泉's repositories
Middleware-Vulnerability-detection
CMS、中间件漏洞检测利用合集 Since 2019-9-15
CVE-2019-2890
CVE-2019-2890 Exploit for WebLogic with T3
arthas
Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas
BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
CobaltStrike
CobaltStrike's source code
CodeqlNote
Codeql学习笔记
Emergency-Response-Notes
应急响应实战笔记,一个安全工程师的自我修养。
GScan
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
learnjavabug
Java安全相关的漏洞和技术demo,其中包括原生Java、Fastjson、Jackson、Hessian2以及XML反序列化漏洞利用和Dubbo(Hessian2反序列化)、Shiro(PaddingOracleCBC)等框架的exploits,并且还有Java Security Manager绕过、Dubbo-Hessian2安全加固、RMI利用等等实践代码。
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
pocassist
pocassist是一款全新的开源漏洞测试框架,无需代码知识也可实现对poc的在线编辑、管理、测试。 使用之前请先阅读文档。
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin
Shiro-721
Shiro-721 RCE Via RememberMe Padding Oracle Attack
SimpleRemoter
基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。此项目初版见:https://github.com/zibility/Remote
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
TheFatRat
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
Viper
Viper (炫彩蛇) 开源图形化内网渗透工具
WatchAD
AD Security Intrusion Detection System