Hanamaki99's repositories
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
ARL-NPoC
集漏洞验证和任务运行的一个框架
chrome_extension
越权检测服务器Chrome插件开发部分
CrossC2
generate CobaltStrike's cross-platform payload
CrossC2Kit
CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session, thereby extending the functionality of Cobalt Strike.
EVA2
Another version of EVA using anti-debugging techs && using Syscalls
frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
GBByPass
冰蝎 哥斯拉 WebShell bypass
GoBypass
Golang免杀生成工具,参考网上已有的免杀方式实现的半自动免杀马生成工具,需要本地安装Golang环境,支持多种参数与方式生成
Havoc
The Havoc Framework
JavaSecInterview
Java安全研究与安全开发面试题库,同是也是常见知识点的梳理和总结,包含问题和详细的答案,计划定期更新
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
JNDIMonitor
一个LDAP请求监听器,摆脱dnslog平台
JuicyPotato
Modifying JuicyPotato to support load shellcode and webshell
log4j-payload-generator
Log4j jndi injects the Payload generator
Log4j2-RCE-Scanner
BurpSuite Extension: Log4j RCE Scanner
log4j2burpscanner
CVE-2021-44228 log4j2 RCE Burp Suite Passive Scanner,can customize the ceye.io api or other apis,including internal networks
Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
mscan
一款域渗透扫描工具,方便一键自动化、全方位的信息收集及扫描域提权漏洞。
ncDecode
用友nc数据库密码解密
PD-Runner
A VM launcher for Parallels Desktop
RouteVulScan
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
SpringBootExploit
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
twiki
T Wiki 云安全知识文库,可能是国内首个云安全知识文库?
woodpecker-framwork-release
高危漏洞精准检测与深度利用框架