young28dos Goto Github PK

-mirai-iot-botnet

[Mirai] Mirai Iot Botnet && Tutorial !

adamantium-thief

:key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.

arbitrium-rat

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

bloodhound

Six Degrees of Domain Admin

byob

An open-source post-exploitation framework for students, researchers and developers.

cc-attack

Using Socks4/5 proxy to make a multithreading Http-flood/Https-flood (cc) attack.

cobaltstrike

commix

Automated All-in-One OS Command Injection Exploitation Tool.

cooolis-ms

Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。

crimeboards

A list of private and public (more or less) blackhat boards

cti

Cyber Threat Intelligence Repository expressed in STIX 2.0

dirsearch

Web path scanner

dnsprobe

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

exphub

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

f8x

红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool

flash-pop

Flash钓鱼弹窗优化版

fxminerproxy

🔥minerproxy,minerproxy,minerproxy,minerproxy,minerproxy,minerproxy,minerproxy,minerproxy,minerproxy,minerproxy,矿池抽水,矿池中转,矿场运维专用

ghunt

🕵️‍♂️ Investigate Google Accounts with emails.

gobot2

Second Version of The GoBot Botnet, But more advanced.

httpx

httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

k8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

labs_campaigns

ladon

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、Netbios、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

ladongo

Ladon Pentest Scanner framework LadonGo一款开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

listmonk

High performance, self-hosted newsletter and mailing list manager with a modern dashboard. Go + VueJS.

log4shell

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

loki

Remote Access Tool

lp-db

Login Pages Database forms a knowledge base on login pages related to malicious activities (C2 panels, phishing kits...).

mercury

Mercury: network metadata capture and analysis