lowliness9's repositories
Java-Security
Java安全学习,并记录。
aliyun-accesskey-Tools
阿里云accesskey利用工具
CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
CrossC2
generate CobaltStrike's cross-platform payload
FourEye
AV Evasion Tool For Red Team Ops
frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
fscan
一款内网扫描工具,方便一键大保健~
HackReport
渗透测试报告/资料文档/渗透经验文档/安全书籍
harbor
An open source trusted cloud native registry project that stores, signs, and scans content.
impacket
Impacket is a collection of Python classes for working with network protocols.
InScan
边界打点后的自动化渗透工具
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
LadonGo
Ladon Network Scanner For Golang (Full platform penetration scanner framework)LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.2版本包含24个模块功能,高危漏洞检测MS17010、SmbGhost,远程执行SshCmd、WinrmCmd,密码爆破SmbScan、SshScan、FtpScan、MysqlScan、MssqlScan、OracleScan、SqlplusScan、WinrmScan、HttpBasicScan,存活探测/信息收集/指纹识别PingScan、IcmpScan,HttpBanner、HttpTitle、TcpBanner、WeblogicScan、OxidScan,端口扫描PortScan。
Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
Memcrashed-DDoS-Exploit
DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
passive-scan-client
Burp被动扫描流量转发插件
Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
Safety-Project-Collection
收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。
scylla
Intelligent proxy pool for Humans™ (Maintainer needed)
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
suricata-rules
Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
yarGen
yarGen is a generator for YARA rules
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Z1-AggressorScripts
适用于Cobalt Strike的插件