A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🔎 Hunt down social media accounts by username across social networks

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems

List of Awesome Red Teaming Resources

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Collection of quality safety articles

Red Teaming Tactics and Techniques

The goal of this repository is to document the most common techniques to bypass AppLocker.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Automation for internal Windows Penetrationtest / AD-Security

Venom - A Multi-hop Proxy for Penetration Testers

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

红队作战中比较常遇到的一些重点系统漏洞整理。

Utilities for MITRE™ ATT&CK

This is the list of all rootkits found so far on github and other sites.

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup