aHlo666's repositories
EmailAll
EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
Package
各类语言运行环境官网安装包
ossec-hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Yasso
强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp,ssh,redis,postgres,mongodb,mssql,mysql,winrm等服务爆破,快速的端口扫描,强大的web指纹识别,各种内置服务的一键利用(包括ssh完全交互式登陆,mssql提权,redis一键利用,mysql数据库查询,winrm横向利用,多种服务利用支持socks5代理执行)
STS2G
Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
attackRmi
java rmi 利用工具
SeeyonExploit-GUI
致远OA综合利用工具
Baseline-check
windows和linux基线检查,配套自动化检查脚本。纯手打。
FileMonitor
文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)
My-HackBar
破解HackBar
JNDIExploit
一款用于 JNDI注入 利用的工具
noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
JSPHorse
结合反射调用、动态编译、BCEL、defineClass0,ScriptEngine、Expression等技术的一款免杀JSP Webshell生成工具
JavaVulnSummary
Java漏洞分析汇合
XSS-Payloads
List of advanced XSS payloads
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
MySQL_Fake_Server
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
vulmap-web
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
ehang-io-nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Java-Deserialization-Scanner
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
domain_hunter_pro
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
SharpSQLTools
SharpSQLTools 可上传下载文件,xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。
python
python学习
MemoryShell
JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合