The First Windows Penetration Testing Environment on Mac M Chips
δΈζζζ‘£ English README
This environment aims to provide a ready-to-use Windows penetration testing environment.
Reposting is welcome. Please indicate the original author and link: https://github.com/arch3rPro/Pentest-Windows
Recommended environment: [VMware: 17.0] / [RAM: 8G] / [VM Disk: 100G] / [Actual disk usage: about 30G]
System account: admin, password: 123456. Please change the password after login!
Chinese name: ηΒ·ηΎ ζ¦ε¨εΊ , meaning that cybersecurity is both offense and defense, with the sharpest spear and the strongest shield, interdependent and competitively evolving.
The project has integrated 400+ commonly used tools and scripts. You can submit tool requests in the pinned Issue.
Parallels Desktop
VMware version
Main Features & Update History:
v3.2 (Latest):
Supports x64 architecture (VMware | PVE-KVM)
Supports Mac M series Arm architecture (Fusion | Parallels Desktop)
Supports Hyper-V and Ventoy bootable version (can be installed to external hard drive, run on any host, no VM required)
Optimized graphical bat tool startup, added vbs no CMD popup startup.
KVM VM has QGA and VirtualIO drivers installed, adapted for ProxmoxVE, ready to use after import (RDP recommended).
Added UniGetUI management, supports graphical update of scoop-installed tools and software.
VirtualBox version in progress.
v3.1:
Based on official Windows 11 ARM ISO.
Chrome tab management added, project tool links imported.
Maye toolkit categories and subcategories beautified with emoji.
v3.1 PD version removed TPM restriction, VM not encrypted.
Added basic PD VM download Windows 11-Optimization.PD.7z
v3.0:
Added tools for internal penetration, credential acquisition, VPN, etc. Total tools increased to 360+.
Toolbox uses new Maya Lite version, supports subcategories, clearer classification.
All tools in the toolbox have comments, mouse hover shows description.
Due to Windows 11 TPM policy, VM is encrypted, password: 123456789.
General Features (v2.x - v3.x):
Streamlined built-in software, beautified terminal fonts and some icons, moderate optimization.
System disk image 100GB, single disk file storage for performance (image size continuously optimized).
Rebuilt tool icons, each tool has a corresponding icon.
Integrated Scoop package manager (v2.1+), supports scoop update <tool> for updates.
Scoop supports script tool installation and updates (v2.2+).
Windows Terminal optimized, unified theme and oh-my-posh enhancement.
Updated Scoop environment variables, CLI tools can be used directly in CMD or Powershell.
Removed some unmaintained or rarely used tools.
WSL temporarily removed (low usage, large space, ARM version not supported), may be added later as needed.
βΉοΈ Additional Information
For the full list of supported tools and updates, please check https://github.com/arch3rPro/scoop-bucket .
Some machines do not support nested virtualization or may conflict with local Hyper-V installation. Please use the NoWSL lite version if you do not need Kali-WSL.
Tools are in their initial installation state by default. Some tools require initialization, and a few need manual plugin configuration.
π Production Statement 1. All installable software is downloaded from the official website or GitHub.
2. All portable (green) software is downloaded from Guohe Shell (https://www.ghxi.com/).
3. All script tools are downloaded from GitHub.
4. Some licensed (cracked) and excellent penetration tools are shared from WeChat public accounts.
5. Some personal information may remain due to debugging; please ignore it.
6. This project does not and will never accept any form of sponsorship.
1. This image is only for legally authorized enterprise security construction. If you want to test its usability, please set up your own target environment.
2. When using this image for testing, ensure your actions comply with local laws and have sufficient authorization.
3. Any illegal use is at your own risk. The author assumes no legal or joint liability.
πͺ: Managed and installed by scoop, supports one-click install and update.
π: Online security tools, require internet access, some need VPN/proxy.
π: Offline knowledge base, including password dictionaries, tool usage, exploit tutorials, AV bypass guides (PDF/Markdown).
β¨οΈ Programming & IDEs
Python v3.10.11 (D:/Base/apps/Python310)
Python v2.7.18 (D:/Base/apps/Python27)
JRE v1.8.0_381 (D:/Base/apps/liberica17-jre/current/bin)
Perl v5.36.1 (D:/Base/apps/git/current/usr/bin/perl.exe)
Ruby v3.2.2
TDM-gcc v10.3.0 (D:/Base/apps/tdm-gcc)
Laragon v5.0.0 (D:/Base/apps/laragon)
Nginx v1.14.0
Apache v2.4.43
PHP v5.4.9
MySQL v5.1.72
Git v2.41.0 (D:/Base/apps/git)
Curl v8.1.1 (D:/Base/apps/Curl/bin)
Wget v1.21.4 (D:/Base/apps/Wget)
Scoop: Windows package manager v0.3.1 (D:/Base/apps/scoop)
System Enhancement:
7zip: High-compression open-source archiver πͺ
utools: Multi-functional file search launcher πͺ
Windows Terminal: (replaces default cmd)
VMware: VMware Tools for VM performance and management
Oh-My-Posh: Cross-platform terminal prompt customization πͺ
Clink: Bash-style command line editing for Windows Cmd.exe (D:/Base/apps/Clink) πͺ
SublimeText: Efficient text editor, Chinese version v4.4150 (Guohe Shell)
System Optimization:
Dism++: Windows system management/optimization tool πͺ
WiseCare365: System optimization tool, green version v6.5.1_Pro (Guohe Shell)
Tools: Custom utilities
Context Menu Manager: One-click set WIN10/WIN11 context menu πΎ
Autologin: Windows auto-login registry πΎ
ClearHistory.ps1: Clear PowerShell history πΎ
- Maye Lite: Fast Windows launcher, supports drag-and-drop, hotkeys, multi-column, lnk parsing
- icon: App icon collection, includes custom icons
π οΈ Penetration Tools Introduction
400+ commonly used scripts and GUI tools can be accessed via icons in the Maye toolbox.
Default to launching CMD.exe with Windows Terminal
Script startup directory is set
Required dependencies are installed
Scripts execute Help command on startup
Tool Name
Type
Description
Burpsuite
scoop tool
One of the best tools for web application testing
AntSword
scoop tool
AntSword - WebShell management tool
Goby
scoop tool
Port scanning, asset collection, vulnerability exploitation
MSFconsole
scoop tool
Metasploit - modular exploitation framework
Sqlmap
scoop tool
Automated SQL injection tool
Hydra
scoop tool
Powerful brute-force tool
Yakit
scoop tool
Highly integrated Yak language security testing platform
Zenmap
scoop tool
Port scanning tool (powerful, but slow)
WindTerm
scoop tool
Professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal
uTools
scoop tool
Multi-functional file search launcher
Wireshark
scoop tool
Popular network packet analysis software
Searchsploit
scoop tool
Command-line search tool for Exploit-DB
LibreWolf
scoop tool
Firefox fork with built-in plugins
Chrome
scoop tool
Popular browser with built-in pentest plugins
Tool Name
Type
Description
Wub
scoop tool
Disable system updates
CMWTAT
scoop tool
Windows system activation tool
WiseCare365
portable
System junk cleaning tool
Dism++
portable
System cleaning tool using Dism
UniGetUI
scoop tool
GUI Scoop update management tool
βΎοΈ Service Connection
Tool Name
Type
Description
DBeaver
scoop tool
Open-source free SQL database client
Laragon
scoop tool
PHP, Tomcat server
mRemoteNG
scoop tool
SSH remote connection tool
WinSCP
scoop tool
SFTP file transfer tool
MobaXterm
scoop tool
Multi-protocol remote connection tool
Redis-cli
scoop tool
Redis command-line client
Telnet
built-in
Built-in Telnet client
OpenSSH
scoop tool
Built-in SSH command-line client
HeidiSQL
scoop tool
GUI database client
WindTerm
scoop tool
SSH, SFTP, Telnet remote connection tool
HTTPServer
scoop tool
Single-file HTTP server tool for easy file transfer
GoHTTPServer
scoop tool
HTTP server tool written in Go
OpenVPN
installer
OpenSSL-based VPN, simple and easy to use
π‘ Information Gathering
Tool Name
Type
Description
Fping
scoop tool
Enhanced Ping command, intended to replace Windows built-in ping
Masscan
scoop tool
Fast port scanner for scanning large numbers of IPs and ports
TCPing
scoop tool
Test TCP connectivity and response time
Arp-Ping
scoop tool
Command-line tool to find MAC address for a given IP via ARP
NetCat
scoop tool
Read/write data across networks using TCP/UDP, the Swiss Army knife
NETworkManager
scoop tool
Windows network management tool
π Domain Info Gathering
Tool Name
Type
Description
Whois
scoop tool
Whois query command-line tool
Subfinder
scoop tool
Open-source tool focused on subdomain collection
DnsX
scoop tool
Powerful multipurpose DNS toolkit
Layer Subdomain
scoop tool
Domain query tool, provides subdomain search services
KsubDomain
scoop tool
Stateless subdomain brute-forcing tool
Ct
scoop tool
Simple and easy-to-use domain brute-forcing tool
JSFinder
scoop tool
Extract URLs and subdomains from JS files on websites
Knock
scoop tool
Python script for comprehensive subdomain scanning using wordlists
πͺ¬ Comprehensive Recon Tools
Tool Name
Type
Description
OneForAll
scoop tool
Powerful subdomain collection tool
Mitan
scoop tool
Recon tool with asset info, subdomain brute, search syntax, mapping, fingerprint, info gathering, file/port scan, weight check, password dict, etc.
