Roc木木's starred repositories
HiddenDesktop
HVNC for Cobalt Strike
JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
Cookie-and-Handle-Stealer
C or BOF file to extract WebKit master key to decrypt user cookie
JavaFileDict
Java应用的一些配置文件字典,来源于公开的字典与平时收集
SKRoot-linuxKernelRoot
新一代SKRoot,挑战全网root检测手段,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,全程不需要暂停SELinux,实现真正的SELinux 0%触碰,通用性强,通杀所有内核,不需要内核源码,直接patch内核,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。
aliyunctf-ezbean
aliyunctf-ezbean environment
Burp2Malleable
Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
Jenkins_Credentials_Crack
Jenkins凭据解密脚本,增加对publish_over_ssh插件支持
frpCracker
一款golang编写的,批量检测frp server未授权访问、弱token的工具
WeblogicTool
WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执行、内存马注入、密码解密等(深信服深蓝实验室天威战队强力驱动)
delete-self-poc
A way to delete a locked file, or current running executable, on disk.
cheatsheet
华顺信安技术羊皮卷
Databasetools
一款用Go语言编写的数据库自动化提权工具,支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接
JundeadShell
Java内存马注入工具
nativeRasp
nativeRasp that can hook native methods
SysWhispers3WinHttp
Syscall免杀
MisConfig_HTTP_Proxy_Scanner
The scanner helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers