The First Windows Penetration Testing Environment on Mac M Chips
- This environment aims to provide a ready-to-use Windows penetration testing environment.
- Reposting is welcome. Please indicate the original author and link: https://github.com/arch3rPro/Pentest-Windows
- Recommended environment: [VMware: 17.0] / [RAM: 8G] / [VM Disk: 100G] / [Actual disk usage: about 30G]
- System account:
admin, password:123456. Please change the password after login! - Chinese name: 矛·盾 武器库, meaning that cybersecurity is both offense and defense, with the sharpest spear and the strongest shield, interdependent and competitively evolving.
- The project has integrated 400+ commonly used tools and scripts. You can submit tool requests in the pinned Issue.
- Mac M series Arm64 Fusion version v3.0
- Mac M series Arm64 Parallels Desktop version v3.1
- Windows/Mac Intel x64 VMware version v3.2
- KVM/PromoxVE Qcow2 version v3.2
- Hyper-V and Ventoy bootable physical machine version v3.2
- VirtualBox OVF version (in progress)
- Parallels Desktop
- VM Version: Mac M series Arm64 Parallels Desktop version
- Filename: Windows11 Penetration Suite Toolkit v3.1-Arm-PD.7z
- Cloud Storage: Mega
- Share Link: https://mega.nz/file/Mrxx1a6A#mt231OfG8qaCisenyCOWboZymY5XIt7rxySti5rL2i4
- Share Code: None
- SHA256:
47E5B3EAFEB9E28C5ECA6C5A381D35206475C7C5F42CE46C5B0D41E749AAE6C7
- VMware version
- VM Version: Windows/Mac Intel x64 VMware version v3.2
- Filename: Windows11 Penetration Suite Toolkit v3.2-x64-VMware.7z
- Cloud Storage: Mega
- Share Link: https://mega.nz/file/gio02Sha#eVqEQU814nubdrQOasERqQAfyhZ1e1TjhvxdkuDzt6I
- Share Code: None
- SHA-256:
3E86BCE3950521EAC112CDA840B79012614AE456A621C174F43608E58DEBFE93
Main Features & Update History:
- v3.2 (Latest):
- Supports x64 architecture (VMware | PVE-KVM)
- Supports Mac M series Arm architecture (Fusion | Parallels Desktop)
- Supports Hyper-V and Ventoy bootable version (can be installed to external hard drive, run on any host, no VM required)
- Optimized graphical bat tool startup, added vbs no CMD popup startup.
- KVM VM has QGA and VirtualIO drivers installed, adapted for ProxmoxVE, ready to use after import (RDP recommended).
- Added UniGetUI management, supports graphical update of scoop-installed tools and software.
- VirtualBox version in progress.
- v3.1:
- Based on official Windows 11 ARM ISO.
- Chrome tab management added, project tool links imported.
- Maye toolkit categories and subcategories beautified with emoji.
- v3.1 PD version removed TPM restriction, VM not encrypted.
- Added basic PD VM download Windows 11-Optimization.PD.7z
- v3.0:
- Added tools for internal penetration, credential acquisition, VPN, etc. Total tools increased to 360+.
- Toolbox uses new Maya Lite version, supports subcategories, clearer classification.
- All tools in the toolbox have comments, mouse hover shows description.
- Due to Windows 11 TPM policy, VM is encrypted, password:
123456789.
- General Features (v2.x - v3.x):
- Streamlined built-in software, beautified terminal fonts and some icons, moderate optimization.
- System disk image 100GB, single disk file storage for performance (image size continuously optimized).
- Rebuilt tool icons, each tool has a corresponding icon.
- Integrated Scoop package manager (v2.1+), supports
scoop update <tool>for updates. - Scoop supports script tool installation and updates (v2.2+).
- Windows Terminal optimized, unified theme and oh-my-posh enhancement.
- Updated Scoop environment variables, CLI tools can be used directly in CMD or Powershell.
- Removed some unmaintained or rarely used tools.
- WSL temporarily removed (low usage, large space, ARM version not supported), may be added later as needed.
- For the full list of supported tools and updates, please check https://github.com/arch3rPro/scoop-bucket.
- Some machines do not support nested virtualization or may conflict with local Hyper-V installation. Please use the NoWSL lite version if you do not need Kali-WSL.
- Tools are in their initial installation state by default. Some tools require initialization, and a few need manual plugin configuration.
1. All installable software is downloaded from the official website or GitHub.
2. All portable (green) software is downloaded from Guohe Shell (https://www.ghxi.com/).
3. All script tools are downloaded from GitHub.
4. Some licensed (cracked) and excellent penetration tools are shared from WeChat public accounts.
5. Some personal information may remain due to debugging; please ignore it.
6. This project does not and will never accept any form of sponsorship.
1. This image is only for legally authorized enterprise security construction. If you want to test its usability, please set up your own target environment.
2. When using this image for testing, ensure your actions comply with local laws and have sufficient authorization.
3. Any illegal use is at your own risk. The author assumes no legal or joint liability.
💻 System Introduction
- 🪟: Managed and installed by scoop, supports one-click install and update.
- 🌐: Online security tools, require internet access, some need VPN/proxy.
- 📖: Offline knowledge base, including password dictionaries, tool usage, exploit tutorials, AV bypass guides (PDF/Markdown).
