Awrrays

followers

following

stars

Awrrays's starred repositories

360SafeBrowsergetpass

这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具，用于节省红队工作量，通过下载浏览器数据库、记录密钥来离线解密浏览器密码。

Language:C#60100

Vm4J

A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager

Language:C#GPL-3.020300

Java-Rce-Echo

Java RCE 回显测试代码

Language:Java98900

WMIHACKER

A Bypass Anti-virus Software Lateral Movement Command Execution Tool

Language:VBScriptApache-2.0138300

fofax

FOFAX是一个基于fofa.info的API命令行查询工具

Language:GoGPL-3.071700

JNDI-Inject-Exploit

解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入

Language:JavaMIT65600

sec-note

记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。

Java-Deserialization-Cheat-Sheet

The cheat sheet about Java Deserialization vulnerabilities

Findomain

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

Language:RustGPL-3.0325100

phishing_kits

Exposing phishing kits seen from phishunt.io

SharpRDPLog

Windows rdp相关的登录记录导出工具，可用于后渗透中Windows服务器的信息收集阶段。输出内容包括：本地rdp端口、mstsc缓存、cmdkey缓存、登录成功、失败日志事件。

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Language:PowerShellMIT243000

JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

Language:JavaMIT88500

mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

Language:PascalMIT137600

cheatsheets

Collection of knowledge about information security

Language:Python55300

Red-Team-Infrastructure-Wiki

Wiki to collect Red Team infrastructure hardening resources

BSD-3-Clause404700

ysoserial

mvn clean package -DskipTests

Language:JavaMIT4500

KernelBhop

Cheat that uses a driver instead WinAPI for Reading / Writing memory.

Language:C73200

burp-log4shell

Log4Shell scanner for Burp Suite

Language:KotlinGPL-3.048200

FinalShellDecodePass

FinalShellDecodePass 加密解密

Language:Java7500

WAF-bypass-Cheat-Sheet

Another way to bypass WAF Cheat Sheet (draft)

Information_Security_Books

信息安全方面的书籍

Mind-Maps

Mind-Maps of Several Things

RedTeam-OffensiveSecurity

Tools & Interesting Things for RedTeam Ops

Language:PythonMIT212000

EDRSandblast

Language:C143900

gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Language:GoMIT151700

shiro-550-with-NoCC

Shiro-550 不依赖CC链利用工具

GPL-3.044500

My-Presentation-Slides

Collections of Orange Tsai's public presentation slides.

security-paper

（与本人兴趣强相关的）各种安全or计算机资料收集

Language:PythonMIT71500

OffensiveAutoIt

Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)

Language:AutoItBSD-2-Clause41000