Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

临时百度、阿里、腾讯、AWS、华为云存储桶检测工具,凭据有效性、Bucket存在性、上传下载、对象存在性、权限检测

​ JavaSecLab是一款综合型Java漏洞平台，提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范，覆盖多种漏洞场景，友好用户交互UI……

JavaWeb 内存马开聚会 🎉

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is com…

The recursive internet scanner for hackers. 🧡

A way to delete a locked file, or current running executable, on disk.

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

图形化渗透测试辅助工具

A `.git` folder disclosure exploit

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

基于Memprocfs和Volatility的可视化内存取证工具

Magical obfuscator, supports obfuscating EXE, BOF, and ShellCode.

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket

互联网厂商API利用工具。

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

基于前端vue框架的JavaFx图形化GUI漏洞扫描工具，支持一键扫描vue-manage-system系统前端泄露的未授权目录接口漏洞，并且对扫描的暴露目录进行逐一测试和验证，方便渗透人员快速确定未授权接口。还添加了出口IP地址信息本地DNS信息等的查询，方便清楚自身出口IP。

用户名密码字典生成工具(将中文汉字姓名转成14种格式的拼音、IP地址处理、网络设备密码生成)

助力每一位RT队员，快速生成免杀木马

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

Windows Local Privilege Escalation Cookbook

🤱🏻 Turn any webpage into a desktop app with Rust. 🤱🏻 利用 Rust 轻松构建轻量级多端桌面应用

Red team Interview Questions

此项目为su18大佬的仓库镜像，如有问题可发issuse删库

一款代码审计辅助插件

The Red-book: The Art of Offensive CyberSecurity

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it sign…

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Collaborative Incident Response platform