SaiRson's Projects
A powerful modern CLI and SHELL
windows task scheduler in golang
H是一款强大的资产收集管理平台
:snowman: Get the User:Password from Chrome(include version < 80 and version > 80)
自己辅助渗透用的小工具(真心小工具)
Crack hashes in seconds.
The Havoc Framework
Original C Implementation of the Hell's Gate VX Technique
Impacket is a collection of Python classes for working with network protocols.
Template-Driven AV/EDR Evasion Framework
运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程,可以自己根据喜好定制功能,InCloud已经为您定制好了八种针对网段和域名的不同场景的信息收集与漏洞扫描流程。
Inject .NET assemblies into an existing process
Tool for port forwarding & intranet proxy
Library for creating interactive cli applications.
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
结合反射调用、Javac动态编译、ScriptEngine调用JS技术和各种代码混淆技巧的一款免杀JSP Webshell生成工具,已支持蚁剑免杀
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
简单封装和编写的Kerberostring脚本,辅助攻击过程
Kscan是一款轻量级的资产发现工具,可针对IP/IP段或资产列表进行端口扫描以及TCP指纹识别和Banner抓取,在不发送更多的数据包的情况下尽可能的获取端口更多信息。
自用的LDAP测试工具,一键启动
《Golang安全资源大全-只有Go语言才能改变世界》Only Golang Can Change The World.
漏洞poc&exp存档
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Remote Code Injection In Log4j