Amass
scoop tool
Open-source subdomain info gathering tool
Gobuster
scoop tool
Open-source tool for directory/file brute-forcing in web apps
Argus
scoop tool
Powerful, flexible, easy-to-use open-source recon toolkit
Bbot
scoop tool
Recursive OSINT resource intelligence tool
Tool Name
Type
Description
GooFuzz
scoop tool
Fuzzing tool based on OSINT methods
GHDB
online tool
Google Hacking Database for finding public info for pentesters
Pagodo
scoop tool
Automates Google Hacking DB scraping and searching
Google-Dorks
scoop tool, local
Advanced search/query techniques for Google search engine
SearchDiggity
scoop tool
Google Hacking Diggity, uses search engines to quickly find weaknesses and sensitive data
LazyDork
online tool
Online generator for Google Dorking search syntax
Tool Name
Type
Description
GitHacker
scoop tool
Detects git source code leaks and downloads site source code
GitGraber
scoop tool
Python3 tool for real-time GitHub monitoring for sensitive data
Gitrob
scoop tool
Open-source recon tool for finding sensitive files in public repos
GitMiner
scoop tool
Powerful GitHub data mining tool based on Python
SvnExploit
scoop tool
SVN source code leak dumper for all versions
Gowitness
scoop tool
Website screenshot tool using Chrome Headless (Golang)
Tool Name
Type
Description
Goby
scoop tool
Port scanning, asset collection, vulnerability exploitation
Masscan
scoop tool
Fast port scanner for scanning large numbers of IPs and ports
NimScan
scoop tool
Fast port scanner
TxPortMap
scoop tool
Port scanning and banner identification tool
Scaninfo
scoop tool
Yujian Scanner
scoop tool
Yujian port scanning tool
Naabu
scoop tool
Fast, stable, easy-to-use port scanner written in Go
Zenmap
scoop tool
Powerful port scanner (but slow)
gogo
scoop tool
Highly controllable, extensible automation engine for red teams
Tool Name
Type
Description
Lightning Searcher
scoop tool
Cyberspace search engine, GUI (Mac/Windows) recon info gathering
AsamF
scoop tool
Integrated search tool for multiple asset mapping platforms
uncover
scoop tool
Quickly find exposed hosts on the Internet using multiple engines
FlashSearch
scoop tool
User-friendly multi-platform asset mapping client
βοΈ Proxy & Packet Capture
Tool Name
Type
Description
Broxy
scoop tool
HTTP/HTTPS open-source intercepting proxy written in Go
Hetty
scoop tool
HTTP toolkit for security research
Mitmproxy
scoop tool
HTTP proxy supporting SSL
Yakit
scoop tool
Highly integrated Yak language security testing platform
Wireshark
scoop tool
Popular network packet analysis software, detailed packet info
ProxyPin
scoop tool
MITM-based packet capture tool, mainly for mobile app security
Burpsuite
scoop tool
One of the best web application testing tools
ZapProxy
scoop tool
Open-source web application security scanner
π Fingerprint Recognition
Tool Name
Type
Description
WebAnalyze
scoop tool
Go version of Wappalyzer
TideFinger
scoop tool
Fingerprint tool integrating multiple web indicator databases
EHole3.0
scoop tool
Red team system fingerprint detection tool
Dismap
scoop tool
Asset discovery and identification, fast web fingerprint recognition
pyxis
scoop tool
Auto-identifies HTTP/HTTPS, gets headers, status, size, time, fingerprint
Scan4all
scoop tool
Official vuls scan: 15000+ PoC, 23 password cracks, 7000+ web fingerprints, 146 protocols, 90000+ port rules
WhatWeb
scoop tool
Powerful open-source tool for web app/server tech fingerprinting
CMSeek
scoop tool
CMS detection/exploitation, supports 180+ CMS (WordPress, Joomla, Drupal)
