Lazy0wl

Threat_model

Awesome-CobaltStrike

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

DeathStar

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

Awesome-Advanced-Windows-Exploitation-References

List of Awesome Advanced Windows Exploitation References

pentest-tools

Custom pentesting tools

openedr

Open EDR public repository

WitnessMe

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

Intranet_Penetration_CheetSheets

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

DLLsForHackers

Dll that can be used for side loading and other attack vector.

Checklists

Red Teaming & Pentesting checklists for various engagements

CVE-2020-1472

Test tool for CVE-2020-1472

Pentest_Note

渗透测试常规操作记录

poc_exploits

:unlock: Proof of Concept exploits for various projects

Awesome-Red-Teaming

List of Awesome Red Teaming Resources

DKMC

DKMC - Dont kill my cat - Malicious payload evasion tool

impacket

Impacket is a collection of Python classes for working with network protocols.

Content_Discovery

used to discover contents in web applications

phishlets

Phishlets for Evilginx2 (MITM proxy Framework)

AFL

加点注解，看源码学习用

Lazy-RedTeamer-Scripts

Red-Teaming-Toolkit

A collection of open source and commercial tools that aid in red team operations.

Malleable-C2-Profiles-Collection

A collection of Malleable C2 profiles that work with Cobalt Strike 3.x.

Awesome-Hacking-1

A collection of various awesome lists for hackers, pentesters and security researchers

NessusParser-Excel

NessusV2 File Parser

aclpwn.py

Active Directory ACL exploitation with BloodHound

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

CatMyPhish

Search for categorized domain

PowerLessShell

Run PowerShell command without invoking powershell.exe

shellen

Interactive shellcoding environment to easily craft shellcodes

DomainPasswordSpray

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!