abramas sow's repositories
awvs14-scan
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
Agnee
Find sensitive information using dorks from different search-engines.
ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
arno
An automation tool to install the most popular tools for bug bounty or pentesting.
Autopwns
Scripts para automatizar explotación de máquinas de la plataforma de HackTheBox, shell como root al instante
censys-subdomain-finder
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
codewarrior
code-searching tool and static code analysis - Beta
CVE-2022-0543
Redis RCE through Lua Sandbox Escape vulnerability
CVE-2022-24637
Unauthenticated RCE in Open Web Analytics (OWA) 1.7.3
CVE-2022-36804-PoC
Proof of Concept exploit for CVE-2022-36804 affecting BitBucket versions <8.3.1
hoaxshell
An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.
Logsensor
A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning
mgwls
Combine words from two wordlist files and concatenate them with an optional delimiter
nginxpwner
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
OSCP_Tools
Tools for passing OSCP
PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.
RobinHood
RobinHood - Bug Hunting Recon Automation Script
Security-PPT
Security-related Slide Presentation & Security Research Report(大安全各领域各公司各会议分享的PPT以及各类安全研究报告)
SQLiDetector
Simple python script that helps you to detect SQL injection "Error based" by sending multiple requests with different payloads and check for 152 regex pattern for different databases.
sqlmapsh
SQLMap wrapper that lets you use Interact.sh as a DNS server for exfiltrating data with zero configuration
TOP
TOP All bugbounty pentesting CVE-2022- POC Exp RCE example payload Things
wordlists
Real-world infosec wordlists, updated regularly
write-up
:smirk_cat: CTF write-ups
Z0FCourse_ReverseEngineering
Reverse engineering focusing on x64 Windows.