AI Summary: Pretendo Network is a repository designed to support community collaboration by providing essential files and templates for contributors. Its primary use case includes establishing guidelines for licensing, security, and conduct within the community. Notable features include a structured contribution guide and established policies to ensure a cooperative and secure environment for development.

README

Pretendo Network

This special repository contains community files and common templates.

Contents

• License
• Security Policy
• Code of Conduct
• Contribution Guide

AI Summary: .NET Deobfuscator is a comprehensive resource cataloging various open-source tools designed for the deobfuscation and unpacking of .NET applications. It serves as a centralized reference for developers needing to reverse-engineer obfuscated or packed .NET assemblies, featuring tools for numerous specific obfuscation methods such as Agile, Babel, and BoxedAppPacker among others. Notable features include linked resources for each tool, allowing for easier navigation and access to functionalities tailored for specific obfuscators.

AI Summary: .NET Obfuscator is a protection tool designed for .NET applications, aimed at preventing reverse engineering by transforming the original code into a format that is difficult to decipher. Its notable features include the ability to obscure intellectual property, enhance security against vulnerabilities, and reduce code size for improved application performance.

README

.NET-Obfuscator

.NET Obfuscator is a tool that is used to protect .NET applications from reverse engineering.

• This is done by transforming the original .NET code into a form that is difficult to understand, making it hard for attackers to decompile the code and understand how it works.

AI Summary: The “31-days-of-API-Security-Tips” repository provides a comprehensive set of daily tips aimed at enhancing the security posture of APIs through practical advice and insights. It is primarily designed for penetration testers and developers to identify and mitigate common API vulnerabilities such as BOLA (IDOR), command injection, and mass assignment. Notable features include a structured format for presenting security tips, real-world exploitation techniques, and guidance on testing different API authentication mechanisms.

AI Summary: A-Red-Teamer-diaries is a collaborative repository containing publicly accessible notes and resources for penetration testing and red teaming activities, focusing on various tools and techniques employed during security assessments. Key features include a cheatsheet for quick command reference, detailed methodologies for effective exploitation, and practical scripts for network scanning and enumeration, enhancing both learning and efficiency in cybersecurity engagements. This tool serves as a practical guide for professionals aiming to improve their pentesting methodologies in controlled environments.

AI Summary: AboutSecurity is a comprehensive security assessment tool that provides a variety of dictionaries and payloads tailored for penetration testing tasks. Its features include an extensive set of predefined dictionaries for different attack vectors, a range of skills related to reconnaissance, exploitation, and post-exploitation, as well as external tool integration for scanning and fuzzing, complemented by reference documentation for effective team collaboration.

README

AboutSecurity

• Dic
  • Auth : 认证字典
    • 账号和密码。
  • Network : 网络
    • 排除的私有 IP 段、本地 IP 段、dns 服务器列表。
  • Port : 端口字典
    • 按照端口渗透的想法,将不同端口承载的服务可爆破点作为字典内容。
  • Regular : 规则字典
    • 各种规则、排列的字典整理。
  • Web : Web 字典
    • web 渗透过程中出现的可爆破点作为字典内容。
• Payload
  • Burp
  • CORS
  • email
  • Format
  • HPP
  • LFI
  • OOB
  • SQL-Inj
  • SSI
  • XSS
  • XXE
• Skills — AI Agent 技能方法论 (55 skills)
  • recon (5) : 侦察类 — 资产侦察、被动信息收集、子域名深挖、目标画像、社会工程
  • exploit (26) : 漏洞利用类 — SQL 注入、XSS、SSTI、文件上传、反序列化、JWT、GraphQL、SSRF/XXE、CORS、CSRF、OAuth、WebSocket、竞态条件、缓存投毒/请求走私等
  • ctf (5) : CTF 竞赛类 — Web 解题方法论、CTF 侦察、源码审计、Flag 搜索、Flag 校验
  • postexploit (6) : 后渗透类 — Linux/Windows 后渗透、提权检查、凭据喷射、横向移动、持久化
  • lateral (3) : 内网渗透类 — AD 域攻击、内网侦察、多层网络穿透
  • cloud (2) : 云环境类 — 云元数据利用、IAM 权限审计与提权
  • evasion (4) : 免杀对抗类 — C2 框架免杀、Shellcode Loader 生成、免杀技术整合、安全研究
  • general (4) : 综合类 — 红队评估、移动后端 API、报告生成、供应链审计
  • 📊 Skill Benchmark: python scripts/bench-skill.py --all — A/B 测试 Skill 对 Agent 的实际效果
• Tools — 外部工具声明式 YAML 配置
  • scan : 扫描工具 (nmap, masscan)
  • fuzz : Fuzz 工具 (dirsearch)
• Doc
  • Checklist : 渗透测试过程中的检查项,杜绝少测、漏测的情况。
  • Cheatsheet : 渗透测试信息收集表,渗透测试时直接复制一副作为参考、信息记录、方便团队协作、出报告等。
  • 出报告专用 : 记录部分平常渗透测试遇到的案例。
  • 行业名词

