cc06 - Giters

:palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Language:CAGPL-3.02899 80 5

Gopherus

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Language:PythonMIT2780 22 15

OffensiveNim

My experiments in weaponizing Nim (https://nim-lang.org/)

Language:NimBSD-2-Clause2776 69 29

JNDI-Injection-Exploit

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Language:JavaMIT2534 27 7

CrossC2

generate CobaltStrike's cross-platform payload

Language:C2218 39 204

PrivacySentry

Android隐私合规整改检测工具，注解+Asm修改字节码的检测方案

Language:KotlinMIT2008 20 116

shiro_attack

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）

1771 35 49

vulnerability-paper

收集的文章 https://mrwq.github.io/tools/paper/

Language:Python1673 45 6

pystinger

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

Language:PythonBSD-3-Clause1359 21 10

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.

Language:PythonApache-2.01228 12 338

CVE-2020-1472

PoC for Zerologon - all research credits go to Tom Tervoort of Secura

Language:Python1169 35 10

ysomap

A helpful Java Deserialization exploit framework.

Language:JavaApache-2.01145 29 16

BypassAV

Cobalt Strike插件，用于快速生成免杀的可执行文件

894 16 17

Proxmark3GUI

A cross-platform GUI for Proxmark3 client | 为PM3设计的跨平台图形界面

Language:C++LGPL-2.1860 24 45

spp

A simple and powerful proxy

Language:GoMIT823 14 24

ApolloScanner

自动化巡航扫描框架（可用于红队打点评估）

Language:JavaScriptMIT675 16 39

HostCollision

用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统

Language:Java563 70

fastjson-remote-code-execute-poc

fastjson remote code execute poc 直接用intellij IDEA打开即可首先编译得到Test.class，然后运行Poc.java

Language:Java408 10 3

fastjson-1.2.47-RCE

Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法

Language:Java399 4 2

JNDIMap

JNDI 注入利用工具, 支持 RMI 和 LDAP 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI and LDAP protocols, including a variety of methods to bypass higher-version JDK

Language:Java240 5 4

Address

207 120

cve-2021-22005-exp

Language:Python185 5 3

Penetration_Testing_POC

Language:PowerShellApache-2.05100

Neo-reGeorg

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Language:PythonGPL-3.0100