1rm

nushell

A new type of shell

traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

my-re0-k8s-security

:atom: [WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

terminaltexteffects

TerminalTextEffects (TTE) is a terminal visual effects engine, application, and Python library.

CVE-2024-1086

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

sRDI

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

jndi_tool

JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具

no-defender

A slightly more fun way to disable windows defender + firewall. (through the WSC api)

DroidSSLUnpinning

Android certificate pinning disable tools

telegram-phone-number-checker

Check if phone numbers are connected to Telegram accounts.

SaiDict

弱口令,敏感目录,敏感文件等渗透测试常用攻击字典

RingQ

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

xfrpc

The xfrpc project is a lightweight implementation of the FRP client written in C language for OpenWRT and IoT systems. It is designed to provide an efficient solution for resource-constrained devices such as OpenWRT routers and IoT devices, which often have limited ROM and RAM space.

OffensiveCpp

This repo contains C/C++ snippets that can be handy in specific offensive scenarios.

nuclei_poc

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

cnext-exploits

Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

HadesLdr

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

EDRPrison

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

RWX_MEMEORY_HUNT_AND_INJECTION_DV

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

RdpStrike

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.

BOF2shellcode

POC tool to convert CobaltStrike BOF files to raw shellcode

mssql-command-tool

xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作，上传，job等相应操作。

Spartacus

Spartacus DLL/COM Hijacking Toolkit

TrollAMSI

Webshell-loader

ASPX内存执行shellcode,绕过Windows Defender（AV/EDR）

FetchPayloadFromDummyFile

Construct the payload at runtime using an array of offsets

SharpElevator

SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and published in his brilliant post at: https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html

C2_Elevated_Shell_DLL_Hijcking

DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Security researchers identified this technique which uses a simplified process of DLL hijacking and mock folders to bypass UAC control. I tested this on Windows 10,11 and bypassed Windows 10 UAC security feature.

ring3-hidden

Hide processes, files, services in ring3, can help you develop Windows user-mode rootkits