ObserverWard
scoop tool
Cross-platform community web fingerprint tool
P1finger
scoop tool
Key asset fingerprint tool, identifies systems via HTTP request
HFinger
scoop tool
Fingerprint tool for malicious HTTP requests, based on Tshark, Python3
xapp
scoop tool
Web fingerprint recognition tool
Tool Name
Type
Description
Behinder
scoop tool
"Bingxie" dynamic binary encrypted website management client
Bantam
scoop tool
PHP shell management tool
Godzilla
scoop tool
Godzilla WebShell management tool
Pyshell
scoop tool
Python version shell management tool
Scorpio Priv Tool
scoop tool
WebShell client using Bingxie encrypted traffic
Weevely
scoop tool
Webshell management tool
AntSword
scoop tool
Chinese AntSword loader, built-in app store
Awsome-shells
scoop tool
Reverse shell collection
Webshell
scoop tool
WebShell collection
Webshell_Generate
scoop tool
Generate various AV-bypass webshells
Youhun
scoop tool
New-gen Webshell manager, compatible with AntSword/Bingxie PHP
SharPyShell
scoop tool
ASP.NET Webshell for C# web apps
Tool Name
Type
Description
Ffuf
scoop tool
Fast web fuzzer written in Go
Dirsearch
scoop tool
Tool for discovering hidden directories/files on web servers
Gobuster
scoop tool
Open-source directory/file brute-forcing tool for web apps
WebPathBrute
scoop tool
7kbscan-WebPathBrute, web path brute-forcing tool
HTTPX
scoop tool
Full-featured HTTP client for Python3
Gospider
scoop tool
Fast web crawler written in Go
Spray
scoop tool
Next-gen directory brute-forcing solution
DirBuster
scoop tool
Multithreaded Java app for brute-forcing web server directories/files
Feroxbuster
scoop tool
Fast, simple, recursive content discovery tool in Rust
Katana
scoop tool
Next-gen crawler framework
URLFinder
scoop tool
Fast, comprehensive page info extractor for JS, URLs, sensitive info
Tool Name
Type
Description
Hashcat
scoop tool
Password cracker in C, supports brute-forcing many hash algorithms
John
scoop tool
Fast password brute-forcing tool
johnny
scoop tool
GUI version of John the Ripper
Psudohash
scoop tool
Password list generator for brute-force attacks
Wordlists
scoop tool, local
Kali built-in wordlists
Weakpass
online tool
https://weakpass.com/ online weak password search
HashCalculator
scoop tool
Hash calculation tool, batch calc/verify/find duplicates/change hash
Boom
scoop tool
Smart web weak password brute-forcer/detector based on headless browser
Hydra
scoop tool
Fast brute-force tool for system login passwords
SNETCracker
scoop tool
Super weak password checker
SecLists
scoop tool, local
Password dictionary for pentesters
πͺ² Vulnerability Scanning
Tool Name
Type
Description
Nuclei
scoop tool
Very fast and easy-to-use vulnerability scanner
Xray
scoop tool
Community version of Xray, supports active/passive scanning, flexible POC
Xray-GUI
scoop tool
GUI for Xray vulnerability scanner
SiteScan
scoop tool
All-in-one tool for pentest info gathering
Scaninfo
scoop tool
Open-source fast scanner for red team internal/external scanning
OSV-Scanner
scoop tool
Free security scanner by Google (Dec 2022)
Afrog
scoop tool
High-performance, fast, stable, customizable PoC vulnerability scanner
Nikto
scoop tool
Open-source web scanner, tests for 2600+ dangerous files/CGI/etc
Zed Proxy
scoop tool
Open-source web application security scanner
Scan4all
scoop tool
15000+ PoC, 23 password cracks, 7000+ fingerprints, 146 protocols, 90000+ port rules
Wscan
scoop tool
Web security scanner
Wavely
scoop tool
Nuclei GUI PoC management tool, auto-integrates Nuclei PoCs
Vscan
scoop tool
