AI Summary: A-Red-Teamer-diaries is a collaborative repository containing publicly accessible notes and resources for penetration testing and red teaming activities, focusing on various tools and techniques employed during security assessments. Key features include a cheatsheet for quick command reference, detailed methodologies for effective exploitation, and practical scripts for network scanning and enumeration, enhancing both learning and efficiency in cybersecurity engagements. This tool serves as a practical guide for professionals aiming to improve their pentesting methodologies in controlled environments.

AI Summary: AboutSecurity is a comprehensive security assessment tool that provides a variety of dictionaries and payloads tailored for penetration testing tasks. Its features include an extensive set of predefined dictionaries for different attack vectors, a range of skills related to reconnaissance, exploitation, and post-exploitation, as well as external tool integration for scanning and fuzzing, complemented by reference documentation for effective team collaboration.

README

AboutSecurity

• Dic
  • Auth : 认证字典
    • 账号和密码。
  • Network : 网络
    • 排除的私有 IP 段、本地 IP 段、dns 服务器列表。
  • Port : 端口字典
    • 按照端口渗透的想法,将不同端口承载的服务可爆破点作为字典内容。
  • Regular : 规则字典
    • 各种规则、排列的字典整理。
  • Web : Web 字典
    • web 渗透过程中出现的可爆破点作为字典内容。
• Payload
  • Burp
  • CORS
  • email
  • Format
  • HPP
  • LFI
  • OOB
  • SQL-Inj
  • SSI
  • XSS
  • XXE
• Skills — AI Agent 技能方法论 (55 skills)
  • recon (5) : 侦察类 — 资产侦察、被动信息收集、子域名深挖、目标画像、社会工程
  • exploit (26) : 漏洞利用类 — SQL 注入、XSS、SSTI、文件上传、反序列化、JWT、GraphQL、SSRF/XXE、CORS、CSRF、OAuth、WebSocket、竞态条件、缓存投毒/请求走私等
  • ctf (5) : CTF 竞赛类 — Web 解题方法论、CTF 侦察、源码审计、Flag 搜索、Flag 校验
  • postexploit (6) : 后渗透类 — Linux/Windows 后渗透、提权检查、凭据喷射、横向移动、持久化
  • lateral (3) : 内网渗透类 — AD 域攻击、内网侦察、多层网络穿透
  • cloud (2) : 云环境类 — 云元数据利用、IAM 权限审计与提权
  • evasion (4) : 免杀对抗类 — C2 框架免杀、Shellcode Loader 生成、免杀技术整合、安全研究
  • general (4) : 综合类 — 红队评估、移动后端 API、报告生成、供应链审计
  • 📊 Skill Benchmark: python scripts/bench-skill.py --all — A/B 测试 Skill 对 Agent 的实际效果
• Tools — 外部工具声明式 YAML 配置
  • scan : 扫描工具 (nmap, masscan)
  • fuzz : Fuzz 工具 (dirsearch)
• Doc
  • Checklist : 渗透测试过程中的检查项,杜绝少测、漏测的情况。
  • Cheatsheet : 渗透测试信息收集表,渗透测试时直接复制一副作为参考、信息记录、方便团队协作、出报告等。
  • 出报告专用 : 记录部分平常渗透测试遇到的案例。
  • 行业名词

参考

• https://github.com/anthropics/skills/blob/main/skills/skill-creator/SKILL.md
• https://github.com/ljagiello/ctf-skills
• https://github.com/JDArmy/Evasion-SubAgents

AI Summary: Afrog is a security tool designed for bug bounty programs, penetration testing, and red teaming efforts. It facilitates the creation and execution of Proofs of Concept (PoCs) to help security professionals identify vulnerabilities in systems. Notable features include a streamlined PoC writing guide, multi-language support, and a community-driven approach to contribute new exploit techniques.

README

A Security Tool for Bug Bounty, Pentest and Red Teaming

English • 中文

AI Summary: Agentic Radar is a security scanner specifically designed for analyzing agentic workflows, enabling users to identify vulnerabilities within their processes. Key features include Agentic Prompt Hardening, testing for vulnerabilities, and integration with CI/CD workflows, ensuring that security is maintained throughout the development lifecycle.

README

A Security Scanner for your agentic workflows!

AI Summary: Aggressor Scripts is a collection of scripts designed to enhance the functionality of Cobalt Strike, primarily aiding penetration testers and red teamers in executing various tasks more efficiently. Notable features include payload generation for different delivery methods, querying for installed antivirus solutions, and tools for detecting endpoint detection and response (EDR) solutions, all aimed at improving user experience and operational effectiveness during security assessments. Additionally, the repository serves as a resource for common OS commands and red teaming strategies, promoting collaborative improvement through community feedback.

AI Summary: Anthropic Cybersecurity Skills is an extensive open-source repository that provides AI agents access to 753 structured cybersecurity skills across 26 domains, offering capabilities such as memory forensics and Kubernetes RBAC auditing. The skills adhere to the agentskills.io standard, featuring a YAML structure for quick discovery and are fully mapped to MITRE ATT&CK and aligned with NIST CSF 2.0, enabling AI agents to perform advanced security tasks with enhanced contextual knowledge. This tool simplifies installation and empowers various platforms like Claude Code and GitHub Copilot to integrate these capabilities efficiently.

AI Summary: Awesome Black Hat Tools is a curated repository of cybersecurity tools showcased at Black Hat events globally, serving as a practical reference for professionals in offensive, defensive, and research-driven cybersecurity. The tools are systematically organized by event location, year, and category, including Red Teaming, OSINT, and more, ensuring easy accessibility for users seeking field-tested solutions. This repository encourages community contributions to continually enhance the collection, making it a dynamic resource for current cybersecurity methodologies.

AI Summary: The “Awesome Cybersecurity Handbooks” repository is a comprehensive collection of resources and personal notes aimed at aiding individuals in the fields of red teaming and Capture The Flag (CTF) challenges. This tool features a variety of topics including information gathering, vulnerability analysis, web application assessment, and post-exploitation strategies, serving as an extensive guide for cybersecurity professionals to enhance their knowledge and skills for legal purposes. Notable aspects include frequent updates and a commitment to legal and ethical use of the provided materials.

AI Summary: Awesome Hacker Search Engines is a curated repository of search engines specifically designed for penetration testing, vulnerability assessments, and red/blue team operations. It categorizes various resources including general search engines, servers, vulnerabilities, exploits, and more, providing tools for effective reconnaissance and threat intelligence gathering. Notable features include links to specialized engines like Shodan and the NIST NVD, enabling streamlined access to critical information for security professionals.

README

Awesome Hacker Search Engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

AI Summary: The “Awesome List of Secrets in Environment Variables” repository provides a comprehensive compilation of sensitive information, such as secrets, API keys, and tokens commonly stored in environment variables across various platforms. Its primary use case is to educate and inform developers about potential vulnerabilities associated with storing secrets in environment variables and to suggest better security practices to avoid data leaks. Notable features include categorized listings of secrets from different services, security recommendations, and links to relevant documentation for each entry.

AI Summary: The “awesome-mobile-security” repository serves as a comprehensive resource for mobile security professionals, aggregating a wide range of blogs, papers, and how-to resources relevant to Android security and penetration testing. Its primary use case is to provide guidance and knowledge on mobile application vulnerabilities, security testing methodologies, and tools, making it a valuable asset for those aiming to improve mobile application security. Notable features include links to various security guides, OWASP resources, and pentesting labs, enabling users to deepen their understanding and practical skills in mobile security.

AI Summary: Awesome OSINT For Everything is a comprehensive repository of OSINT tools and websites aimed at penetration testing, red teaming, information gathering, and bug bounty initiatives. It organizes a wide array of resources categorized by specific use cases such as recon, threat intelligence, social media analysis, and more, making it a valuable tool for cybersecurity professionals seeking to enhance their investigative capabilities. Notable features include a detailed index of tools across various domains, including geo-location, cryptocurrency, and privacy/security resources, providing users with extensive options for OSINT-related tasks.

AI Summary: The ‘awesome-rat’ repository serves as a comprehensive catalog of over 250 open-source Remote Access Tools (RATs) and associate Command & Control (C&C) frameworks, along with 1200+ analytical reports and articles related to RATs. It provides a structured directory that categorizes both open-source and commercial tools, as well as notable examples of malicious software, making it a valuable resource for cybersecurity professionals seeking to understand and analyze RATs and their implications. Key features include a detailed listing of tools, extensive documentation, and links to related research articles.

AI Summary: Awesome-Redteam is a comprehensive knowledge base designed for red teaming and offensive security research, providing users with a curated collection of tools, scripts, and tips. It features organized sections covering various aspects such as cybersecurity cheat sheets, cryptographic methods, cyberspace search tools, and open-source intelligence resources, all intended for educational purposes. The repository emphasizes legal usage and warns against employing its content for unauthorized activities.

README

Awesome-Redteam

❗【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。 使用本项目前请先阅读 法律法规。

AI Summary: The Awesome Red Team Cheatsheet is a comprehensive reference tool designed for red team practitioners, providing techniques and methodologies for various stages of the attack lifecycle, including initial access, privilege escalation, lateral movement, and evasion strategies. It offers detailed sections on specific tactics like credential dumping, active directory exploitation, and OSINT, along with supporting guides on Windows protocols and operational security (OPSEC). Notable features include links to targeted exploitation techniques and enumeration strategies, aiding cybersecurity professionals in simulating attacks and improving defensive measures.

AI Summary: Bashfuscator is a modular Bash obfuscation framework implemented in Python 3 that specializes in generating highly obfuscated Bash commands and scripts to evade detection on Linux systems. Designed for both Red Team and Blue Team operations, it allows users to produce randomized, convoluted Bash code that still executes the intended commands, effectively aiding in the development of obfuscation techniques and detection testing. Key features include command line and library usage, a variety of obfuscation mutators, and compatibility with GNU Linux systems running Bash 4.0 or newer.

AI Summary: Black Hat Rust is a specialized resource for understanding and implementing offensive security techniques using the Rust programming language. It covers a broad spectrum of offensive security concepts, including building custom tools for cyber attacks, phishing, and exploitation, while emphasizing practical application and real-world Rust programming practices. Notable features include multi-threaded attack surface discovery and async operations, making it suitable for both developers looking to enhance their security skills and security engineers aiming to leverage Rust for offensive purposes.

AI Summary: BlackArch Linux is a penetration testing distribution based on Arch Linux, providing a repository of over 2,800 security tools organized by category. It offers flexible installation options, compatibility with existing Arch setups, and features a Live ISO for immediate testing. The toolset is aimed at penetration testers and security researchers for tasks such as forensics, reverse engineering, and network analysis.

README

Table of Contents

• Description
• Overview
• Download and Installation
• Key Features
• Installation Instruction
• Usage
• Get Involved
• Contributing
• Contact
• License
• Disclaimer
• Conclusion

Description

BlackArch Linux is an Arch Linux–based penetration testing distribution for penetration testers and security researchers. The repository contains 2850 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installations. For more information, see the installation instructions.

AI Summary: BounceBack is a versatile reverse proxy tool designed to enhance the security of red team operations by obfuscating the command-and-control (C2) or phishing infrastructure from detection by blue teams and security tools. It features a highly customizable filtering system that leverages real-time traffic analysis, extensive blacklists, and support for multiple protocols, enabling precise control over which traffic is allowed or denied. Notable capabilities include malleable C2 profile parsing, comprehensive IP address validation, domain fronting, and a robust logging mechanism for monitoring incoming requests and potential security threats.

AI Summary: Brutespray is a credential brute-forcing tool designed to automatically test default credentials against discovered services from various scan outputs, including Nmap and Nessus. It supports over 30 protocols and features capabilities such as multi-auth support, password spray mode, an interactive terminal UI, and resume functionality, allowing for efficient and comprehensive credential testing across networks. The tool is built in Go and offers extensive customization options through YAML configuration files and embedded wordlists.

AI Summary: C2 Tracker is a community-driven IOC feed that aggregates IP addresses related to known malware, botnets, and command-and-control (C2) infrastructures by leveraging searches from platforms like Shodan. Its primary use case is to facilitate threat intelligence by providing a regularly updated feed that can be ingested by various SIEM and EDR systems, enhancing detection and investigation capabilities. Notable features include version-controlled historical data, weekly updates, and compatibility with tools like OpenCTI and FortinetSIEM for streamlined integration and alerting.

AI Summary: CL4R1T4S is a transparency and observability tool designed to extract and provide insights into the system prompts and guidelines used by major AI models and agents from various organizations. Its primary use case is to enable users to understand the underlying instructions that shape AI behavior, thereby fostering trust and accountability in AI interactions. Notable features include the ability to leak, extract, or reverse-engineer model prompts and contributions from users for a broader understanding of AI systems.

AI Summary: CloakifyFactory is a tool designed for text-based steganography that transforms any file type into a list of innocuous strings, enabling covert data exfiltration and infiltration while evading detection by data loss prevention systems and analysts. Key features include the ability to cloak various file formats, social engineering capabilities to mislead security reviews, and the option to add noise for enhanced resistance against frequency analysis. It serves as an educational tool for introducing concepts of cryptography and steganography, though it is not secure for sensitive data without prior encryption.

AI Summary: CloudBrute is a reconnaissance tool designed for uncovering infrastructure, files, and applications across major cloud providers, including Amazon, Google, Microsoft, and others. Its primary use case targets bug bounty hunters, red teamers, and penetration testers, providing features such as black-box detection, user-agent and proxy randomization, and modular customization to facilitate efficient cloud enumeration and vulnerability assessment without requiring authentication.

README

CloudBrute

A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.

AI Summary: The Collection Document repository is a curated compilation of quality safety articles aimed at enhancing knowledge in various cybersecurity domains. Its primary use case includes providing resources on topics such as penetration testing, threat detection, cloud security, and personal security, among others. Notable features of the collection include links to deep dives into specialized security areas, ongoing updates, and insights into modern security solutions like AI safety and zero trust architecture.

AI Summary: The “conti-pentester-guide-leak” repository serves as an archive for leaked pentesting materials associated with the Conti ransomware group, providing insights into their methodologies and tools. It includes guides on a variety of techniques such as data exfiltration, network exploitation, and the usage of tools like Metasploit and Cobalt Strike. This material is aimed at enhancing pentesting skills for security professionals and aiding defenders in detecting and mitigating similar attacks, while emphasizing its usage for educational purposes only.

AI Summary: Covenant is a .NET command and control framework designed for red teaming, facilitating offensive .NET tradecraft and collaborative operations through a web-based interface. It supports cross-platform functionality across Linux, MacOS, and Windows, and features multi-user collaboration, dynamic C# compilation, inline code execution, and secure communication via an encrypted key exchange. Notably, Covenant offers API-driven extensibility and a user-friendly dashboard that allows red teamers to execute and manage operations effectively.