- Python v3.10.11 (D:/Base/apps/Python310)
- Python v2.7.18 (D:/Base/apps/Python27)
- JRE v1.8.0_381 (D:/Base/apps/liberica17-jre/current/bin)
- Perl v5.36.1 (D:/Base/apps/git/current/usr/bin/perl.exe)
- Ruby v3.2.2
- TDM-gcc v10.3.0 (D:/Base/apps/tdm-gcc)
- Laragon v5.0.0 (D:/Base/apps/laragon)
- Nginx v1.14.0
- Apache v2.4.43
- PHP v5.4.9
- MySQL v5.1.72
- Git v2.41.0 (D:/Base/apps/git)
- Curl v8.1.1 (D:/Base/apps/Curl/bin)
- Wget v1.21.4 (D:/Base/apps/Wget)
- Scoop: Windows package manager v0.3.1 (D:/Base/apps/scoop)
System Enhancement:
- 7zip: High-compression open-source archiver 🪟
- utools: Multi-functional file search launcher 🪟
- Windows Terminal: (replaces default cmd)
- VMware: VMware Tools for VM performance and management
- Oh-My-Posh: Cross-platform terminal prompt customization 🪟
- Clink: Bash-style command line editing for Windows Cmd.exe (D:/Base/apps/Clink) 🪟
- SublimeText: Efficient text editor, Chinese version v4.4150 (Guohe Shell)
System Optimization:
- Dism++: Windows system management/optimization tool 🪟
- WiseCare365: System optimization tool, green version v6.5.1_Pro (Guohe Shell)
- Tools: Custom utilities
- Context Menu Manager: One-click set WIN10/WIN11 context menu 💾
- Autologin: Windows auto-login registry 💾
- ClearHistory.ps1: Clear PowerShell history 💾
- Maye Lite: Fast Windows launcher, supports drag-and-drop, hotkeys, multi-column, lnk parsing
- icon: App icon collection, includes custom icons
400+ commonly used scripts and GUI tools can be accessed via icons in the Maye toolbox.
- Default to launching CMD.exe with Windows Terminal
- Script startup directory is set
- Required dependencies are installed
- Scripts execute Help command on startup
| Tool Name | Type | Description |
|---|---|---|
| Burpsuite | scoop tool | One of the best tools for web application testing |
| AntSword | scoop tool | AntSword - WebShell management tool |
| Goby | scoop tool | Port scanning, asset collection, vulnerability exploitation |
| MSFconsole | scoop tool | Metasploit - modular exploitation framework |
| Sqlmap | scoop tool | Automated SQL injection tool |
| Hydra | scoop tool | Powerful brute-force tool |
| Yakit | scoop tool | Highly integrated Yak language security testing platform |
| Zenmap | scoop tool | Port scanning tool (powerful, but slow) |
| WindTerm | scoop tool | Professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal |
| uTools | scoop tool | Multi-functional file search launcher |
| Wireshark | scoop tool | Popular network packet analysis software |
| Searchsploit | scoop tool | Command-line search tool for Exploit-DB |
| LibreWolf | scoop tool | Firefox fork with built-in plugins |
| Chrome | scoop tool | Popular browser with built-in pentest plugins |
| Tool Name | Type | Description |
|---|---|---|
| Wub | scoop tool | Disable system updates |
| CMWTAT | scoop tool | Windows system activation tool |
| WiseCare365 | portable | System junk cleaning tool |
| Dism++ | portable | System cleaning tool using Dism |
| UniGetUI | scoop tool | GUI Scoop update management tool |
| Tool Name | Type | Description |
|---|---|---|
| DBeaver | scoop tool | Open-source free SQL database client |
| Laragon | scoop tool | PHP, Tomcat server |
| mRemoteNG | scoop tool | SSH remote connection tool |
| WinSCP | scoop tool | SFTP file transfer tool |
| MobaXterm | scoop tool | Multi-protocol remote connection tool |
| Redis-cli | scoop tool | Redis command-line client |
| Telnet | built-in | Built-in Telnet client |
| OpenSSH | scoop tool | Built-in SSH command-line client |
| HeidiSQL | scoop tool | GUI database client |
| WindTerm | scoop tool | SSH, SFTP, Telnet remote connection tool |
| HTTPServer | scoop tool | Single-file HTTP server tool for easy file transfer |
| GoHTTPServer | scoop tool | HTTP server tool written in Go |
| OpenVPN | installer | OpenSSL-based VPN, simple and easy to use |
| Tool Name | Type | Description |
|---|---|---|
| Fping | scoop tool | Enhanced Ping command, intended to replace Windows built-in ping |
| Masscan | scoop tool | Fast port scanner for scanning large numbers of IPs and ports |
| TCPing | scoop tool | Test TCP connectivity and response time |
| Arp-Ping | scoop tool | Command-line tool to find MAC address for a given IP via ARP |
| NetCat | scoop tool | Read/write data across networks using TCP/UDP, the Swiss Army knife |
| NETworkManager | scoop tool | Windows network management tool |
| Tool Name | Type | Description |
|---|---|---|
| Whois | scoop tool | Whois query command-line tool |
| Subfinder | scoop tool | Open-source tool focused on subdomain collection |
| DnsX | scoop tool | Powerful multipurpose DNS toolkit |
| Layer Subdomain | scoop tool | Domain query tool, provides subdomain search services |
| KsubDomain | scoop tool | Stateless subdomain brute-forcing tool |
| Ct | scoop tool | Simple and easy-to-use domain brute-forcing tool |
