01-远控C2

0x01 远控——优秀项目
    https://github.com/quasar/Quasar
    https://github.com/yuanyuanxiang/SimpleRemoter
    https://www.vipshare.com/
    https://www.netsupportmanager.com/zh-CN/
    https://github.com/moom825/xeno-rat


0x02 C2——优秀项目
    https://www.cobaltstrike.com/
    https://bruteratel.com/
    https://nighthawkc2.io/
    https://github.com/n1nj4sec/pupy
    https://github.com/rapid7/metasploit-framework
    https://github.com/HavocFramework/Havoc
    https://github.com/BishopFox/sliver
    https://github.com/its-a-feature/Mythic
    https://github.com/Adaptix-Framework/AdaptixC2

02-权限提升

# 0x01 Windows权限提升——优秀项目
    https://github.com/Ascotbe/Kernelhub
    https://github.com/SecWiki/windows-kernel-exploits
    https://forum.butian.net/share/860
    https://github.com/uknowsec/SweetPotato
    https://github.com/zcgonvh/DCOMPotato/tree/master
    https://forum.butian.net/share/860


# 0x02 Linux权限提升——优秀项目
    https://github.com/The-Z-Labs/linux-exploit-suggester
    https://github.com/jondonas/linux-exploit-suggester-2
    https://github.com/liamg/traitor
    https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
    https://gtfobins.github.io/

03-隧道搭建

0x01 优秀项目
    https://github.com/CodeSecurityTeam/frp
    魔改版frp

    https://github.com/jpillora/chisel
    
    https://github.com/L-codes/Neo-reGeorg
    老牌Web正向代理

    https://github.com/zema1/suo5
    新一代Web正向代理

    https://github.com/Yeeb1/SockTail
    基于WireGuard的一次性Socks5代理，Socks5代理在建立的VPN隧道中，感觉还不错，暂未在实战中测试

04-凭证窃取

# 0x01 Windows凭证窃取——优秀项目
    https://github.com/gentilkiwi/mimikatz
    https://github.com/StarfireLab/SharpWeb
    https://dre4merp.github.io/2024/12/利用-seclogon-ppid-spoofing-实现-dump-lsass-内存/
    https://vari-sh.github.io/posts/doppelganger/
    
    https://cicada-8.medium.com/im-watching-you-how-to-spy-windows-users-via-ms-uia-c9acd30f94c4
    创新的键盘记录方式，绕过EDR监控
    
    https://github.com/CICADA8-Research/Spyndicapped


# 0x02 Linux凭证窃取——优秀项目
    https://www.cmd5.com/
    https://www.tunnelsup.com/hash-analyzer/
    https://hashcat.net/wiki/doku.php?id=example%20hashes
    https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt



# 0x03 软件凭据窃取——优秀项目
    https://github.com/AlessandroZ/LaZagne
    https://github.com/moonD4rk/HackBrowserData
    https://github.com/qwqdanchun/Pillager
    https://github.com/djhohnstein/SharpWeb
    https://github.com/Meckazin/ChromeKatz

05-信息收集

# 0x01 Windows主机敏感信息收集——优秀项目
    https://github.com/aleenzz/InjectSQLServer
    ASPX网站数据库密码加密存储

    https://github.com/qwqdanchun/Pillager
    https://github.com/lintstar/SharpHunter
    https://github.com/GhostPack/Seatbelt

06-探测扫描

0x01 优秀项目
    https://mp.weixin.qq.com/s/tqd9jJJv4bmzN6xVdpGDow
    https://github.com/shmilylty/netspy
    https://github.com/shadow1ng/fscan
    https://github.com/lcvvvv/kscan
    nltest

07-横向攻击

# 0x01 数据库攻击——优秀项目
    https://github.com/SafeGroceryStore/MDUT
    https://github.com/jas502n/oracleShell
    https://github.com/RowTeam/SharpSQLTools
    https://github.com/0x727/SqlKnife_0x727
    https://github.com/quentinhardy/odat
    https://github.com/quentinhardy/msdat
    https://github.com/safe6Sec/PentestDB

# 0x02 命令执行——优秀项目
    https://github.com/fortra/impacket
    https://github.com/rootclay/WMIHACKER

08-域渗透

# 0x01 优秀项目
    https://github.com/SpecterOps/BloodHound
    https://lolad-project.github.io/
    https://swisskyrepo.github.io/InternalAllTheThings/