wuxueeee's repositories
atexec-pro
Fileless atexec, no more need for port 445
Banshee
Experimental Windows x64 Kernel Rootkit.
btcloud
PHP开发的宝塔面板第三方云端
CS-AutoPostChain
基于 OPSEC 的 CobaltStrike 后渗透自动化链
CVE-2024-20931
CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839
DongTai
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
EHole_magic_magic
可以指定状态码和标题以排除不想要的数据,支持从管道符传入参数,根据cms类型来做总结输出
eop24-26229
A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a privileged user
frp
基于frp-0.58.1魔改二开,随机化socks5账户密码及端口、钉钉上线下线通知、配置文件oss加密读取、域前置防止溯源、源码替换/编译混淆等
GoDhijacking
Red team tool designed for quickly identifying hijackable programs, evading antivirus software, and EDR (Endpoint Detection and Response) systems. 红队工具旨在快速识别可劫持程序、逃避防病毒软件和 EDR(端点检测和响应)系统。
goon
goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含:ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如netbios探测等功能。
grok-1
Grok open release
HackBrowserData
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
java-memshell-generator
一款支持高度自定义的 Java 内存马生成工具|A highly customizable Java memory-shell generation tool.
Jie
Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers.(expectations)
ksubdomain
子域名爆破,增加了智能爬虫功能
Pillager
Pillager是一个适用于后渗透期间的信息收集工具
POC1
收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了300多个poc/exp,长期更新。
poc_exp
持续更新poc/exp,后续会加入yaml,敬请关注
pumpbin
🎃 PumpBin is an Implant Generation Platform.
SearchAvailableExe
寻找可利用的白文件
SecGPT
SecGPT网络安全大模型
shadow-rs
Windows Kernel Rootkit in Rust
web-sec
WEB安全手册(红队安全技能栈),漏洞理解,漏洞利用,代码审计和渗透测试总结。【持续更新】
webcopilot
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
WIKI-POC
漏洞库
yuze
A socksv5 proxy tool Written by CLang. 一款纯C实现的基于socks5协议的轻量内网穿透工具,支持ew的全部数据转发方式,支持跨平台使用