BeRoot linux

Traitor Linux privesc via exploitation of low-hanging fruit

recon

ipcdump Linux IPC inspection tool

ApacheTomcatScanner A python script to scan for Apache Tomcat server vulnerabilities.

mac

objective Lots tools for Apple Mac, written on Objective-C

se

GitHub Fun tools with several modules included SMS sending

xlsxPoison turn regular Excel files into Excel file with macro

Phishing with fake meeting invite

PhishMailer

Pickl3 RDP creds phising

zphisher Phising framework with templates

detection

What is this? Indentify everything, exe\bin files, hashes, pcap dumps, strings - very useful

windows

Windows These is actually more than just windows in this blog

Microsoft-eventlog-mindmap

sysmon

sysmon-config | A Sysmon configuration file for everybody to fork

Sysmon - DFIR

Sysmon - malwarearchaeology

TrustedSec Sysmon Community Guide

sysmon-modular | A Sysmon configuration repository for everybody to customise Sysmon configs modules

Detecting Dll Unhooking

other

CyberBattleSim Self-learning defender, interesting stuff

1. Capsulecorp Pentest set up test lab

Installation (Install Script) Making your windows machine more like Kali, contains many useful stuff pre-installed, good thing for researchs and so on

Red-Team-Infrastructure-Automation Red Team Infra setup

report

PwnDoc Note and Report tool

Serpico Note and Report tool

Invuls Book to write your pentest adventure

linux

Sysmon For Linux install and build instructions Sysmon For Linux!

FalconEye: Real-time detection software for Windows process injections Real Time proc injection detection tool, runs as kernel driver and using api hooks

Vindicate

ClamAV Open Source AV

DFIRT (DFIR Tool) Kinda forensic tool, collects event logs, powershell history and more

TallGrass AV exclusion enumeration in Python

Winshark A wireshark plugin to instrument ETW

process_creation_dumpstack_log_evasion.yml at 7b08986f4bc257aba4ae2c5a53d5112ef48af9e3 · SigmaHQ/sigma · GitHub Sigma rules

hayabusa sigma-based event generator for Event Logs in Rust

WELA WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs!

pwnspoo for ctf making

chainsaw Rapidly Search and Hunt through Windows Event Logs

Awesome-CobaltStrike-Defence Defences against Cobalt Strike

SilkETW Service or tool for managing ETW logs and transport them

pipe-intercept Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

kubescape

evasion

charlotte Undetected shellcode, could use with meterpreter

InlineWhispers2

process_ghosting

Thread Stack Spoofing / Call Stack Spoofing PoC PoC for an advanced In-Memory evasion

Shellcode Fluctuation PoC Shellcode in memory evasion

How to bypass Defender in a few easy steps Bypassing Win Defender

Chameleon

Invoke-Obfuscation v1.8 Powershell objuscation

Introduction .net obfuscator

Phant0m | Windows Event Log Killer Windows Event Log Killer

GitHub AMSI bypass

GitHub Top AV Evasion

DripLoader (PoC) ShellCode what bypass EDRs

Process Herpaderping Process Herpaderping

Shellycoat Shellycoat is a utility designed to aid in bypassing User-Mode hooks

pwncat Firewall, IDS/IPS evasion

Invisi-Shell Powershell script invisiable

EXOCET - AV-evading, undetectable, payload delivery tool AV evading delivery tool

CopyCat Defender bypass mimikatz rapper

PSSW100AVB Powershell scripts with AV bypasses

GitHub Jaws is an invisible programming language! Inject invisible code into other languages and files!

GitHub Detecting Traps

RefleXXion EDR api hooks bypass via syscalls

mortar

SyscallPack BOF and Shellcode for full DLL unhooking using dynamic syscalls

NimHollow Process Hollowing using syscalls

SysWhispers3 SysWhispers on Steroids - AV/EDR evasion via direct system calls.

anti-anti-vm-detection-dll-

VBoxHardenedLoader VirtualBox VM detection mitigation loader

BypassAnti-Virus 免杀姿势学习、记录、复现。

OffensivePipeline Download, compile, and obfuscate C# tools without VS!

DefenderCheck Identifies the bytes that Microsoft Defender flags on.

