且行且珍惜's repositories
back-me-up
This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
Blackips
开源威胁情报,包含3个组件,2个查询API,1个前端,300万+恶意IP,Go +Redis开发的威胁情报查询API性能良好。
BloodHound
Six Degrees of Domain Admin
eml_analyzer
EML analyzer is an application to analyze the EML file
exercices_lucene
Exercises pour s'approprier lucene, le moteur de recherche
ExpDemo-JavaFX
图形化漏洞利用Demo-JavaFX版
HIPS-HIDS_CveMod
CVE主防(HIPS/HIDS)
joplin
Joplin - an open source note taking and to-do application with synchronization capabilities for Windows, macOS, Linux, Android and iOS. Forum: https://discourse.joplinapp.org/
kingkong
解密哥斯拉webshell管理工具流量
LuWu
红队基础设施自动化部署工具
Malware-analysis-and-Reverse-engineering
Some of my publicly available Malware analysis and Reverse engineering.
Medusa
:cat2:Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
OSCP-Exam-Report-Template-Markdown
:orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
OSINT
平时关注的一些情报来源
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
pentest
内网渗透中的一些工具及项目资料
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE
privilege-escalation-awesome-scripts-suite
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.
Red-Teaming-Toolkit
A collection of open source and commercial tools that aid in red team operations.
remote-method-guesser
Java RMI Vulnerability Scanner
rustdesk
RustDesk | The best open source remote desktop software
Search-Tools
聚合空间测绘搜索(Fofa,Zoomeye,Quake,Shodan,Censys,BinaryEdge)
sendMail
批量发送钓鱼邮箱
SZhe_Scan
碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC
Text_Classification
Text Classification Algorithms: A Survey
TP-Link-wr940n-vulnerability-details
Details of vulnerability of TP-Link router wr940n
WindowsElevation
Windows Elevation(持续更新)
ZhouYu
(周瑜)Java - SpringBoot 持久化 WebShell