Need help with Pentest-Tools?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

692 Stars 189 Forks 35 Commits 0 Opened issues

Services available


Need anything else?

Contributors list

# 55,644
31 commits
# 114,827
1 commit
# 13,947
1 commit


And many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art. STRG+F searches are helpful here.

Windows Active Directory Pentest

General usefull Powershell Scripts - :sunglasses: - same but kerberos auth for more stealth and lockout-sleep - domainpasswordspray executable with lockout-sleep - remote LAPS dumping from linux - supported version - really nice Excel-Sheet for an AD-Overview - Various Powersploit Tasks in C# - Adidns Attacks

AMSI Bypass restriction Bypass C# Powershell - Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched - Constrained language mode bypass - Applocker Bypass - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace. - The Hunt for Malicious Strings - Bypass AMSI and Defender using Ordinal Values in VBS - OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, CLM and Script Block Logging disabled at startup - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load(). - MSBuild without MSbuild.exe - A centralized resource for previously documented WDAC bypass techniques - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process. - MSBuildShell, a Powershell Host running within MSBuild.exe

Payload Hosting - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. - Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

Network Share Scanner

Find Juicy Stuff - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses. - Search tool to find specific files containing specific words, i.e. files containing passwords.. - .NET 4.0 Console App to browse VMDK / VHD images and extract files

Reverse Shellz - A small reverse shell for Linux & Windows - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) - C# reverse shell using Background Intelligent Transfer Service (BITS) as communication protocol and direct syscalls for EDR user-mode hooking evasion.

Backdoor finder

Lateral Movement - WMI,SMB,RDP,SCM,DCOM Lateral Movement techniques - WMI, SCM, DCOM, Task Scheduler and more - C# Port of Invoke-DCOM - An implementation of PSExec in C# - CsExec, CsPosh (Remote Powershell Runspace), CsWMI,CsDCOM - Automate Getting Dom-Adm - automated lateral movement - backdoor / rootkit - automation for various mitm attacks + vulns - automated penetration toolkit - Netbios Network interface Enumeration (discovery of dual homed hosts) - Find dual homed hosts over DCOM - A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object - unconstrained delegation, printer bug (MS-RPRN) exploitation, Remote ADIDNS attacks - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command - AD Bloodhound 3.0 Path - A Bypass Anti-virus Software Lateral Movement Command Execution Tool - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. - Implementation of SpoolSample without rDLL - Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe. - C# application that allows you to quick run SSH commands against a host or list of hosts - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.

POST Exploitation - Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived. - McAfee Epo or Solarwinds post exploitation - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions - RunasCs - Csharp and open version of windows builtin runas.exe - Powershell VNC injector - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims. - .NET 4.0 Project to interact with video, audio and keyboard hardware. - Lockless allows for the copying of locked files. - C# Clipboard Monitor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.

Post Exploitation - Phish Credentials - Windows active user credential phishing tool - Creates a login prompt to gather username and password of the current user. This project allows red team to phish username and password of the current user without touching lsass and having adminitrator credentials on the system. - Phish Smartcard PIN

Wrapper for various tools - Various .NET Tools wrapped in Powershell - GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects - rundll32 Wrapper for Rubeus - execute Python in C# via ironpython

Pivot - Webshell tunnel over socks proxy - pentesters dream - reGeorg customized for weblogic TCP tunneling over HTTP/HTTPS for web application servers like reGeorg - check for internet access over open ports / egress filtering - C# Wrapper around Chisel from - A fast TCP tunnel over HTTP - ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding. - Reverse Tunneling made easy for pentesters, by pentesters - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

Active Directory Audit and exploit tools - C# Data Collector for the BloodHound Project, Version 3 - same as invoke-aclpwn but in python - Active Directory information dumper via LDAP - Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments - Add SD for controlled computer object to a target object for RBCD using LDAP

Persistence on windows - The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

Web Application Pentest

Framework Discovery - Wordpress, Joomla, Drupal Scanner

Framework Scanner / Exploitation - wordpress - lotus domino - Drupal - Typo3 - Joomla

Web Vulnerability Scanner / Burp Plugins - all in one scanner - XSS discovery - Burpsuite Extension to bypass 403 restricted directory - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Network- / Service-level Vulnerability Scanner

File / Directory / Parameter discovery - Mining parameters from dark corners of Web Archives - :heartpulse: - Directory lookup from Javascript files - Admin Panel Finder