| JSFinder | scoop tool | Extract URLs and subdomains from JS files on websites |
| Knock | scoop tool | Python script for comprehensive subdomain scanning using wordlists |
| Tool Name | Type | Description |
|---|---|---|
| OneForAll | scoop tool | Powerful subdomain collection tool |
| Mitan | scoop tool | Recon tool with asset info, subdomain brute, search syntax, mapping, fingerprint, info gathering, file/port scan, weight check, password dict, etc. |
| Amass | scoop tool | Open-source subdomain info gathering tool |
| Gobuster | scoop tool | Open-source tool for directory/file brute-forcing in web apps |
| Argus | scoop tool | Powerful, flexible, easy-to-use open-source recon toolkit |
| Bbot | scoop tool | Recursive OSINT resource intelligence tool |
| Tool Name | Type | Description |
|---|---|---|
| GooFuzz | scoop tool | Fuzzing tool based on OSINT methods |
| GHDB | online tool | Google Hacking Database for finding public info for pentesters |
| Pagodo | scoop tool | Automates Google Hacking DB scraping and searching |
| Google-Dorks | scoop tool, local | Advanced search/query techniques for Google search engine |
| SearchDiggity | scoop tool | Google Hacking Diggity, uses search engines to quickly find weaknesses and sensitive data |
| LazyDork | online tool | Online generator for Google Dorking search syntax |
| Tool Name | Type | Description |
|---|---|---|
| GitHacker | scoop tool | Detects git source code leaks and downloads site source code |
| GitGraber | scoop tool | Python3 tool for real-time GitHub monitoring for sensitive data |
| Gitrob | scoop tool | Open-source recon tool for finding sensitive files in public repos |
| GitMiner | scoop tool | Powerful GitHub data mining tool based on Python |
| SvnExploit | scoop tool | SVN source code leak dumper for all versions |
| Gowitness | scoop tool | Website screenshot tool using Chrome Headless (Golang) |
| Tool Name | Type | Description |
|---|---|---|
| Goby | scoop tool | Port scanning, asset collection, vulnerability exploitation |
| Masscan | scoop tool | Fast port scanner for scanning large numbers of IPs and ports |
| NimScan | scoop tool | Fast port scanner |
| TxPortMap | scoop tool | Port scanning and banner identification tool |
| Scaninfo | scoop tool | |
| Yujian Scanner | scoop tool | Yujian port scanning tool |
| Naabu | scoop tool | Fast, stable, easy-to-use port scanner written in Go |
| Zenmap | scoop tool | Powerful port scanner (but slow) |
| gogo | scoop tool | Highly controllable, extensible automation engine for red teams |
| Tool Name | Type | URL |
|---|---|---|
| Pentest-Tools | online tool | https://pentest-tools.com/network-vulnerability-scanning/port-scanner-online-nmap |
| Nmap Online | online tool | https://hackertarget.com/nmap-online-port-scanner/ |
| HideMyName | online tool | https://hide.mn/cn/port-scanner/ |
| Rookie Tools | online tool | https://duankou.wlphp.com/ |
| PostJson | online tool | http://coolaf.com/tool/port |
| ProxySeller | online tool | https://proxy-seller.com/zh/tools/port-scanner/ |
| PortScanners | online tool | https://www.whatsmyip.org/port-scanner/ |
| WhatisMyIP | online tool | https://www.whatismyip.com/port-scanner/ |
| Tool Name | Type | URL |
|---|---|---|
| Shodan | online tool | https://shodan.io/ |
| Censys | online tool | https://search.censys.io/ |
| ZoomEye | online tool | https://www.zoomeye.org/ |
| GreyNoise | online tool | https://viz.greynoise.io/ |
| Netlas.io | online tool | https://netlas.io/ |
| FOFA | online tool | https://fofa.info/ |
| Quake | online tool | https://quake.360.net/quake/#/index |
| Hunter | online tool | https://hunter.how/ |
| ODIN | online tool | https://odin.io/ |
| Tool Name | Type | Description |
|---|---|---|
| Lightning Searcher | scoop tool | Cyberspace search engine, GUI (Mac/Windows) recon info gathering |
| AsamF | scoop tool | Integrated search tool for multiple asset mapping platforms |
| uncover | scoop tool | Quickly find exposed hosts on the Internet using multiple engines |
| FlashSearch | scoop tool | User-friendly multi-platform asset mapping client |
| Tool Name | Type | Description |
|---|---|---|
| Broxy | scoop tool | HTTP/HTTPS open-source intercepting proxy written in Go |
| Hetty | scoop tool | HTTP toolkit for security research |
| Mitmproxy | scoop tool | HTTP proxy supporting SSL |
| Yakit | scoop tool | Highly integrated Yak language security testing platform |
| Wireshark | scoop tool | Popular network packet analysis software, detailed packet info |
| ProxyPin | scoop tool | MITM-based packet capture tool, mainly for mobile app security |
| Burpsuite | scoop tool | One of the best web application testing tools |
| ZapProxy | scoop tool | Open-source web application security scanner |
| Tool Name | Type | URL |
|---|---|---|
| WhatCMS | online tool | https://whatcms.org/ |
| Yunxi | online tool | http://www.yunsee.cn/ |
| 360Finger-P | online tool | https://fp.shuziguanxing.com/ |
