aHlo666's repositories
FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
Awesome-POC
一个漏洞POC知识库
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
LSPosed
LSPosed Framework
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
JDumpSpider
HeapDump敏感信息提取工具
HowToCook
程序员在家做饭方法指南。Programmer's guide about how to cook at home (Chinese only).
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon7.2内置94个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Win-PS2EXE
Graphical frontend to PS1-to-EXE-compiler PS2EXE.ps1
Behinder
“冰蝎”动态二进制加密网站管理客户端
JS-Forward
前端参数加密渗透测试通用解决方案
MDUT
MDUT - Multiple Database Utilization Tools
Godzilla
哥斯拉
CrossC2
generate CobaltStrike's cross-platform payload
APIKit
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.burp plugin
jndi_tool
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
heapdump_tool
heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等
ShiroAttack2
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
SpringBootExploit
项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
log4j2burpscanner
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
UACME
Defeating Windows User Account Control
Hello-Java-Sec
☕️ Java Security,安全编码和代码审计
Rubeus
Trying to tame the three-headed dog.
sqlmap
Automatic SQL injection and database takeover tool
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Certipy
Tool for Active Directory Certificate Services enumeration and abuse
impacket
Impacket is a collection of Python classes for working with network protocols.