Taro's repositories
AV_Evasion_Tool
掩日 - 免杀执行器生成工具
books
📚 All programming languages books
BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
CTF_Hacker-Tools
CTF-渗透测试~工具合集
dazzleUP
A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
jxwaf
JXWAF(锦衣盾)是一款开源web应用防火墙
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon6.6内置74个模块,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列,密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
osctrl
Fast and efficient osquery management
osquery-attck
Mapping the MITRE ATT&CK Matrix with Osquery
owasp-modsecurity-crs
OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
PoshC2
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
PowerZure
PowerShell framework to assess Azure security
Privilege-Escalation
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
RedTeamTools
记录自己写的部分工具
saferwall
A hackable malware sandbox for the 21st Century
Sn1per
Automated pentest framework for offensive security experts
Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, CLM and Script Block Logging disabled at startup
tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Unlock-netease-cloud-music
解锁网易云音乐客户端变灰歌曲
venom
venom - shellcode generator/compiler/handler (metasploit)
WAF_Bypass_Guide
Guide For WAF Bypass Techniques
WebAliveScan
对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合
WMIHACKER
A Bypass Anti-virus Software Lateral Movement Command Execution Tool