Beast code in Giters

ShenMingF's starred repositories

BurpHttpHelper

BurpHttpHelper是一款Burpsuite插件，主要用于简化和解决Burpsuite对Http的一些操作.

Language:JavaApache-2.08500

LangSrcCurise

SRC子域名资产监控

Language:Python125300

BurpShiroPassiveScan

一款基于BurpSuite的被动式shiro检测插件

Language:Java161000

DragonCastle

A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.

Language:C++29300

BypassAV

This map lists the essential techniques to bypass anti-virus and EDR

225700

Caesar

一个全新的敏感文件发现工具

200

RedisEXP

Redis 漏洞利用工具

Language:Go73100

NtDetours

Detours implementation (x64/x86) which used only ntdll import

Language:C8500

vuldirscan

一个介于目录扫描与poc验证之间的新生儿

Language:Python2000

UEditorGetShell

UEditor编辑器批量GetShell / Code By:Tas9er

22200

IDOR_detect_tool

一款API水平越权漏洞检测工具

Language:PythonGPL-3.071600

Invoke-TheHash

PowerShell Pass The Hash Utils

Language:PowerShellBSD-3-Clause144300

Privileger

Privileger is a tool to work with Windows Privileges

Language:C++13000

titan

Titan: A generic user defined reflective DLL for Cobalt Strike

6800

NetDLLSpy

.NET后渗透下的权限维持，附下载DLL

20000

adduserbysamr-bof

Cobalt Strike BOF that Add a user to localgroup by samr

Language:C11300

myscan

构建信息搜集/漏洞扫描

Language:Python19200

probable_subdomains

Subdomains analysis and generation tool. Reveal the hidden!

GPL-3.022500

burp_nu_te_gen

nuclei模版生成插件

Language:JavaApache-2.010000

sshd_backdoor

/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.

Language:C31300

Zentao-Captcha-RCE

禅道研发项目管理系统`misc-captcha-user`认证绕过后台命令注入漏洞

Language:Go8000

swagger-exp

A Swagger API Exploit

Language:JavaScript109400

goomba

gooMBA is a Hex-Rays Decompiler plugin to simplify Mixed Boolean-Arithmetic (MBA) expressions

Language:C++55000

Headers

Headers Burp Extension

Language:PythonMIT1700

BypassCredGuard

Credential Guard Bypass Via Patching Wdigest Memory

Language:C++30100

CaA

CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.

Language:JavaApache-2.067700

TrackRay

Language:JavaGPL-3.0201800

sec-books-part1

:books: 网安类绝版图书

73000

scalpel

scalpel是一款命令行漏洞扫描工具，支持深度参数注入，拥有一个强大的数据解析和变异算法，可以将常见的数据格式（json, xml, form等）解析为树结构，然后根据poc中的规则，对树进行变异，包括对叶子节点和树结构的变异。变异完成之后，将树结构还原为原始的数据格式。

72000

AmsiBypassHookManagedAPI

A new AMSI Bypass technique using .NET ALI Call Hooking.

Language:PowerShellGPL-3.018000