PtTools's starred repositories
BurpAPIFinder
攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
BurpFingerPrint
BurpSuite插件集成Ehole指纹库并进行常见OA弱口令爆破插件
captcha-killer-modified
captcha-killer的修改版,支持关键词识别base64编码的图片,添加免费ocr库,用于验证码爆破,适配新版Burpsuite
SharpGPOAbuse
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
java-memshell-generator
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
gitops-engine
Democratizing GitOps
email_hack
A email bomb/fake email tool, by Python
Villain
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
PrivescCheck
Privilege Escalation Enumeration Script for Windows
malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
awesome-mobile-security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
SocialFish
Phishing Tool & Information Collector
Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
awesome-web-hacking
A list of web application security
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.