aHlo666's repositories
APIKit
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.burp plugin
Awesome-POC
一个漏洞POC知识库
Behinder
“冰蝎”动态二进制加密网站管理客户端
Certipy
Tool for Active Directory Certificate Services enumeration and abuse
CrossC2
generate CobaltStrike's cross-platform payload
dismap
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
Godzilla
哥斯拉
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
heapdump_tool
heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等
Hello-Java-Sec
☕️ Java Security,安全编码和代码审计
HowToCook
程序员在家做饭方法指南。Programmer's guide about how to cook at home (Chinese only).
impacket
Impacket is a collection of Python classes for working with network protocols.
JDumpSpider
HeapDump敏感信息提取工具
jndi_tool
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
JS-Forward
前端参数加密渗透测试通用解决方案
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon7.2内置94个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
log4j2burpscanner
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
MDUT
MDUT - Multiple Database Utilization Tools
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Rubeus
Trying to tame the three-headed dog.
ShiroAttack2
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
SpringBootExploit
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
sqlmap
Automatic SQL injection and database takeover tool
UACME
Defeating Windows User Account Control
Win-PS2EXE
Graphical frontend to PS1-to-EXE-compiler PS2EXE.ps1