原来是老王's repositories
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
Log4j2-RCE-Scanner
BurpSuite Extension: Log4j2 RCE Scanner
4-ZERO-3
403/401 Bypass Methods + Bash Automation + Your Support ;)
Auto-Elevate
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
ddddocr
带带弟弟 通用验证码识别OCR pypi版
Fiora
Fiora:漏洞PoC框架的图形版,快捷搜索PoC、一键运行Nuclei
Gorsair
Gorsair hacks its way into remote docker containers that expose their APIs
H
H是一款强大的资产收集管理平台
JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
JNDIMonitor
一个LDAP请求监听器,摆脱dnslog平台
jsubfinder
jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
log4j-sniffer
A tool that scans archives to check for vulnerable log4j versions
Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
log4j2burpscanner
CVE-2021-44228 log4j2 RCE Burp Suite Passive Scanner,can customize the ceye.io api or other apis,including internal networks
Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
log4j2Scan-1
用于帮助企业内部快速扫描log4j2的jndi漏洞的burp插件
Log4j2Scan-2
一款无须借助dnslog且完全无害的log4j2反连检测工具(已有burp插件适配可搭配进行被动扫描),解析RMI和LDAP协议实现,可用于甲方内网自查
log4jScan_Modify
对接JNDIMonitor的Burp Suite被动扫描插件
netspy
netspy是一款快速探测内网可达网段工具
noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
Ortau
一个用于隐藏C2的、开箱即用的反向代理服务器。旨在省去繁琐的配置Nginx服务的过程。
restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
socks5-server
socks5 over tls server(tcp/udp) written in golang
vscan
开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
wmiexec-RegOut
Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.