lay3rt's starred repositories
AppInfoScanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
pingtunnel
Pingtunnel is a tool that send TCP/UDP traffic over ICMP
OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
PrivacySentry
Android隐私合规整改检测工具,注解+Asm修改字节码的检测方案
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
vulnerability-paper
收集的文章 https://mrwq.github.io/tools/paper/
DongTai
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
CVE-2020-1472
PoC for Zerologon - all research credits go to Tom Tervoort of Secura
Proxmark3GUI
A cross-platform GUI for Proxmark3 client | 为PM3设计的跨平台图形界面
ApolloScanner
自动化巡航扫描框架(可用于红队打点评估)
HostCollision
用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
fastjson-remote-code-execute-poc
fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java
fastjson-1.2.47-RCE
Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法
Neo-reGeorg
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg