CrossTime's repositories
panos-scanner
Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
corax-community
Corax for Java: A general static analysis framework for java code checking.
tianya-docs
精心收集的天涯神贴,不带水印,方便阅读
gogo
面向红队的, 高度可控可拓展的自动化引擎
Havoc
The Havoc Framework.
joern
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
LadonGo
Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
jira-docker
docker 一键部署 JIRA 破解版
KCon
KCon is a famous Hacker Con powered by Knownsec Team.
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
pinduoduo_backdoor
拼多多apk内嵌提权代码,及动态下发dex分析
Hamster
Hamster是基于mitmproxy开发的异步被动扫描框架,基于http代理进行被动扫描,主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能(开发中)。
assets
test
geacon_plus
CobaltStrike beacon written in golang
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
glint
glint 是一款基于浏览器爬虫golang开发的web漏洞主动(被动)扫描器
2022-HW-POC
2022 护网行动 POC 整理
afrog
afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 - A tool for finding vulnerabilities
p611148aadsl.github.io
CrossTime的个人博客
GolangBypassAV
研究利用golang各种姿势bypassAV
SpringCore0day
SpringCore0day from https://share.vx-underground.org/
MemoryModule
Library to load a DLL from memory.
WebGoat
WebGoat is a deliberately insecure application
CVE-2021-43297-POC
CVE-2021-43297 POC,Apache Dubbo<= 2.7.13时可以实现RCE
Windows_Security_Resources
Windows Security Resources
websocket-client
WebSocket client for Python
JNDIExploit-1
一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。(from https://github.com/feihong-cs/JNDIExploit)
fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。