Crawler - :heartpulse: - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Web Exploitation Tools - lfi - xxe - shellz - ssti - xpath injection - File Uploads - deserialization - IIS Short Filename Vuln. exploitation - Deserialize Java Exploitation - Deserialize .NET Exploitation - Exploit .git Folder Existence - SSRF Tutorials - PHP Unserialize Payload generator - Malicious Office XXE payload generator - Angularjs Csti Scanner - Deserialize .NET Viewstates - Deserialize .NET Viewstates

REST API Audit - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

SAML Login - Python Script for SAML2 Authentication Passwordspray

Swagger File API Attack

Windows Privilege Escalation / Audit - Privilege Escalation Enumeration Script for Windows - powerfull Privilege Escalation Check Script with nice output - UAC - UAC - find vulnerable dlls for preloading attack - dll hijack scanner - admin to system

Windows Privilege Abuse (Privilege Escalation) - Abuse Windows Privileges - load malicious dlls from system32 - Exploit potatoes with automation - from Service Account to System - Another Windows Local Privilege Escalation from Service Account to System - Abusing Impersonation Privileges on Windows 10 and Server 2019 - itm4ns Printspoofer in C# - Recover the default privilege set of a LOCAL/NETWORK SERVICE account

T3 Enumeration

Linux Privilege Escalation / Audit - powerfull Privilege Escalation Check Script with nice output - lookup vulnerable installed software - find suid bins and look them up under gtfobins / exploitable or not - Offline GTFOBins - sudo misconfiguration exploitation - easily manipulate the tty and create fake binaries - not really privesc but helpfull


Credential harvesting Windows Specific - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory. - remote lazagne - Browser Creds gathering - hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser. - ClipHistory feature get the last 25 copy paste actions - dump lsass using direct system calls and API unhooking - Create a minidump of the LSASS process from memory - using Dumpert - Evade WinDefender ATP credential-theft - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction - extract live rdp logins - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute. - .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins. - This project reuses open handles to lsass to parse or minidump lsass - ThunderFox for Firefox Credentials, SitkyNotesExtract for "Notes as passwords" - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's - C# tool to discover low hanging fruits like SessionGopher - DPAPI Creds via C#

LSASS Dump Without Mimikatz - C# porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands

Credential harvesting Linux Specific - SSH Credential loot - SSH / Sudo / SU Credential loot - Tool to extract Kerberos tickets from Linux kernel keys.

Data Exfiltration - DNS/ICMP/Wifi Exfiltration - Wifi Exfiltration - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP - Easy files and payloads delivery over DNS

Git Specific

Windows / Linux

Reverse Engineering / decompiler - .NET Disassembler


Network Attacks - :heartpulse: - more up to date - Deprecated but still good - mitm6 in C# + Inveigh default features

Specific MITM service Exploitation - SSH - WSUS - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations - WSUS mitm - Standalone implementation of a part of the WSUS spec. Built for offensive security purposes. - RDP - RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact - Fake Updates for various Software - web application live recording, keystroke logger - User Enumeration with SMB Relay Attacks

Sniffing / Evaluation / Filtering -

Red-Team SIEM - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Scanner / Exploitation-Frameworks / Automation - automate nmap with scripting capabilities

Default Credential Scanner - Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset. - screenshot for webservers

Default Credential Lookup

Payload Generation / AV-Evasion / Malware Creation - Office RCE POC - reverse shell generator - Sign an executable for AV-Evasion - Sandbox Evasion techniques - Encrypted HTA Generation - Optimized GadgetToJScript version - Shikata ga nai (仕方がない) encoder ported into go with several improvements - Spotter is a tool to wrap payloads in environmentally-keyed, AES256-encrypted launchers. - Malleable payload generation framework. - Build Powershell Script from .NET Executable - Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory. - A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf) - AES Encrypt payloads - Embed and hide any file in an HTML file - AES Encrypt C/C++ Compiled binaries and decrypt at runtime - PoC of a VBA macro spawning a process with a spoofed parent and command line. - Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass. - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows. - Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory. - Excel Macro Document Reader/Writer for Red Teamers & Analysts - PwnyForm will take an MSI installer as input and generate an MSI transform (mst) that can be used to inject arbitrary command execution by adding a custom action that will execute during the UI or Install sequence of an MSI file. - VBA purge your Office documents with OfficePurge. VBA purging removes P-code from module streams within Office documents. Documents that only contain source code and no compiled code are more likely to evade AV detection and YARA rules. - A Control Panel Applet dropper project. It has a high success rate on engagements since nobody cares about .CPL files and you can just double click them. - Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library.

