microvorld's repositories
nimtoolforfun
nim practice
2021hvv_vul
2021hvv漏洞汇总
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
BadCode
恶意代码逃逸源代码 http://payloads.online
encodeTool
go语言编码工具,练手项目
BehinderClientSource
冰蝎客户端源码-3.0-BETA6
Callback_Shellcode_Injection
POCs for Shellcode Injection via Callbacks
Cobaltstrike_4.3_Source
Cobaltstrike4.3源码
CVE-2021-22986
F5 BIG-IP/BIG-IQ iControl Rest API SSRF to RCE
EgGateWayGetShell
锐捷EG易网关批量GetShell / Code By:Tas9er
exchange-ssrf-rce
exchange-ssrf-rce
go-shellcode
A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
impacket
Impacket is a collection of Python classes for working with network protocols.
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
JNDIExploit-1
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
JNDIKit
JNDI/LDAP注入利用工具,对命令进行两种编码,支持多种绕过高版本JDK的方式(参考大佬代码造的轮子)
log4j-payload-generator
Log4j jndi injects the Payload generator
Mshell
Memshell-攻防内存马研究
NativePayload_CBT
NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
OffenSiveCSharp
Offensive C# Tooling
PENTESTING-BIBLE
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
plugin-example
woodpecker 漏洞插件开发的简单示范,用于插件的快速上手
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile
RedTeaming2020
RedTeaming知识星球2020年安全知识汇总
ShuiZe_0x727
信息收集自动化工具
TDOA_RCE
通达OA综合利用工具