| Tide Finger | online tool | http://finger.tidesec.net/ |
| WhatWeb | online tool | https://whatweb.net/ |
| Tool Name | Type | Description |
|---|---|---|
| WebAnalyze | scoop tool | Go version of Wappalyzer |
| TideFinger | scoop tool | Fingerprint tool integrating multiple web indicator databases |
| EHole3.0 | scoop tool | Red team system fingerprint detection tool |
| Dismap | scoop tool | Asset discovery and identification, fast web fingerprint recognition |
| pyxis | scoop tool | Auto-identifies HTTP/HTTPS, gets headers, status, size, time, fingerprint |
| Scan4all | scoop tool | Official vuls scan: 15000+ PoC, 23 password cracks, 7000+ web fingerprints, 146 protocols, 90000+ port rules |
| WhatWeb | scoop tool | Powerful open-source tool for web app/server tech fingerprinting |
| CMSeek | scoop tool | CMS detection/exploitation, supports 180+ CMS (WordPress, Joomla, Drupal) |
| ObserverWard | scoop tool | Cross-platform community web fingerprint tool |
| P1finger | scoop tool | Key asset fingerprint tool, identifies systems via HTTP request |
| HFinger | scoop tool | Fingerprint tool for malicious HTTP requests, based on Tshark, Python3 |
| xapp | scoop tool | Web fingerprint recognition tool |
| Tool Name | Type | Description |
|---|---|---|
| Behinder | scoop tool | "Bingxie" dynamic binary encrypted website management client |
| Bantam | scoop tool | PHP shell management tool |
| Godzilla | scoop tool | Godzilla WebShell management tool |
| Pyshell | scoop tool | Python version shell management tool |
| Scorpio Priv Tool | scoop tool | WebShell client using Bingxie encrypted traffic |
| Weevely | scoop tool | Webshell management tool |
| AntSword | scoop tool | Chinese AntSword loader, built-in app store |
| Awsome-shells | scoop tool | Reverse shell collection |
| Webshell | scoop tool | WebShell collection |
| Webshell_Generate | scoop tool | Generate various AV-bypass webshells |
| Youhun | scoop tool | New-gen Webshell manager, compatible with AntSword/Bingxie PHP |
| SharPyShell | scoop tool | ASP.NET Webshell for C# web apps |
| Tool Name | Type | Description |
|---|---|---|
| Ffuf | scoop tool | Fast web fuzzer written in Go |
| Dirsearch | scoop tool | Tool for discovering hidden directories/files on web servers |
| Gobuster | scoop tool | Open-source directory/file brute-forcing tool for web apps |
| WebPathBrute | scoop tool | 7kbscan-WebPathBrute, web path brute-forcing tool |
| HTTPX | scoop tool | Full-featured HTTP client for Python3 |
| Gospider | scoop tool | Fast web crawler written in Go |
| Spray | scoop tool | Next-gen directory brute-forcing solution |
| DirBuster | scoop tool | Multithreaded Java app for brute-forcing web server directories/files |
| Feroxbuster | scoop tool | Fast, simple, recursive content discovery tool in Rust |
| Katana | scoop tool | Next-gen crawler framework |
| URLFinder | scoop tool | Fast, comprehensive page info extractor for JS, URLs, sensitive info |
| Tool Name | Type | Description |
|---|---|---|
| Hashcat | scoop tool | Password cracker in C, supports brute-forcing many hash algorithms |
| John | scoop tool | Fast password brute-forcing tool |
| johnny | scoop tool | GUI version of John the Ripper |
| Psudohash | scoop tool | Password list generator for brute-force attacks |
| Wordlists | scoop tool, local | Kali built-in wordlists |
| Weakpass | online tool | https://weakpass.com/ online weak password search |
| HashCalculator | scoop tool | Hash calculation tool, batch calc/verify/find duplicates/change hash |
| Boom | scoop tool | Smart web weak password brute-forcer/detector based on headless browser |
| Hydra | scoop tool | Fast brute-force tool for system login passwords |
| SNETCracker | scoop tool | Super weak password checker |
| SecLists | scoop tool, local | Password dictionary for pentesters |
| Tool Name | Type | Description |
|---|---|---|
| Nuclei | scoop tool | Very fast and easy-to-use vulnerability scanner |
| Xray | scoop tool | Community version of Xray, supports active/passive scanning, flexible POC |
| Xray-GUI | scoop tool | GUI for Xray vulnerability scanner |
| SiteScan | scoop tool | All-in-one tool for pentest info gathering |
| Scaninfo | scoop tool | Open-source fast scanner for red team internal/external scanning |
| OSV-Scanner | scoop tool | Free security scanner by Google (Dec 2022) |
| Afrog | scoop tool | High-performance, fast, stable, customizable PoC vulnerability scanner |
| Nikto | scoop tool | Open-source web scanner, tests for 2600+ dangerous files/CGI/etc |
| Zed Proxy | scoop tool | Open-source web application security scanner |
| Scan4all | scoop tool | 15000+ PoC, 23 password cracks, 7000+ fingerprints, 146 protocols, 90000+ port rules |
| Wscan | scoop tool | Web security scanner |
| Wavely | scoop tool | Nuclei GUI PoC management tool, auto-integrates Nuclei PoCs |
