mgcfish's repositories
apkurlgrep
Extract endpoints from APK files
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
CVE-2020-0796
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
dirhunt
Find web directories without bruteforce
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Dorkers
Dorks for Google, Shodan and BinaryEdge
gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
go-out
☄️go-out - A Golang egress buster.
gtunnel
A robust tunelling solution written in golang
hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
ipv4Bypass
Using IPv6 to Bypass Security
J2EEScan
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
javasec
自己学习java安全的一些总结,主要是安全审计相关
jok3r-pocs
Standalone POCs/Exploits from various sources for Jok3r
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Konan
Konan - Advanced Web Application Dir Scanner
OWASP-Nettacker
Automated Penetration Testing Framework
postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
progress-burp
Burp Suite extension to track vulnerability assessment progress
pupy
OpenSource cross-platform python security toolkit (remote shell)
rulesfinder
Machine-learn password mangling rules
ScoutSuite
Multi-Cloud Security Auditing Tool
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
sqli-labs
SQLI labs to test error based, Blind boolean based, Time based.
Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, CLM and Script Block Logging disabled at startup
test-at
test
tls-scan
An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )