BillionMail gives you open-source MailServer, NewsLetter, Email Marketing — fully self-hosted, dev-friendly, and free from monthly fees. Join the discord: https://discord.gg/asfXzBUhZr

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

Intel 64/Windows low-level experiments

CVE-2025-8088 WinRAR Proof of Concept (PoC-Exploit)

A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

HTML obfuscation tool

POC exploit for CVE-2024-49138

ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.

Next-Gen Stealer written in Go. Stealing from Discord, Chromium-Based & Firefox-Based Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For educational purposes only)

Situational Awareness script to identify how and where to run implants

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

↕️🤫 Stealth redirector for your red team operation security

Evilginx Phishing Engagement Infrastructure Setup Guide

Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework

Latest version of evilginx2 + Telegram modification and working Ionos mail phishlet.

Reverse engineered to remove IOCs, added Exchange Online Protection IP blacklist and bing-bot user-agent blocking, DNS configuration and notes on usage.

PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.

This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3. May be updated periodically.

Latest Evilginx Modification + Custom Features such as Telegram WebHook, latest anti detection, server side query to identify and bypass recaptcha or any other anti-ddos protection.

Latest version of evilginx2 with Gophish + Telegram modification

This simple tool, simply extract office365/outlook email address, using the inbox and sent folder of the person or company.