| Vscan | scoop tool | Open-source, lightweight, fast, cross-platform web vulnerability scanner |
| VscanPlus | scoop tool | Enhanced Vscan, port scan, fingerprint, directory fuzz, vuln scan |
| Wapiti3 | scoop tool | Open-source web app vulnerability scanner |
| EZ | scoop tool | All-in-one info gathering, port scan, brute, URL crawler, fingerprint, passive scan |
| Dismap | scoop tool | Asset discovery and identification, fast web fingerprinting |
| oFx | scoop tool | Batch web vulnerability scanning framework |
| xpoc | scoop tool | Lightweight, cross-platform PoC framework by Chaitin Tech |
| F-vuln | scoop tool | Automated scanner for daily security, pentesters, red teams |
| Tool Name | Type | URL |
|---|---|---|
| SPLOITUS | online tool | https://sploitus.com/ |
| OSV-online | online tool | https://osv.dev/list |
| CVE Search | online tool | https://cvepremium.circl.lu/ |
| Exploit-DB | online tool | https://www.exploit-db.com/ |
| Vulmon | online tool | https://vulmon.com/ |
| CVE Query | online tool | https://www.cve.org/ |
| Pentest-Tools | online tool | https://pentest-tools.com/vulnerabilities-exploits |
| Rapid7 | online tool | https://www.rapid7.com/db/ |
| Vulners | online tool | https://vulners.com/ |
| Tool Name | Type | Description |
|---|---|---|
| GetSploit | scoop tool | Command-line search/download tool for Vulners DB, inspired by searchsploit |
| Go-Exploitdb | scoop tool | Go-based exploit-db search tool |
| Searchsploit | scoop tool | Command-line search tool for Exploit-DB |
| VulnerabilityLookup | scoop tool | Rewritten cve-search, open-source tool for local CVE DB |
| Tool Name | Type | Description |
|---|---|---|
| XSStrike | scoop tool | Advanced XSS detection tool |
| XSSor2 | scoop tool | XSS exploitation assistant tool |
| Dalfox | scoop tool | Open-source XSS vulnerability scanner |
| Toxssin | scoop tool | CLI and payload generator for XSS exploitation |
| X-Recon | scoop tool | Automated XSS vulnerability reconnaissance tool |
| PwnXSS | scoop tool | XSS vulnerability scanning/exploitation tool |
| LOXS | scoop tool | Scanner for SQLi, CRLF, XSS, LFi, OpenRedirect vulnerabilities |
| Tool Name | Type | Description |
|---|---|---|
| Sqlmap | scoop tool | SQL injection vulnerability scanner/exploitation tool |
| SSQLInjection | scoop tool | Super SQLi tool, HTTP packet-based SQLi tool |
| SQL-Injection-Payload-List | scoop tool, local | SQL injection payload list |
| NoSQLMap | scoop tool | NoSQL database exploitation tool |
| Advanced-SQL-Cheatsheet | scoop tool, local | Advanced SQLi query cheatsheet |
| SQLMapCG | online tool | https://www.ddosi.org/scg/ SQLmap command generator |
| Tool Name | Type | Description |
|---|---|---|
| Commix | scoop tool | Automated command injection exploitation tool |
| SSTImap | scoop tool | Interactive SSTI detection tool |
| Shellfire | scoop tool | Exploitation tool for command/LFI/RFI/SSTI injection vulnerabilities |
| SSRFmap | scoop tool | Automated SSRF fuzzing/exploitation tool |
| XXEinjector | scoop tool | Automated XXE exploitation tool |
| CRLFsuite | scoop tool | CRLF injection (HTTP response splitting) scanner |
| Tool Name | Type | Description |
|---|---|---|
| LFISuite | scoop tool | Local file inclusion exploitation tool |
| Fuxploider | scoop tool | File upload vulnerability scanner/exploitation tool |
| LFIMap | scoop tool | Local file inclusion discovery/exploitation tool |
| Tool Name | Type | Description |
|---|---|---|
| Ysoserial-GUI | scoop tool | GUI for Ysoserial exploitation tool |
| Ysomap | scoop tool | Java deserialization exploitation framework |
| JYso | scoop tool | Ysoserial & JNDIExploit tool, supports high-version/WAF/RASP bypass |
| Ysoserial | scoop tool | PoC generator for unsafe Java object deserialization |
| JNDI-Injection-Exploit-Plus | scoop tool | JNDI link generator and backend service tool |
| PPPYSO | scoop tool | Java deserialization PoC generator |
| Deswing | scoop tool | GUI Java deserialization tool, integrates Ysoserial |
| JNDI-Inject-Exploit | scoop tool | JNDI injection testing tool |
| Tool Name | Type | Description |
|---|---|---|
| MDUT | scoop tool | Multi-database exploitation tool |
| SqlKnife | scoop tool | SQL Server security check tool for CLI |
| Databasetools | scoop tool | Automated privilege escalation tool for databases (Go) |
| TeamIDE | scoop tool | Integrated management for MySQL, Oracle, Kingbase, DM, Shentong, SSH, FTP, Redis, Zookeeper, Kafka, Elasticsearch, MongoDB, etc. |
| Sylas | scoop tool | Comprehensive database exploitation tool |
| SharpSQLTools | scoop tool | Upload/download files, xp_cmdshell/sp_oacreate command execution, CLR assembly loading |
| SharpSQLToolsGU | scoop tool | GUI for SharpSQLTools |
| RedisEXP | scoop tool | Redis vulnerability exploitation tool |
| Tool Name | Type | Description |
|---|---|---|
| MYExploit | scoop tool | OA product vulnerability exploitation tool |
| Apt_t00ls | scoop tool | High-risk vulnerability exploitation tool |
| I-Wanna-Get-All | scoop tool | OA application exploitation tool |
| OA-EXPTOOL | scoop tool | OA all-in-one tool, includes nearly 20 OA vulnerability scanners |
| Tool Name | Type | Description |
|---|---|---|
| CMSeek | scoop tool | CMS detection/exploitation, supports 180+ CMS |
| FrameScan-GUI | scoop tool | GUI CMS vulnerability detection framework (Python3 + PyQt) |
| FrameScan | scoop tool | CLI CMS vulnerability detection framework |
| Tool Name | Type | Description |
|---|---|---|
| Spring_All_Reachable | scoop tool | Spring vulnerability all-in-one exploitation tool |
| WeblogicTool | scoop tool | GUI tool for Weblogic vulnerabilities, detection, command exec, memory shell, password decryption |
| SBSCAN | scoop tool | Penetration testing tool focused on Spring framework |
| FastjsonScan | scoop tool | Fastjson scanner, detects version, dependencies, autoType status |
| Hyacinth | scoop tool | Java vulnerability collection tool |
| JenkinsExploit | scoop tool | Jenkins comprehensive vulnerability exploitation tool |
| SpringBoot | scoop tool | SpringBoot penetration framework, high-risk Spring vulnerabilities |
| SpringBoot-Scan-GUI | scoop tool | GUI SpringBoot-Scan exploitation tool |
| ShiroAttack2 | scoop tool | Shiro deserialization vulnerability all-in-one tool |
| shiroEXP | scoop tool | Shiro deserialization vulnerability all-in-one tool |
| Tool Name | Type | Description |
|---|---|---|
| NacosExploit | scoop tool | Nacos GUI tool, default password, SQLi, auth bypass, deserialization detection/exploitation |
| NacosExploitGUI | scoop tool | NacosExploit GUI tool |
| VcenterKiller | scoop tool | Comprehensive exploitation tool for Vcenter |
| Tool Name | Type | Description |
|---|---|---|
| Metasploit | scoop tool | Modular exploitation framework |
| POC-T | scoop tool | Plugin-based concurrent pentest framework |
| MYExploit | scoop tool | OA product vulnerability exploitation tool |
| Yakit | scoop tool | Highly integrated Yak language security testing platform |
| MSFVenom | scoop tool | MSF modular exploitation framework payload generator |
| XieBroC2 | scoop tool | C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt |
| TeamServer-XieBroC2 | scoop tool | C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt |
| Sliver-Server | scoop tool | Open-source cross-platform adversary simulation/red team framework (server) |
| WoodPecker | scoop tool | High-risk vulnerability detection and deep exploitation framework |
| Pocsuite3 | scoop tool | Open-source remote vulnerability testing framework |
| DudeSuite | scoop tool | Dude Suite network security tools |
| AuxTools | scoop tool | GUI pentest assistant tools |
| Railgun | scoop tool | GUI penetration tool |
| Cobaltstrike | scoop tool | Commercial pentest tool - Cobalt Strike |
| Tool Name | Type | Description |
|---|---|---|
| PrintMyShell | scoop tool | Auto-generate various reverse shell Python scripts |
| Girsh | scoop tool | Auto-launch fully interactive reverse shell |
| NatPass | scoop tool | Host management tool, supports web shell and web desktop |
| Govenom | scoop tool | Generate MSFVenom shells in command line :) |
| Wmiexec-Pro | scoop tool | AV evasion in lateral movement |
| Reverse_SSH | scoop tool | SSH-based reverse shell management tool |
| Reverse-Shell-Generator | scoop tool | Hosted reverse shell generator with many features |
| HackerPermKeeper | scoop tool | Linux persistence tool |
| SharPersist | scoop tool | Windows persistence toolkit in C# |
| Tool Name | Type | Description |
|---|---|---|
| ShellCodeLoader | scoop tool | Shellcode loader |
| MazteuszEx | scoop tool | AV bypass generator |
| shellter | scoop tool | Dynamic shellcode injection tool |
| Yanri | scoop tool | AV bypass executor generator |
| MaLoader | scoop tool | AV-bypass trojan generator based on Tauri+Rust |
| S-inject | scoop tool | AV-bypass DLL/Shellcode injector for Windows, GUI supported |
| S-inject_gui | scoop tool | AV-bypass DLL/Shellcode injector for Windows, GUI supported |
| XG_NTAI | scoop tool | Webshell AV bypass, encrypted traffic |
| Tide AV Bypass | online tool | http://bypass.tidesec.com/ |
| BypassAntiVirus | scoop tool, local | Remote control AV bypass articles and tools |
| RingQ | scoop tool | Post-exploitation AV bypass tool, supports bypassing AV/EDR/360/Defender |
| LoaderFly | scoop tool | Fast AV-bypass trojan generator for red teamers |
| BinarySpy | scoop tool | Manual/auto patch shellcode to binary for AV bypass |
| ZeroEye | scoop tool | Automated white file finder, scans EXE imports, lists DLLs, filters non-system DLLs |
| EXEToShellcode | scoop tool | Post-exploitation AV bypass tool based on PE Patch, x64 supported |
| sgn | scoop tool | Polymorphic binary encoder for offensive security research |
| donut | scoop tool | Generates x86, x64, or AMD64+x86 shellcode |
| AniYa | scoop tool | AniYa-GUI AV bypass framework |
| ByPassBehinder | scoop tool | Bingxie WebShell AV bypass generator |
| ByPassGodzilla | scoop tool | Godzilla WebShell AV bypass generator |
| Tool Name | Type | Description |
|---|---|---|
| Godoh | scoop tool | A DNS-over-HTTPS C2 |
| SharpStrike | scoop tool | Post-exploitation research tool based on C# |
| Merlin-Server | scoop tool | RAT software developed in Go |
| AsyncRAT | scoop tool | Open-source remote management tool |
| XieBroC2-TeamServer | scoop tool | C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt |
| PSRansom | scoop tool | PowerShell-based C2 tool - client |
| PSRansom-C2Server | scoop tool | PowerShell-based C2 tool - server |
| Sliver-Client | scoop tool | Open-source cross-platform adversary simulation/red team framework (client) |
| Sliver-Server | scoop tool | Open-source cross-platform adversary simulation/red team framework (server) |
| Revshell | scoop tool | Reverse shell command generator in Go |
| XieBroC2 | scoop tool | C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt |
| Meterpeter | scoop tool | C2 PowerShell command and control framework with built-in commands |
| RedGuard | scoop tool | C2 frontend traffic control tool, evades blue team, AV, EDR checks |
| Tool Name | Type | Description |
|---|---|---|
| GTFOBLookup | scoop tool | Offline command-line lookup utility for GTFOBins, LOLBAS, WADComs, HijackLibs |
| Linux-exp-Suggester | scoop tool | [Upload to target] Automated tool to search known vulnerabilities based on Linux kernel version |
| Win-Kernel-EXP | scoop tool | Windows privilege escalation vulnerability collection |
| Lin-Kernel-EXP | scoop tool | Linux privilege escalation exploits |
| BeRoot | scoop tool | Powerful post-exploitation tool, focuses on common misconfigurations |
| WinPEAS | scoop tool | [Upload to target] Search for privilege escalation paths in Windows |
| LinPEAS | scoop tool | [Upload to target] List all possible privilege escalation methods on Linux |
| PrintNotifyPotato | scoop tool | [Upload to target] Privilege escalation using PrintNotify COM service |
| Moriarty | scoop tool | [Upload to target] Enumerate missing KBs, detect vulnerabilities, suggest Windows privilege escalation |
| Tool Name | Type | URL |
|---|---|---|
| GTFOBins | online tool | https://gtfobins.github.io/ |
| LOLBAS | online tool | https://lolbas-project.github.io/ |
| WADComs | online tool | https://wadcoms.github.io/ |
| Hijack Libs | online tool | https://hijacklibs.net/ |
| Tide PE | online tool | http://bypass.tidesec.com/exp/ |
| Aurora | online tool | https://detect.secwx.com/ |
| Tool Name | Type | Description |
|---|---|---|
| Termite | scoop tool | Multi-platform, bidirectional cascading between jump hosts, built-in shell management |
| Venom | scoop tool | Multi-level proxy tool designed for pentesters, developed in Go |
| Stowaway | scoop tool | Multi-level proxy tool written in Go for pentesters |
| Rport | scoop tool | Remote management tool, supports multi-level proxy |
| Rakshasa_Fullnode | scoop tool | Rakshasa control node - powerful multi-level proxy in Go, designed for multi-level proxy and internal penetration |
| Rakshasa_Node | scoop tool | Rakshasa regular node - powerful multi-level proxy in Go, designed for multi-level proxy and internal penetration |
| Tool Name | Type | Description |
|---|---|---|
| Frps | scoop tool | High-performance reverse proxy for internal penetration, supports TCP, UDP, HTTP, HTTPS, P2P |
| NPS | scoop tool | Lightweight, high-performance, powerful internal penetration proxy server |
| GoProxy | scoop tool | High-performance HTTP, HTTPS, WebSocket, TCP, SOCKS5 proxy server |
| reGeorg | scoop tool | HTTP proxy tool in Python, improved version of reDuh |
| Neoreg | scoop tool | reGeorg refactored project, improved usability, avoids signature detection |
| Gost | scoop tool | Secure tunnel implemented in Go |
| Ligolo-ng_Agent | scoop tool | Simple, lightweight, fast tool for pentesters to establish tunnels via tun interface (no SOCKS) |
| Chisel | scoop tool | Fast TCP/UDP tunnel using HTTP transport |
| Suo5-GUI | scoop tool | High-performance HTTP proxy tunnel tool - GUI version |
| Neutrino-Client | scoop tool | Neutrino proxy client, open-source internal penetration tool based on Netty |
| Neutrino-Server | scoop tool | Neutrino proxy server, open-source internal penetration tool based on Netty |
| Ngrok | scoop tool | Reverse proxy, establishes secure channel between public endpoint and local web server |
| Suo5 | scoop tool | High-performance HTTP proxy tunnel tool |
| Rathole | scoop tool | Secure, stable, high-performance internal penetration tool in Rust |
| Ligolo-ng_Proxy | scoop tool | Simple, lightweight, fast tool for pentesters to establish tunnels via tun interface (no SOCKS) |
| Tool Name | Type | Description |
|---|---|---|
