A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🔎 Hunt down social media accounts by username across social networks

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Web path scanner

E-mails, subdomains and names Harvester - OSINT

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

List of Awesome Red Teaming Resources

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Cyber Security ALL-IN-ONE Platform

暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Tools and Techniques for Red Team / Penetration Testing

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

CobaltStrike的相关资源汇总 / List of Awesome CobaltStrike Resources

Red Teaming Tactics and Techniques

Redteam operation platform with webui 图形化红队行动辅助平台

Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

Automation for internal Windows Penetrationtest / AD-Security