~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

Pentest-Windows

★ 3444 via github-topic
→ View on GitHub

AI Summary: Pentest-Windows11 v3.2 is a Windows penetration testing environment tailored for deployment on Mac M series chips and other platforms, integrating over 400 commonly used security tools and scripts. Notable features include support for multiple virtualization formats (VMware, Parallels Desktop, Hyper-V), optimized tool management, and a user-friendly interface, enabling efficient vulnerability assessment and penetration testing workflows. The environment is designed to be ready-to-use, allowing security professionals to conduct testing with minimal setup.

README

Pentest-Windows Desktop

Pentest-Windows11 v3.2

The First Windows Penetration Testing Environment on Mac M Chips

Author Release v3.2 Platform Windows WSL Kali Property Arsenal

中文文档 | English README

📖 Project Overview

📝 System Introduction

  • This environment aims to provide a ready-to-use Windows penetration testing environment.
  • Reposting is welcome. Please indicate the original author and link: https://github.com/arch3rPro/Pentest-Windows
  • Recommended environment: [VMware: 17.0] / [RAM: 8G] / [VM Disk: 100G] / [Actual disk usage: about 30G]
  • System account: admin, password: 123456. Please change the password after login!
  • Chinese name: 矛·盾 武器库, meaning that cybersecurity is both offense and defense, with the sharpest spear and the strongest shield, interdependent and competitively evolving.
  • The project has integrated 400+ commonly used tools and scripts. You can submit tool requests in the pinned Issue.

🚀 VM Download

Release status:

  • Mac M series Arm64 Fusion version v3.0
  • Mac M series Arm64 Parallels Desktop version v3.1
  • Windows/Mac Intel x64 VMware version v3.2
  • KVM/PromoxVE Qcow2 version v3.2
  • Hyper-V and Ventoy bootable physical machine version v3.2
  • VirtualBox OVF version (in progress)
  1. Parallels Desktop
  1. VMware version

✨ Version Introduction

Main Features & Update History:

  • v3.2 (Latest):
    • Supports x64 architecture (VMware | PVE-KVM)
    • Supports Mac M series Arm architecture (Fusion | Parallels Desktop)
    • Supports Hyper-V and Ventoy bootable version (can be installed to external hard drive, run on any host, no VM required)
    • Optimized graphical bat tool startup, added vbs no CMD popup startup.
    • KVM VM has QGA and VirtualIO drivers installed, adapted for ProxmoxVE, ready to use after import (RDP recommended).
    • Added UniGetUI management, supports graphical update of scoop-installed tools and software.
    • VirtualBox version in progress.
  • v3.1:
    • Based on official Windows 11 ARM ISO.
    • Chrome tab management added, project tool links imported.
    • Maye toolkit categories and subcategories beautified with emoji.
    • v3.1 PD version removed TPM restriction, VM not encrypted.
    • Added basic PD VM download Windows 11-Optimization.PD.7z
  • v3.0:
    • Added tools for internal penetration, credential acquisition, VPN, etc. Total tools increased to 360+.
    • Toolbox uses new Maya Lite version, supports subcategories, clearer classification.
    • All tools in the toolbox have comments, mouse hover shows description.
    • Due to Windows 11 TPM policy, VM is encrypted, password: 123456789.
  • General Features (v2.x - v3.x):
    • Streamlined built-in software, beautified terminal fonts and some icons, moderate optimization.
    • System disk image 100GB, single disk file storage for performance (image size continuously optimized).
    • Rebuilt tool icons, each tool has a corresponding icon.
    • Integrated Scoop package manager (v2.1+), supports scoop update <tool> for updates.
    • Scoop supports script tool installation and updates (v2.2+).
    • Windows Terminal optimized, unified theme and oh-my-posh enhancement.
    • Updated Scoop environment variables, CLI tools can be used directly in CMD or Powershell.
    • Removed some unmaintained or rarely used tools.
    • WSL temporarily removed (low usage, large space, ARM version not supported), may be added later as needed.

ℹ️ Additional Information

  • For the full list of supported tools and updates, please check https://github.com/arch3rPro/scoop-bucket.
  • Some machines do not support nested virtualization or may conflict with local Hyper-V installation. Please use the NoWSL lite version if you do not need Kali-WSL.
  • Tools are in their initial installation state by default. Some tools require initialization, and a few need manual plugin configuration.

📜 Production Statement

1. All installable software is downloaded from the official website or GitHub.
2. All portable (green) software is downloaded from Guohe Shell (https://www.ghxi.com/).
3. All script tools are downloaded from GitHub.
4. Some licensed (cracked) and excellent penetration tools are shared from WeChat public accounts.
5. Some personal information may remain due to debugging; please ignore it.
6. This project does not and will never accept any form of sponsorship.

⚠️ Disclaimer

1. This image is only for legally authorized enterprise security construction. If you want to test its usability, please set up your own target environment.
2. When using this image for testing, ensure your actions comply with local laws and have sufficient authorization.
3. Any illegal use is at your own risk. The author assumes no legal or joint liability.

