📐 Jekyll theme for building a personal site, blog, project documentation, or portfolio.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of public penetration test reports published by several consulting firms and academic security groups.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

Fluxion is a remake of linset by vk496 with enhanced functionality.

Automate the creation of a lab environment complete with security tooling and logging best practices

Web-Security-Learning

《FRIDA操作手册》by @hluwa @r0ysue

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

Software-Security-Learning

drops.wooyun.org 乌云Drops文章备份

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

A modern vulnerable web app

Powershell攻击指南----黑客后渗透之道

🔪Browser logic vulnerabilities ☠️

A fully functional DanderSpritz lab in 2 commands

基于Burp插件开发打造渗透测试自动化

A HTA shell to assist with breakout assessments.

Collate and collect binary related materials, including papers, tools, etc. Now,there are the following categories: 1、Fuzzing