evi1cg

Impacket is a collection of Python classes for working with network protocols.

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~

Redis 4.x/5.x RCE

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

tools

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

Fileless atexec, no more need for port 445

CVE-2018-8581

cve-2020-0688

Mssql利用工具

POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/

CVE-2019-1040 with Exchange

通过脉脉用户猜测企业邮箱

获取Exchange信息的小工具

利用Tor搭建Socks5代理，动态切换IP

NTLM relay test.

从shodan获取使用了相同favicon.ico的网站

exp of CVE-2018-15982

PoC for CVE-2018-0802 And CVE-2017-11882

Cobalt strike 修改支持回显中文。

This is JSRat.ps1 in Python

Use cloudflare workers to build socks5 proxy service

No description.

proxyshell payload generate

pyForgeCert is a Python equivalent of the ForgeCert.

SharpAddDomainMachine

Just pick out the code we need.

Cobalt strike custom 404 page

Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.

利用NTLM Hash读取Exchange邮件

MSSQL CLR for pentest.

external c2 use domainhiding.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

No description.

cloudflare socks5 server

This is a webshell open source project

Set Up WebDAV Server for Remote File Sharing and more

CVE-2019-1040 with Kerberos delegation

Py写的tsh的流量加解密过程。

Execute codes From XSLT

基于 Claude Agent SDK 的全栈对话应用 Demo，支持流式响应、工具调用、多模态输入和 MCP 服务器集成。

A collection of hacking / penetration testing resources to make you better!

mousejack hack

Yet another llvm based obfuscator based on goron.

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Wiki to collect Red Team infrastructure hardening resources

2023 HVV情报速递~

Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作

A collection of awesome penetration testing resources, tools and other shiny things

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

A collection of open source and commercial tools that aid in red team operations.

Active Directory Security For Red & Blue Team

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

备份的漏洞库，3月开始我们来维护

Evasion kit for Cobalt Strike

SharpWMI is a C# implementation of various WMI functionality.

A reverse shell based on sshd supporting DNS and ICMP Tunnelling as well as HTTP and Socks Proxies

Dump cookies directly from Chrome process memory

List of Awesome Red Teaming Resources

An Information Security Reference That Doesn't Suck

Some useful scripts for CobaltStrike

Privilege Escalation Project - Windows / Linux / Mac

自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch)，包含未授权访问及常规弱口令检测

Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software.

Collection of C# scripts

No description.

GodzillaNodeJsPayload

A tool to transform Chromium browsers into a C2 Implant

grs内网穿透工具通过reality协议隐藏特征

一款集成高危漏洞exp的实用性工具

HVNC for Cobalt Strike

GIt tun

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys

ysoserial for su18

寻找可利用的白文件

A library for detecting known secrets across many web frameworks

Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :)

No description.

Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise

No description.

Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

A powerful obfuscator for JavaScript and Node.js

collection of articles/books about programing

Small and highly portable detection tests based on MITRE's ATT&CK.

Working POC of Mikrotik exploit from Vault 7 CIA Leaks

A tool to create a JScript file which loads a .NET v2 assembly from memory.

IoM implant, C2 Framework and Infrastructure

CVE-2026-31431 Copy Fail — Universal LPE exploit. Dynamic ELF offset + full-binary overwrite, Python 2/3 compatible with ctypes splice fallback

AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64

Evilginx2 Phishlets version (0.2.3) Only For Testing/Learning Purposes

闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，增加 LLM 大模型能力验证路径可达性，LLM 根据上下文代码环境给出该路径可信分数

No description.

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version focuses solely on network isolation without process termination.

A list of python tools to help create an OPSEC-safe Cobalt Strike profile.

Use Claude Code as the foundation for coding infrastructure, allowing you to decide how to interact with the model while enjoying updates from Anthropic.

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

将任何 elf 或命令转换为 shellcode

各种漏洞批量扫描poc、exp，涵盖未授权、RCE、文件上传、sql注入、信息泄露等

Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)

Stealer + Clipper + Keylogger

AD Security Intrusion Detection System

An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.

Silently Install Chrome Extension For Persistence

Source of VMProtect (NOT OFFICIALLY)

Pillager是一个适用于后渗透期间的信息收集工具

Pack/Encrypt/Obfuscate ELF + SHELL scripts

一个手动或自动patch shellcode到二进制文件的免杀工具/A tool for manual or automatic patch shellcode into binary file oder to bypass AV.

No description.