| NetCat | scoop tool | Read/write data across networks using TCP/UDP, the Swiss Army knife |
| RustCat | scoop tool | Modern port listener and reverse shell tool for Linux, macOS, Windows |
| Socat | scoop tool | Powerful forwarding tool for different interfaces |
| websocat | scoop tool | Open-source command-line tool in Rust for WebSocket connections |
| PortForward | scoop tool | Port forwarding tool in Go, solves internal/external network issues |
| Proxychains | scoop tool | Powerful terminal proxy interception tool |
| Tool Name | Type | Description |
|---|---|---|
| Fscan | scoop tool | Internal comprehensive scanner, one-click automation, full coverage |
| LadonGo | scoop tool | Open-source internal penetration scanner framework, easy C/B/A segment detection |
| Netspy | scoop tool | Fast internal network segment detection tool |
| FscanParser | scoop tool | GUI tool for processing Fscan output results |
| NBTScan | scoop tool | Windows network protocol scanner, gets NetBIOS names and info |
| Kscan | scoop tool | Comprehensive scanner in Go, port scan, protocol detection, fingerprint, brute force |
| Qscan | scoop tool | Lightweight comprehensive internal scanner, TCP scan, service identification, vulnerability verification |
| ServerScan | scoop tool | High-efficiency concurrent network scanner and service probe in Go |
| Searchall | scoop tool | Powerful sensitive info search tool, quickly finds usernames, passwords, accounts, credentials, browser passwords |
| ScanLine | scoop tool | Fast internal scanning tool |
| Cube | scoop tool | Internal penetration testing tool, weak password brute, info gathering, vulnerability scanning |
| Template | scoop tool | Internal penetration vulnerability scanning tool |
| Yasso | scoop tool | Powerful internal penetration assistant toolkit - supports RDP, SSH, Redis, PostgreSQL, MongoDB, MSSQL, MySQL, WinRM brute force, fast port scanning, powerful web fingerprinting, one-click exploitation of built-in services |
| Tool Name | Type | Description |
|---|---|---|
| SharpHound | scoop tool | Collect various info in Windows domain, computer objects, group memberships, permissions |
| BloodHound | scoop tool | Visualize relationships in domain environment |
| Impacket | scoop tool | Python implementation of network protocols, IP, TCP, ICMP, etc. |
| PingCastle | scoop tool | Quick Active Directory security assessment using risk assessment framework |
| ADExplorer | scoop tool | Domain info query tool, standalone executable, lists domain structure, user accounts, computer accounts |
| BloodyAD | scoop tool | Powerful Active Directory privilege escalation framework |
| AdFind | scoop tool | Very powerful info gathering tool in domain environment |
| Rubeus | scoop tool | Tool for Kerberos protocol attacks, can initiate requests and import tickets |
| Tool Name | Type | Description |
|---|---|---|
| HackBrowserData | scoop tool | Browser data decryption tool (passwords, history, cookies, bookmarks), supports Chrome, Firefox, Edge, 360, QQ, etc. |
| LaZagne | scoop tool | Powerful password recovery and forensics tool, extracts passwords stored on local computer |
| Kerbrute | scoop tool | Popular enumeration tool, abuses Kerberos pre-authentication for brute force and enumeration |
| SharpXDecrypt | scoop tool | Xshell all-version password recovery tool |
| RouterPassView | scoop tool | Retrieve usernames and passwords saved in router configuration files |
| Mimikatz | scoop tool | Very powerful security tool in C, extracts plaintext passwords, hashes, PINs, Kerberos tickets from memory |
| NetPass | scoop tool | View Windows computer credential passwords tool |
| ProcDump | scoop tool | Command-line utility for monitoring CPU spikes and generating crash dumps |
| PassRecEnc | scoop tool | Free password recovery tool for Windows programs, Chrome, Firefox, Edge, IE, Outlook, network passwords, wireless keys, dial-up entries |
| WebBrowserPassView | scoop tool | Password viewer for all major browsers, IE 4.0-8.0, Firefox, Chrome, Opera |
| Tool Name | Type | Description |
|---|---|---|
| NetBird | scoop tool | Open-source network management platform built on WireGuard |
| Easytier | scoop tool | Simple, secure, decentralized remote networking solution, WireGuard compatible |
| Tailscale | scoop tool | Virtual networking tool based on WireGuard |
| Qv2ray | scoop tool | Cross-platform V2Ray client using Qt framework, supports Windows, Linux, macOS |
| NekoBox | scoop tool | Multi-platform universal proxy tool based on sing-box |
| v2rayN | scoop tool | V2Ray client for Windows, supports VMess, VLESS, Trojan, Socks, Shadowsocks, Hysteria2, Tuic |
| WireGuard | scoop tool | Extremely simple but fast and modern VPN |
| OpenVPN Connect | installer | OpenSSL-based VPN, simple and easy to use compared to traditional VPN |
| Clash-Verge | scoop tool | Efficient desktop proxy software, designed for managing and enhancing Clash configurations |
