mysh11's repositories
365-Stealer
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
Actions-OpenWrt
A template for building OpenWrt with GitHub Actions | 使用 GitHub Actions 云编译 OpenWrt
AV_Evasion_Tool
掩日 - 免杀执行器生成工具
cloud-native-security-book
《云原生安全:攻防实践与体系构建》资料仓库
CVE-2021-22005
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
CVE-2021-26084
PoC for exploiting CVE-2021-26084 : In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
DedeCMS
DedeCMS 是上海卓卓网络科技有限公司开发PHP网站管理系统。
Diggy
Extract endpoints from apk files.
Docker-CobaltStrike
CobaltStrike Server With Docker
exp_hub
漏洞复现与poc收集,CVE-2021-21975,cve-2021-22005,CVE-2021-26295,VMware vCenter任意文件读取
ExpDemo-JavaFX
图形化漏洞利用Demo-JavaFX版
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
go_proxy_pool
无环境依赖开箱即用的代理IP池
HackJava
《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
HTTPServer
红队内网环境中一个能快速开启HTTP文件浏览服务的小工具 ,可执行Webshell,可用于在内网不出网时文件的下载,启动时会根据网卡IPV4地址输出URL(本地回环除外)。
icushell.github.io
Myblog
Information_Security_Books
信息安全方面的书籍书籍
JavaTools
一些Java编写的小工具。
JNDIExploit-1
一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。(from https://github.com/feihong-cs/JNDIExploit)
OpenArk
OpenArk is an open source anti-rookit(ARK) tool for Windows.
OpenWrt_x86-r2s-r4s-r5s-N1
Automatic unattended weekly builds of the current OpenWrt development master branch for X86/64, NanoPi R2S, NanoPi R4S, NanoPi R2C, Phicomm N1, NanoPi NEO3, 树莓派 4B, DoorNet1, DoorNet2, 香橙派 Orange Pi R1 Plus, 香橙派 Orange Pi R1 Plus LTS, 红米AX6, 小米AX3600, 小米AX9000, 红米AX6S/小米AX3200, 红米AC2100, 小米AC2100, 小米CR6606/TR606(联通版), CR6608/TR608(移动版), CR6609/TR609(电信版), 小米4, 小米 R3G, 小米 R3P, 小娱C5, newifi-d2, H1 Box, 贝壳云 P1 , 我家云 lL Pro, x96 Max, 微加云 V-Plus, 章鱼星球 ZYXQ, GT-King, Odroid N2, MXQ Pro+
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
rootOS
macOS Privilege Escalation Helper
seccomp-tools
Provide powerful tools for seccomp analysis
ShiroScan
Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)
social-engineer-toolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
yarx
An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应 server 的工具