lyy0755's repositories
android_app
apk_activity劫持-drozer test
ApkAnalyser
一键提取安卓应用中可能存在的敏感信息。
bayonet
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
BypassShell
anti AV
Cooolis-ms
Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.
domainWeakPasswdCheck
内网安全·域账号弱口令审计
fastjson_rec_exploit
fastjson一键命令执行
frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
H1ve
An Easy / Quick / Cheap Integrated Platform
http-script-generator
ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
insight
洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
jexboss
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon6.6内置74个模块,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列,密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
LogonTracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Mars
Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
pingcastle
PingCastle - Get Active Directory Security at 80% in 20% of the time
SatanSword
红队综合渗透框架
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
WDScanner
WDScanner平台目前实现了如下功能:分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。
WebAliveScan
对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
wooyun-payload
从wooyun中提取的payload,以及burp插件
xray
xray 安全评估工具
yingji
应急相关内容积累