Smitnald's repositories
SatanSword
红队综合渗透框架
anti-av
Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts
attack-scripts
Scripts and a (future) library to improve users' interactions with the ATT&CK content
AUTO-EARN
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
AutomatedLab
AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
BlueShell
红蓝对抗跨平台远控工具
CloudPentestCheatsheets
云渗透清单This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
DeimosC2
DeimosC2 is a Golang command and control framework for post-exploitation.
evil-winrm
The ultimate WinRM shell for hacking/pentesting
injection-stuff
PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts
JSP-Webshells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
KITT-Lite
Python-Based Pentesting CLI Tool
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
metasploit-omnibus
Packaging metasploit-framework with omnibus
Pentest_Note
渗透测试常规操作记录
persistence
Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
PPLKiller
Tool to bypass LSA Protection (aka Protected Process Light)
python_code_audit
python 代码审计项目
rmiscout
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities使用wordlist和爆破策略,枚举Java RMI函数,并利用RMI参数反序列化漏洞
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
ssti-payloads
🎯 Server Side Template Injection Payloads
sysmon-modular
A repository of sysmon configuration modules
Violation_Pnetest
渗透红线Checklist
WeblogicScan
Weblogic一键漏洞检测工具,V1.5,更新时间:20200730
weevely3
Weaponized web shell