whoamisysteminfo's repositories
Behold3r
👻Behold3r -- 收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
CVE-2020-0688
Exploit and detect tools for CVE-2020-0688
CVE-2020-0688_EXP
CVE-2020-0688_EXP Auto trigger payload & encrypt method
cve-2020-0689
cve-2020-0688
Fake-flash.cn
www.flash.cn 的钓鱼页,中文+英文
fakelogonscreen
Fake Windows logon screen to steal passwords
ghostmirror
通过webshell实现的内网穿透工具
how-does-Xmanager-encrypt-password
This is a repo to tell you how Xmanager (XFtp, XShell) encrypt password. Transferred from https://github.com/DoubleLabyrinth/how-does-Xmanager-encrypt-password
IIS-Raid
A native backdoor module for Microsoft IIS (Internet Information Services)
MiniDumpWriteDump
利用windows api dump进程(Csharp)
Neo-reGeorg
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
Open-Windows-Exec-Check
Takes known Windows credentials to determine which services on which hosts can be used for RCE. Current Checks: RDP, SMBexec, PSexec, Task Schedule (atexec), DCOM, WMI
pentesttools
redteam
poc
Proof of Concepts
PrivescCheck
Privilege Escalation Enumeration Script for Windows
SharpDecryptPwd
对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)。
SharpMiniDump
Create a minidump of the LSASS process from memory
SharpNetCheck
在内网渗透过程中,对可以出网的机器是十分渴望的。在收集大量弱口令的情况下,一个一个去测试能不能出网太麻烦了。所以就有了这个工具,可配合如wmiexec、psexec等横向工具进行批量检测,该工具可以在dnslog中回显内网ip地址和计算机名,可实现内网中的快速定位可出网机器。
SharpSQLDump
内网渗透中快速获取数据库所有库名,表名,列名。具体判断后再去翻数据,节省时间。适用于mysql,mssql。
Stowaway
Multi-hop Proxy Tool for pentesters
Trigger_mysql_udf_windows
Tutorial untuk trigger mysql dengan sys_exec & sys_val pada Windows
vcpkg
C++ Library Manager for Windows, Linux, and MacOS
webshell-detect-bypass
绕过专业工具检测的Webshell研究文章和免杀的Webshell
xssplatform
一个经典的XSS渗透管理平台