张三's repositories
security_study_notes
网络安全的学习笔记
addMemShellsJSP
通过jsp注入valve内存马,可以忽略框架影响,通用tomcat789
selfMimikatz
自不量力的mimikatz分离计划
fastjson_tools
一个垃圾的fastjson反序列化payload生成工具
apache-tomcat-8.5.68-src
Tomcat8.5.68源码调试IDEA项目
GodzillaSource
哥斯拉源码-v3.03-godzilla
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
blueming
备份文件扫描,并自动进行下载
flycat
使用Java基于Netty+Socks5+TLS实现的代理服务
goShellCodeByPassVT
通过线程注入及-race参数免杀全部VT
HackJava
《深入理解Java代码审计》
JavaSec
Java安全,漏洞分析/挖掘/利用
JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
JSPHorse
Super JSP Webshell
ligolo
Ligolo : 用于内网渗透的反向隧道
MemoryModule
Library to load a DLL from memory.
MemoryShell
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
Memoryshell-JavaALL
收集内存马打入方式
phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
picstorage
picstorage
ShiroAttack2
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
SpringScan
SpringScan 漏洞检测 Burp插件
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
yuze
A socksv5 proxy tool Written by CLang. 一款纯C实现的基于socks5协议的轻量内网穿透工具,支持ew的全部数据转发方式