Weiho's repositories
redteam-tips
关于红队方面的学习资料
web-sec-interview
Information Security (Web Security/Penetration Testing Direction) Interview Questions/Solutions 信息安全(Web安全/渗透测试方向)面试题/解题思路
SecurityManageFramwork
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
ElegyRAT-C-Sharp
Open-Source Remote Administration Tool For Windows C# (Be Based On AsyncRAT)
awesome-java-security-checklist
awesome-java-security-checklist(关于Java安全方面,Java基础/审计/修复/设计/规范)
SiteServer-CMS-Remote-download-Getshell
SiteServer CMS 5.x远程模板下载Getshell漏洞
cobaltstrike-yara
用于检测和分析 Cobalt Strike 的 代码和yara规则
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
IBOS-OA-Remote-Download-Getshell
IBOS OA 4.x /data/restore.php数据恢复工具远程下载Getshell漏洞
Cloud-Bucket-Leak-Detection-Tools
六大云存储,泄露利用检测工具
Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
commando-vm
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Reverse-IP
IP反查域名小脚本,用于信息收集和旁注
boko
Application Hijack Scanner for macOS
BREAK
业务风险枚举与规避知识框架(Business Risk Enumeration & Avoidance Kownledge)
DongTai
DongTai is an interactive application security testing(IAST) product that supports the detection of OWASP WEB TOP 10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabilities, unauthorized access vulnerabilities, etc.), third-party component vulnerabilities, etc.
DongTai-agent-java
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
DongTai-Doc
DongTai IAST documentation.
Red-Teaming-Bypass-AV
Mainly recorded in the daily work of the red team, how I Bypass the Anti virus
SCFProxy
A proxy tool based on cloud function.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
zhaoweiho.github.io
Weiho's Blog