Attack Surface Management Platform
翻译 - 针对攻击性安全专家的自动Pentest框架
Tools and Techniques for Red Team / Penetration Testing
The Network Execution Tool
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting C...
Drone pentesting framework console
翻译 - 无人机渗透测试框架控制台
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team ...
🔑 Hash type identifier (CLI & lib)
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
All-in-One Toolkit for BruteForce Attacks
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & a...
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
翻译 - 探测使用Java序列化对象的端点,以识别远程Java类路径上的类,库和库版本。
A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
翻译 - 渗透测试和黑客攻击CTF的瑞士军刀,具有:反向外壳处理-编码/解码-加密/解密-散列/散列
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
翻译 - CloudBunny是捕获使用WAF作为代理或保护的服务器的真实IP的工具。在此工具中,我们使用了三个搜索引擎来搜索域信息:Shodan,Censys和Zoomeye。
Tools & Resources for Cyber Security Operations
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.