2000xch
Follow
Stars
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Rust Weaponization for Red Team Engagements.
学习安全运营的记录 | The knowledge base of security operation
xia SQL (瞎注) burp 插件 ,在每个参数后面填加一个单引号,两个单引号,一个简单的判断注入小插件。
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
This tool use fuuzzing to try to bypass unknown authentication methods, who knows...
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
Linux privilege escalation auditing tool
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
本项目制作的初衷是帮助渗透新手快速搭建工作环境,工欲善其事,必先利其器。
Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境
A little tool to play with Windows security
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…
Automatic SSRF fuzzer and exploitation tool
BC-SECURITY / Empire
Forked from EmpireProject/EmpireEmpire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Website Cloner - Utilizes powerful Go routines to clone websites to your computer within seconds.
红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool