Smitnald's repositories
attack-scripts
Scripts and a (future) library to improve users' interactions with the ATT&CK content
WeblogicScan
Weblogic一键漏洞检测工具,V1.5,更新时间:20200730
brim
Desktop application to efficiently search large packet captures and Zeek logs.
defvul
DSO-Lab 漏洞研究成果总结分享
DeimosC2
DeimosC2 is a Golang command and control framework for post-exploitation.
Violation_Pnetest
渗透红线Checklist
PPLKiller
Tool to bypass LSA Protection (aka Protected Process Light)
KITT-Lite
Python-Based Pentesting CLI Tool
sysmon-modular
A repository of sysmon configuration modules
ssti-payloads
🎯 Server Side Template Injection Payloads
AutomatedLab
AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
Pentest_Note
渗透测试常规操作记录
SatanSword
红队综合渗透框架
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
BlueShell
红蓝对抗跨平台远控工具
CloudPentestCheatsheets
云渗透清单This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
evil-winrm
The ultimate WinRM shell for hacking/pentesting
python_code_audit
python 代码审计项目
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
LuWu
红队基础设施自动化部署工具
persistence
Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
weevely3
Weaponized web shell
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
rmiscout
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities使用wordlist和爆破策略,枚举Java RMI函数,并利用RMI参数反序列化漏洞
sgn
Shikata ga nai (仕方がない) encoder ported into go with several improvements
AUTO-EARN
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
injection-stuff
PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts
JSP-Webshells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
anti-av
Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts
metasploit-omnibus
Packaging metasploit-framework with omnibus