Trending repositories for topic redteam
Hunt down social media accounts by username across social networks
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, an...
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, an...
助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan
Evade EDR's the simple way, by not touching any of the API's they hook.
免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总
MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid locking out accounts, a...
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Hunt down social media accounts by username across social networks
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, an...
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, an...
📸 an Instagram tracking script that logs any changes to an Instagram account (followers, following, posts, and bio) written in Python.
免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总
助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid locking out accounts, a...
Evade EDR's the simple way, by not touching any of the API's they hook.
Hunt down social media accounts by username across social networks
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or earning relevant certifications.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employs a 'low-and-slow' approach to avoid locking out accounts, a...
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
📸 an Instagram tracking script that logs any changes to an Instagram account (followers, following, posts, and bio) written in Python.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or earning relevant certifications.
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, an...
FOFA EX 是一款基于fofa api(也可导入鹰图、夸克文件)实现的红队综合利用工具,可基于模板把工具作为插件进行集成,自动化进行资产探测,目前提供的插件功能如下:探活、 nuclei 模板扫描、IP反查域名、域名反查 ICP 备案、dismap 指纹扫描
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
Hunt down social media accounts by username across social networks
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or earning relevant certifications.
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总
Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
This repo offers notes and resources on ethical hacking, covering information gathering, scanning, web hacking, exploitation, and Windows/Linux hacking.
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption, an...
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.