物联网设备安全测试指南

Scripts and examples for "From Day Zero to Zero Day" by Eugene Lim.

A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.

Auto Recon tool for finding SQLi,XSS,LFi,OpenRedirect

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

Lateral Movement Using DCOM and DLL Hijacking

A collection of scripts for assessing Microsoft Azure security

PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph

RunasCs - Csharp and open version of windows builtin runas.exe

This tool exploits Golden DMSA attack against delegated Managed Service Accounts.

纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用

JNDI在java高版本的利用工具,FUZZ利用链

Vulhub Vulnerability Reproduction Designated Platform

AI for Ethical Hacking - Workshop

Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post

A collection of Azure AD/Entra tools for offensive and defensive security purposes

all of the workflows of n8n i could find (also from the site itself)

Generate Frida bypass scripts for Android APK root and SSL checks.

Tool to check the strength of Android root and emulator detection

A Group Policy (GPO) audit tool

A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities

Active Directory and Internal Pentest Cheatsheets

The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section

Proof of Concept for CVE-2025-25599