个人向自写JS Hook脚本

Hit-And-Run: Syscall Method for Bypassing EDRs via Vectored Exception Handler and Call Stack Theft.

SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in a Windows x64 environment.

Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode

自动化找白文件，用于扫描 EXE 文件的导入表，列出导入的DLL文件，并筛选出非系统DLL，符合条件的文件将被复制到特定的 X64 或 X86 文件夹

Generate DLL Hijacking Payload in batches.

Automated Hosting Information Hunting Tool - Windows 主机信息自动化狩猎工具

一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具

🤖 史上最强云手机远程桌面逆向抓包HOOK自动化取证能力集一体的安卓 RPA 框架，下一代移动数据自动化机器人。

一款轻量化可定制模板的邮件批量发送工具 | 可用于攻防钓鱼或其他邮件个性化的场景 | 可启动JavaFX或SpringWeb环境

Port of Cobalt Strike's Process Inject Kit

[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect w…

Burpsuite存储桶配置不当漏洞检测插件

一键获取nacos中的配置文件信息和绘制密码本

IoM implant, C2 Framework and Infrastructure

Sleep obfuscation

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

Rust APC注入

CSHARP DCOM Fun

内网渗透|红队工具|C#内存加载|cobaltstrike

一个半自动化springboot打点工具，内置目前springboot所有漏洞

Obfuscate Go builds

Curated list of projects, articles and more related to Offensive Security and Red Teaming. Completely written in Rust.

Load cookies from your web browsers

Adversary Emulation Framework

Quickly upload files to aliyun OSS by aliyun-oss-csharp-sdk

Boom 是一款基于无头浏览器的智能 Web 弱口令（后台密码）爆破\检测工具