Weiho's Projects
A curated list of awesome Hacking tutorials, tools and resources
awesome-java-security-checklist(关于Java安全方面,Java基础/审计/修复/设计/规范)
A list of web application security
Application Hijack Scanner for macOS
业务风险枚举与规避知识框架(Business Risk Enumeration & Avoidance Kownledge)
六大云存储,泄露利用检测工具
用于检测和分析 Cobalt Strike 的 代码和yara规则
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.
DongTai is an interactive application security testing(IAST) product that supports the detection of OWASP WEB TOP 10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabilities, unauthorized access vulnerabilities, etc.), third-party component vulnerabilities, etc.
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
DongTai IAST documentation.
Open-Source Remote Administration Tool For Windows C# (Be Based On AsyncRAT)
Malicious DLL (Reverse Shell) generator for DLL Hijacking
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
IBOS OA 4.x /data/restore.php数据恢复工具远程下载Getshell漏洞
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
基于opencanary的蜜罐web服务端|The Web App of opencanary secondary development
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
PhishingExploit
Mainly recorded in the daily work of the red team, how I Bypass the Anti virus
关于红队方面的学习资料
红队作战中比较常遇到的一些重点系统漏洞整理。
IP反查域名小脚本,用于信息收集和旁注
A proxy tool based on cloud function.
信息安全从业者书单推荐