原来是老王's repositories
RequestTemplate
双语双端内网扫描以及验证工具
2022-HW-POC
2022 护网行动 POC 整理
BCELCodeman
BCEL encode/decode manager for fastjson payloads
ByPassBehinder
ByPassBehinder / 冰蝎WebShell免杀生成 / Code By:Tas9er
cf
云环境利用框架 Cloud Exploitation Framework 方便红队人员在获得 AK 的后续工作
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
DesyncCL0
A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
DnslogCmdEcho
命令执行不回显但DNS协议出网的命令回显场景解决方案
Docker-Release-Agent-Escape
Docker 逃逸 Release Agent 利用始末
DropLabTools
一个垃圾利用工具,半自动发包机器
Fastjson-ForwardShell
Some python script for fastjson
GoBypass
Golang免杀生成工具,参考网上已有的免杀方式实现的半自动免杀马生成工具,需要本地安装Golang环境,支持多种参数与方式生成
gomasscan
gomasscan是一个纯go编写的masscan扫描库
JNDIEXP
JDNI在java高版本的利用工具
lfimap
Local file inclusion discovery and exploitation tool
LoggerPlusPlus-API-Filters
A Collection of Logger++ Filters for Hunting API Vulnerabilities
LoginFish
通用登录页面安全控件钓鱼
MYExploit
OAExploit一款基于产品的一键扫描工具。
MyPsExec
demo PsExec
natpass
新一代主机管理工具,支持web shell和web桌面,居家办公神器
PwnKit
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
RedGuard
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
RedTeam_BlueTeam_HW
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
RouteVulScan
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
swagger-panel-xss
swagger panel xss url
TOP
TOP All bugbounty pentesting CVE-2022- POC Exp RCE example payload Things
wsMemShell
一种全新的内存马
x8
Hidden parameters discovery suite
ysoserial-for-woodpecker
给woodpecker框架量身定制的ysoserial