Open-source, lightweight, fast, cross-platform web vulnerability scanner
VscanPlus
scoop tool
Enhanced Vscan, port scan, fingerprint, directory fuzz, vuln scan
Wapiti3
scoop tool
Open-source web app vulnerability scanner
EZ
scoop tool
All-in-one info gathering, port scan, brute, URL crawler, fingerprint, passive scan
Dismap
scoop tool
Asset discovery and identification, fast web fingerprinting
oFx
scoop tool
Batch web vulnerability scanning framework
xpoc
scoop tool
Lightweight, cross-platform PoC framework by Chaitin Tech
F-vuln
scoop tool
Automated scanner for daily security, pentesters, red teams
π Vulnerability Search
Tool Name
Type
Description
GetSploit
scoop tool
Command-line search/download tool for Vulners DB, inspired by searchsploit
Go-Exploitdb
scoop tool
Go-based exploit-db search tool
Searchsploit
scoop tool
Command-line search tool for Exploit-DB
VulnerabilityLookup
scoop tool
Rewritten cve-search, open-source tool for local CVE DB
π§Ώ Common Vulnerabilities
Tool Name
Type
Description
XSStrike
scoop tool
Advanced XSS detection tool
XSSor2
scoop tool
XSS exploitation assistant tool
Dalfox
scoop tool
Open-source XSS vulnerability scanner
Toxssin
scoop tool
CLI and payload generator for XSS exploitation
X-Recon
scoop tool
Automated XSS vulnerability reconnaissance tool
PwnXSS
scoop tool
XSS vulnerability scanning/exploitation tool
LOXS
scoop tool
Scanner for SQLi, CRLF, XSS, LFi, OpenRedirect vulnerabilities
Tool Name
Type
Description
Sqlmap
scoop tool
SQL injection vulnerability scanner/exploitation tool
SSQLInjection
scoop tool
Super SQLi tool, HTTP packet-based SQLi tool
SQL-Injection-Payload-List
scoop tool, local
SQL injection payload list
NoSQLMap
scoop tool
NoSQL database exploitation tool
Advanced-SQL-Cheatsheet
scoop tool, local
Advanced SQLi query cheatsheet
SQLMapCG
online tool
https://www.ddosi.org/scg/ SQLmap command generator
Tool Name
Type
Description
Commix
scoop tool
Automated command injection exploitation tool
SSTImap
scoop tool
Interactive SSTI detection tool
Shellfire
scoop tool
Exploitation tool for command/LFI/RFI/SSTI injection vulnerabilities
SSRFmap
scoop tool
Automated SSRF fuzzing/exploitation tool
XXEinjector
scoop tool
Automated XXE exploitation tool
CRLFsuite
scoop tool
CRLF injection (HTTP response splitting) scanner
Tool Name
Type
Description
LFISuite
scoop tool
Local file inclusion exploitation tool
Fuxploider
scoop tool
File upload vulnerability scanner/exploitation tool
LFIMap
scoop tool
Local file inclusion discovery/exploitation tool
β¨οΈ Deserialization Exploitation
Tool Name
Type
Description
Ysoserial-GUI
scoop tool
GUI for Ysoserial exploitation tool
Ysomap
scoop tool
Java deserialization exploitation framework
JYso
scoop tool
Ysoserial & JNDIExploit tool, supports high-version/WAF/RASP bypass
Ysoserial
scoop tool
PoC generator for unsafe Java object deserialization
JNDI-Injection-Exploit-Plus
scoop tool
JNDI link generator and backend service tool
PPPYSO
scoop tool
Java deserialization PoC generator
Deswing
scoop tool
GUI Java deserialization tool, integrates Ysoserial
JNDI-Inject-Exploit
scoop tool
JNDI injection testing tool
β Database Exploitation
Tool Name
Type
Description
MDUT
scoop tool
Multi-database exploitation tool
SqlKnife
scoop tool
SQL Server security check tool for CLI
Databasetools
scoop tool
Automated privilege escalation tool for databases (Go)
TeamIDE
scoop tool
Integrated management for MySQL, Oracle, Kingbase, DM, Shentong, SSH, FTP, Redis, Zookeeper, Kafka, Elasticsearch, MongoDB, etc.
