Harmoc

followers

following

stars

天枢

Harmoc's starred repositories

awesome-api-security

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

GPL-3.0283600

HackTools

The all-in-one browser extension for offensive security professionals 🛠

Language:TypeScript558900

securitylab

Resources related to GitHub Security Lab

Language:CMIT135700

HaE

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

Language:JavaApache-2.0259200

MemoryShellLearn

分享几个直接可用的内存马，记录一下学习过程中看过的文章

Language:Java91000

obfuscar

Open source obfuscation tool for .NET assemblies

Language:C#MIT229300

JSFinder

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

Language:Python250700

XUAN

RedTeam-BCS

BCS（北京网络安全大会）2019 红队行动会议重点内容

Finger

一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具

Language:Python151500

sonar-java

:coffee: SonarSource Static Analyzer for Java Code Quality and Security

Language:JavaLGPL-3.0109500

java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

Language:Java230400

phpcs-security-audit

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

Language:PHPGPL-3.070300

CTFDefense

Some tools for CTF off line

Language:Python42200

XCTF2021Final-Dubbo

Writeup and environment for XCTF2021Final-Dubbo

Language:Java4500

OffensivePH

OffensivePH - use old Process Hacker driver to bypass several user-mode access controls

Language:CGPL-3.032700

SpoolSample

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

Language:C#BSD-3-Clause87300

ldapdomaindump

Active Directory information dumper via LDAP

Language:PythonMIT110000

suricata-rules

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

dns-black-cat

Multi platform toolkit for an interactive DNS shell commands exfiltration, by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol

Language:Pascal10800

2021hvv_vul

2021hvv漏洞汇总

Language:Python65900

Learn-Web-Hacking

Study Notes For Web Hacking / Web安全学习笔记

Language:PythonCC0-1.0432200

Learn-Binary-Hacking

Binary Hacking Study Notes

Language:PythonCC0-1.021600

javascript-obfuscator

A powerful obfuscator for JavaScript and Node.js

Language:TypeScriptBSD-2-Clause1312400

RoguePotato

Another Windows Local Privilege Escalation from Service Account to System

Language:CGPL-3.098600

SharpDecryptPwd

对密码已保存在 Windwos 系统上的部分程序进行解析,包括：Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品（Xshell,Xftp)。源码：https://github.com/RowTeam/SharpDecryptPwd

MoAn_Honey_Pot_Urls

X安蜜罐用的一些存在JSonp劫持的API

9300

secguide

面向开发人员梳理的代码安全指南

NOASSERTION1315600

KingOfBugBountyTips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

Language:Python409300

SimuLand

Understand adversary tradecraft and improve detection strategies

Language:PowerShellMIT69300