AI Summary: The CVE PoC tool aggregates nearly every publicly available Proof-of-Concept (PoC) for Common Vulnerabilities and Exposures (CVEs), providing a comprehensive database of exploits for security professionals. It employs automated workflows to scrape and validate CVE details from various sources, including GitHub and HackerOne reports, while also allowing users to browse, search, and monitor PoCs for specific vulnerabilities. Noteworthy features include real-time updates, easy-to-read markdown documentation, and the ability to generate GitHub badges for affected software versions.

AI Summary: The CVE-2021-44228-PoC-log4j-bypass-words tool demonstrates various methods to exploit the Apache Log4j vulnerability, specifically focusing on bypassing WAF protections and patched versions. It provides multiple techniques, including the use of system environment variables, case manipulation, and invalid Unicode to obfuscate the exploit strings. Notable features include dynamic manipulation of Java naming lookups and the ability to use non-existent lookups for stealthy exploitation attempts.

README

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on

🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks

📝 Description

CVE-2021-44228 works on:

AI Summary: DeimosC2 is a deprecated post-exploitation Command & Control (C2) tool designed to facilitate control over compromised machines across multiple operating systems including Windows, macOS, and Linux. Its notable features include dynamic agent generation, diverse communication methods (TCP, HTTPS, DoH, and QUIC), a graphical interface for managing listeners and agents, and robust security measures such as multi-user support and two-factor authentication. However, it is important to note that the tool has a known XSS vulnerability and is no longer maintained.

AI Summary: DetectDee is a reconnaissance tool designed to track down social media accounts using identifiers such as usernames, emails, and phone numbers across various social networks. Notable features include precise control over request handling to evade web application firewalls, support for multiple input types for user detection, and the option for integration with ChatGPT for enhanced result tagging. Its extensibility and ease of use make it suitable for cybersecurity practitioners in their investigations.

AI Summary: Discover is a customizable suite of bash scripts designed to automate various tasks in penetration testing, including recon, scanning, enumeration, and malicious payload creation with Metasploit, ideal for use on Kali Linux or Ubuntu systems. Notable features include multiple reconnaissance options for domains and persons, automated scanning tools that utilize Nmap and other utilities, and web application testing facilities incorporating tools like Nikto and SSL analysers. The tool simplifies complex penetration testing workflows through an organized menu structure, enabling swift task execution.

AI Summary: DllShimmer is a tool designed to facilitate DLL hijacking by allowing users to backdoor any function in a DLL without disrupting the normal operation of the host program. It generates proxy DLLs through a boilerplate C++ file and a corresponding .def file, ensuring that all exported functions maintain their original names and ordinal numbers, thus avoiding detection. Key features include support for both dynamic and static linking, the option to prevent multiple executions of the backdoor, and comprehensive debug logging capabilities.

AI Summary: The DumpsterFire Toolset is a cross-platform, modular tool designed for creating automated, time-delayed security events suitable for both Red and Blue Team exercises. Its primary use case is to facilitate realistic cyber incident simulations and training by allowing users to build customizable event chains that can generate network and filesystem artifacts, enhancing incident response capabilities. Notable features include dynamic extensibility for adding custom event modules, a menu-driven interface for ease of use, and the ability to run exercises in a controlled manner without direct supervision.

AI Summary: EmailAll is a powerful email collection tool designed to aggregate email addresses from various online sources, including search engines and datasets. Its primary use case is to support cybersecurity professionals in gathering emails for domain reconnaissance, and it features integration with multiple API services for data retrieval along with modular results storage in JSON format. The tool allows easy configuration for proxies and APIs, enhancing its flexibility for various deployment environments.

AI Summary: EmploLeaks is an Open Source Intelligence (OSINT) tool that facilitates the gathering of employee information from companies, primarily utilizing LinkedIn to extract employee lists and personal email addresses. Notable features include the ability to search a custom COMB database for leaked passwords using the retrieved emails, and an extension for identifying personal code repositories on GitLab. The tool requires Python for installation and offers a user-friendly command-line interface for executing its functionalities.

AI Summary: EvilWAF is a sophisticated transparent MITM Firewall bypass proxy and deep WAF vulnerability scanner designed for authorized security testing purposes. It operates at the transport layer, allowing seamless integration with various security tools while employing advanced techniques such as TCP and TLS fingerprint rotation, source port manipulation, and automated WAF detection to evade defensive mechanisms. Notable features include a comprehensive multi-layer WAF scanning capability, direct origin bypass, and a robust IP rotation strategy through Tor and proxy pools, ensuring effective assessment of firewall vulnerabilities.

AI Summary: FilelessPELoader is a tool designed to load and execute AES-encrypted Portable Executable (PE) files directly into memory, bypassing the need for traditional file storage. Its primary use case is to facilitate stealthy execution of payloads in memory, enhancing evasion techniques commonly utilized in cybersecurity attacks. Notable features include the ability to decrypt the PE file in-memory and execute it without leaving traces on disk.

README

FilelessPELoader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

AI Summary: Fofa Viewer is a user-friendly FOFA client developed in JavaFX, designed for cybersecurity professionals to efficiently search for vulnerabilities on target websites using the FOFA search engine. Key features include multi-tab query result display, Excel export capabilities, intelligent input suggestions, and advanced functionalities such as certificate conversion and exclusion of honeypots for premium members. This tool streamlines the information gathering process for penetration testers with its robust API integration and customizable configurations.

AI Summary: Forensia is an anti-forensics tool designed for red teamers to eliminate traces during the post-exploitation phase. Its primary use case is to enhance evasion by supporting various functionalities such as unloading Sysmon drivers, employing the Gutmann method for file shredding, and disabling multiple logging mechanisms. Notable features include log erasure, file melting capabilities, and the ability to clear recent user activity and cache, thereby reducing the likelihood of detection by incident response teams.

AI Summary: Galaxy Bugbounty Checklist is a comprehensive tool designed to aid bug bounty hunters by providing an organized and detailed checklist of security assessment techniques. It includes specific references for various testing methodologies such as Account Takeover, CSRF Bypass, and OSINT, making it an essential resource for systematic vulnerability evaluation. Notable features include its structured format and accessibility for users to seek assistance directly through the provided contact.

README

Notes

• Try to make best Bug Bounty Checklist.
• All checklists come with references.
• Feel free to contact me maximus0xday [at] gmail if you have any question.

To do list:

AI Summary: Geacon is a tool designed for implementing CobaltStrike’s Beacon using Go, primarily aimed at protocol analysis and reverse engineering. It supports CobaltStrike 4.1 and includes functionalities such as command execution, file upload/download, and directory navigation. The tool emphasizes learning and experimentation, with a strong caution against illegal use.

README

Geacon

Using Go to implement CobaltStrike’s Beacon

This project is for learning protocol analysis and reverse engineering only, if someone’s rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY

AI Summary: GhostStrike is a sophisticated cybersecurity tool developed for Red Team operations, utilizing techniques such as process hollowing and dynamic API resolution to execute covert actions on Windows systems while evading detection. Its notable features include shellcode encoding/decoding, cryptographic key generation for enhanced security, and control flow flattening to complicate analysis efforts. Designed for educational use in controlled environments, GhostStrike emphasizes the importance of responsible usage.

README

GhostStrike ⚔️

GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems.

AI Summary: Ghostwriter is an open-source platform that streamlines offensive security operations by facilitating report writing, asset tracking, and assessment management. Key features include a robust reporting engine with customizable templates, role-based access controls, and integrations with tools like Mythic C2 and Cobalt Strike for automatic activity logging. The platform enhances collaboration among red teams and consultants by providing a centralized environment to manage client information and generate comprehensive reports in various formats.

AI Summary: gitGraber is a real-time monitoring tool designed to detect sensitive data leaks across GitHub for various online services, including AWS and Facebook. Its primary use case is to identify and notify users of potential API key exposures through Slack, Discord, or directly in the command line, while minimizing false positives with precise regex patterns. Notable features include configurable keyword searches, automated monitoring through cron jobs, and a dynamic wordlist that adapts to discovered filenames.

AI Summary: Gitjacker is a tool designed to retrieve git repositories and their contents from web servers where the .git directory has been unintentionally exposed. It effectively extracts repository data even when directory listings are disabled, making it suitable for educational purposes and penetration testing. Notable features include ease of installation via a simple script and the ability to operate in scenarios where access to traditional repository resources is restricted.

AI Summary: The go-shellcode tool enables users to execute shellcode directly from memory as a standalone process, aiming to circumvent antivirus detection. Its primary use case involves running custom shellcode for penetration testing or exploitation purposes, leveraging features like shellcode size handling via batch scripts and a recommendation for binary obfuscation using the garble tool. The tool requires manual architecture specification and supports 64-bit shellcode execution while providing instructions for building and compressing the resulting binary.

AI Summary: Goby is a network security assessment tool designed for efficient vulnerability scanning and comprehensive attack surface analysis of target enterprises. It features over 100,000 rule recognition engines and 200 protocol recognition engines, facilitating identification of various network and software vulnerabilities, along with access to preset account information for more than 1,000 devices. Additionally, Goby supports cross-platform functionality on Windows, MacOS, and Linux, and employs a user-friendly interface built with Electron and Vue.

AI Summary: gogo is a versatile network scanning tool designed for both active and passive fingerprinting, featuring customizable port configurations and the extraction of key information such as titles and certificates through regex patterns. It supports the integration of Nuclei proof of concepts (POCs) and offers a heuristic scanning mode for improved performance with minimal resource usage, making it highly efficient for vulnerability detection. The tool is entirely written in Go, ensuring compatibility with minimal dependencies across various operating systems, including legacy versions like Windows 2003.

AI Summary: GoSearch is an OSINT tool designed to automate the process of searching for online profiles associated with specific usernames, utilizing concurrency for efficiency. It integrates searches across multiple extensive databases, including 900,000 leaked credentials from HudsonRock and over 18 billion from BreachDirectory, enhancing its capability to detect compromised accounts. Notable features include the ability to filter results for accuracy with the --no-false-positives flag and the option to crack found password hashes using Weakpass, significantly boosting the tool’s effectiveness in cybersecurity investigations.

AI Summary: GTFOBins is a curated repository that catalogs Unix-like executables capable of circumventing local security restrictions in improperly configured systems. Its primary use case is to aid security professionals and penetration testers in identifying and exploiting misconfigurations. Notable features include a comprehensive database of binaries and detailed usage instructions for different scenarios.

README

GTFOBins

GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.

AI Summary: The Hacker Roadmap is a comprehensive guide designed to assist individuals at various stages of their cybersecurity journey, from hobbyists to those pursuing certifications or degrees. It outlines multiple pathways tailored to specific goals, such as becoming a bug bounty hunter or quickly entering the cybersecurity workforce. Notable features include structured roadmaps, visual resources, and links to additional hacking aids for both red and blue team strategies.

README

Hacker Roadmap

Are you ready to embark on an electrifying journey into the depths of cybersecurity? Whether you’re eyeing a prestigious certification, gearing up for a Bachelor’s degree, or simply indulging your insatiable curiosity, this roadmap is your ultimate guide to becoming a true hacking virtuoso. But before we dive into the nitty-gritty, let’s set the stage. Are you in it for the thrill, the challenge, or perhaps envisioning a career at the cutting edge of cyber defense? Your motivations will shape the path ahead, so let’s chart a course tailored precisely to your aspirations.

AI Summary: Hacking-Tools is a curated collection of penetration testing and ethical hacking utilities, including essential tools from Kali Linux. It is organized into categories such as information gathering, vulnerability analysis, and exploitation tools, facilitating easy navigation and use. Notable features include a featured tool, BugBoard, designed to automate vulnerability detection for bug bounty hunters and security researchers.

README

Hacking-Tools

AI Summary: HackTools is an all-in-one browser extension designed for offensive security professionals to facilitate web application penetration testing. It consolidates numerous penetration testing tools, including dynamic reverse shell generators, XSS payloads, and SQL injection payloads, allowing users to access critical functions quickly through a user-friendly command palette. The extension aims to enhance efficiency by eliminating the need to search for payloads across various platforms, all accessible within the browser’s DevTools environment.

AI Summary: Heroinn is a cross-platform command-and-control (C2) and post-exploitation framework developed in Rust, designed primarily for research and educational purposes. Notable features include a graphical user interface (GUI), an interactive PTY shell, system information collection, file management with support for large files and resuming broken transfers, and compatibility with multiple operating systems including Windows, Linux, BSD, and macOS, leveraging various communication protocols such as TCP, HTTP, and reliable UDP.

AI Summary: I-See-You is a Bash and JavaScript tool designed for identifying the precise geographical location of users during social engineering or phishing attempts by utilizing their location coordinates. The tool allows attackers to gather crucial reconnaissance data, facilitating targeted attacks, and functions without requiring any additional software for phishing operations. Users can easily execute the tool by running a script and can modify the appearance of the phishing page to enhance deception.

AI Summary: Inceptor is a Windows-focused penetration testing tool designed to automate the bypassing of anti-virus (AV) and endpoint detection and response (EDR) solutions. It features a template-based PE packer that allows extensive user customization and integrates various encoding methods for encoding, compressing, or encrypting shellcode. Notably, Inceptor supports transformations of existing binaries into shellcode and distinguishes between loader-independent and loader-dependent encoders to enhance payload obfuscation and evade detection.

README

:triangular_flag_on_post: This is the public repository of Inceptor, for latest version and updates please consider supporting us through https://porchetta.industries/

AI Summary: The InfoSec Reference project serves as a comprehensive resource for individuals seeking to enhance their understanding of Information Security, offering a curated list of techniques, tools, and tactics. Its primary use case revolves around providing a “Yellow Pages” style reference for users to browse and learn about various aspects of infosec, helping them build skills and recall pertinent information. Notably, it encourages community contributions and maintains regular updates, while emphasizing a commitment to ethical practices in cybersecurity.

AI Summary: Inventory is a tool designed for attack surface management of public bug bounty programs, aggregating DNS and web server data from over 800 organizations. Its primary use case is to assist bug bounty hunters in efficiently identifying and monitoring new assets while providing security teams with enhanced visibility into their assets. Notable features include automated data collection and transformation from multiple sources, duplicate program merging, and both passive and active enumeration workflows for comprehensive reconnaissance.

AI Summary: KawaiiGPT is an open-source command-line tool that provides seamless access to various large language models, including DeepSeek, Gemini, and Kimi-K2, through a reverse-engineered Pollinations API without the need for API keys. It features integrated prompt injection capabilities for security research, allowing for uncensored model access and red-team evaluations, along with native support for Linux and Termux, and a user-friendly console interface. Notably, it offers easy configuration options and a streamlined installation process via a single command.

AI Summary: KubeHound is a Kubernetes attack graph tool designed to automatically calculate attack paths between assets within a cluster. It enables users to query and analyze security vulnerabilities through a graph-based representation of their Kubernetes environment, utilizing the Gremlin query language for advanced data exploration. Notable features include compatibility with Docker and Docker Compose, deployment as a service (KHaaS), and integration with graph query UIs, including a Jupyter notebook for user-friendly interaction with the attack graph data.

