iamtutu's repositories
Cyber-Security-Books
Just a small repo of the most popular Cyber security books
acitoolkit
A basic toolkit for accessing the Cisco APIC
Amass
In-depth Attack Surface Mapping and Asset Discovery
BlobHunter
Find exposed data in Azure with this public blob scanner
blockchain-demo
A web-based demonstration of blockchain concepts.
BurpLog4j2Scan
Burpsuite被动扫描插件
CIMPLICITY-Hardening-Tool
PowerShell script for hardening GE digital CIMPLICITY servers
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
CVE-2021-2109
CVE-2021-2109 && Weblogic Server RCE via JNDI
CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
CVE-Exploits
PoCs for public CVE's I have been working on.
DemoApp
Demo App
GRFICSv2
Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
HiveNightmare
Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
iconhash
shodan favicon.ico hash creator
keycloak-scanner
Keycloak security scanner
log4j-shell-poc
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability.
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
openzeppelin-contracts
OpenZeppelin Contracts is a library for secure smart contract development.
OTP_bruteforce_payloads
4, 5, and 6 OTP for bruteforcing and rate limiting vulnerable apps
pbis-open
BeyondTrust AD Bridge Open is an open-source community project sponsored by BeyondTrust Corporation. It is currently archived and will no longer receive updates. If you are interested in an Enterprise version of this project, please see our AD Bridge product.
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
Powershellery
This repo contains Powershell scripts used for general hackery.
PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
smart-contract-best-practices
A guide to smart contract security best practices
sql-security-demo
Click-to-deploy Azure web app that showcases Row-Level Security and Dynamic Data Masking for Azure SQL Database.
Tunna
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.