214 Open source projects that are alternatives of or similar to Defcon27_csharp_workshop

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

One line PS scripts that may come handy during your network assesment

A list of interesting payloads, tips and tricks for bug bounty hunters.

Discord C2 for Redteam....Need a better name

Projects for security students

Tactics, Techniques, and Procedures

一款适用于红蓝对抗中的仿真钓鱼系统

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

Offensive Reverse Shell (Cheat Sheet)

🙃 Reverse Shell Cheat Sheet 🙃

本脚本旨在生成各类畸形URL链接，进行探测使用的payload，尝试绕过服务端ssrf限制。

BadAssMacros - C# based automated Malicous Macro Generator.

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

Search for Unix binaries that can be exploited to bypass system security restrictions.

AV Evasion Tool For Red Team Ops

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

Network Pivoting Toolkit

all paths lead to clouds

Open source pre-operation C2 server based on python and powershell

一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api

This repository contains full code examples from the book Gray Hat C#

Exfiltration based on custom X509 certificates

List of Awesome Red Teaming Resources

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Infosec Wordlists

Execute ELF files without dropping them on disk

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

👻Impost3r -- A linux password thief

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

Functions that can be used to gain Reverse Shells with PowerShell

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Load shellcode into a new process

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Collection of PoC and offensive techniques used by the BlackArrow Red Team

A collection of Cobalt Strike aggressor scripts

linux post-exploitation framework made by linux user

LD_PRELOAD rootkit

OSINT

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Assist reverse tcp shells in post-exploration tasks

🎯 XML External Entity (XXE) Injection Payload List

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

cobaltstrike ms17-010 module and some other

Pentesting/Bugbounty Dockerfiles.

Hershell is a simple TCP reverse shell written in Go.

Common Web Managers Fuzz Wordlists

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

Open Redirect Payloads

🔎 Find usernames across social networks

Awesome cloud enumerator

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

fireELF - Fileless Linux Malware Framework