A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Exploitation Framework for Embedded Devices

Modular visual interface for GDB in Python

Linux/OSX/FreeBSD resource monitor

Credentials recovery project

OneForAll是一款功能强大的子域收集工具

Malicious traffic detection system

Study Notes For Web Hacking / Web安全学习笔记

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

新浪微博爬虫（Scrapy、Redis）

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

Sniffs sensitive data from interface or pcap

yarGen is a generator for YARA rules

基于Frida的脱壳工具

This tool can be used to brute discover GET and POST parameters

A PoC backdoor that uses Gmail as a C&C server

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…

Yet Another Golang binary parser for IDAPro

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Scanning pastebin with yara rules

ISF(Industrial Control System Exploitation Framework)，a exploitation framework based on Python

Active Directory Integrated DNS dumping by any authenticated user

对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

方便获取每日安全资讯的爬虫和推送程序

Extract a .unitypackage, with or without Python

Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.