💻 System Introduction

🖥️ Basics

  • 🪟: Managed and installed by scoop, supports one-click install and update.
  • 🌐: Online security tools, require internet access, some need VPN/proxy.
  • 📖: Offline knowledge base, including password dictionaries, tool usage, exploit tutorials, AV bypass guides (PDF/Markdown).

⌨️ Programming & IDEs

  • Python v3.10.11 (D:/Base/apps/Python310)
  • Python v2.7.18 (D:/Base/apps/Python27)
  • JRE v1.8.0_381 (D:/Base/apps/liberica17-jre/current/bin)
  • Perl v5.36.1 (D:/Base/apps/git/current/usr/bin/perl.exe)
  • Ruby v3.2.2
  • TDM-gcc v10.3.0 (D:/Base/apps/tdm-gcc)
  • Laragon v5.0.0 (D:/Base/apps/laragon)
    • Nginx v1.14.0
    • Apache v2.4.43
    • PHP v5.4.9
    • MySQL v5.1.72
  • Git v2.41.0 (D:/Base/apps/git)
  • Curl v8.1.1 (D:/Base/apps/Curl/bin)
  • Wget v1.21.4 (D:/Base/apps/Wget)
  • Scoop: Windows package manager v0.3.1 (D:/Base/apps/scoop)

⚓ Common Software

System Enhancement:

  • 7zip: High-compression open-source archiver 🪟
  • utools: Multi-functional file search launcher 🪟
  • Windows Terminal: (replaces default cmd)
  • VMware: VMware Tools for VM performance and management
  • Oh-My-Posh: Cross-platform terminal prompt customization 🪟
  • Clink: Bash-style command line editing for Windows Cmd.exe (D:/Base/apps/Clink) 🪟
  • SublimeText: Efficient text editor, Chinese version v4.4150 (Guohe Shell)

System Optimization:

  • Dism++: Windows system management/optimization tool 🪟
  • WiseCare365: System optimization tool, green version v6.5.1_Pro (Guohe Shell)
  • Tools: Custom utilities
    • Context Menu Manager: One-click set WIN10/WIN11 context menu 💾
    • Autologin: Windows auto-login registry 💾
    • ClearHistory.ps1: Clear PowerShell history 💾

🔗 Maye Launcher

- Maye Lite: Fast Windows launcher, supports drag-and-drop, hotkeys, multi-column, lnk parsing
- icon: App icon collection, includes custom icons

🛠️ Penetration Tools Introduction

400+ commonly used scripts and GUI tools can be accessed via icons in the Maye toolbox.

  • Default to launching CMD.exe with Windows Terminal
  • Script startup directory is set
  • Required dependencies are installed
  • Scripts execute Help command on startup

🔬 Common Tools

Tool NameTypeDescription
Burpsuitescoop toolOne of the best tools for web application testing
AntSwordscoop toolAntSword - WebShell management tool
Gobyscoop toolPort scanning, asset collection, vulnerability exploitation
MSFconsolescoop toolMetasploit - modular exploitation framework
Sqlmapscoop toolAutomated SQL injection tool
Hydrascoop toolPowerful brute-force tool
Yakitscoop toolHighly integrated Yak language security testing platform
Zenmapscoop toolPort scanning tool (powerful, but slow)
WindTermscoop toolProfessional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal
uToolsscoop toolMulti-functional file search launcher
Wiresharkscoop toolPopular network packet analysis software
Searchsploitscoop toolCommand-line search tool for Exploit-DB
LibreWolfscoop toolFirefox fork with built-in plugins
Chromescoop toolPopular browser with built-in pentest plugins

⚡ System Optimization

Tool NameTypeDescription
Wubscoop toolDisable system updates
CMWTATscoop toolWindows system activation tool
WiseCare365portableSystem junk cleaning tool
Dism++portableSystem cleaning tool using Dism
UniGetUIscoop toolGUI Scoop update management tool

♾️ Service Connection

Tool NameTypeDescription
DBeaverscoop toolOpen-source free SQL database client
Laragonscoop toolPHP, Tomcat server
mRemoteNGscoop toolSSH remote connection tool
WinSCPscoop toolSFTP file transfer tool
MobaXtermscoop toolMulti-protocol remote connection tool
Redis-cliscoop toolRedis command-line client
Telnetbuilt-inBuilt-in Telnet client
OpenSSHscoop toolBuilt-in SSH command-line client
HeidiSQLscoop toolGUI database client
WindTermscoop toolSSH, SFTP, Telnet remote connection tool
HTTPServerscoop toolSingle-file HTTP server tool for easy file transfer
GoHTTPServerscoop toolHTTP server tool written in Go
OpenVPNinstallerOpenSSL-based VPN, simple and easy to use

💡 Information Gathering

🖥️ Host Discovery

Tool NameTypeDescription
Fpingscoop toolEnhanced Ping command, intended to replace Windows built-in ping
Masscanscoop toolFast port scanner for scanning large numbers of IPs and ports
TCPingscoop toolTest TCP connectivity and response time
Arp-Pingscoop toolCommand-line tool to find MAC address for a given IP via ARP
NetCatscoop toolRead/write data across networks using TCP/UDP, the Swiss Army knife
NETworkManagerscoop toolWindows network management tool

