skypoc

Exploit

OSCP-Tricks-2023

OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines

PhoneSploit-Pro

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

dismap

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

xpoc

为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergency response tool designed for supply chain vulnerability scanning.

aka-XSSer

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

InfoHound

InfoHound is an OSINT to extract a large amount of data given a web domain name.

Awesome-WAF

🔥 Web-application firewalls (WAFs) from security standpoint.

awesome-threat-intelligence

A curated list of Awesome Threat Intelligence resources

wapiti

Web vulnerability scanner written in Python3

super-xray

Web漏洞扫描工具XRAY的GUI启动器

chatbox

Your Ultimate Copilot on the Desktop. Chatbox is a desktop app for GPT-4 / GPT-3.5 (OpenAI API) that supports Windows, Mac & Linux.

redteamguides.github.io

redteamguides.com

DarkAngel

DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

security-plus

CompTIA Security+ SY0-601

BloodHound

Six Degrees of Domain Admin

kscan

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

Linux-Privilege-Escalation

This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.

wesng

Windows Exploit Suggester - Next Generation

OSCP

OSCP Guide

AzureGoat

AzureGoat : A Damn Vulnerable Azure Infrastructure

Red-Team-Infrastructure-Wiki

Wiki to collect Red Team infrastructure hardening resources

awesome-pentest

:computer:⚔️ A collection of awesome penetration testing resources, tools, and other shiny things.

cupp

Common User Passwords Profiler (CUPP)

awesome-shodan-queries

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

weblogicScanner

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883

Goggle

Rules written for brave Goggle

OneForAll

OneForAll is a powerful subdomain collection tool

log4j2burpscanner

CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks

adblockrules

Rule settings required to develop ad blocking software