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

A BOF that runs unmanaged PEs inline

This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3.

🦄️ 🎃 👻 Clash Premium 规则集(RULE-SET)，兼容 ClashX Pro、Clash for Windows 客户端。

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.

A collection of phishing samples for researchers and detection developers.

A beacon object file implementation of PoolParty Process Injection Technique.

No description.

Active Directory data collector for BloodHound written in Rust. 🦀

Adaptive DLL hijacking / dynamic export forwarding

A DLL loader with advanced evasive features

A BOF to automate common persistence tasks for red teamers

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

💻 Elevate, UAC bypass, privilege escalation, dll hijack techniques

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, alowing to bypass 2-factor authentication.

A library of pretexts to use on offensive phishing engagements.

:dizzy: A collection of awesome lists, manuals, blogs, hacks, one-liners and tools for Awesome Ninja Admins.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Empire is a pure PowerShell post-exploitation agent.

Nishang - PowerShell for penetration testing and offensive security.

Ruby on Rails Phishing Framework

Internet of Malice project

No description.

Next Generation C2 Framework, IoM-server/client

A penetration toolkit for container environment

The leaked exploit toolkit for various iOS versions

CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer

Automated Adversary Emulation Platform

Extract Windows credentials directly from VM memory snapshots and virtual disks

CVE-2026-46333

Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels.

No description.

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.

The Red Sun vulnerability repository

cc完整版，含手册，编译等

原汁原昧 Claude Code 可运行,可构建版; Typescript 类型全修复; 企业级可靠性; 安全无毒, lock 文件保真, 可直接 bun i; bun run dev 启动

Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

A next.js web application that integrates AI capabilities with draw.io diagrams. This app allows you to create, modify, and enhance diagrams through natural language commands and AI-assisted visualization.

The open source coding agent.

Kubernetes Kubelet security assessment and privilege escalation toolkit

一款提示词优化器，助力于编写高质量的提示词

AI模型聚合管理中转分发系统，一个应用管理您的所有AI模型，支持将多种大模型转为统一格式调用，支持OpenAI、Claude、Gemini等格式，可供个人或者企业内部管理与分发渠道使用。🍥 The next-generation LLM gateway and AI asset management system supports multiple languages.

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

A cmake template for crystal palace

Agent for AdaptixC2 containing lateral movement capabilities ( WMI, SCM, WinRM, DCOM), bof/dotnet/shellocde in memory executions, postex modules with shellcode and bof with possibilities of fork executions (spawn/explicit)

Templates for developing your own listeners and agents for AdaptixC2.

AdaptixFramework Extension Kit

基于Tinynuke修复得到的HVNC

Binary Hollowing

Extracted Yara rules from Windows Defender mpavbase and mpasbase

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

No description.

一个开箱即用的、跨平台的影视聚合播放站。交流群：https://t.me/+K8GaaVx-xrc0YmVk

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Preferences and Secure Preferences files. Currently, it only supports Windows.

proxy/tunnel everything for red team!

DecryptTools-综合解密

JavaWeb 内存马开聚会 🎉

Automating the MITM attack on WSUS

Framework for Kerberos relaying

Convert Cobalt Strike profiles to modrewrite scripts

🧙‍♂️ Node JS C2 for backdooring vulnerable Electron applications

SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.

collect for learning cases

golang styles proxy client, support http/https, socks4/5, ssh

一个浏览器数据（密码|历史记录|Cookie|书签|下载记录）的导出工具，支持主流浏览器。

This repository comes from an Internet collection

一款小程序安全评估工具

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

在原版的基础上修改了显示 VLESS 配置信息转换为订阅内容。使用该脚本，你可以方便地将 VLESS 配置信息使用在线配置转换到 Clash 或 Singbox 等工具中。

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

One-Click to deploy your own ChatGPT web UI. 一键拥有你自己的 ChatGPT 网页服务。

使用Visral Studio开发ShellCode

月海 (Sea Moon) 是一款 FaaS/BaaS 实现的 Serverless 网络工具

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

助力每一位RT队员，快速生成免杀木马

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).

BlackLotus UEFI Windows Bootkit

Situational Awareness commands implemented using Beacon Object Files

集权设施扫描器

Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)

A collection of manifests that will create pods with elevated privileges.

Source Code Management Attack Toolkit

A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.

kill anti-malware protected processes (BYOVD)

Collection of Beacon Object Files

CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and more, leveraging direct syscalls (SysWhispers2) to bypass EDR/AV