Helps defenders find their WSUS configurations in the wake of CVE-2025-59287

Yet another WeChat miniapp debugger on Windows

Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover

A little tool to play with Windows security

Turacos 是一款专业的多数据库安全评估工具，支持 PostgreSQL、MySQL、Redis、MSSQL 等多种数据库的后渗透操作。 为安全研究人员提供系统化、模块化的数据库安全测试能力，助力企业进行安全评估与漏洞验证。

JSFindAPI是一款自动从html页面中获取js链接，并自动访问js提取js中的api路径，然后自动进行api未授权测试的插件，同时也可被动监听，当访问js时自动提取api进行访问，提取api接口主要根据AJAX，XMLHttpRequest，axios，Vue.js等各种api请求的写法去正则提取，准确性和数量都有提升

burp插件,Oss漏洞被动扫描

A fast, simple, recursive content discovery tool written in Rust.

Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

这是一款对chromium源码进行定制的浏览器,支持爬虫/JS逆向工程师进行辅助分析网页

推理算法助手(降维打击)

The DCERPC only printerbug.py version

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

ICP备案信息查询

让fscan再次伟大

A email bomb/fake email tool, by Python

Nexus Maven私服内容下载

DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

🚀 Free HTTP, SOCKS4, & SOCKS5 Proxy List * Updated every 5 minutes *

Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)

利用fofa搜索socks5开放代理进行代理池轮切的工具

This is a weaponized WSUS exploit

RCE exploit for CVE-2023-3519

渗透测试：微信小程序信息在线收集，wxapkg源码包内提取信息

全自动化，微信小程序 wxapkg 包 源代码还原工具, 线上代码安全审计，支持 Windows, Macos, Linux

Clear Event Logs

A community-driven collection of BloodHound queries