Sylas
scoop tool
Comprehensive database exploitation tool
SharpSQLTools
scoop tool
Upload/download files, xp_cmdshell/sp_oacreate command execution, CLR assembly loading
SharpSQLToolsGU
scoop tool
GUI for SharpSQLTools
RedisEXP
scoop tool
Redis vulnerability exploitation tool
π Special Vulnerabilities π³οΈ Comprehensive OA Tools
Tool Name
Type
Description
MYExploit
scoop tool
OA product vulnerability exploitation tool
Apt_t00ls
scoop tool
High-risk vulnerability exploitation tool
I-Wanna-Get-All
scoop tool
OA application exploitation tool
OA-EXPTOOL
scoop tool
OA all-in-one tool, includes nearly 20 OA vulnerability scanners
ποΈ CMS Vulnerabilities
Tool Name
Type
Description
CMSeek
scoop tool
CMS detection/exploitation, supports 180+ CMS
FrameScan-GUI
scoop tool
GUI CMS vulnerability detection framework (Python3 + PyQt)
FrameScan
scoop tool
CLI CMS vulnerability detection framework
βοΈ Middleware Vulnerabilities
Tool Name
Type
Description
Spring_All_Reachable
scoop tool
Spring vulnerability all-in-one exploitation tool
WeblogicTool
scoop tool
GUI tool for Weblogic vulnerabilities, detection, command exec, memory shell, password decryption
SBSCAN
scoop tool
Penetration testing tool focused on Spring framework
FastjsonScan
scoop tool
Fastjson scanner, detects version, dependencies, autoType status
Hyacinth
scoop tool
Java vulnerability collection tool
JenkinsExploit
scoop tool
Jenkins comprehensive vulnerability exploitation tool
SpringBoot
scoop tool
SpringBoot penetration framework, high-risk Spring vulnerabilities
SpringBoot-Scan-GUI
scoop tool
GUI SpringBoot-Scan exploitation tool
ShiroAttack2
scoop tool
Shiro deserialization vulnerability all-in-one tool
shiroEXP
scoop tool
Shiro deserialization vulnerability all-in-one tool
π Other Vulnerability Exploitation
Tool Name
Type
Description
NacosExploit
scoop tool
Nacos GUI tool, default password, SQLi, auth bypass, deserialization detection/exploitation
NacosExploitGUI
scoop tool
NacosExploit GUI tool
VcenterKiller
scoop tool
Comprehensive exploitation tool for Vcenter
π°οΈ Penetration Frameworks
Tool Name
Type
Description
Metasploit
scoop tool
Modular exploitation framework
POC-T
scoop tool
Plugin-based concurrent pentest framework
MYExploit
scoop tool
OA product vulnerability exploitation tool
Yakit
scoop tool
Highly integrated Yak language security testing platform
MSFVenom
scoop tool
MSF modular exploitation framework payload generator
XieBroC2
scoop tool
C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
TeamServer-XieBroC2
scoop tool
C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
Sliver-Server
scoop tool
Open-source cross-platform adversary simulation/red team framework (server)
WoodPecker
scoop tool
High-risk vulnerability detection and deep exploitation framework
Pocsuite3
scoop tool
Open-source remote vulnerability testing framework
DudeSuite
scoop tool
Dude Suite network security tools
AuxTools
scoop tool
GUI pentest assistant tools
Railgun
scoop tool
GUI penetration tool
Cobaltstrike
scoop tool
Commercial pentest tool - Cobalt Strike
Tool Name
Type
Description
PrintMyShell
scoop tool
Auto-generate various reverse shell Python scripts
Girsh
scoop tool
Auto-launch fully interactive reverse shell
NatPass
scoop tool
Host management tool, supports web shell and web desktop
Govenom
scoop tool
Generate MSFVenom shells in command line :)
Wmiexec-Pro
scoop tool
AV evasion in lateral movement
Reverse_SSH
scoop tool
SSH-based reverse shell management tool
Reverse-Shell-Generator
scoop tool
Hosted reverse shell generator with many features
HackerPermKeeper
scoop tool
Linux persistence tool
SharPersist
scoop tool
Windows persistence toolkit in C#
Tool Name
Type
Description
ShellCodeLoader
scoop tool
Shellcode loader
MazteuszEx
scoop tool
AV bypass generator
shellter
scoop tool
Dynamic shellcode injection tool
Yanri
scoop tool
AV bypass executor generator
MaLoader
scoop tool
AV-bypass trojan generator based on Tauri+Rust
S-inject
scoop tool
AV-bypass DLL/Shellcode injector for Windows, GUI supported
S-inject_gui
scoop tool
AV-bypass DLL/Shellcode injector for Windows, GUI supported
XG_NTAI
scoop tool
Webshell AV bypass, encrypted traffic
Tide AV Bypass
online tool
http://bypass.tidesec.com/
BypassAntiVirus
scoop tool, local
Remote control AV bypass articles and tools
RingQ
scoop tool
Post-exploitation AV bypass tool, supports bypassing AV/EDR/360/Defender
LoaderFly
scoop tool
Fast AV-bypass trojan generator for red teamers
BinarySpy
scoop tool
Manual/auto patch shellcode to binary for AV bypass
