wuppp

followers

following

stars

Roc木木's starred repositories

HiddenDesktop

HVNC for Cobalt Strike

Language:CMIT112000

JNDI-Injection-Exploit-Plus

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Language:JavaMIT61800

Cookie-and-Handle-Stealer

C or BOF file to extract WebKit master key to decrypt user cookie

Language:C15600

JavaFileDict

Java应用的一些配置文件字典，来源于公开的字典与平时收集

Sylas

新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool

Language:JavaGPL-3.047500

Goby

Language:Python54200

SKRoot-linuxKernelRoot

新一代SKRoot，挑战全网root检测手段，跟面具完全不同思路，摆脱面具被检测的弱点，完美隐藏root功能，全程不需要暂停SELinux，实现真正的SELinux 0%触碰，通用性强，通杀所有内核，不需要内核源码，直接patch内核，兼容安卓APP直接JNI调用，稳定、流畅、不闪退。

Language:C++241300

aliyunctf-ezbean

aliyunctf-ezbean environment

Language:Java400

Burp2Malleable

Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

Language:PythonMIT34400

inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Language:PythonApache-2.0148500

RedCaddy

C2 redirector base on caddy

Language:Python18500

Jenkins_Credentials_Crack

Jenkins凭据解密脚本，增加对publish_over_ssh插件支持

Language:Python4100

resocks

mTLS-Encrypted Back-Connect SOCKS5 Proxy

Language:GoMIT37500

wmi-hack-py

Language:Python4900

frpCracker

一款golang编写的，批量检测frp server未授权访问、弱token的工具

Language:GoMIT11000

yaklang

A programming language exclusively designed for cybersecurity

Language:GoAGPL-3.036300

WeblogicTool

WeblogicTool，GUI漏洞利用工具，支持漏洞检测、命令执行、内存马注入、密码解密等（深信服深蓝实验室天威战队强力驱动）

delete-self-poc

A way to delete a locked file, or current running executable, on disk.

Language:CMIT47900

JSPHunter

基于污点分析和模拟栈帧技术的JSP Webshell检测

Language:Java4300

cheatsheet

华顺信安技术羊皮卷

Language:Jupyter Notebook15000

Databasetools

一款用Go语言编写的数据库自动化提权工具，支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接

Language:Go66600

vcenter_tool

Language:Java2400

Unhooker

EDR绕过demo

Language:Go27000

JundeadShell

Java内存马注入工具

Language:Java23400

BpScan

一款用于辅助渗透测试工程师日常渗透测试的Burp被动漏扫插件

Language:Java23200

NextScan

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

Language:JavaScript109200

nativeRasp

nativeRasp that can hook native methods

Language:CGPL-3.02500

Weblogic

WebLogic vulnerability exploration from beginner to expert.

SysWhispers3WinHttp

Syscall免杀

Language:CApache-2.047400

MisConfig_HTTP_Proxy_Scanner

The scanner helps to scan misconfigured reverse proxy servers and misconfigured forward proxy servers

Language:PythonApache-2.017000