cwkiller / Pentest_dic

RFD Checker - security CLI tool to test Reflected File Download issues

Burp Bounty profiles compilation, feel free to contribute!

Awesome Node.js Security resources

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Simple Karma Attack

This is a rich-featured Visual Basic macro code for use during Penetration Testing assignments, implementing various advanced post-exploitation techniques.

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

☠️ The Pathwar Project ☠️

cve-2019-0604 SharePoint RCE exploit

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

Script collection to bypass Network Access Control (NAC, 802.1x)

A fast, simple, recursive content discovery tool written in Rust.

Penetration tests guide based on OWASP including test cases, resources and examples.

Pop shells like a master.