Adminisme

ServerScan

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

SharpRDPLog

Windows rdp相关的登录记录导出工具，可用于后渗透中Windows服务器的信息收集阶段。输出内容包括：本地rdp端口、mstsc缓存、cmdkey缓存、登录成功、失败日志事件。

ByPassUACTools

Windows 平台下的UAC(User Account Contro) 绕过工具。

Cobalt_Strike_wiki

Cobalt Strike系列

Fuck_CSDN

一个适用于屏蔽搜索结果包含CSDN的ampermonkey插件脚本。

CrackMapExtreme

For all your network pentesting needs

Pentest-tools

内网渗透工具

ClassHound

利用任意文件下载漏洞自动循环下载并反编译class文件获得网站源码

Adminisme.github.io

Trim's Bolg

Blog

blog

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

SatanSword

红队综合渗透框架

Vulnerable-World

基于Docker的微服务攻防对抗实验系统

awesome-hacking

awesome hacking chinese version

awesome-readme

A guide to writing an Awesome README. Read the full article in Towards Data Science.

Beginners-Guide-to-Obfuscation

CrackMapExec

A swiss army knife for pentesting networks

CrossC2

generate CobaltStrike's cross-platform payload

EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

gophish

Open-Source Phishing Toolkit

gost

GO Simple Tunnel - a simple tunnel written in golang

informer

A Telegram Mass Surveillance Bot in Python

nps

一款轻量级、功能强大的内网穿透代理服务器。支持tcp、udp流量转发，支持内网http代理、内网socks5代理，同时支持snappy压缩、站点保护、加密传输、多路复用、header修改等。支持web图形化管理，集成多用户模式。

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Platypus

:hammer: A modern multiple reverse shell sessions manager written in go

Reconnoitre

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

smokeping_prober

Prometheus style smokeping

vscan-go

golang version for nmap service and application version detection (without nmap installation)

websocket-heartbeat-js

:hearts: simple and useful

Writeups

国内各大CTF赛题及writeup整理