无情的 Fork 机器

All

3.2k repositories

WebVerse
Public
Open-source web & API security training platform with curated, modular labs and progress tracking.
Python
•7•0•0•0•Updated Jan 29, 2026Jan 29, 2026
OpenMalleableC2
Public
Open Source Implementation of Cobalt Strike's Malleable C2
C
•12•0•0•0•Updated Jan 27, 2026Jan 27, 2026
aliasr
Public
Aliasr is a modern, feature-rich TUI launcher for penetration testing commands inspired by Arsenal, but with significantly improved functionality.
Python
•
MIT License
•7•0•0•0•Updated Jan 26, 2026Jan 26, 2026
AudioDG.exe-DLL-Hijacking-for-LPE
Public
Audiodg.exe DLL hijacking for LPE with reboot-free restart primitive. Executes code as LOCAL SERVICE, escalates to SYSTEM via Scheduled Tasks.
C++
•15•0•0•0•Updated Jan 24, 2026Jan 24, 2026
TInjector_Symbi
Public
更稳定的劫持Zygote在App启动前注入so
C++
•45•0•0•0•Updated Jan 22, 2026Jan 22, 2026
TopazTerminator
Public
Just another EDR killer
C
•
MIT License
•20•0•0•0•Updated Jan 21, 2026Jan 21, 2026
flashingestor
Public
A TUI for Active Directory collection.
Go
•
MIT License
•6•0•0•0•Updated Jan 20, 2026Jan 20, 2026
skill-threat-modeling
Public
Code-First Deep Risk Analysis Skill for Claude Code - 8-Phase Workflow with Security design review, STRIDE Threat modeling, PenTest and attack chain analysis, S…
Python
•
BSD 3-Clause "New" or "Revised" License
•20•1•0•0•Updated Jan 19, 2026Jan 19, 2026
corptrace
Public
Automate Scoping, OSINT and Recon assessments.
Shell
•
GNU General Public License v3.0
•14•0•0•0•Updated Jan 18, 2026Jan 18, 2026
linux-bof-loader
Public
A standalone C implementation of a "Beacon Object File" (BOF) loader designed for Linux x86-64 environments.
C
•
MIT License
•2•0•0•0•Updated Jan 17, 2026Jan 17, 2026
FlareTunnel
Public
Proxy system that routes traffic through Cloudflare Workers for IP rotation and anonymity
Go
•53•0•0•0•Updated Jan 16, 2026Jan 16, 2026
MPET
Public
MPET (Multi-Protocol Exploitation Toolkit) 是一款专业的多协议安全测试工具，基于 Wails 框架构建的现代化桌面应用。它提供了对 25+ 种主流服务协议的连接测试、未授权访问检测、弱口令检测和漏洞利用能力，是安全研究人员和渗透测试工程师的得力助手。
Go
•
MIT License
•14•0•0•0•Updated Jan 16, 2026Jan 16, 2026
medusa
Public
AI-first security scanner with 74+ analyzers, 180+ AI agent security rules, intelligent false positive reduction. Supports all languages. CVE detection for Reac…
Python
•
GNU Affero General Public License v3.0
•30•0•0•0•Updated Jan 15, 2026Jan 15, 2026
deadend-cli
Public
Agentic AI tool for offensive security and pentesting
Python
•
GNU Affero General Public License v3.0
•32•0•0•0•Updated Jan 12, 2026Jan 12, 2026
guardian-cli
Public
Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by…
Python
•
Other
•259•0•0•0•Updated Jan 10, 2026Jan 10, 2026
ClipboardStealBOF
Public
An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard history.
C
•
MIT License
•5•0•0•0•Updated Jan 9, 2026Jan 9, 2026
wechat-dump-rs-4.0
Public
该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。
Rust
•412•0•0•0•Updated Jan 9, 2026Jan 9, 2026
DumpBrowserSecrets
Public
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chr…
C
•
MIT License
•82•0•0•0•Updated Jan 7, 2026Jan 7, 2026
smtp-tunnel-proxy
Public
A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.
Python
•
GNU General Public License v3.0
•142•0•0•0•Updated Jan 7, 2026Jan 7, 2026
dumpguard_bof
Public
Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.
C
•23•0•0•0•Updated Jan 6, 2026Jan 6, 2026
DbgNexum
Public
Shellcode injection using the Windows Debugging API
C
•
MIT License
•36•0•0•0•Updated Jan 4, 2026Jan 4, 2026
FsquirtCPLPoC
Public
PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin
C
•25•0•0•0•Updated Jan 4, 2026Jan 4, 2026
XSSNow
Public
Find XSS payloads that actually work by filtering them based on real-world constraints instead of blind payload spraying.
JavaScript
•
Other
•43•0•0•0•Updated Jan 4, 2026Jan 4, 2026
CopyMyWrite
Public
Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty
C++
•
Other
•15•0•0•0•Updated Jan 3, 2026Jan 3, 2026
MSFinger
Public
Microsoft Network Service Fingerprinting Tool
Python
•
GNU Affero General Public License v3.0
•6•0•0•0•Updated Jan 2, 2026Jan 2, 2026
Remote-BOF-Runner
Public
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
C
•
MIT License
•5•0•0•0•Updated Jan 2, 2026Jan 2, 2026
xingrin-2
Public
src资产管理漏洞扫描平台，子域名爆破，端口扫描，站点发现，目录扫描，爬虫，漏洞扫描
TypeScript
•
GNU General Public License v3.0
•60•0•0•0•Updated Dec 30, 2025Dec 30, 2025
darkdump
Public
Open Source Intelligence Interface for Deep Web Scraping
Python
•
MIT License
•287•0•0•0•Updated Dec 29, 2025Dec 29, 2025
xingrin
Public
src资产管理漏洞扫描平台，子域名爆破，端口扫描，站点发现，目录扫描，爬虫，漏洞扫描
TypeScript
•
GNU General Public License v3.0
•60•0•0•0•Updated Dec 28, 2025Dec 28, 2025
cache-deception-scanner
Public
"Web-Cache-Deception-Scanner" Extension for BurpSuite
Java
•
Other
•2•0•0•0•Updated Dec 27, 2025Dec 27, 2025