村花's repositories
2022-HW-POC
2022 护网行动 POC 整理
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
AniYa
免杀框架
ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
BypassAnti-Virus
免杀姿势学习、记录、复现。
CaptfEncoder
Captfencoder is a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.
cobaltstrike_bofs
My CobaltStrike BOFS
CVE-2022-34918
CVE-2022-34918 netfilter nf_tables 本地提权 POC
DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
dirsearch
Web path scanner
DogCs4.4
cs4.4修改去特征狗狗版(美化ui,去除特征,自带bypass核晶截图等..)
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
ENScan_GO
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
Go_Bypass
Golang Bypass Av Generator template
GoFileBinder
golang免杀捆绑器
horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
linbing
本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫描.前端采用vue技术,后端采用python fastapi.
OneForAll
OneForAll是一款功能强大的子域收集工具
PersistenceSniper
Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.
pikachu
一个好玩的Web安全-漏洞测试平台
Pokemon-Shellcode-Loader
Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you.
pxplan
CVE-2022-2022
ransomware-simulator
Ransomware simulator written in Golang
RedGuard
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
SharpWxDump
微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录));支持获取多用户信息,不定期更新新版本偏移,目前支持所有新版本、正式版本
tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
wsMemShell
WebSocket 内存马,一种新型内存马技术