1164 Open source projects that are alternatives of or similar to spellbook

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Yet Another PHP Shell - The most complete PHP reverse shell

Misc. Public Reports of Penetration Testing and Security Audits.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🦄🔒 Awesome list of secrets in environment variables 🖥️

This powershell script has got to run in remote hacked windows host, even for pivoting

Repository to train/learn memory corruption on the ARM platform.

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

🌸 Interactive shellcoding environment to easily craft shellcodes

CTF framework and exploit development library

pentest framework

A list of useful payloads for Web Application Security and Pentest/CTF

CTF中Pwn的快速利用模板（包含awd pwn）

Ladon Moudle MS17010 Exploit for PowerShell

Very simple script(s) to hasten binary exploit creation

linux-kernel-exploits Linux平台提权漏洞集合

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A collection of hacking / penetration testing resources to make you better!

Web wrapper of niklasb/libc-database

Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest

CTF竞赛权威指南

some experience in CTFs

A cli for cracking, testing vulnerabilities on Json Web Token(JWT)

Pentest: Subdomains enumeration tool for penetration testers.

Decode All Bases - Base Scheme Decoder

A tool to test security of json web token

Tool to bypass 40X response codes.

Automatic SSRF fuzzer and exploitation tool

Pentest/BugBounty progress control with scanning modules

Exploiting challenges in Linux and Windows

🔑 Hash type identifier (CLI & lib)

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

windows-kernel-exploits Windows平台提权漏洞集合

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

Notes about attacking Jenkins servers

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

📚 VoidHack CTF write-ups

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

📢 🔒 Exploit farm for attack-defense CTF competitions

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

The best tool for finding one gadget RCE in libc.so.6

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

cve-2019-0604 SharePoint RCE exploit

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

kernel-pwn and writeup collection

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

Turn your VPS into an attack box

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Some of my CTF solutions

Related subdomains finder

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup