xxxxxyyyy's repositories
aquatone
A Tool for Domain Flyovers
Botnet-blogpost
This repo basically contains the code that was mentioned in the blogposts that was written by me at:
CACTUSTORCH
CACTUSTORCH: Payload Generation for Adversary Simulations
CMSeeK
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 100 other CMSs
commonspeak
Content discovery wordlists generated using BigQuery
CVE-2018-15473-Exploit
Exploit written in Python for CVE-2018-15473 with threading and export formats
CVE-2018-8120
CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7
Empire-mod-Hackplayers
PowerShell Empire mod to post-exploit the World!
ExchangeRelayX
An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.
gitrob
Reconnaissance tool for GitHub organizations
HackBar
HackBar plugin for Burpsuite v0.2 beta
htpwdScan
A python HTTP weak pass scanner
OSCPRepo
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder.
passmaker
可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
penetration
渗透 超全面的渗透资料💯 包含:0day,xss,sql注入,提权……
php_bugs
PHP代码审计分段讲解
pydictor
A powerful and useful hacker dictionary builder for a brute-force attack
ReconDog
Reconnaissance Swiss Army Knife
Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
Sn1per
Automated Pentest Recon Scanner
struts-scan
Python2编写的struts2漏洞全版本检测和利用工具
subscraper
External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
upload-labs
一个帮你总结所有类型的上传漏洞的靶场
WAFNinja
WAFNinja is a tool which contains two functions to attack Web Application Firewalls.
WMImplant
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.