AI Summary: Kubernetes Goat is an intentionally vulnerable Kubernetes cluster environment designed for the purpose of learning and practicing Kubernetes security. It provides various scenarios for security testing, including exploitation of sensitive keys, SSRF vulnerabilities, and container escapes, thereby enabling users to gain hands-on experience with real-world security challenges in Kubernetes. The tool requires administrative access to a Kubernetes cluster and facilitates setup using kubectl and helm, offering a structured learning path for security professionals.

AI Summary: Leaky Paths is a curated repository of high-quality wordlists designed for web content discovery, targeting misconfigurations and sensitive API endpoints in major web frameworks and infrastructure projects. It serves as a rapid assessment tool for pentesters, security engineers, and bug bounty hunters, emphasizing modern tech stack paths that yield valuable insights while intentionally maintaining a concise list for optimal efficiency. Notable features include paths associated with known vulnerabilities and endpoints that typically expose sensitive data, facilitating quick identification of potential security issues.

AI Summary: Ligolo-ng is an advanced tunneling tool that establishes connections through a TUN interface, enabling penetration testers to create reverse TCP/TLS tunnels without the need for SOCKS proxies. Notable features include a user-friendly web interface, automatic configuration for certificates, support for multiple platforms, and resilience to network issues with automatic tunnel recovery. Its design facilitates streamlined network management and the ability to run tools directly over these tunnels.

README

Ligolo-ng : Tunneling like a VPN

AI Summary: LitterBox is a security analysis tool that provides a controlled sandbox environment for red teams to develop, test, and validate exploitation payloads and evasion techniques against modern detection systems. It features advanced analysis capabilities, including file identification, executable and document analysis, and LLM-assisted insights for improved malware behavior examination. Additionally, LitterBox supports various platforms, including Windows and Linux, and integrates easily with Docker, enhancing its usability in diverse security scenarios.

AI Summary: Lockdoor is a pentesting framework that aggregates a variety of tools for tasks such as information gathering, web hacking, privilege escalation, and reverse engineering. Its notable features include a collection of pre-configured tools categorized by function, support for multiple operating systems, and the ability to generate security assessment reports. However, it is important to note that the project is no longer actively maintained.

README

Lockdoor v2.3
⚠️ This project is not maintained anymore. ⚠️

Find more at https://g.co/kgs/TtYRJJP

Table of contents

• Table of contents
• Changelog 📌 :
• Badges 📌 :
• Support me 💰 :
• Contributors ⭐ :
• Versions
  • 06/2021 : 2.3
  • 03/2020 : 2.2.3
• Blogs & Articles 📰 :
• Overview 📙 :
• Features 📙 :
  • Pentesting Tools Selection 📙 :
  • Resources and cheatsheets 📙 :
• Screenshots 💻 :
• Demos 💻 :
• Installation 🛠️ :
• Lockdoor Tools contents 🛠️ :
  • Information Gathering :mag_right: :
  • Web Hacking 🌐 :
  • Privilege Escalation ⚠️ :
  • Reverse Engineering ⚡:
  • Exploitation ❗:
  • Shells 🐚:
  • Password Attacks ✳️:
  • Encryption - Decryption 🛡️:
  • Social Engineering 🎭:
• Lockdoor Resources contents 📚 :
  • Information Gathering :mag_right: :
  • Crypto 🛡️:
  • Exploitation ❗:
  • Networking 🖧 :
  • Password Attacks ✳️:
  • Post Exploitation ❗❗:
  • Privilege Escalation ⚠️:
  • Pentesting & Security Assessment Findings Report Templates 📝 :
  • Reverse Engineering ⚡ :
  • Social Engineering 🎭:
  • Walk Throughs 🚶 :
  • Web Hacking 🌐 :
  • Other 📚 :
• Contributing :

Changelog 📌 :

Version v2.3 IS OUT !!

    - Fixing some CI 

    - making a more stable version 

    - new docker iaage build

    - adding packages for each supported distros

Badges 📌 :

AI Summary: LunaTrace is an open-source supply chain security and auditing tool that monitors software dependencies for vulnerabilities, integrating seamlessly with GitHub to notify users of new CVEs before deployment. It offers both a free SaaS option and self-hosted deployment capabilities, making it a versatile alternative to commercial tools like GitHub Dependabot and Snyk. Notable features include automatic monitoring, GitHub Pull Request integration, and active development support.

README

AI Summary: Maigret is a user-centric OSINT tool designed to gather comprehensive profiles based on usernames by scanning over 3000 websites, including Tor and I2P networks. Key features include profile data extraction, recursive search capabilities, and automated handling of censorship and captcha challenges, all without requiring API keys. This tool serves as an effective resource for analysts in social media investigations and identity verification.

README

Maigret

AI Summary: Malicious PDF is a tool designed to generate various malicious PDF files featuring phone-home capabilities for use in penetration testing and red-teaming. It supports integration with platforms like Burp Collaborator and Interact.sh, providing a diverse set of attack vectors through ten different crafted PDF examples meant for testing web applications, security products, and PDF readers. Key features include the ability to create PDFs exploiting vulnerabilities like external file access, JavaScript injection, and form data exfiltration.

AI Summary: The Microsoft Wont-Fix List is a compilation of vulnerabilities and design flaws that Microsoft has identified but does not intend to address. It serves as a resource for cybersecurity professionals to be aware of potential security risks, including various types of privilege escalation and remote code execution vulnerabilities, along with details on their exploitation mechanisms. Notable features include a categorization of the vulnerabilities by attack type and associated CVEs, providing critical information for risk assessment and mitigation strategies.

AI Summary: Moonwalk is a lightweight tool designed for penetration testing on Unix systems, enabling users to erase their traces during exploitation by restoring system logs and filesystem timestamps to their previous state. Key features include a fast execution time of under 5 milliseconds, the ability to save and revert user shell history, and a world-writable path for session logging, ensuring that no evidence of the testing remains.

README

AI Summary: n0kovo_subdomains is a comprehensive subdomain enumeration wordlist containing 3,000,000 entries sourced from SSL certificate data across the entire IPv4 space. This tool is designed to enhance the efficacy of subdomain discovery activities for penetration testing and security assessments, utilizing a robust dataset that offers a balanced trade-off between size and search effectiveness. Users can leverage this highly efficient wordlist to improve the success rate of finding subdomains in various target domains.

AI Summary: NetExec is a community-driven network exploitation tool derived from the predecessor CrackMapExec, designed to facilitate network enumeration and execution of various tasks across multiple hosts. It boasts functionalities for maintaining and expanding the original tool’s capabilities, alongside regular updates and community contributions. Notable features include an emphasis on user collaboration, a dedicated Discord channel for support, and extensive documentation in development.

README

🚩 This is the open source repository of NetExec maintained by a community of passionate people

AI Summary: Nidhogg is a versatile kernel-level rootkit designed for Windows 10 and 11, enabling a wide array of operations directly from kernel space. Its primary use case is to facilitate stealthy and powerful control over system processes, threads, files, and registry items, featuring advanced capabilities such as process hiding, memory scanner bypassing, and credential dumping. Notable features include a built-in AMSI bypass, support for reflective loading, and a Nidhogg Object File (NOF) for custom kernel-mode code execution, enhancing its integration with command-and-control (C2) frameworks.

AI Summary: Nishang is a comprehensive PowerShell framework designed for offensive security, penetration testing, and red teaming, featuring a collection of scripts and payloads that assist in various stages of penetration testing. It allows users to execute scripts in memory to bypass antivirus detection and includes notable functionalities such as encoding commands, webshell capabilities, and Active Directory manipulation tools. The framework is structured for ease of use with PowerShell, offering detailed help for individual scripts and versatile execution methods.

AI Summary: NodePass is an open-source network tunneling solution that provides enterprise-grade TCP/UDP tunneling with minimal configuration and high performance, designed for managing complex network scenarios. Key features include seamless protocol conversion, a connection pooling architecture for reduced latency, multi-level TLS security mechanisms, and real-time monitoring capabilities. The tool targets DevOps professionals and system administrators, facilitating effortless deployment and control in diverse networking conditions.

README

AI Summary: Octopus is an open-source, pre-operation command-and-control (C2) server developed in Python, designed for red team operations to facilitate initial attacks and information gathering before launching full engagements. It features secure communications through AES-256 encryption, remote command execution, file transfers, and a unique Endpoint Situational Awareness (ESA) capability that allows users to assess target environments effectively. The tool supports multiple Windows versions and enables stealthy operations, making it less detectable by conventional security measures.

AI Summary: Offensive-OSINT-Tools is a curated collection of essential tools tailored for Offensive Security specialists engaged in penetration testing and red teaming. It streamlines the OSINT process by categorizing tools for various purposes, including domain investigation, email address collection, and information gathering. Notable features include the ability to efficiently search for subdomains and URLs, along with a focus on usability by providing only the most relevant tools, rather than an overwhelming list.

AI Summary: Offensive-Resources V4 is a comprehensive repository designed for offensive security practitioners, providing an extensive collection of learning materials and labs across various cybersecurity domains. Its primary use case is to facilitate skill development in offensive security techniques, with notable features including a wide range of topics from exploit development to IoT and hardware hacking, structured resources for diverse platforms, and an open invitation for community contributions.

README

Offensive-Resources V4

((اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا))

AI Summary: OffSec Reporting is a customizable platform designed for security professionals to efficiently create penetration test reports tailored for Offensive Security certifications. Built on SysReptor, it enables users to write reports in Markdown, render them as PDFs, and supports various OffSec certifications including OSCP, OSEP, and OSWP. Notable features include free accessibility, rapid report generation, and a focus on facilitating the testing process without the burden of formatting.

README

OffSec Reporting using SysReptor

AI Summary: OneDorkForAll is an extensive compilation of Google dorks sourced from platforms such as Google, Shodan, and GitHub, specifically aimed at cybersecurity professionals and bug bounty hunters. It encompasses over 1 million dorks related to various vulnerabilities including LFI, SQL injection, and XSS, as well as job search techniques, and includes sensitive data reconnaissance methods for exposed configuration files, directories, and database files. Notably, it also includes dark web dorks for educational purposes, promoting responsible use of the information provided.

AI Summary: The OSINT Cheat Sheet is a comprehensive resource that aggregates various open-source intelligence (OSINT) tools, datasets, and tips for effective information gathering. It serves as an educational guide, emphasizing safe usage practices and the importance of risk management when utilizing both free and paid tools. Notably, it includes advice on using virtual environments, enhancing privacy measures, and strategies for engaging with OSINT resources responsibly.

README

OSINT CHEAT SHEET - List OSINT Tools

AI Summary: Paradoxia is a Remote Access Tool (RAT) designed for covert control of target systems, featuring a user-friendly console that allows users to easily build and deploy client applications. Notable capabilities include multithreading for multiple session management, full file access, keylogging, microphone recording, and remote execution commands, alongside stealth operation and persistent installation. This tool is intended for malicious use, as indicated by its detection as malware by security software.

AI Summary: Penetration_Testing_POC is a comprehensive collection of proof of concepts (POCs), scripts, tools, and articles related to penetration testing, intended to serve as a reference resource. It systematically categorizes vulnerabilities across various domains such as IoT, mobile devices, web applications, and privilege escalation methods, providing users with essential insights and practical exploitation techniques. Notable features include organized documentation and links to external resources, ensuring that users can easily navigate and leverage the provided information for security assessments.

AI Summary: The Penetration Testing Cheat Sheet is a comprehensive checklist designed to assist cybersecurity professionals in performing penetration testing tasks. It aggregates various tools and techniques for phases such as reconnaissance, scanning, and vulnerability exploitation, while emphasizing the importance of complementarity among tools for better results. Noteworthy features include automation of certain tasks and links to crucial resources for penetration testing methodologies.

README

Penetration Testing Cheat Sheet

This is more of a checklist for myself. May contain useful tips and tricks.

AI Summary: The Penetration Testing Tools repository is a comprehensive collection of over 160 scripts, utilities, and cheatsheets designed for Penetration Testing and IT security audits. It encompasses a wide range of categories including cloud assessments, network protocols, web security, and red teaming, enabling practitioners to increase efficiency and improve technical assurance in their engagements. Notable features include modular organization by function, a focus on real-world applicability, and the absence of sensitive client-specific information.

AI Summary: PentestAgent is an AI-driven penetration testing tool designed to assist cybersecurity professionals in conducting thorough security assessments. It features multiple operational modes, including single-task assistance, autonomous task execution, and multi-agent orchestration, allowing users to adapt their approach based on project complexity. The tool supports integration with platforms like OpenAI and Anthropic, and can be run in Docker for enhanced isolation and access to a suite of pre-installed pentesting tools.

AI Summary: PhpSploit is a full-featured Command and Control (C2) framework that maintains a persistent presence on web servers using a polymorphic PHP one-liner. Its primary use case is for penetration testing and exploitation, enabling users to execute commands, manage files remotely, interact with a SQL console, and escalate privileges through over 20 available plugins. Notable features include obfuscated communication via HTTP headers and seamless file upload/download capabilities, facilitating robust interactions with target systems while bypassing standard PHP security measures.

AI Summary: Pi-PwnBox is a headless Raspberry Pi-based Rogue Access Point (RogueAP) designed for conducting Red Team engagements and WiFi security assessments. It leverages Alfa WiFi USB adapters for a variety of WiFi attacks and includes features such as remote access, a comprehensive setup process, and associated WiFi hacking resources. This tool is particularly suited for on-site testing and learning environments focused on WiFi security.

README

Pi-PwnBox :rocket: -RogueAP :satellite:

Homemade (headless) PwnBox / RogueAP based on Raspberry Pi & Alfa WiFi USB Adapters.

AI Summary: Platypus is a modern terminal-based tool for managing multiple reverse shell sessions and clients, implemented in Go. Its primary use case is to facilitate secure and efficient reverse shell connections across various protocols, featuring functionalities such as multiple service listening ports, a RESTful API for management, file download/upload capabilities, and an interactive shell interface that supports common control commands. Notable features include automatic server initiation, port forwarding, and a web UI for enhanced usability.

AI Summary: Power Pwn is a comprehensive offensive and defensive security toolset designed for the Microsoft 365 Power Platform and AI services. It includes multiple features such as tenant scanning with PowerDump, backdoor deployment, malware creation without coding, and tools for phishing and misconfiguration testing, providing users with extensive capabilities for security assessment and exploitation in Power Platform environments. Additionally, it offers utilities for enumerating custom GPTs and publicly exposed AI services, enhancing its utility for security professionals.

AI Summary: Powershell-RAT is a Python-based remote access tool designed for red team engagements to backdoor Windows machines. Its primary use case involves tracking user activity through screen captures and exfiltrating data via email attachments using Gmail. Key features include stealthy operation, the ability to execute tasks such as taking screenshots and scheduling tasks, and a comprehensive “Hail Mary” option for automated execution.