EDRSandblas

EDR

toriptables3 Forward all traffic through Tor network easy

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools

OffensiveVBA This repo covers some code execution and AV Evasion methods for Macros in Office documents

Ghost-In-The-Logs Evade sysmon and windows event logging

Huan Encrypted PE Loader Generator

Bypass_AV

bypassAVNote

TartarusGate TartarusGate, Bypassing EDRs

Payload-Download-Cradles

SysmonQuiet RDLL for Cobalt Strike beacon to silence sysmon process

BokuLoader

Shelltropy A technique of hiding malicious shellcode via Shannon encoding.

nim-loader WIP shellcode loader in nim with EDR evasion techniques

Mangle

FunctionStomping A new shellcode injection technique. Given as C++ header, standalone Rust program or library.

ev EV: IDS Evasion via Packet Manipulation

Nimcrypt2 .NET, PE, & Raw Shellcode Packer/Loader Written in Nim

PerunsFart This is my own implementation of the Perun's Fart technique by Sektor7

SysmonEnte Cover your tracks by manipulating Sysmon events itself

APIHashReplace Repository for API Hashing script detailed in the Huntress Blog

EtwSessionHijacking A Poc on blocking Procmon from monitoring network events

EDRSandblast at DefCon30Release

AceLdr Cobalt Strike UDRL for memory scanner evasion.

Shhhloader Syscall Shellcode Loader (Work in Progress)

TamperingSyscalls

ADVobfuscator Obfuscation library based on C++11/14 and metaprogramming

DeathSleep

Pesidious Malware Mutation Using Reinforcement Learning and Generative Adversarial Networks

web

Web-Application-Pentest-Checklist Checklist from Frogy

uDork - Google Hacking Tool Google Dork scanner

A skidalicious cheat sheet of webapp exploitation techniques Web Checklist

ppfuzz Prototype Pollution scan

protoscan Prototype pollution scanner

gitjacker

Harpoon CLI tool for open source and threat intelligence

CyberChef Knife - a web app for encryption, encoding, compression and data analysis

GitHub Burp Plugin search for hidden parameters

BugBounty Tips Bug Bounty tips

feroxbuster A fast, simple, recursive content discovery tool written in Rust.

crawpy Yet another content discovery tool

SSRF Cheat Sheet & Bypass Techniques SSRF cheat sheet bypass

HOOKSHOT Automate cwarl site for emails and accounts

Description Python Port of Wappalyzer

webanalyze Go port of Wappalyzer

GitHub Web content discover script

GitHub 2FA bypass

GitHub Web Hackers Weapons

Bug Bounty Cheat Sheet Web BugBounty Cheat Sheet

Bypass Cloudflare CloudFlare bypass

awesome-apisec API security tools and resources

AllAboutBugBounty

socialhunter Nice stuff to search for broken link on site and hijack it

curl-impersonate curl-impersonate: A special compilation of curl that makes it impersonate Chrome & Firefox

webb Python: An all-in-one Web Crawler, Web Parser and Web Scrapping library!

LFISuite Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

rengine The only web application recon tool you will ever need!

second-order Second-order subdomain takeover scanner

svnExploit SvnExploit支持SVN源代码泄露全版本Dump源码

GitHack A `.git` folder disclosure exploit

dumpall 一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

git-dumper A tool to dump a git repository from a website

GitHacker A Git source leak exploit tool that restores the entire Git repository

goop dump a git repository from a website,

4-ZERO-3 403/401 Bypass Methods + Bash Automation + Your Support ;)

smuggler Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

webdiscover The purpose of this script is to automate the web enumeration process and search for exploits

mindmaps Mindmaps allow to organize and understand information faster and better.

DeepfakeHTTP DeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.

bypass-url-parser bypass-url-parser

OneListForAll Rockyou for web fuzzing

Awesome-RCE-techniques Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

nuclei Fast and customizable vulnerability scanner based on simple YAML based DSL.

cats REST API Fuzzer

supercookie Fingerprint

awesome-crawler A collection of awesome web crawler,spider in different languages

haptyc Build payloads

mentalist GUI worklist generation

sublazerwlst Bundle of wordlists for brute-forcing subdomains (World + RUSSIA based).

intelligence-wordlist-generator

Probable-Wordlists

wordlists/language-specifics

gorilla tool for generating wordlists or extending an existing one using mutations.

scan4all 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning

net

subjack DNS Subdomain takeover

TireFire All In One recon tool, great for HTB but maybe cool for pentests too

GitHub Nice thing to pivoting

BruteShark writes network diagrams and extract NTLM\Kerberos tickets from pcap

Responder/MultiRelay

LEGION - Automatic Enumeration Tool Auto port based scanner to find vulners from hacktricks

nesca Scan Internet

capsulecorp-pentest Docket, Kubernetes and other contenters scanner

trivy Scanner for vulnerabilities in container images, file systems, and Git repositories

DivideAndScan

HoneyCreds

Woolf Scan/Brute routers

Stargather Github repos recon tool

GitHub Passive traffic fingerprinter

nmap-formatter Nmap results to json, md, etc

badKarma network reconnaissance toolkit

STEWS A Security Tool for Enumerating WebSockets

DomainBorrowing DomainBorrowing

bettercap bettercap spoofing

What is this? Nmap but better

mitm6 IPv6 spoofing

Inveigh csharp responder for spoofing and mitm

GitHub csharp relay tool

Global Socket Connect like there is no firewall. Securely.

GitHub Reverse shell though NAT and everything

GitHub The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol. Maybe for spoofing?

Recon Tools Recon everything

EIGRPWN This repository contains tools for conducting attacks on the EIGRP routing domain.

GoWard A robust Red Team proxy written in Go.

vortex VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

http-proxy-ipv6-pool Make every request from a separate IPv6 address.

Notionion Notion as an HTTP proxy

packetsifterTool

DNS Reconnaissance DNSRecon

Fierce recon IP adresses of the domain

sonarbyte DNS subdomain scanner with a few tricks

StreamDivert Redirecting (specific) TCP, UDP and ICMP traffic to another destination.

DrawNmap Friendly graphical output of the nmap tool that allows filtering by open ports

dog-tunnel

Smap a drop-in replacement for Nmap powered by shodan.io

dnstake DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

dit DIT is a DTLS MitM proxy implemented in Python 3

gost GO Simple Tunnel - a simple tunnel written in golang

xc A small reverse shell for Linux & Windows

commix Automated All-in-One OS Command Injection Exploitation Tool.

c2

BlackMamba

GitHub Proxy bouncer for c2 traffic

Koadic Living Off The Land c2

Quasar Remote Admin tool

DoHC2 DNS over HTTPS c2

Mythic

Micro Backdoor for Windows c2 for windows

serpentine Win c++ RAT

Requirements Another DNS tunnel

Ninja V2.1 Released ( 31/07/2021 ) .

GitHub Multi OS RAT

awesome-command-control

Covenant Covenant is a collaborative .NET C2 framework for red teamers.

reverse-ssh Statically-linked ssh server with reverse shell functionality for CTFs and such

brute-ratel Docker Container for Brute Ratel

Brute-Ratel-C4-Community-Kit

sliver Adversary Emulation Framework

wifi

zizzania Great tool for capturing handshakes and de-auth attacks

airgeddon This is a multi-use bash script for Linux systems to audit wireless networks.

other

hcre modify wordlists over CLI on the fly using hashcat rules

bootkit-samples Bootkit sample for firmware attack

OffensiveRust Rust Weaponization for Red Team Engagements.

pegasus_spyware decompiled pegasus_spyware

MalwareSourceCode MalwareSourceCode

Trickbot leak

bruteforce-lists List for brute web, api, files, etc

browsh A fully-modern text-based browser, rendering to TTY and browsers

p2p

Slides

Exercises

adeleg Active Directory delegation management tool

nps Not PowerShell

RedTeam-Physical-Tools

findwall Check if your provider is blocking you!

powerlevel10k A Zsh theme

connmap

curlconverter Generate code from cURL commands

InsecureShop An Intentionally designed Vulnerable Android Application built in Kotlin.

hat hashcat automation tool

CTO IDA Plugin

gitoops CI\CD pipelines abuse

elpscrk An Intelligent wordlist generator based on user profiling, permutations, and statistics

antSword 中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.

hackthebox-1 HTB VS Code theme

Ventoy A new bootable USB solution.

ofrak OFRAK: unpack, modify, and repack binaries.

updog python -m http.server on max settings. Can use TLS and basic auth

gofetch CVE fetcher

multilinks

at-ps Adversary Tactics - PowerShell Training

Infrastructure

What is ired.team?

awesome-executable-packing A curated list of awesome resources related to executable packing

NIST CVE Search tool CVE search

cve Gather and update all available and newest CVEs with their PoC.

vxunderground

command-line-quick-reference quick reference on command line tools and techniques for the people with limited time

tmp.0ut

WADComs WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

awesome-hacking-lists Another hacking lists, now from chinese guys

Penetration-Testing-Tools

Experienced-Pentester-OSEP

Pentest tools

VX-API Collection of various malicious functionality to aid in malware development

Awesome-RedTeam-Cheatsheet Active Directory & Red-Team Cheat-Sheet in constant expansion.

hacks A collection of hacks and one-off scripts

KB База знаний сообщества DC7499

beginners.md

awesome-pentest-cheat-sheets Collection of the cheat sheets useful for pentesting

Awesome-Red-Teaming List of Awesome Red Teaming Resources

Red-Teaming-Toolkit

Pentesting-Notes Collection of different commands and techniques in Hacking

Pentest-Tools

AD-Pentesting

Awesome-Hacking-Resources A collection of hacking / penetration testing resources to make you better!

Awesome-Hacking A collection of various awesome lists for hackers, pentesters and security researchers

Cheatsheet-God Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

h4cker

Azure-Red-Team Azure Security Resources and Notes

Win32_Offensive_Cheatsheet Win32 and Kernel abusing techniques for pentesters

Awesome-CobaltStrike cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources