Beast code in Giters

gdft2112's repositories

本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等

Language:C#000

automated-subdomain-takeover

000

BBTz

BBT - Bug Bounty Tools

Language:Python000

cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Language:GoGPL-3.0000

CobaltStrikeDetected

40行代码检测到大部分CobaltStrike的shellcode

Language:C++010

Domain_ALL_Run

010

gmapsapiscanner

Language:PythonMIT000

goSubsWordlist

Generate wordlist from already collected subdomains for bruteforcing purposes.

Language:GoMIT000

InCloud

运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程，可以自己根据喜好定制功能，InCloud已经为您定制好了八种针对网段和域名的不同场景的信息收集与漏洞扫描流程。

000

inventory

Asset inventory on public bug bounty programs.

MIT000

JSINFO-SCAN

递归式寻找域名和api。

Language:Python000

KingOfBugBountyTips

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

000