📋 Domain Info Gathering

Tool NameTypeDescription
Whoisscoop toolWhois query command-line tool
Subfinderscoop toolOpen-source tool focused on subdomain collection
DnsXscoop toolPowerful multipurpose DNS toolkit
Layer Subdomainscoop toolDomain query tool, provides subdomain search services
KsubDomainscoop toolStateless subdomain brute-forcing tool
Ctscoop toolSimple and easy-to-use domain brute-forcing tool
JSFinderscoop toolExtract URLs and subdomains from JS files on websites
Knockscoop toolPython script for comprehensive subdomain scanning using wordlists

🪬 Comprehensive Recon Tools

Tool NameTypeDescription
OneForAllscoop toolPowerful subdomain collection tool
Mitanscoop toolRecon tool with asset info, subdomain brute, search syntax, mapping, fingerprint, info gathering, file/port scan, weight check, password dict, etc.
Amassscoop toolOpen-source subdomain info gathering tool
Gobusterscoop toolOpen-source tool for directory/file brute-forcing in web apps
Argusscoop toolPowerful, flexible, easy-to-use open-source recon toolkit
Bbotscoop toolRecursive OSINT resource intelligence tool

🔬 Google Hacking

Tool NameTypeDescription
GooFuzzscoop toolFuzzing tool based on OSINT methods
GHDBonline toolGoogle Hacking Database for finding public info for pentesters
Pagodoscoop toolAutomates Google Hacking DB scraping and searching
Google-Dorksscoop tool, localAdvanced search/query techniques for Google search engine
SearchDiggityscoop toolGoogle Hacking Diggity, uses search engines to quickly find weaknesses and sensitive data
LazyDorkonline toolOnline generator for Google Dorking search syntax

🗜️ Data Leak Check

Tool NameTypeDescription
GitHackerscoop toolDetects git source code leaks and downloads site source code
GitGraberscoop toolPython3 tool for real-time GitHub monitoring for sensitive data
Gitrobscoop toolOpen-source recon tool for finding sensitive files in public repos
GitMinerscoop toolPowerful GitHub data mining tool based on Python
SvnExploitscoop toolSVN source code leak dumper for all versions
Gowitnessscoop toolWebsite screenshot tool using Chrome Headless (Golang)

🛸 Port Scanning

📡 Scanning Tools

Tool NameTypeDescription
Gobyscoop toolPort scanning, asset collection, vulnerability exploitation
Masscanscoop toolFast port scanner for scanning large numbers of IPs and ports
NimScanscoop toolFast port scanner
TxPortMapscoop toolPort scanning and banner identification tool
Scaninfoscoop tool
Yujian Scannerscoop toolYujian port scanning tool
Naabuscoop toolFast, stable, easy-to-use port scanner written in Go
Zenmapscoop toolPowerful port scanner (but slow)
gogoscoop toolHighly controllable, extensible automation engine for red teams

🌐 Online Scanning

Tool NameTypeURL
Pentest-Toolsonline toolhttps://pentest-tools.com/network-vulnerability-scanning/port-scanner-online-nmap
Nmap Onlineonline toolhttps://hackertarget.com/nmap-online-port-scanner/
HideMyNameonline toolhttps://hide.mn/cn/port-scanner/
Rookie Toolsonline toolhttps://duankou.wlphp.com/
PostJsononline toolhttp://coolaf.com/tool/port
ProxySelleronline toolhttps://proxy-seller.com/zh/tools/port-scanner/
PortScannersonline toolhttps://www.whatsmyip.org/port-scanner/
WhatisMyIPonline toolhttps://www.whatismyip.com/port-scanner/

🌐 Cyber Space Engines

🌐 Online Search

Tool NameTypeURL
Shodanonline toolhttps://shodan.io/
Censysonline toolhttps://search.censys.io/
ZoomEyeonline toolhttps://www.zoomeye.org/
GreyNoiseonline toolhttps://viz.greynoise.io/
Netlas.ioonline toolhttps://netlas.io/
FOFAonline toolhttps://fofa.info/
Quakeonline toolhttps://quake.360.net/quake/#/index
Hunteronline toolhttps://hunter.how/
ODINonline toolhttps://odin.io/

🧭 Mapping Tools

Tool NameTypeDescription
Lightning Searcherscoop toolCyberspace search engine, GUI (Mac/Windows) recon info gathering
AsamFscoop toolIntegrated search tool for multiple asset mapping platforms
uncoverscoop toolQuickly find exposed hosts on the Internet using multiple engines
FlashSearchscoop toolUser-friendly multi-platform asset mapping client

