SPY-tools's repositories
WebMonitor
实时监控网页变化,并发送通知(Monitor web page changes in real time and send notifications)
awesome-ida-x64-olly-plugin
A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
ARL-Asset-Reconnaissance-Lighthouse-
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
AutoGeaconC2
AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike
Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
DecryptTools
DecryptTools-综合解密
XiebroC2
一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能
Pyke-Shiro
复杂请求下的Shiro反序列化利用工具
AnotherRedisDesktopManager
🚀🚀🚀A faster, better and more stable Redis desktop manager [GUI client], compatible with Linux, Windows, Mac.
JNDIMap
JNDI 注入利用工具, 支持 RMI 和 LDAP 协议, 包含多种高版本 JDK 绕过方式
AVEvasionCraftOnline
An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
MobaXtermKeyGen
MobaXterm Pro Key Generator, support the old/latest/future versions.
Supernova_CN
Supernova 的中文版和扩展了一些加密方式(ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20)
Malleable-CS-Profiles
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
blackjump
JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021
JenkinsExploit-GUI
一款Jenkins的综合漏洞利用工具
LearnJavaMemshellFromZero
【三万字原创】完全零基础从0到1掌握Java内存马,公众号:追梦信安
CVE-2024-21626
PoC and Detection for CVE-2024-21626
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Payload-Generator
An aggressor script that can help automate payload building in Cobalt Strike
CSx3Ldr
Cobalt Strike插件
spirit
Spirit - Network Pentest Tools
nginx_shell
nginx WebShell/内存马,更优雅的nignx backdoor
MobaXterm-Keygen
MobaXterm注册机
FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
NacosExploitGUI
Nacos漏洞综合利用GUI工具,集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用