Steady-brother's repositories
OSCP-Cheat-Sheet
This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
404forest
个人 Blog,写文做总结。
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
AppInfoScanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
assetfinder
Find domains and subdomains related to a given domain
CVE-2019-3396_EXP
CVE-2019-3396 confluence SSTI RCE
cvelist
Pilot program for CVE submission through GitHub
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
domainTools
内网域渗透小工具
fastjson_rce_tool
fastjson命令执行自动化利用工具, remote code execute,JNDI服务利用工具 RMI/LDAP
fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
hackthebox-writeups
Writeups for HacktheBox 'boot2root' machines
InCloud
运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程,可以自己根据喜好定制功能,InCloud已经为您定制好了十种针对网段和域名的不同场景的信息收集与漏洞扫描流程。
JSP-Webshells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
LaZagne
Credentials recovery project
lsassy
Extract credentials from lsass remotely
Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
nhentai-imgcollect
:rocket: 使用PyQt5图形界面的Python多线程nhentai爬虫
OscpStudyGroup
Oscp study group
Pentest_Interview
个人准备渗透测试和安全面试的经验之谈,和去部分厂商的面试题,干货真的满满~
PLtools
整理一些内网常用渗透小工具
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
proxy_pool
Python爬虫代理IP池(proxy pool)
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
setup-ipsec-vpn
Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS