原来是老王's repositories
pwn_jenkins
Notes about attacking Jenkins servers
POC
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了200多个poc/exp
CVE-2023-4357-Chrome-XXE
全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.
Nuclei2use
nuclei + .yaml = poc
JavaRce
对照实战场景梳理较通用的 Java Rce 相关漏洞的利用方式
IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
noterce
一种另辟蹊径的免杀执行系统命令的木马
BurpAppletPentester
SessionKey解密插件
jar-analyzer
一个用于分析Jar包的GUI工具,可以用多种方式搜索你想要的信息,自动构建方法调用关系,支持分析Spring框架(A Java GUI Tool for Analyzing Jar)
msmap
Msmap is a Memory WebShell Generator.
alterx
Fast and customizable subdomain wordlist generator using DSL
crawlergo-plus
爬虫的暴力美学,在projectdiscover和原版crawlergo的基础上修改而来,目前只提供了测试,还没有完全修改好
burpsuite_hack
一款代理扫描器
superSearchPlus
superSearchPlus是聚合型信息收集插件,支持综合查询,资产测绘查询,信息收集 js敏感信息提取 注释资源扫描 目录扫描 整合了目前常见的资产测绘平台 同时支持数据导出
Windows-exploits
Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time.
OA-EXPTOOL
OA综合利用工具,集合将近20款OA漏洞批量扫描
PrintNotifyPotato
PrintNotifyPotato
rustdesk
Open source virtual / remote desktop infrastructure for everyone! The open source TeamViewer alternative. Display and control your PC and Android devices from anywhere at anytime.
AD_Pentest
红队|域渗透重要漏洞汇总(持续更新)
iMonitor
iMonitor(冰镜 - 终端行为分析系统)
AndroidKiller4J
Java版的AndroidKiller
KubeStalk
KubeStalk discovers Kubernetes and related infrastructure based attack surface from a black-box perspective.
Havoc
The Havoc Framework
AtomPePacker
A Highly capable Pe Packer
leakinfo_finder
批量爬取JS文件中接口信息,添加spring boot actuator目录扫描以及手机号、身份证号码等敏感信息匹配
trojan-go
Go实现的Trojan代理,支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件,多平台,无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
Android-Vulnerability-Mining
Android APP漏洞之战系列,主要讲述如何快速挖掘APP漏洞
FastjsonScan-1
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency