fengziHK

netspy

netspy是一款快速探测内网可达网段工具

SharPyShell

SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications

14Finger

功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构，并集成了长亭出品的rad爬虫的功能，内置了一万多条互联网开源的指纹信息。

GoBypass

Golang免杀生成工具，参考网上已有的免杀方式实现的半自动免杀马生成工具，需要本地安装Golang环境，支持多种参数与方式生成

TomcatMemShell

拿来即用的Tomcat7/8/9/10版本Listener/Filter/Servlet内存马，支持注入CMD内存马和冰蝎内存马

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

Chunk-Proxy

post-hub

Webshell、C2、免杀、提权、代理、横向

vulnerability_database

fscan-POC

强化fscan的漏扫POC库

BypassUserAdd

通过反射DLL注入、Win API、C#、以及底层实现NetUserAdd方式实现BypassAV进行增加用户的功能,实现Cobalt Strike插件化

DynaScan

实现动态字典渲染、动态结果判断、自动命中记录、的敏感文件扫描器

Cooolis-ms

Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.

scaninfo

fast scan for redtools

bayonet

bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统

Autoscanner

输入域名>爆破子域名>扫描子域名端口>发现扫描web服务>集成报告的全流程全自动扫描器。集成oneforall、masscan、nmap、dirsearch、crawlergo、xray等工具，另支持cdn识别、网页截图、站点定位；动态识别域名并添加功能、工具超时中断等

CVE-2022-0847-DirtyPipe-Exploit

A root exploit for CVE-2022-0847 (Dirty Pipe)

rclone

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files

DHLYK

大灰狼远控木马 V9.5 源码

SMBGhost_AutomateExploitation

SMBGhost (CVE-2020-0796) Automate Exploitation and Detection

CVE-2021-4034

CVE-2021-4034 1day

CVE-2022-0332

macro_pack

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

CreateHiddenAccount

A tool for creating hidden accounts using the registry.

CVE-2021-3156

Sudo Baron Samedit Exploit

Yasso

强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis一键利用，mysql数据库查询，winrm横向利用，多种服务利用支持socks5代理执行）

WIFIHTTPMonitor

WIFIHTTPMonitor

nps-fz

基于原版的优化版本

sealos

一条命令离线安装高可用kubernetes，3min装完，700M，100年证书，版本不要太全，生产环境稳如老狗

CrackMapExec

A swiss army knife for pentesting networks