startagain2016's repositories
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
Ashro_linux
Linux通用应急响应脚本,适用大多数情况
BurpAPIFinder
攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
colly
Elegant Scraper and Crawler Framework for Golang
CVE-2024-26229
CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
CVE-2024-4577
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
CVE-2024-4577-PHP-RCE
[漏洞复现] 全球首款利用PHP默认环境的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP,共享原创EXP,支持SSRF,支持绕过WAF。The world's first CVE-2024-4577 PHP-CGI RCE exploit utilizing the default PHP environment. Sharing original exploit, supports SSRF, supports WAF bypass.
CVE-2024-4578
CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters.
deoptimizer
Machine code de-optimizer.
Dsebler
Reimplementation of the KExecDD DSE bypass technique.
fs
符合个人渗透开发习惯的fscan
gost
GO Simple Tunnel - a simple tunnel written in golang
gwpsan
GWPSan: Sampling-Based Sanitizer Framework
LetMeowIn
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
nocodb
🔥 🔥 🔥 Open Source Airtable Alternative
OdinLdr
Cobaltstrike UDRL with memory evasion
PentesterSpecialDict
Dictionary sets often used in penetration testing work , 渗透测试工作中经常使用的字典集。
POC-3
收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了600多个poc/exp,长期更新。
qengine
C++ 17 or higher control flow obfuscation library for windows binaries
RflDllOb
Reflective DLL Injection Made Bella
ROP_ROCKET
ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP. The framework utilizes emulation and obfuscation to help expand the attack surface.
RWX_MEMEORY_HUNT_AND_INJECTION_DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
ScopeSentry-Scan
ScopeSentry工具扫描端源码
scrcpy
Display and control your Android device
spp
A simple and powerful proxy
ssh3
SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
TabNine
AI Code Completions
wstunnel
Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
zmap
ZMap is a fast single packet network scanner designed for Internet-wide network surveys.