suifeng's repositories
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
Awesome-Redteam
一个攻防知识仓库 Red Teaming and Offensive Security
Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
brook
A cross-platform programmable network tool
brutespray
Bruteforcing from various scanner output - Automatically attempts default creds on found services.
ChromeKatz
Dump cookies directly from Chrome process memory
CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
CVE-2024-21111
Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
CVE-2024-21338
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
CVE-2024-3400
CVE-2024-3400
dddd
dddd是一款使用简单的批量信息收集,供应链漏洞探测工具,旨在优化红队工作流,减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标
e0e1-abroad
e0e1-abroad 国外项目范围收集
e0e1-wx
微信小程序辅助渗透-自动化
FalconHound
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.
git_rce
Exploit PoC for CVE-2024-32002
gitlab-version-nse
Nmap script to guess* a GitLab version.
HackerPermKeeper
权限维持
info_scan
自动化漏洞扫描系统,包括IP基础信息探测模块(位置、属性、操作系统、端口、绑定的域名、公司名称、公司位置信息、网站标题、CDN信息、绑定网站指纹、子域名),漏洞扫描模块,(weblogic、struts2、nuclei、xray、rad、目录扫描、js链接扫描、端口扫描、调用威胁情报抓取历史绑定url、网站指纹、信息泄露、vulmap),单个扫描模块报告支持预览,全部报告支持汇总并一键下载。
jar-obfuscator
Jar Obfuscator - 一个 JAR/CLASS 字节码混淆工具,支持包名/类名/方法名/字段名/参数名引用分析和重命名混淆方式,支持字符串加密/整型异或混淆/垃圾代码花指令混淆/等方式,支持 NATIVE 层的 JVMTI 代码加密,配置简单,文档教程齐全,容易上手
JDumpSpider
HeapDump敏感信息提取工具
KubeHound
Kubernetes Attack Graph
mi-gpt
🏠 将小爱音箱接入 ChatGPT 和豆包,改造成你的专属语音助手。
no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
POC1
收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了400多个poc/exp,长期更新。
Ropdump
ROPDump is a command-line tool designed to analyze binary executables for potential Return-Oriented Programming (ROP) gadgets, buffer overflow vulnerabilities, and memory leaks.
SecurityProduct
开源安全产品源码,IDS、IPS、WAF、蜜罐等
transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
vshell
vshell 是一款安全对抗模拟、红队工具。提供隧道代理和隐蔽通道,模拟长期潜伏攻击者的策略和技术
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
xeno-rat
Xeno-RAT is an open-source remote access tool (RAT) developed in C#, providing a comprehensive set of features for remote system management. Has features such as HVNC, live microphone, reverse proxy, and much much more!