A list for Web Security and Code Audit

404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目

An open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor

Automation for internal Windows Penetrationtest / AD-Security

Set of tools to analyze Windows sandboxes for exposed attack surface.

Trying to tame the three-headed dog.

A little toolbox to play with Microsoft Kerberos in C

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

RPC远程主机信息匿名扫描工具

各种工具指纹收集分享

Kubernetes integration with Spring Cloud Discovery Client, Configuration, etc...

The all-in-one browser extension for offensive security professionals 🛠

一个方便安全研究人员获取每日安全日报的爬虫和推送程序，目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客，持续更新中。

强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis一键利用，mysql数据库查询，winrm横向利用，多种服务利用支持socks5代理执行）

面向开发人员梳理的代码安全指南

An OOB interaction gathering server and client library

A helpful Java Deserialization exploit framework.

StandIn is a small .NET35/45 AD post-exploitation toolkit

KCon is a famous Hacker Con powered by Knownsec Team.

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…

😎 Awesome lists about all kinds of interesting topics

Self-developed tools for Lateral Movement/Code Execution

😉 用于在插上U盘后自动按需复制该U盘的文件。”备份&偷U盘文件的神器”（写作USBCopyer，读作USBCopier）

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具

An open-source post-exploitation framework for students, researchers and developers.

Windows Events Attack Samples