✈️ Proxy & Packet Capture

Tool NameTypeDescription
Broxyscoop toolHTTP/HTTPS open-source intercepting proxy written in Go
Hettyscoop toolHTTP toolkit for security research
Mitmproxyscoop toolHTTP proxy supporting SSL
Yakitscoop toolHighly integrated Yak language security testing platform
Wiresharkscoop toolPopular network packet analysis software, detailed packet info
ProxyPinscoop toolMITM-based packet capture tool, mainly for mobile app security
Burpsuitescoop toolOne of the best web application testing tools
ZapProxyscoop toolOpen-source web application security scanner

🌀 Fingerprint Recognition

🌐 Online Recognition

Tool NameTypeURL
WhatCMSonline toolhttps://whatcms.org/
Yunxionline toolhttp://www.yunsee.cn/
360Finger-Ponline toolhttps://fp.shuziguanxing.com/
Tide Fingeronline toolhttp://finger.tidesec.net/
WhatWebonline toolhttps://whatweb.net/

👣 Fingerprint Tools

Tool NameTypeDescription
WebAnalyzescoop toolGo version of Wappalyzer
TideFingerscoop toolFingerprint tool integrating multiple web indicator databases
EHole3.0scoop toolRed team system fingerprint detection tool
Dismapscoop toolAsset discovery and identification, fast web fingerprint recognition
pyxisscoop toolAuto-identifies HTTP/HTTPS, gets headers, status, size, time, fingerprint
Scan4allscoop toolOfficial vuls scan: 15000+ PoC, 23 password cracks, 7000+ web fingerprints, 146 protocols, 90000+ port rules
WhatWebscoop toolPowerful open-source tool for web app/server tech fingerprinting
CMSeekscoop toolCMS detection/exploitation, supports 180+ CMS (WordPress, Joomla, Drupal)
ObserverWardscoop toolCross-platform community web fingerprint tool
P1fingerscoop toolKey asset fingerprint tool, identifies systems via HTTP request
HFingerscoop toolFingerprint tool for malicious HTTP requests, based on Tshark, Python3
xappscoop toolWeb fingerprint recognition tool

📦️ Webshell

Tool NameTypeDescription
Behinderscoop tool“Bingxie” dynamic binary encrypted website management client
Bantamscoop toolPHP shell management tool
Godzillascoop toolGodzilla WebShell management tool
Pyshellscoop toolPython version shell management tool
Scorpio Priv Toolscoop toolWebShell client using Bingxie encrypted traffic
Weevelyscoop toolWebshell management tool
AntSwordscoop toolChinese AntSword loader, built-in app store
Awsome-shellsscoop toolReverse shell collection
Webshellscoop toolWebShell collection
Webshell_Generatescoop toolGenerate various AV-bypass webshells
Youhunscoop toolNew-gen Webshell manager, compatible with AntSword/Bingxie PHP
SharPyShellscoop toolASP.NET Webshell for C# web apps

📂 Directory Brute

Tool NameTypeDescription
Ffufscoop toolFast web fuzzer written in Go
Dirsearchscoop toolTool for discovering hidden directories/files on web servers
Gobusterscoop toolOpen-source directory/file brute-forcing tool for web apps
WebPathBrutescoop tool7kbscan-WebPathBrute, web path brute-forcing tool
HTTPXscoop toolFull-featured HTTP client for Python3
Gospiderscoop toolFast web crawler written in Go
Sprayscoop toolNext-gen directory brute-forcing solution
DirBusterscoop toolMultithreaded Java app for brute-forcing web server directories/files
Feroxbusterscoop toolFast, simple, recursive content discovery tool in Rust
Katanascoop toolNext-gen crawler framework
URLFinderscoop toolFast, comprehensive page info extractor for JS, URLs, sensitive info

🔐 Password Cracking

Tool NameTypeDescription
Hashcatscoop toolPassword cracker in C, supports brute-forcing many hash algorithms
Johnscoop toolFast password brute-forcing tool
johnnyscoop toolGUI version of John the Ripper
Psudohashscoop toolPassword list generator for brute-force attacks
Wordlistsscoop tool, localKali built-in wordlists
Weakpassonline toolhttps://weakpass.com/ online weak password search
HashCalculatorscoop toolHash calculation tool, batch calc/verify/find duplicates/change hash
Boomscoop toolSmart web weak password brute-forcer/detector based on headless browser
Hydrascoop toolFast brute-force tool for system login passwords
SNETCrackerscoop toolSuper weak password checker
SecListsscoop tool, localPassword dictionary for pentesters

🪲 Vulnerability Scanning

Tool NameTypeDescription
Nucleiscoop toolVery fast and easy-to-use vulnerability scanner
Xrayscoop toolCommunity version of Xray, supports active/passive scanning, flexible POC
Xray-GUIscoop toolGUI for Xray vulnerability scanner
SiteScanscoop toolAll-in-one tool for pentest info gathering
Scaninfoscoop toolOpen-source fast scanner for red team internal/external scanning
OSV-Scannerscoop toolFree security scanner by Google (Dec 2022)
Afrogscoop toolHigh-performance, fast, stable, customizable PoC vulnerability scanner
Niktoscoop toolOpen-source web scanner, tests for 2600+ dangerous files/CGI/etc
Zed Proxyscoop toolOpen-source web application security scanner
Scan4allscoop tool15000+ PoC, 23 password cracks, 7000+ fingerprints, 146 protocols, 90000+ port rules
Wscanscoop toolWeb security scanner
Wavelyscoop toolNuclei GUI PoC management tool, auto-integrates Nuclei PoCs
Vscanscoop toolOpen-source, lightweight, fast, cross-platform web vulnerability scanner
VscanPlusscoop toolEnhanced Vscan, port scan, fingerprint, directory fuzz, vuln scan
Wapiti3scoop toolOpen-source web app vulnerability scanner
EZscoop toolAll-in-one info gathering, port scan, brute, URL crawler, fingerprint, passive scan
Dismapscoop toolAsset discovery and identification, fast web fingerprinting
oFxscoop toolBatch web vulnerability scanning framework
xpocscoop toolLightweight, cross-platform PoC framework by Chaitin Tech
F-vulnscoop toolAutomated scanner for daily security, pentesters, red teams

🔎 Vulnerability Search

🌐 Online Search

Tool NameTypeURL
SPLOITUSonline toolhttps://sploitus.com/
OSV-onlineonline toolhttps://osv.dev/list
CVE Searchonline toolhttps://cvepremium.circl.lu/
Exploit-DBonline toolhttps://www.exploit-db.com/
Vulmononline toolhttps://vulmon.com/
CVE Queryonline toolhttps://www.cve.org/
Pentest-Toolsonline toolhttps://pentest-tools.com/vulnerabilities-exploits
Rapid7online toolhttps://www.rapid7.com/db/
Vulnersonline toolhttps://vulners.com/

🔍 Search Tools

Tool NameTypeDescription
GetSploitscoop toolCommand-line search/download tool for Vulners DB, inspired by searchsploit
Go-Exploitdbscoop toolGo-based exploit-db search tool
Searchsploitscoop toolCommand-line search tool for Exploit-DB
VulnerabilityLookupscoop toolRewritten cve-search, open-source tool for local CVE DB

🧿 Common Vulnerabilities

🛰️ XSS Scanning

Tool NameTypeDescription
XSStrikescoop toolAdvanced XSS detection tool
XSSor2scoop toolXSS exploitation assistant tool
Dalfoxscoop toolOpen-source XSS vulnerability scanner
Toxssinscoop toolCLI and payload generator for XSS exploitation
X-Reconscoop toolAutomated XSS vulnerability reconnaissance tool
PwnXSSscoop toolXSS vulnerability scanning/exploitation tool
LOXSscoop toolScanner for SQLi, CRLF, XSS, LFi, OpenRedirect vulnerabilities

💉 SQL Injection

Tool NameTypeDescription
Sqlmapscoop toolSQL injection vulnerability scanner/exploitation tool
SSQLInjectionscoop toolSuper SQLi tool, HTTP packet-based SQLi tool
SQL-Injection-Payload-Listscoop tool, localSQL injection payload list
NoSQLMapscoop toolNoSQL database exploitation tool
Advanced-SQL-Cheatsheetscoop tool, localAdvanced SQLi query cheatsheet
SQLMapCGonline toolhttps://www.ddosi.org/scg/ SQLmap command generator

🔫 Injection Related

Tool NameTypeDescription
Commixscoop toolAutomated command injection exploitation tool
SSTImapscoop toolInteractive SSTI detection tool
Shellfirescoop toolExploitation tool for command/LFI/RFI/SSTI injection vulnerabilities
SSRFmapscoop toolAutomated SSRF fuzzing/exploitation tool
XXEinjectorscoop toolAutomated XXE exploitation tool
CRLFsuitescoop toolCRLF injection (HTTP response splitting) scanner

🗂️ File Operations

Tool NameTypeDescription
LFISuitescoop toolLocal file inclusion exploitation tool
Fuxploiderscoop toolFile upload vulnerability scanner/exploitation tool
LFIMapscoop toolLocal file inclusion discovery/exploitation tool

♨️ Deserialization Exploitation

Tool NameTypeDescription
Ysoserial-GUIscoop toolGUI for Ysoserial exploitation tool
Ysomapscoop toolJava deserialization exploitation framework
JYsoscoop toolYsoserial & JNDIExploit tool, supports high-version/WAF/RASP bypass
Ysoserialscoop toolPoC generator for unsafe Java object deserialization
JNDI-Injection-Exploit-Plusscoop toolJNDI link generator and backend service tool
PPPYSOscoop toolJava deserialization PoC generator
Deswingscoop toolGUI Java deserialization tool, integrates Ysoserial
JNDI-Inject-Exploitscoop toolJNDI injection testing tool