Shellcode Injection - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters - D/Invoke port of UrbanBishop - A port of FuzzySecurity's UrbanBishop project for inline shellcode execution - Donut for Shellcode Injection - Mapping injection is a process injection technique that avoids the usage of common monitored syscall VirtualAllocEx, WriteProcessMemory and CreateRemoteThread. - Shellcode injection POC using syscalls. - Shellcode wrapper with encryption for multiple target languages - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. - C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread - A set of scripts that demonstrate how to perform memory injection in C# - SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. - CreateThreadpoolWait, Fiber Load, NtTestAlert Load, SEH Except Load, TLS CallBack Load, Dynamic Load, Dynamic Load plus, Syscall Load, APC-Inject Load, Early Brid APC-Inject Load, NtCreateSection-Inject Load, OEP Hiijack-Inject Load, Thread Hiijack-Inject Load - Suite of Shellcode Running Utilities - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions - It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!) - This program is designed to demonstrate various process injection techniques

Loader / Packer / Injectors - Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash) - Reflective PE packer. - Suite of Shellcode Running Utilities - Open-Source PE Packer

EDR Evasion - Logging Evasion - A method of bypassing EDR's active projection DLL's by preventing entry point execution - Evade sysmon and windows event logging - C# Implementation of the Hell's Gate VX Technique - Original C Implementation of the Hell's Gate VX Technique - C++ Version of Invoke-Phantom - .Net Assembly to block ETW telemetry in current process - A Bind Shell Using the Fax Service and a DLL Hijack - Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDump() Shellcode - This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging.

Useful Binary Modification tools


External Penetration Testing

Domain Finding / Subdomain Enumeration + Scanner - more like an audit - :heartpulse:

File Search / Metadata extraction

Scanner - The Swiss Army knife for automated Web Application Testing

Email Gathering - Find Emails of Github Users - super fast emails via google/bing linkedin dorks - A simple email generator that uses dorks on Bing to generate emails from LinkedIn Profiles.

Check Email Accounts - allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

Domain Auth + Exploitation - Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or login page. - A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. - Tool to enumerate information from NTLM authentication enabled web endpoints - rotate IP Adresses over AWS - Combine with MSOLSpray - office 365 recon - lockout Time integrated - Lync Credential Finder - Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient - Lync Credential Finder - Use to browse the share file by eas(Exchange Server ActiveSync) - PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange. - Modified version of PEAS client for offensive operations - - A C# tool to send emails through Outlook from the command line or in memory - Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWeb

Exchange RCE-exploits - Exchange2010 authorized RCE - OWA Deserialisation RCE

MobileIron RCE

Specific Service Scanning / Exploitation

Login Brute Force + Wordlist attacks - Brute force non hydra compliant services - RDP, VNC, OpenVPN - Brute Force various services - :sunglasses: - Crack any Microsoft Windows users password without any privilege (Guest account included) - RDP Password Spray - No Event Logs - Python3 tool to perform password spraying using RDP


Open X11

Printers - Automation for PRET




SMB Null Session Exploitation

iLO Exploitation

vmware vCenter Exploits - Exploit for CVE-2020-3952 in vCenter 6.7

Intel AMT Exploitation

SAP Exploitation

FPM port

Found Port 9001 open? Try that: - bash poc scripts to exploit open fpm ports

Weblogic Exploitation - scan/test for nearly all weblogic vulns - WEblogic Server Tests - cve-2019-2725

Sharepoint exploitation - Sharepoint Fingerprint + Exploitation

Telerik UI for ASP.NET AJAX Exploit

General Recon

Solarwinds - SolarWinds Orion Account Audit / Password Dumping Utility

Command & Control Frameworks - Empire with embedded AMSI-Bypass - Implant framework - A post exploitation framework designed to operate covertly on heavily monitored environments - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. - Open-Source Remote Administration Tool For Windows C# (RAT)

Mythic Agents

Cobalt Strike Stuff - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+


Linux MacOSX Specific

Wifi Tools

Android / Nethunter

NAT Slipstreaming - NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website

Raspberri PI Exploitation

Physical Security / HID/ETH Emulator - PCI-based DMA - PCI based DMA - Teensy Payloads

Social Engeneering - lookup valid phishing-Domains - lookup valid phishing-Domains - Change SMB Files on the fly - Comprehensive Web Based Phishing Suite of Tools for Rapid Deployment and Real-Time Alerting!

Defender Guides / Tools / Incident Response - Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment. - Credential and Red Teaming Defense for Windows Environments - powershell obfuscation detection - python exe decompile - .NET Revoke-Obfuscation - ids - Investigate malicious Windows logon by visualizing and analyzing Windows event log - AD Passwort Blacklisting - Powershell DE-Obfuscation - A tool for de-obfuscating PowerShell scripts - Identifies the bytes that Microsoft Defender flags on. - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on. - Tool written in python3 to determine where the AV signature is located in a binary/payload - An Active Defense and EDR software to empower Blue Teams - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). - AD Security Intrusion Detection System - Small and highly portable detection tests based on MITRE's ATT&CK.

Wordlists / Wordlist generators - A collection of all the data i could extract from 1 billion leaked credentials from internet.

AD Lab Environment

Obfuscation - GO Obfuscator - Lists of .NET Obfuscator (Free, Trial, Paid and Open Source ) - Javascript Obfuscator - Powershell Obfuscator - .NET IL Obfuscator - C/C++ source obfuscator for antivirus bypass - GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE. - VBS Obfuscator - Shellcode Obfuscator - Shellcode Encoder

Hash Crack / Decryption - Ciphey is an automated decryption tool. Input encrypted text, get the decrypted text back. - A mostly-serverless distributed hash cracking platform - Cracking hashes in the Cloud (for free!)

Source Code / Binary Analysis

Binary Analysis

Source Code Analysis - Javascript - Javascript - PHP

MISC - Drupal Exploit - SAMBA Exploit - Reverse Shell Oneliner / Payload Generation - Reverse/Bind Shell Generator - check if a user is valid in a domain - Living of the Land Binaries - Windows Denial of Service Exploit - Windows Denial of Service Exploit PDF Steal NTLMv2 Hash Exploit - CVE-2018-4993 - :boom: :fire: :boom: - LibSSH Authentication Bypass vuln. - windows Privesc Exploit - OSINT - Deserialisation Exploits - S3 bucket tester - Zone transfer like for internal assessment - Get-ShellContent.ps1 get the typed content for all open shells - windows CTF Exploitation - Apache Privilege Escalation - Execute python from powershell - Recovers passwords from pixelized screenshots - This is a tool suite consisting of miscellaneous offensive tooling aimed at red teamers/penetration testers to primarily aid in Defense Evasion TA0005 - Utility to find AES keys in running processes - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

Big-IP Exploitation

Azure Cloud Tools - The Azure AD exploration framework.

Anonymous / Tor Projects

Exploit Search

Industrial Control Systems

Network access control bypass


JMX Exploitation - JMX enumeration and attacking tool.

Citrix Netscaler Pwn

mikrotik pwn - Fast exploitation tool for Mikrotik RouterOS up to 6.38.4

Red Team infrastructure setup - terraform cloud c2 redirector setup - Red Teaming Infrastructure Automation based on Red-Baron - This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls.


Redis Exploitation


  • scanner/redis/file_upload

  • exploit/linux/redis/redisreplicationcmd_exec

Windows Targets - Webshell upload

redis-cli -h targethost -p targetport
config set dir C:\inetpub\wwwroot\
config set dbfilename shell.aspx
set test "Webshell content"

Apache Tomcat Exploitation - Apache Tomcat auto WAR deployment & pwning penetration testing tool. - AJP Exploit CVE-2020-1938

SSRF Exploitation

LFI exploitation

MondoDB Redis Couchdb Exploitation - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.


Elasticsearch / Kibana Exploitation

RMI attacks - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

JSON Web Token Analysis / Exploitation

Docker Exploitation - automation of Docker TCP socket abuse - Docker API exposed RCE

PHP exploits - nginx + php misconfiguration

Cloud attack tools

Bluetooth / low energy

Wireless / Radio Exploitation

APT / Malware Emulation / Defense Check

Hash Crack / Lookup

OSCP Lists / tools / help

ASPX Webshells

PHP Webshells - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.

JSP WebShells

Other Tool-Lists / Cheat Sheets - List of Hooking DLLs for different AV vendors - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.