Hdys0vn

SpringBoot-Scan

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

SharpDPAPI

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

db-monthly

阿里云数据库内核月报分类整理（定时更新） http://mysql.taobao.org/monthly/

lzCloudSecurity

《云安全攻防入门》教材

pywerview

A (partial) Python rewriting of PowerSploit's PowerView

NacosExploitGUI

Nacos漏洞综合利用GUI工具，集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用

fuzz4bounty

1337 Wordlists for Bug Bounty Hunting

bufferfly

攻防演习/渗透测试资产处理小工具，对攻防演习/渗透测试前的信息搜集到的大批量资产/域名进行存活检测、获取标题头、语料提取、常见web端口检测等。

fuzzuli

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

DNSStager

Hide your payload in DNS

pandora

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

ctf_challenges

适用于一线安服的ctf培训题目，全docker环境一键启动

API-T00L

互联网厂商API利用工具。

GhostTask

A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.

spray

Next Generation HTTP Dir/File Fuzz Tool

APIFuzzer

Fuzz test your application using your OpenAPI or Swagger API definition without coding

TakeMyRDP

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

CredPhish

CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.

ocean_ctf

CTF平台 支持docker 动态部署题目、分数统计、作弊检测，静态题目，漏洞复现,ctf platform,

DnslogCmdEcho

命令执行不回显但DNS协议出网的命令回显场景解决方案

DNS_Tunneling

DNS Tunneling using powershell to download and execute a payload. Works in CLM.

TorProxy

利用Tor搭建Socks5代理，动态切换IP

ADCSync

Use ESC1 to perform a makeshift DCSync and dump hashes

SharpVeeamDecryptor

Decrypt Veeam database passwords

docker_api_vul

docker 未授权访问漏洞利用脚本

SocBook

安全运营部署指南（wazuh部署指南）

AnswerPHP

一个帮助你PHP反序列化的python工具

kubetcd

Post-exploit a compromised etcd, gain persistence and remote shell to nodes.

LDAPMon

IP_DOMAIN_TOOL

IP domain collation tool