hhhhh's repositories
LinuxCheck
linux信息收集/应急响应/常见后门检测脚本
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
BurpSuite-Extender-fastjson
在瓦都尅师傅的脚本改了一个bp自动检测fastjson rce的py插件,可检测1.2.24和1.2.47。若存在漏洞自动标注该流量,并在output中输出内容。 python脚本自行修改ceye和token值。 Reference:https://www.w2n1ck.com/article/44/
CVE-2019-7238_Nexus_RCE_Tool
CVE-2019-7238 Nexus RCE漏洞图形化一键检测工具。CVE-2019-7238 Nexus RCE Vul POC Tool.
du-app
毒 app sign 签名 js 解密的 python 复写版本
FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
go-gin-example
An example of gin
information-security
A place where I can create, collect and share tooling, resources and knowledge about information security.
maigret
🕵️♂️ Collect a dossier on a person by username from thousands of sites
metasploit-framework
Metasploit Framework
Middleware-Vulnerability-detection
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
NTLMRawUnHide
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
PowerHuntShares
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
RedGuard
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
suricata-rules
Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
traefik
The Cloud Native Application Proxy
Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
VulDB_Spider
vulnerability database spider 爬取NVD、CNVD、CNNVD等漏洞数据库
Vulnerability-analysis
Vulnerability-analysis Poc、python shell
vulnerability-list
在渗透测试中快速检测常见中间件、组件的高危漏洞。
windows-arm
Windows for ARM in a Docker container.
windows_baseline
windows基线脚本(powershell)