README

Powershell-RAT

Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment.

AI Summary: Red Baron is a Terraform-based framework designed to automate the deployment of secure, resilient, and disposable infrastructure tailored for Red Team operations. This tool offers several pre-compiled custom and third-party Terraform providers to facilitate infrastructure setup on various cloud platforms. Notably, it integrates easily with services like Linode and GoDaddy, enhancing the agility and efficiency of infrastructure management for penetration testing scenarios.

README

Latest version of this project is now being maintained here:

AI Summary: The Red Team Infrastructure Wiki provides comprehensive guidance for establishing a robust and resilient Red Team infrastructure, aimed at enhancing operational effectiveness in adversarial engagements. Notable features include detailed design considerations for functional segregation, integration of redirectors for obscured communication, and streamlined deployment strategies for phishing and command and control (C2) operations. This resource is particularly valuable for enhancing agility against defensive measures during long-term engagements and during active incident responses.

AI Summary: The Red Teaming Toolkit is an open-source collection of security tools designed to facilitate adversary simulation and enhance threat hunting capabilities. It features various tools organized by categories including reconnaissance, initial access, and lateral movement, providing functionalities such as port scanning, OSINT gathering, and credential dumping. The toolkit serves both security practitioners aiming to test network defenses and those looking to improve detection and prevention mechanisms against potential threats.

AI Summary: RedAmon is an autonomous AI framework designed for seamless cybersecurity operations that integrate reconnaissance, exploitation, and post-exploitation processes into a streamlined pipeline. It stands out by automatically triaging findings, applying code fixes, and generating pull requests in repositories, ensuring human oversight at critical junctures. Its notable features include support for over 38 security tools, integration with major vulnerability scanners, and configurable autonomy to adapt to various security assessment needs.

AI Summary: RedSnarf is a penetration testing and red team tool designed for the extraction of hashes and credentials from Windows environments, including workstations, servers, and domain controllers, utilizing operationally safe techniques. Key features include the retrieval of local SAM hashes, enumeration of users with elevated privileges, and capabilities for hash spraying, LSASS dumps, and remote management functions like enabling/disabling RDP and clearing event logs. The tool focuses on efficient credential collection and strengthening post-exploitation analysis while maintaining a low profile during operations.

AI Summary: RedTeam-Tools is a comprehensive repository containing over 150 tools and resources specifically designed for red teaming activities, encompassing both targeted tools and general-purpose utilities adaptable for offensive operations. Notable features include a variety of specialized tips for advanced red team techniques, as well as tools for reconnaissance, exploitation, and post-exploitation, catering to a wide range of attack vectors and methodologies. This collection serves as both a practical toolkit and an educational resource for those engaged in offensive cybersecurity practices.

AI Summary: This repository contains personal notes focused on red teaming and offensive security, emphasizing practical experiments with various penetration testing techniques and tools in a controlled lab environment. It covers a range of methodologies, including code execution, defense evasion, and lateral movement, while aiming to enhance understanding of cyber attacks and malware development. Notable features include a commitment to referencing other researchers’ work and a critical approach to self-learning through experimentation and documentation.

AI Summary: Resolvers is an extensive repository of validated DNS resolvers designed for use in DNS enumeration tasks, catering primarily to security professionals and penetration testers. The tool offers various lists, including a simple resolver list, an extended version with detailed metadata about each resolver, and a selection of trusted resolvers from reputable organizations like Cloudflare and Google. Notably, it employs a robust validation process using multiple instances of dnsvalidator to ensure the reliability of the resolver data, which is continuously updated through community contributions.

AI Summary: RustHound is a cross-platform BloodHound collector tool developed in Rust, designed to generate data about users, groups, computers, OUs, GPOs, and containers for analysis within BloodHound. It operates silently without detection by antivirus software and is suitable for environments where SharpHound is blocked or incompatible. Notable features include its ability to run on Linux, Windows, and macOS, along with a range of compile options, including Docker support and static binary generation.

AI Summary: RustRedOps is a collection of Red Team operation tools developed in Rust, aimed at enhancing the capabilities of security professionals and penetration testers in conducting security assessments and intrusion tests. Notable features include a diverse set of projects focused on techniques such as API hooking, anti-analysis, process enumeration, and various forms of code injection, which collectively facilitate advanced exploitation tactics and malware development. The repository emphasizes efficiency and effectiveness, making it a valuable resource for practitioners in cybersecurity.

AI Summary: Sandman is a backdoor designed for use during red team engagements, specifically tailored to operate on hardened networks by leveraging the NTP protocol to retrieve and execute arbitrary shellcode from a designated server. Notable features include the ability to spoof legitimate IP addresses for NTP, execute as a standalone C# application, and the flexibility to function across various operating systems including Windows and Linux, enhancing its covert capabilities in security assessments.

AI Summary: Scanners Box is a comprehensive hacker toolkit that consolidates over 335 open-source scanners across various categories, such as subdomain enumeration, SQL injection vulnerability detection, and malware detection. The tool is designed for modular vulnerability assessment and does not include well-known scanning tools like Nmap or Metasploit, focusing instead on specialized scanning capabilities. Notable features include AI-powered autonomous scanners, dynamic and static code analysis, and comprehensive scanning for web applications and IoT devices.

AI Summary: SessionGopher is a PowerShell-based tool designed to retrieve and decrypt saved session information from remote access applications like PuTTY, WinSCP, FileZilla, and RDP. Its primary use case is for security assessments to identify systems that may connect to sensitive environments such as Unix systems or remote desktops. Notable features include thorough filesystem searches for private key files and the ability to run queries across multiple hosts or domain-joined systems, with results conveniently outputted to CSV files.

AI Summary: SHAD0W is a modular command and control (C2) framework designed for advanced threat operations within mature environments, leveraging techniques to evade endpoint detection and antivirus systems. Built with Python and C, it enables the execution of payloads including .NET assemblies and scripts entirely in memory, while offering features such as HTTPS communication, dynamic process injection, and extensive modularity for tasking beacons. Notable components include built-in privilege escalation exploits, a live web proxy feature, and a robust command-line interface, facilitating customization and effective covert operations.

AI Summary: Shortscan is an IIS short filename enumeration tool that rapidly identifies files with short filenames on an IIS web server and attempts to discover their corresponding full filenames using a unique checksum matching method. Its notable features include support for custom headers, concurrency settings, and vulnerability checks without full file enumeration, as well as the ability to utilize custom wordlists and generate rainbow tables through an accompanying utility named shortutil.

AI Summary: SILENTTRINITY is a modern, asynchronous, multiplayer command and control (C2) and post-exploitation framework designed for flexibility and stealth, utilizing Python 3 and the .NET Dynamic Language Runtime. It offers features such as real-time updates via Websockets, ECDHE encrypted communications, and a fully modular architecture allowing operators to customize their C2 channels and modules. The framework leverages embedded third-party .NET scripting languages for dynamic task evaluation, enhancing usability and providing capabilities akin to PowerShell without its direct use.

AI Summary: Skanuvaty is a high-performance DNS/network/port scanning tool that allows users to quickly analyze a domain by discovering its subdomains and resolving their corresponding IPs. Notable features include support for concurrent scans, with the ability to test thousands of subdomains within seconds, and the generation of a comprehensive output file in JSON format for further analysis.

README

Skanuvaty

Dangerously fast dns/network/port scanner, all-in-one.

Start with a domain, and we’ll find everything about it.

