sanchahua's repositories
2022-HW-POC
2022 护网行动 POC 整理
AD_Pentest
红队|域渗透重要漏洞汇总(持续更新)
Arjun
HTTP parameter discovery suite.
CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
donut
DONUTS DONUTS DONUTS 🍩
donut-1
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
dumpall
一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出
excavator
Passive DAST Scanner(被动式黑盒漏洞扫描器)
go-memexec
Run code from memory
hackerone-reports
Top disclosed reports from HackerOne
hooker
🔥🔥hooker是一个基于frida实现的逆向工具包。为逆向开发人员提供统一化的脚本包管理方式、通杀脚本、自动化生成hook脚本、内存漫游探测activity和service、firda版JustTrustMe、disable ssl pinning
Jlaive
Antivirus evasion tool (crypter) that converts executables into undetectable batch files.
MYExploit
OAExploit一款基于产品的一键扫描工具。
mysql-fake-server
MySQL Fake Server (纯Java实现,内置常见Java反序列化Payload,支持GUI版和命令行版,提供Dockerfile)
NextScan
飞刃是一套完整的企业级黑盒漏洞扫描系统,集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库,覆盖多种漏洞类型和应用程序框架。
SecurityList
A list for Web Security and Code Audit
ShellcodeFrame
ShellcodeFrame
SMSBoom
短信轰炸/短信测压/ | 一个健壮免费的python短信轰炸程序,专门炸坏蛋蛋,百万接口,多线程全自动添加有效接口,支持异步协程百万并发,全免费的短信轰炸工具!!hongkonger开发全网首发!!
sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
Tai-e
An easy-to-learn/use static analysis framework for Java
tomcter
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
URLFinder
类似JSFinder的golang实现,一款用于快速提取检测页面中JS与URL的工具,更快更全更舒服
winlog
一款基于go的windows信息收集工具,主要收集目标机器rdp端口、mstsc远程连接记录、mstsc密码和安全事件中4624、4625登录事件记录
wsMemShell
WebSocket 内存马,一种新型内存马技术
yakit
Cyber Security ALL-IN-ONE Platform
zui
Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.