A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Privilege Escalation Awesome Scripts Suite. Automatically enumerates Windows (WinPEAS) and Linux/Mac (LinPEAS) systems for privilege escalat…
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration te…
A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics als…
A compact guide to network pivoting for penetration testings / CTF challenges.
This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, …
Suggests programs to run against services found during the enumeration phase of a Pentest
A visual reference of 118 essential red team tools, frameworks & standards, organized like a periodic table. Includes a printable PDF versio…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows ma…
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
A lightweight port-forwarding and socks proxy tool written in Rust 🦀
Bloodhound Reporting for Blue and Purple Teams
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Traditional persistence methods (e.g., Registry Run keys, scheduled tasks) are often monitored or flagged by EDRs and blue teams. PowerDodde…
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project usin…
Collection of PowerShell modules for post-exploitation. Includes PowerView for AD recon, PowerUp for privilege escalation, Invoke-Mimikatz, …
Privilege Escalation Enumeration Script for Windows
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by …
Forces any TCP connection made by a given application through proxy servers like SOCKS4, SOCKS5, or HTTP. Essential for pivoting through com…
PRTSTRIKE 是一个轻便、小巧、快捷的轻量化 C&C 框架,由 Go 编写,最快可 1 分钟部署完成。 | 指标 | 数值 | |------|------| | C2 Server 编译大小 | ~30 MB | | Implant 编译大小 (Windows x64) …
Dominate Active Directory with PowerShell.
PowerShell Ransomware Simulator with C2 Server