AI Summary: Spoofy is a Python-based tool designed to evaluate the spoofability of domains by analyzing their SPF and DMARC records. It features authoritative lookups with a known DNS fallback, accurate bulk processing, and a customizable spoof logic derived from real-world testing, enabling users to conduct comprehensive assessments of domain security configurations. Additionally, Spoofy offers DKIM selector enumeration via API as an optional feature, making it a valuable resource for cybersecurity assessments.

AI Summary: SPRAY is a high-performance directory fuzzing tool designed for testing and exploiting web applications, boasting over 50% greater performance compared to similar tools like ffuf and feroxbuster. It features customizable dictionary generation based on masks or rules, dynamic filtering, extensive fingerprint recognition capabilities, and the ability to handle multiple targets efficiently with resume options for interrupted sessions. The tool seamlessly integrates with *nix command line environments, facilitating inter-operation with other cybersecurity tools.

AI Summary: Stowaway is a multi-tier proxy tool written in Go, designed specifically for penetration testers to route external traffic through multiple nodes into an internal network, thereby overcoming access restrictions. Notable features include user-friendly command-line interface, tree structure node management, support for various connection types (socks5, HTTP, SSH), traffic encryption using TLS/AES-256-GCM, and capabilities for remote shell, file transfer, and port mapping, all while maintaining compatibility across multiple platforms such as Linux, Mac, and Windows.

AI Summary: Tangled WinExec is a repository that provides a collection of proof-of-concept tools focused on various Windows process execution techniques, aimed at facilitating investigation and understanding of these methods. Notable features include techniques such as Process Hollowing, Command Line Spoofing, and Process Doppelgänging, with some PoCs tailored for specific Windows versions and kernel protection mechanisms. Each toolset includes documentation for testing and utilization, enabling advanced users to explore process manipulation techniques effectively.

AI Summary: Template is a heuristic internal network scanning tool designed for security assessments and vulnerability detection. It features a producer-consumer model for efficient data handling, employs heuristic scanning methods to minimize packet sending, and includes robust web fingerprinting capabilities with over 900 fingerprints. Additionally, it supports extreme concurrency in its modules, optimizing performance during scans and brute force attacks.

README

Template - 启发式内网扫描

AI Summary: theHarvester is a reconnaissance tool designed for red team assessments and penetration tests, facilitating the gathering of open-source intelligence (OSINT). It collects various types of data such as names, emails, IP addresses, subdomains, and URLs from multiple public sources, enhancing a security professional’s understanding of a domain’s external threat landscape. Notable features include support for numerous passive modules that query different search engines and databases, enabling comprehensive domain analysis and threat enumeration.

AI Summary: Traitor is a privilege escalation tool designed to automatically exploit local vulnerabilities and misconfigurations in Unix-like systems to achieve a root shell. It incorporates various methods from GTFOBins and specific CVEs, allowing users to discover potential exploits with options to directly attempt them if necessary. Notable features include the ability to analyze sudo permissions, the option to exploit specific vulnerabilities, and support for various privilege escalation vectors.

README

Traitor

Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy!

AI Summary: Username Anarchy is a command-line tool designed for generating potential usernames during penetration testing, crucial for user account/password brute force attacks and username enumeration. It features a flexible plugin architecture for various username formats, utilizes common first and last names databases from external sources, and allows for name substitutions to maximize coverage when only partial user information is known. This tool supports input from multiple formats and automates name generation based on country datasets or popular social media aliases.

AI Summary: VENOM is a metasploit shellcode generator and compiler that enables users to create and inject shellcode payloads in various formats such as C#, Python, Ruby, and executable formats like ELF and APK. Its primary use case lies in Red Team operations, where it assists in payload delivery through a web server and leverages automation to handle dependencies and remote connections seamlessly. Notable features include support for multiple scripting languages, integration with compilers for building executables, and functionalities similar to other popular evasion tools.

AI Summary: Venom is a multi-hop proxy tool designed for penetration testers, built using Go, which allows the connection of multiple nodes to facilitate multi-layer traffic routing. Key features include a visual network topology, multi-level SOCKS5 proxying, interactive shell access, and secure communication between nodes, making it ideal for managing complex internal networks during security assessments. The tool supports various platforms and architectures, enhancing its versatility for engagements in diverse environments.

AI Summary: Villain is a high-level C2 framework designed for managing multiple reverse TCP and HoaxShell-based shells, allowing users to enhance shell functionality and share features across different instances. Notable features include customizable payload generation, a dynamic pseudo-shell prompt for session management, file upload capabilities, fileless script execution, and a built-in Session Defender to prevent user errors during command input. The tool is primarily aimed at ethical hacking and penetration testing, ensuring users operate within legal boundaries.

AI Summary: VIPER is an advanced red team platform designed for adversary simulation and cybersecurity assessments, providing users with essential tools and functionalities for efficient red teaming operations. Notable features include a user-friendly interface, multi-platform support across Windows, Linux, and macOS, integration of over 100 post-exploitation modules aligned with the MITRE ATT&CK framework, and a built-in LLM agent for enhanced automation and intelligent decision-making. The platform also allows for custom module development, ensuring flexibility to meet diverse operational needs.

AI Summary: The VPS Security Audit Script is a comprehensive Bash tool designed for auditing the security and performance of Debian/Ubuntu-based virtual private servers. It performs extensive security checks, including SSH configuration, firewall status, and system update status, while also monitoring resource usage such as disk space and CPU. The script not only provides real-time color-coded feedback during execution but also generates a detailed report with improvement recommendations based on the audit findings.

AI Summary: WADComs is an interactive cheat sheet designed for offensive security professionals, offering a curated list of tools and their commands specifically for targeting Windows and Active Directory environments. Its primary use case is to aid security experts in executing effective penetration testing by providing quick access to essential commands. Notable features include its comprehensive tool listings and command syntaxes, all consolidated in a web-based format for ease of use.

AI Summary: Web Hacking is a comprehensive repository of notes focused on bug bounty hunting and penetration testing, collating various techniques for vulnerability discovery and exploitation. The tool features extensive reconnaissance and OSINT methods, a detailed list of common vulnerabilities, and bypass techniques, making it a valuable resource for security professionals seeking to enhance their skills and methodologies in web application security. Additionally, it encourages community contributions, fostering continuous improvement and updates of its content.

AI Summary: WinPwn is a comprehensive PowerShell-based tool designed for internal penetration testing, emphasizing automation and proxy support for reconnaissance and exploitation tasks. Its notable features include modules for session management, credential dumping, local and domain reconnaissance, and privilege escalation checks, alongside the ability to operate offline and integrate well-known offensive security scripts. The tool streamlines the penetration testing process with an interactive menu for selecting various attack methods and extensive built-in reconnaissance capabilities.

AI Summary: Xencrypt is a PowerShell-based crypter designed to compress and encrypt PowerShell scripts while bypassing AMSI and modern antivirus solutions. Its notable features include variable name randomization, support for recursive layering of encrypted scripts, and a minimal overhead due to compression. This open-source tool serves as a demonstration for users looking to develop their own crypters, offering flexibility for customization and ease of use.

README

Xencrypt

PowerShell crypter v 1.0

Authors

Xentropy ( @SamuelAnttila )
SecForce ( @SECFORCE_LTD )

AI Summary: Yakit is an interactive application security testing platform that integrates the CyberSecurity Domain Specific Language (CDSL) for enhanced security operations. Its primary use case is to provide a comprehensive GUI for manipulating security testing capacities via a gRPC server, fully replacing tools like BurpSuite and offering unique features such as a visual web fuzzing tool and a plugin store for customizable security scripts. Additionally, Yakit allows non-coders to harness advanced security capabilities without programming knowledge, facilitating both local and remote deployment.