⚓ Database Exploitation

Tool NameTypeDescription
MDUTscoop toolMulti-database exploitation tool
SqlKnifescoop toolSQL Server security check tool for CLI
Databasetoolsscoop toolAutomated privilege escalation tool for databases (Go)
TeamIDEscoop toolIntegrated management for MySQL, Oracle, Kingbase, DM, Shentong, SSH, FTP, Redis, Zookeeper, Kafka, Elasticsearch, MongoDB, etc.
Sylasscoop toolComprehensive database exploitation tool
SharpSQLToolsscoop toolUpload/download files, xp_cmdshell/sp_oacreate command execution, CLR assembly loading
SharpSQLToolsGUscoop toolGUI for SharpSQLTools
RedisEXPscoop toolRedis vulnerability exploitation tool

💎 Special Vulnerabilities

🗳️ Comprehensive OA Tools

Tool NameTypeDescription
MYExploitscoop toolOA product vulnerability exploitation tool
Apt_t00lsscoop toolHigh-risk vulnerability exploitation tool
I-Wanna-Get-Allscoop toolOA application exploitation tool
OA-EXPTOOLscoop toolOA all-in-one tool, includes nearly 20 OA vulnerability scanners

🗃️ CMS Vulnerabilities

Tool NameTypeDescription
CMSeekscoop toolCMS detection/exploitation, supports 180+ CMS
FrameScan-GUIscoop toolGUI CMS vulnerability detection framework (Python3 + PyQt)
FrameScanscoop toolCLI CMS vulnerability detection framework

⚖️ Middleware Vulnerabilities

Tool NameTypeDescription
Spring_All_Reachablescoop toolSpring vulnerability all-in-one exploitation tool
WeblogicToolscoop toolGUI tool for Weblogic vulnerabilities, detection, command exec, memory shell, password decryption
SBSCANscoop toolPenetration testing tool focused on Spring framework
FastjsonScanscoop toolFastjson scanner, detects version, dependencies, autoType status
Hyacinthscoop toolJava vulnerability collection tool
JenkinsExploitscoop toolJenkins comprehensive vulnerability exploitation tool
SpringBootscoop toolSpringBoot penetration framework, high-risk Spring vulnerabilities
SpringBoot-Scan-GUIscoop toolGUI SpringBoot-Scan exploitation tool
ShiroAttack2scoop toolShiro deserialization vulnerability all-in-one tool
shiroEXPscoop toolShiro deserialization vulnerability all-in-one tool

🔭 Other Vulnerability Exploitation

Tool NameTypeDescription
NacosExploitscoop toolNacos GUI tool, default password, SQLi, auth bypass, deserialization detection/exploitation
NacosExploitGUIscoop toolNacosExploit GUI tool
VcenterKillerscoop toolComprehensive exploitation tool for Vcenter

🛰️ Penetration Frameworks

Tool NameTypeDescription
Metasploitscoop toolModular exploitation framework
POC-Tscoop toolPlugin-based concurrent pentest framework
MYExploitscoop toolOA product vulnerability exploitation tool
Yakitscoop toolHighly integrated Yak language security testing platform
MSFVenomscoop toolMSF modular exploitation framework payload generator
XieBroC2scoop toolC2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
TeamServer-XieBroC2scoop toolC2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
Sliver-Serverscoop toolOpen-source cross-platform adversary simulation/red team framework (server)
WoodPeckerscoop toolHigh-risk vulnerability detection and deep exploitation framework
Pocsuite3scoop toolOpen-source remote vulnerability testing framework
DudeSuitescoop toolDude Suite network security tools
AuxToolsscoop toolGUI pentest assistant tools
Railgunscoop toolGUI penetration tool
Cobaltstrikescoop toolCommercial pentest tool - Cobalt Strike

🖱️ Persistence

Tool NameTypeDescription
PrintMyShellscoop toolAuto-generate various reverse shell Python scripts
Girshscoop toolAuto-launch fully interactive reverse shell
NatPassscoop toolHost management tool, supports web shell and web desktop
Govenomscoop toolGenerate MSFVenom shells in command line :)
Wmiexec-Proscoop toolAV evasion in lateral movement
Reverse_SSHscoop toolSSH-based reverse shell management tool
Reverse-Shell-Generatorscoop toolHosted reverse shell generator with many features
HackerPermKeeperscoop toolLinux persistence tool
SharPersistscoop toolWindows persistence toolkit in C#

🛂 AV Bypass & RAT

Tool NameTypeDescription
ShellCodeLoaderscoop toolShellcode loader
MazteuszExscoop toolAV bypass generator
shellterscoop toolDynamic shellcode injection tool
Yanriscoop toolAV bypass executor generator
MaLoaderscoop toolAV-bypass trojan generator based on Tauri+Rust
S-injectscoop toolAV-bypass DLL/Shellcode injector for Windows, GUI supported
S-inject_guiscoop toolAV-bypass DLL/Shellcode injector for Windows, GUI supported
XG_NTAIscoop toolWebshell AV bypass, encrypted traffic
Tide AV Bypassonline toolhttp://bypass.tidesec.com/
BypassAntiVirusscoop tool, localRemote control AV bypass articles and tools
RingQscoop toolPost-exploitation AV bypass tool, supports bypassing AV/EDR/360/Defender
LoaderFlyscoop toolFast AV-bypass trojan generator for red teamers
BinarySpyscoop toolManual/auto patch shellcode to binary for AV bypass
ZeroEyescoop toolAutomated white file finder, scans EXE imports, lists DLLs, filters non-system DLLs
EXEToShellcodescoop toolPost-exploitation AV bypass tool based on PE Patch, x64 supported
sgnscoop toolPolymorphic binary encoder for offensive security research
donutscoop toolGenerates x86, x64, or AMD64+x86 shellcode
AniYascoop toolAniYa-GUI AV bypass framework
ByPassBehinderscoop toolBingxie WebShell AV bypass generator
ByPassGodzillascoop toolGodzilla WebShell AV bypass generator