ZeroEye
scoop tool
Automated white file finder, scans EXE imports, lists DLLs, filters non-system DLLs
EXEToShellcode
scoop tool
Post-exploitation AV bypass tool based on PE Patch, x64 supported
sgn
scoop tool
Polymorphic binary encoder for offensive security research
donut
scoop tool
Generates x86, x64, or AMD64+x86 shellcode
AniYa
scoop tool
AniYa-GUI AV bypass framework
ByPassBehinder
scoop tool
Bingxie WebShell AV bypass generator
ByPassGodzilla
scoop tool
Godzilla WebShell AV bypass generator
Tool Name
Type
Description
Godoh
scoop tool
A DNS-over-HTTPS C2
SharpStrike
scoop tool
Post-exploitation research tool based on C#
Merlin-Server
scoop tool
RAT software developed in Go
AsyncRAT
scoop tool
Open-source remote management tool
XieBroC2-TeamServer
scoop tool
C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
PSRansom
scoop tool
PowerShell-based C2 tool - client
PSRansom-C2Server
scoop tool
PowerShell-based C2 tool - server
Sliver-Client
scoop tool
Open-source cross-platform adversary simulation/red team framework (client)
Sliver-Server
scoop tool
Open-source cross-platform adversary simulation/red team framework (server)
Revshell
scoop tool
Reverse shell command generator in Go
XieBroC2
scoop tool
C2 for pentest, Lua plugin, domain fronting, config, sRDI, file/process/memory mgmt, screenshot, proxy, group mgmt
Meterpeter
scoop tool
C2 PowerShell command and control framework with built-in commands
RedGuard
scoop tool
C2 frontend traffic control tool, evades blue team, AV, EDR checks
Tool Name
Type
Description
GTFOBLookup
scoop tool
Offline command-line lookup utility for GTFOBins, LOLBAS, WADComs, HijackLibs
Linux-exp-Suggester
scoop tool
[Upload to target] Automated tool to search known vulnerabilities based on Linux kernel version
Win-Kernel-EXP
scoop tool
Windows privilege escalation vulnerability collection
Lin-Kernel-EXP
scoop tool
Linux privilege escalation exploits
BeRoot
scoop tool
Powerful post-exploitation tool, focuses on common misconfigurations
WinPEAS
scoop tool
[Upload to target] Search for privilege escalation paths in Windows
LinPEAS
scoop tool
[Upload to target] List all possible privilege escalation methods on Linux
PrintNotifyPotato
scoop tool
[Upload to target] Privilege escalation using PrintNotify COM service
Moriarty
scoop tool
[Upload to target] Enumerate missing KBs, detect vulnerabilities, suggest Windows privilege escalation
π Online Privilege Escalation π©οΈ Multi-level Proxy
Tool Name
Type
Description
Termite
scoop tool
Multi-platform, bidirectional cascading between jump hosts, built-in shell management
Venom
scoop tool
Multi-level proxy tool designed for pentesters, developed in Go
Stowaway
scoop tool
Multi-level proxy tool written in Go for pentesters
Rport
scoop tool
Remote management tool, supports multi-level proxy
Rakshasa_Fullnode
scoop tool
Rakshasa control node - powerful multi-level proxy in Go, designed for multi-level proxy and internal penetration
Rakshasa_Node
scoop tool
Rakshasa regular node - powerful multi-level proxy in Go, designed for multi-level proxy and internal penetration
Tool Name
Type
Description
Frps
scoop tool
High-performance reverse proxy for internal penetration, supports TCP, UDP, HTTP, HTTPS, P2P
NPS
scoop tool
Lightweight, high-performance, powerful internal penetration proxy server
GoProxy
scoop tool
High-performance HTTP, HTTPS, WebSocket, TCP, SOCKS5 proxy server
reGeorg
scoop tool
HTTP proxy tool in Python, improved version of reDuh
Neoreg
scoop tool
reGeorg refactored project, improved usability, avoids signature detection
Gost
scoop tool
Secure tunnel implemented in Go
Ligolo-ng_Agent
scoop tool
Simple, lightweight, fast tool for pentesters to establish tunnels via tun interface (no SOCKS)
Chisel
scoop tool
Fast TCP/UDP tunnel using HTTP transport
Suo5-GUI
scoop tool
High-performance HTTP proxy tunnel tool - GUI version
Neutrino-Client
scoop tool
Neutrino proxy client, open-source internal penetration tool based on Netty
Neutrino-Server
scoop tool
Neutrino proxy server, open-source internal penetration tool based on Netty
Ngrok
scoop tool
Reverse proxy, establishes secure channel between public endpoint and local web server
Suo5
scoop tool
High-performance HTTP proxy tunnel tool
Rathole
scoop tool
Secure, stable, high-performance internal penetration tool in Rust
Ligolo-ng_Proxy
scoop tool
Simple, lightweight, fast tool for pentesters to establish tunnels via tun interface (no SOCKS)
Tool Name
Type
Description
NetCat
scoop tool
