merlinxcy

followers

following

stars

KC

Shanghai

http://xeldax.top

Xeldax's starred repositories

java-memshell-generator

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

Language:Java160800

openscap

NIST Certified SCAP 1.2 toolkit

Language:XSLTLGPL-2.1135400

xss-platform-docker-open

xss platform / xss平台 docker化，一键启动xss平台，从此跟繁琐的搭环境say byebye!

Language:PHP1400

psudohash

Generates millions of keyword-based password mutations in seconds.

Language:PythonMIT106400

POC

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1100多个poc/exp，长期更新。

Swift-Bank

Swift Bank, a demo banking application crafted with cutting-edge technologies.

Language:TypeScript400

guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages

Language:PythonApache-2.059200

pypi_malregistry

The repository has collected about 6800 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will continue to expand the dataset. Latest update time: 11 Sept. 2024

Language:Python4900

DynaPyt

Dynamic analysis framework for Python

Language:PythonMIT5600

KillWxapkg

自动化反编译微信小程序，小程序安全评估工具，发现小程序安全问题，自动解密，解包，可还原工程目录，支持Hook，小程序修改

Language:GoMIT330200

jar-analyzer

Jar Analyzer - 一个JAR包分析工具，SCA漏洞分析，批量分析JAR包，方法调用关系搜索，字符串搜索，Spring组件分析，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

Language:JavaMIT100100

UltimateAppLockerByPassList

The goal of this repository is to document the most common techniques to bypass AppLocker.

Language:PowerShell190000

linuxcheckshoot

linux应急响应检查脚本单机终极版

Language:Shell13600

scep

Go SCEP server

Language:GoMIT32300

evilginx

PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2

Language:PythonMIT107000

Modlishka

Modlishka. Reverse Proxy.

Language:GoNOASSERTION480400

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Language:GoBSD-3-Clause1071400

NativeDump

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!!!)

Language:C#43800

VulnNodeApp

A vulnerable node.js application

Language:JavaScript3700

XMGoat

Language:HCL16700

PyDefender

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.

Language:Python3500

protections-artifacts

Elastic Security detection content for Endpoint

Language:YARANOASSERTION100600

swallow

代码审计自动化系统,底层架构为蜻蜓编排系统,墨菲SCA,fortify,SemGrep,hema

Language:PHP2500

cloud-audit

cloud-audit （云安全审计助手）是检测公有云厂商AK/SK泄漏被利用的工具，通过定期调用云平台接口审计日志，基于异常行为/黑特征/基线发现疑似入侵行为。

Language:Python3000

JNDIExploit

A malicious LDAP server for JNDI injection attacks

NimPlant

A light-weight first-stage C2 implant written in Nim.

Language:RustMIT78600

puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Language:GoGPL-3.0167600

evilginx3

sturdy-chainsaw

5000

ROADtools

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Language:PythonMIT184700

Stormspotter

Azure Red Team tool for graphing Azure and Azure Active Directory objects

Language:PythonMIT152800