⌨️ Command Control

Tool NameTypeDescription
Godohscoop toolA DNS-over-HTTPS C2
SharpStrikescoop toolPost-exploitation research tool based on C#
Merlin-Serverscoop toolRAT software developed in Go
AsyncRATscoop toolOpen-source remote management tool
XieBroC2-TeamServerscoop toolC2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
PSRansomscoop toolPowerShell-based C2 tool - client
PSRansom-C2Serverscoop toolPowerShell-based C2 tool - server
Sliver-Clientscoop toolOpen-source cross-platform adversary simulation/red team framework (client)
Sliver-Serverscoop toolOpen-source cross-platform adversary simulation/red team framework (server)
Revshellscoop toolReverse shell command generator in Go
XieBroC2scoop toolC2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
Meterpeterscoop toolC2 PowerShell command and control framework with built-in commands
RedGuardscoop toolC2 frontend traffic control tool, evades blue team, AV, EDR checks

⌚ Privilege Escalation

🧰 Local Tools

Tool NameTypeDescription
GTFOBLookupscoop toolOffline command-line lookup utility for GTFOBins, LOLBAS, WADComs, HijackLibs
Linux-exp-Suggesterscoop tool[Upload to target] Automated tool to search known vulnerabilities based on Linux kernel version
Win-Kernel-EXPscoop toolWindows privilege escalation vulnerability collection
Lin-Kernel-EXPscoop toolLinux privilege escalation exploits
BeRootscoop toolPowerful post-exploitation tool, focuses on common misconfigurations
WinPEASscoop tool[Upload to target] Search for privilege escalation paths in Windows
LinPEASscoop tool[Upload to target] List all possible privilege escalation methods on Linux
PrintNotifyPotatoscoop tool[Upload to target] Privilege escalation using PrintNotify COM service
Moriartyscoop tool[Upload to target] Enumerate missing KBs, detect vulnerabilities, suggest Windows privilege escalation

🌐 Online Privilege Escalation

Tool NameTypeURL
GTFOBinsonline toolhttps://gtfobins.github.io/
LOLBASonline toolhttps://lolbas-project.github.io/
WADComsonline toolhttps://wadcoms.github.io/
Hijack Libsonline toolhttps://hijacklibs.net/
Tide PEonline toolhttp://bypass.tidesec.com/exp/
Auroraonline toolhttps://detect.secwx.com/

🚀 Tunnel Proxy

🛩️ Multi-level Proxy

Tool NameTypeDescription
Termitescoop toolMulti-platform, bidirectional cascading between jump hosts, built-in shell management
Venomscoop toolMulti-level proxy tool designed for pentesters, developed in Go
Stowawayscoop toolMulti-level proxy tool written in Go for pentesters
Rportscoop toolRemote management tool, supports multi-level proxy
Rakshasa_Fullnodescoop toolRakshasa control node - powerful multi-level proxy in Go, designed for multi-level proxy and internal penetration
Rakshasa_Nodescoop toolRakshasa regular node - powerful multi-level proxy in Go, designed for multi-level proxy and internal penetration

🚇 Internal Tunnels

Tool NameTypeDescription
Frpsscoop toolHigh-performance reverse proxy for internal penetration, supports TCP, UDP, HTTP, HTTPS, P2P
NPSscoop toolLightweight, high-performance, powerful internal penetration proxy server
GoProxyscoop toolHigh-performance HTTP, HTTPS, WebSocket, TCP, SOCKS5 proxy server
reGeorgscoop toolHTTP proxy tool in Python, improved version of reDuh
Neoregscoop toolreGeorg refactored project, improved usability, avoids signature detection
Gostscoop toolSecure tunnel implemented in Go
Ligolo-ng_Agentscoop toolSimple, lightweight, fast tool for pentesters to establish tunnels via tun interface (no SOCKS)
Chiselscoop toolFast TCP/UDP tunnel using HTTP transport
Suo5-GUIscoop toolHigh-performance HTTP proxy tunnel tool - GUI version
Neutrino-Clientscoop toolNeutrino proxy client, open-source internal penetration tool based on Netty
Neutrino-Serverscoop toolNeutrino proxy server, open-source internal penetration tool based on Netty
Ngrokscoop toolReverse proxy, establishes secure channel between public endpoint and local web server
Suo5scoop toolHigh-performance HTTP proxy tunnel tool
Ratholescoop toolSecure, stable, high-performance internal penetration tool in Rust
Ligolo-ng_Proxyscoop toolSimple, lightweight, fast tool for pentesters to establish tunnels via tun interface (no SOCKS)

🏠 Internal Penetration

⚡ Internal Forwarding

Tool NameTypeDescription
NetCatscoop toolRead/write data across networks using TCP/UDP, the Swiss Army knife
RustCatscoop toolModern port listener and reverse shell tool for Linux, macOS, Windows
Socatscoop toolPowerful forwarding tool for different interfaces
websocatscoop toolOpen-source command-line tool in Rust for WebSocket connections
PortForwardscoop toolPort forwarding tool in Go, solves internal/external network issues
Proxychainsscoop toolPowerful terminal proxy interception tool

🩺 Internal Scanning

Tool NameTypeDescription
Fscanscoop toolInternal comprehensive scanner, one-click automation, full coverage
LadonGoscoop toolOpen-source internal penetration scanner framework, easy C/B/A segment detection
Netspyscoop toolFast internal network segment detection tool
FscanParserscoop toolGUI tool for processing Fscan output results
NBTScanscoop toolWindows network protocol scanner, gets NetBIOS names and info
Kscanscoop toolComprehensive scanner in Go, port scan, protocol detection, fingerprint, brute force
Qscanscoop toolLightweight comprehensive internal scanner, TCP scan, service identification, vulnerability verification
ServerScanscoop toolHigh-efficiency concurrent network scanner and service probe in Go
Searchallscoop toolPowerful sensitive info search tool, quickly finds usernames, passwords, accounts, credentials, browser passwords
ScanLinescoop toolFast internal scanning tool
Cubescoop toolInternal penetration testing tool, weak password brute, info gathering, vulnerability scanning
Templatescoop toolInternal penetration vulnerability scanning tool
Yassoscoop toolPowerful internal penetration assistant toolkit - supports RDP, SSH, Redis, PostgreSQL, MongoDB, MSSQL, MySQL, WinRM brute force, fast port scanning, powerful web fingerprinting, one-click exploitation of built-in services

⏳ Domain Penetration

Tool NameTypeDescription
SharpHoundscoop toolCollect various info in Windows domain, computer objects, group memberships, permissions
BloodHoundscoop toolVisualize relationships in domain environment
Impacketscoop toolPython implementation of network protocols, IP, TCP, ICMP, etc.
PingCastlescoop toolQuick Active Directory security assessment using risk assessment framework
ADExplorerscoop toolDomain info query tool, standalone executable, lists domain structure, user accounts, computer accounts
BloodyADscoop toolPowerful Active Directory privilege escalation framework
AdFindscoop toolVery powerful info gathering tool in domain environment
Rubeusscoop toolTool for Kerberos protocol attacks, can initiate requests and import tickets

📑 Credential Harvesting

Tool NameTypeDescription
HackBrowserDatascoop toolBrowser data decryption tool (passwords, history, cookies, bookmarks), supports Chrome, Firefox, Edge, 360, QQ, etc.
LaZagnescoop toolPowerful password recovery and forensics tool, extracts passwords stored on local computer
Kerbrutescoop toolPopular enumeration tool, abuses Kerberos pre-authentication for brute force and enumeration
SharpXDecryptscoop toolXshell all-version password recovery tool
RouterPassViewscoop toolRetrieve usernames and passwords saved in router configuration files
Mimikatzscoop toolVery powerful security tool in C, extracts plaintext passwords, hashes, PINs, Kerberos tickets from memory
NetPassscoop toolView Windows computer credential passwords tool
ProcDumpscoop toolCommand-line utility for monitoring CPU spikes and generating crash dumps
PassRecEncscoop toolFree password recovery tool for Windows programs, Chrome, Firefox, Edge, IE, Outlook, network passwords, wireless keys, dial-up entries
WebBrowserPassViewscoop toolPassword viewer for all major browsers, IE 4.0-8.0, Firefox, Chrome, Opera

🧲 VPN Network

Tool NameTypeDescription
NetBirdscoop toolOpen-source network management platform built on WireGuard
Easytierscoop toolSimple, secure, decentralized remote networking solution, WireGuard compatible
Tailscalescoop toolVirtual networking tool based on WireGuard
Qv2rayscoop toolCross-platform V2Ray client using Qt framework, supports Windows, Linux, macOS
NekoBoxscoop toolMulti-platform universal proxy tool based on sing-box
v2rayNscoop toolV2Ray client for Windows, supports VMess, VLESS, Trojan, Socks, Shadowsocks, Hysteria2, Tuic
WireGuardscoop toolExtremely simple but fast and modern VPN
OpenVPN ConnectinstallerOpenSSL-based VPN, simple and easy to use compared to traditional VPN
Clash-Vergescoop toolEfficient desktop proxy software, designed for managing and enhancing Clash configurations

System Screenshots

🌲 Tool Directory

Directory

🌐 Chrome Extensions

Chrome extensions

📡 Burpsuite/Metasploit

Burpsuite

🛰️ Yakit

Yakit

🛸 Goby

Goby

malware pentesting