ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A collection of useful links for Pentesters

d(ockerp)wn - a docker pwn tool manager

🌒 Shell command obfuscation to avoid detection systems

My python3 implementation of a Forward Shell

Python AV Evasion Tools

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

scripts to setup pentesting system and use during pentest

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Bifrost C2. Open-source post-exploitation using Discord API

Scan for and exploit Consul agents

Suggests programs to run against services found during the enumeration phase of a Pentest

Kali Live Build Scripts

🔑 Hash type identifier (CLI & lib)

Burp Commander written in Go

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Framework for rapid development and reusable of security tools