参考

• https://github.com/anthropics/skills/blob/main/skills/skill-creator/SKILL.md
• https://github.com/ljagiello/ctf-skills
• https://github.com/JDArmy/Evasion-SubAgents

AI Summary: Above is a network security sniffer designed for penetration testers and security engineers to identify vulnerabilities in network equipment through traffic analysis. It operates silently, leveraging the Scapy library, and supports the detection of up to 28 protocols, including ARP, EAPOL, and various SCADA protocols. Users can operate it in ‘hot’ mode for real-time sniffing or ‘cold’ mode for analyzing pre-captured traffic dumps, with features like passive ARP detection and VLAN segment search.

AI Summary: The Active Directory Exploitation Cheat Sheet serves as a comprehensive resource for cybersecurity professionals, detailing methodologies and commands for navigating the Active Directory environment. Its primary use case involves facilitating reconnaissance, privilege escalation, and lateral movement within a network through structured commands using Powershell and .Net. Notable features include a systematic approach to various stages of the exploitation process, including domain enumeration, persistence techniques, and monitoring account vulnerabilities.

AI Summary: The Active Directory Exploitation Cheat Sheet serves as a comprehensive resource for security professionals, detailing various enumeration and attack techniques within Windows Active Directory environments. It encompasses methods for domain enumeration, local privilege escalation, lateral movement, and domain persistence, while providing actionable insights and references to essential tools such as PowerView, Mimikatz, and BloodHound. This tool is particularly notable for its structured approach to various exploitation vectors, facilitating an efficient and systematic exploitation process.

AI Summary: ADB-Toolkit is a comprehensive toolkit designed for testing and auditing Android Debug Bridge (ADB) configurations and vulnerabilities. Its primary use case lies in enhancing the security of Android devices by providing features such as device enumeration, file management, and installation of applications via ADB commands. Notable features include a user-friendly interface and extensive enhancements for common tasks associated with ADB, making it suitable for both developers and security researchers.

AI Summary: ADB WebKit is a browser-based tool designed for managing Android devices via ADB (Android Debug Bridge) with an intuitive user interface. Its primary use case includes functionalities like application management (installing, uninstalling, granting permissions), shell access, screen capture, and device control commands, making it a comprehensive solution for developers and testers. Notable features include support for live application management, real-time screen interactions, and various device control options, all accessible through a USB connection or IP address.

AI Summary: AdminHack is a script designed to identify admin login pages and assess potential EAR vulnerabilities across web applications by utilizing multi-threading and an extensive wordlist. It supports various web technologies, including PHP, ASP, and HTML, and includes features such as web crawling, custom path support, and results exportation to files. This tool is particularly useful for penetration testing and security assessments of web environments.

README

• License • Issues • Developer • Wikipedia •

AI Summary: Afrog is a security tool designed for bug bounty programs, penetration testing, and red teaming efforts. It facilitates the creation and execution of Proofs of Concept (PoCs) to help security professionals identify vulnerabilities in systems. Notable features include a streamlined PoC writing guide, multi-language support, and a community-driven approach to contribute new exploit techniques.

README

A Security Tool for Bug Bounty, Pentest and Red Teaming

English • 中文

AI Summary: Agentic Radar is a security scanner specifically designed for analyzing agentic workflows, enabling users to identify vulnerabilities within their processes. Key features include Agentic Prompt Hardening, testing for vulnerabilities, and integration with CI/CD workflows, ensuring that security is maintained throughout the development lifecycle.

README

A Security Scanner for your agentic workflows!

AI Summary: Aggressor Scripts is a collection of scripts designed to enhance the functionality of Cobalt Strike, primarily aiding penetration testers and red teamers in executing various tasks more efficiently. Notable features include payload generation for different delivery methods, querying for installed antivirus solutions, and tools for detecting endpoint detection and response (EDR) solutions, all aimed at improving user experience and operational effectiveness during security assessments. Additionally, the repository serves as a resource for common OS commands and red teaming strategies, promoting collaborative improvement through community feedback.

AI Summary: The AI Website Cloner Template is a sophisticated tool designed to reverse-engineer any website into a modern Next.js codebase using AI coding agents. By pointing the tool at a target URL, it performs a comprehensive analysis to extract design tokens and assets, generate component specifications, and facilitate parallelized reconstruction of the site’s sections. Key features include support for multiple AI agents, a detailed multi-phase cloning pipeline, and compatibility with modern web technologies like Next.js and Tailwind CSS.

AI Summary: Aleph is an open-source tool designed for indexing and searching large volumes of documents and structured data, primarily aimed at facilitating investigative reporting. Its notable features include the ability to cross-reference entities against various watchlists, enhancing the efficiency of data analysis for reporters and organizations engaged in investigative work. As of December 2025, the project is transitioning to a new platform, Aleph Pro, while transitioning support for the current version will continue until that date.

AI Summary: ALHacking is a versatile ethical hacking toolkit designed for conducting various cybersecurity activities, including social media and phone attacks, user discovery, and webcam hacks. Notably, it features a powerful DDoS attack tool and is compatible with Android (via Termux), Linux, and Unix operating systems. Users can easily install the toolkit by cloning the repository and running the installation script from the terminal.

README

Author: 4lbH4cker

Version 4

(

AI Summary: AllHackingTools is a penetration testing toolkit designed for Termux that automates the installation and management of various hacking tools. Its primary use case is to facilitate the setup and customization of a hacking environment on Termux, allowing users to quickly download and run tools directly from the interface. Notable features include an updated installer with enhanced design elements, streamlined updating capabilities, and improved system stability.

README

• License • Issues • Project • Wikipedia •

AI Summary: ALLiN is a versatile penetration testing tool designed for lateral movement assessments within intranets, capable of handling a wide variety of target formats such as links and CIDR notations. Notable features include support for both Python 2.7 and 3.x, passive identification of web frameworks and components, extensive fingerprint data, and the ability to work across platforms when compiled with pyinstaller. It efficiently organizes scan results and offers multiple configuration options for targeting, threading, and reporting, making it a comprehensive solution for security professionals.

AI Summary: Alternative Frontends is a curated collection of privacy-respecting web applications designed as alternatives to mainstream social media services. It features a variety of lightweight, ad-free frontends that are open-source and self-hostable, catering to users looking for enhanced privacy without sacrificing functionality. Notable offerings include dedicated clients for platforms like YouTube and Reddit, each prioritizing user privacy and offering decentralized hosting options.

README

Alternative Frontends

This is a list of privacy-respecting frontends to popular services like social media. All of them are cross-plattform webapps and should work on your device no matter the OS and hardware.

AI Summary: Ambiguous PNG Packer is a tool designed to create PNG files that display differently when viewed in Apple software versus non-Apple software. Its primary use case is to demonstrate the manipulation of image rendering based on the viewer’s platform, showcasing unique features such as the ability to produce different images through refreshes, highlighting potential vulnerabilities in Apple’s image handling mechanisms.

README

Ambiguous PNG Packer

Craft PNG files that appear completely different in Apple software

AI Summary: Android-Exploits is a repository that consolidates various Android exploits and provides a comprehensive guide for conducting Android exploitation. Its primary use case is to facilitate the testing and assessment of Android application security vulnerabilities through categorized exploits such as Denial of Service, local, remote, and web application exploits. Notable features include detailed instructions for utilizing the exploits alongside third-party tools like ExploitPack, along with references to common mobile hacking tools and resources related to Android security risks.

AI Summary: Android-PIN-Bruteforce is a tool that allows users to unlock Android devices by executing a brute-force attack on the lockscreen PIN. Utilizing a rooted Kali Nethunter phone connected via USB OTG, it emulates keyboard input to automatically input and retry PIN combinations, supporting lengths from 1 to 10 digits and providing features such as configurable delays, optimized PIN lists, and the ability to bypass phone pop-ups. The tool does not require the locked device to be rooted and works across various Android versions.

AI Summary: The Android Security & Reverse Engineering YouTube Curriculum is a comprehensive educational resource focused on various aspects of Android security, including exploits, reverse engineering, and vulnerabilities in mobile applications. It features a curated collection of talks and demonstrations from prominent security conferences, addressing topics like heap exploitation, mobile permissions, and countermeasures against mobile threats. Notably, it educates on advanced concepts such as Bluetooth security, malware analysis, and attack vectors affecting the Android ecosystem, making it essential for cybersecurity practitioners and researchers.