A list of useful payloads and bypass for Web Application Security and Pentest/CTF

一个攻防知识仓库 Red Teaming and Offensive Security

Collection of things made during my OSCP journey

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

ODAT: Oracle Database Attacking Tool

Fancy reverse and bind shell handler

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Linux privilege escalation exploit via snapd (CVE-2019-7304)

MSDAT: Microsoft SQL Database Attacking Tool

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

CVE-2020-0796 Local Privilege Escalation POC

Python AV Evasion Tools

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Modular penetration testing platform that enables you to write, test, and execute exploit code.

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

Collection of different exploits

A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.