nighter233's repositories
acefile
POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/
BypassAntiVirus
远控免杀系列文章及配套工具,搜集汇总了互联网上的几十种免杀工具和免杀方法,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
CobaltStrike
CobaltStrike's source code
Cobaltstrike-MS17-010
cobaltstrike ms17-010 module and some other
commando-vm
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.
dictionary
来自pwn硬糖师傅的爆破字典
free-api
收集免费的接口服务,做一个api的搬运工
K8tools
K8工具(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)
Ladon
大型内网渗透扫描器&Cobalt Strike,包含信息收集/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、Weblogic、ActiveMQ、Tomcat等,密码口令爆破含(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB)等,可高度自定义插件支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器一键生成Web漏洞POC,可快速扩展扫描或利用能力。支持Cobalt Strike插件化直接内存加载Ladon扫描快速拓展内网横向移动
legion
Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
pentest-1
渗透测试用到的东东
PPT
PPT教程
PrivExchange
Exchange your privileges for Domain Admin privs by abusing Exchange
Red-Team-links
2019年红队资源链接,资源不是本人整理出来,来自互联网,因为流传的少,特意在此做个备份,做个分享。
RedTeamer
红方人员作战执行手册
shadowsocks
Redirect attack on Shadowsocks stream ciphers
SharpDecryptPwd
对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)。
SRC-experience
工欲善其事,必先利其器
sudo_inject
[Linux] Two Privilege Escalation techniques abusing sudo token
tokenx_privEsc
with metasploit
wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
webshellSample
webshell sample for WebShell Log Analysis
wooyun-payload
从wooyun中提取的payload,以及burp插件
xray
xray 安全评估工具