A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

Web path scanner

E-mails, subdomains and names Harvester - OSINT

Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

Snoop — инструмент разведки на основе открытых данных (OSINT world)

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to fin…

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Projects for security students

记录自己编写、修改的部分工具

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Bloodhound for Blue and Purple Teams

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

红队基础设施自动化部署工具

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace