Python Security related resources Resources

PocOrExp in Github 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网 注意：只通过通用的CVE号聚合，因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞，还是自己检索一下比较好 Usage python3 exp.py -h usage: ex

Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic

fb-brute Fast Fb Cracking Tool 🏆

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name. This project is for educational use, we are not responsible for its misuse.

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

一款利用加载器以及Python反序列化绕过AV的在线免杀工具 因为打包方式的局限性，不能跨平台，若要生成exe格式的只能在Windows下运行本项目 打包速度有点慢，提交后稍等一会 开发环境及运行 前端使用Bootstrap框架，后端使用Django框架 。

Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

Threagile is an open-source toolkit for agile threat modeling:

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

gruvbox-factory 🏭 "The main focus when developing gruvbox is to keep colors easily distinguishable, contrast enough and still pleasant for the eyes"

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

Privacy-respecting, hackable metasearch engine / pronunciation səːks. If you are looking for running instances, ready to use, then visit searx.space.

Patching - Interactive Binary Patching for IDA Pro Overview Patching assembly code to change the behavior of an existing program is not uncommon in ma

SSL-Backdoor Abstract Large-scale unlabeled data has allowed recent progress in self-supervised learning methods that learn rich visual representation

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息： 360：https://cert.360.cn/warning 奇安信：https://ti.qianxin.com/advisory/ 红后：https://redqueen.tj-u

Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

Infection Monkey Data center Security Testing Tool Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a

charlotte c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launche

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

大宝剑-信息收集和资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

privacyIDEA privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you

CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of mal

logmap - Log4j2 jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use http

GRR Rapid Response is an incident response framework focused on remote live forensics. Build Type Status Tests End-to-end Tests Windows Templates Linu

Mystikal macOS Initial Access Payload Generator Related Blog Post: https://posts.specterops.io/introducing-mystikal-4fbd2f7ae520 Usage: Install Xcode

payload dumper Dumps the payload.bin image found in Android update images. Has significant performance gains over other tools due to using multiproces

水泽-信息收集自动化工具 郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目的，否则后果自行承担。 0x01 介绍 作者：Ske 团队：0x727，未来一段时间将陆续开源工具，地址：https://github.com/0x727 定位：协助

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

MSDorkDump is a Google Dork File Finder that queries a specified domain name and variety of file extensions (pdf, doc, docx, etc), and downloads them.

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. In 1st request, gets token of captcha and in 2nd request,

ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [

Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •

MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def

python写的一款免杀工具（shellcode加载器）BypassAV，国内杀软全过（windows denfend）

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

AutoScanner AutoScanner是什么 AutoScanner是一款自动化扫描器，其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务，并使用集成的工具进行扫描，最后集成扫描报告； 工具目前有：oneforall、masscan、nmap、crawlergo、dirse

520_APK_HOOK 介绍 将msf生成的payload，注入到一个正常的apk文件中，重新打包后进行加固，bypass手机安全管家的检测。 项目地址: https://github.com/cleverbao/520apkhook 作者: BaoGuo 优点 相比于原始的msf远控，此版本ap