Whoami's repositories
365-Stealer
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
Bu-rp-Loader-Keygen
Bu-rp Su-ite Pro Loader & Keygen
BurpLoaderKeygenCnF
BurpSuite Pro Loader & Keygen & Translator Fix ( BurpSuite version v2020.1 - ∞ )
Checkmate
payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
CVE-2023-4357-APT-Style-exploitation
Apt style exploitation of Chrome 0day CVE-2023-4357
goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
Hvv2023
HW2023@POC@EXP@CVE-2023-2023
Jigsaw
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
n0kovo_subdomains
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
Neo-reGeorg
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Pentest-Windows
Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境
pxplan
CVE-2023-2023
SamAddUser
利用 Samr 添加用户的 C# 版本
SharpDomainInfo
根据攻防以及域信息收集经验dump快而有用的域信息(当前权限须在域内)
SharpExchangeKing
Exchange 服务器安全性的辅助测试工具
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
SyscallMeMaybe
Implementation of Indirect Syscall technique to pop a calc.exe
Three-EyedRaven
内网探测工具(Internal network detection tool that not contain any exploit code)
URLPath
批量处理url链接,获取多级路径并打印
WhoamiAlternatives
Different methods to get current username without using whoami
windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.