Read/write data across networks using TCP/UDP, the Swiss Army knife
RustCat
scoop tool
Modern port listener and reverse shell tool for Linux, macOS, Windows
Socat
scoop tool
Powerful forwarding tool for different interfaces
websocat
scoop tool
Open-source command-line tool in Rust for WebSocket connections
PortForward
scoop tool
Port forwarding tool in Go, solves internal/external network issues
Proxychains
scoop tool
Powerful terminal proxy interception tool
Tool Name
Type
Description
Fscan
scoop tool
Internal comprehensive scanner, one-click automation, full coverage
LadonGo
scoop tool
Open-source internal penetration scanner framework, easy C/B/A segment detection
Netspy
scoop tool
Fast internal network segment detection tool
FscanParser
scoop tool
GUI tool for processing Fscan output results
NBTScan
scoop tool
Windows network protocol scanner, gets NetBIOS names and info
Kscan
scoop tool
Comprehensive scanner in Go, port scan, protocol detection, fingerprint, brute force
Qscan
scoop tool
Lightweight comprehensive internal scanner, TCP scan, service identification, vulnerability verification
ServerScan
scoop tool
High-efficiency concurrent network scanner and service probe in Go
Searchall
scoop tool
Powerful sensitive info search tool, quickly finds usernames, passwords, accounts, credentials, browser passwords
ScanLine
scoop tool
Fast internal scanning tool
Cube
scoop tool
Internal penetration testing tool, weak password brute, info gathering, vulnerability scanning
Template
scoop tool
Internal penetration vulnerability scanning tool
Yasso
scoop tool
Powerful internal penetration assistant toolkit - supports RDP, SSH, Redis, PostgreSQL, MongoDB, MSSQL, MySQL, WinRM brute force, fast port scanning, powerful web fingerprinting, one-click exploitation of built-in services
Tool Name
Type
Description
SharpHound
scoop tool
Collect various info in Windows domain, computer objects, group memberships, permissions
BloodHound
scoop tool
Visualize relationships in domain environment
Impacket
scoop tool
Python implementation of network protocols, IP, TCP, ICMP, etc.
PingCastle
scoop tool
Quick Active Directory security assessment using risk assessment framework
ADExplorer
scoop tool
Domain info query tool, standalone executable, lists domain structure, user accounts, computer accounts
BloodyAD
scoop tool
Powerful Active Directory privilege escalation framework
AdFind
scoop tool
Very powerful info gathering tool in domain environment
Rubeus
scoop tool
Tool for Kerberos protocol attacks, can initiate requests and import tickets
π Credential Harvesting
Tool Name
Type
Description
HackBrowserData
scoop tool
Browser data decryption tool (passwords, history, cookies, bookmarks), supports Chrome, Firefox, Edge, 360, QQ, etc.
LaZagne
scoop tool
Powerful password recovery and forensics tool, extracts passwords stored on local computer
Kerbrute
scoop tool
Popular enumeration tool, abuses Kerberos pre-authentication for brute force and enumeration
SharpXDecrypt
scoop tool
Xshell all-version password recovery tool
RouterPassView
scoop tool
Retrieve usernames and passwords saved in router configuration files
Mimikatz
scoop tool
Very powerful security tool in C, extracts plaintext passwords, hashes, PINs, Kerberos tickets from memory
NetPass
scoop tool
View Windows computer credential passwords tool
ProcDump
scoop tool
Command-line utility for monitoring CPU spikes and generating crash dumps
PassRecEnc
scoop tool
Free password recovery tool for Windows programs, Chrome, Firefox, Edge, IE, Outlook, network passwords, wireless keys, dial-up entries
WebBrowserPassView
scoop tool
Password viewer for all major browsers, IE 4.0-8.0, Firefox, Chrome, Opera
Tool Name
Type
Description
NetBird
scoop tool
Open-source network management platform built on WireGuard
Easytier
scoop tool
Simple, secure, decentralized remote networking solution, WireGuard compatible
Tailscale
scoop tool
Virtual networking tool based on WireGuard
Qv2ray
scoop tool
Cross-platform V2Ray client using Qt framework, supports Windows, Linux, macOS
NekoBox
scoop tool
Multi-platform universal proxy tool based on sing-box
v2rayN
scoop tool
V2Ray client for Windows, supports VMess, VLESS, Trojan, Socks, Shadowsocks, Hysteria2, Tuic
WireGuard
scoop tool
Extremely simple but fast and modern VPN
OpenVPN Connect
installer
OpenSSL-based VPN, simple and easy to use compared to traditional VPN
Clash-Verge
scoop tool
Efficient desktop proxy software, designed for managing and enhancing Clash configurations
π‘ Burpsuite/Metasploit
