H4de5-7

joern

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

PowerPeeler

A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts

ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

alioss-stinger

利用阿里云oss对象存储，来转发http流量实现（cs）Cobalt Strike、msf 上线等 这之间利用阿里云的相关域名进行通信。

corax-community

Corax for Java: A general static analysis framework for java code checking.

phosphor

Phosphor: Dynamic Taint Tracking for the JVM

AutoGeaconC2

AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike

gobfuscate

Obfuscate Go binaries and packages

CodeQLpy

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

extractor-java

CodeQL extractor for java, which don't need to compile java source

byte-buddy

Runtime code generation for the Java virtual machine.

WebGoat

WebGoat is a deliberately insecure application

oxorany

obfuscated any constant encryption in compile time on any platform

PSTrojanFile

Unfixed Windows PowerShell Filename Code Execution POC

bimg-shellcode-loader

CloudSandbox

收集云沙箱上线C2的ip，如微X、奇XX、3X0、virustX等

VTI-comal

VTI的PoC检测工具

PigSyscall

An implementation of an indirect system call

Backstab

A tool to kill antimalware protected processes

rcedit

Command line tool to edit resources of exe

secguide

面向开发人员梳理的代码安全指南

ForkPlayground

An implementation and proof-of-concept of Process Forking.

CVE-2021-1675-LPE-EXP

PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527

SharpADUserIP

提取DC日志，快速获取域用户对应IP地址

PigScheduleTask

添加计划任务方法集合

chromedp

A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.

CrackSleeve

破解CS4.0

KRBUACBypass

UAC Bypass By Abusing Kerberos Tickets

DuplicateDump

Dumping LSASS with a duplicated handle from custom LSA plugin

Awesome-POC

一个漏洞POC知识库 目前数量 1000+