killerwhiles

tabby

A terminal for a more modern age

fd

A simple, fast and user-friendly alternative to 'find'

Gooey

Turn (almost) any Python command line program into a full GUI application with one line

CMWTAT_Digital_Edition

CloudMoe Windows 10/11 Activation Toolkit get digital license, the best open source Win 10/11 activator in GitHub. GitHub 上最棒的开源 Win10/Win11 数字权利（数字许可证）激活工具！

Google-Chinese-Results-Blocklist

我终于能用谷歌搜中文了……

traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Privilege-Escalation

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

glider

glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).

whoami-project

Whoami provides enhanced privacy, anonymity for Debian and Arch based linux distributions

Squalr

Squalr Memory Editor - Game Hacking Tool Written in C#

emp3r0r

Linux/Windows post-exploitation framework made by linux user

Bug-Bounty-Wordlists

A repository that includes all the important wordlists used while bug hunting.

unfurl

Pull out bits of URLs provided on stdin

DcRat

A simple remote tool in C#.

goon

goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含：ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如netbios探测等功能。

PSPKIAudit

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

cobalt_strike_extension_kit

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Fastir_Collector

chameleon

PowerShell Script Obfuscator

ccupp

基于社会工程学的弱口令密码字典生成工具

Injector

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows

fofa2Xray

User fofa api get hosts and xray to webscan.

BlueLotus_XSSReceiver

XSS平台 CTF工具 Web安全工具

lazyrecon

Wicked sick v2.0 script is intended to automate your reconnaissance process in an organized fashion.

Samurai

Samurai Email Discovery - SED is a email discovery framework that grabs emails via google dork, company name, or domain name.

FireStorePwn

fsp - Firestore Database Vulnerability Scanner Using APKs

PROsmsbomb

php-web-shell

可以绕过一些waf的shell

w8fuckcdn

Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址