xushidajiang Goto Github PK

-baseline-check

windows和linux基线检查，配套自动化检查脚本。纯手打。

awesome-cobaltstrike

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

awesome-pentest-note

渗透测试☞经验/思路/总结

burpsuite-collections

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

cobalt_strike_bot

command

红队常用命令速查

dhlyk

大灰狼远控木马 V9.5 源码

empire

Empire is a PowerShell and Python 3.x post-exploitation framework.

espoofer

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

fastjson

Fastjson姿势技巧集合

fuso

一款体积小, 快速, 稳定, 高效, 轻量的内网穿透, 端口转发工具 支持多连接,级联代理,传输加密 (A small volume, fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption)

gitbook

golangbypassav

研究利用golang各种姿势bypassAV

intranet_penetration_tips

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~

jd_tencent_scf

自用京东JS脚本，已加入助力池；支持【青龙】、【腾讯云函数】、【elecV2P】；低调使用，请勿fork！！！

kernelhub

:palm_tree:Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

krbrelayup

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

library-poc

基于Pocsuite3、goby编写的漏洞poc&exp存档

log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

mailsniper

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

penetration_testing_poc

有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

poclist

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE

proxypool

自动抓取tg频道、订阅地址、公开互联网上的ss、ssr、vmess、trojan节点信息，聚合去重后提供节点列表，每15分钟更新

pytranscriber

pyTranscriber can be used to generate automatic transcription / automatic subtitles for audio/video files through a friendly graphical user interface.

redelk

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

springframework_cve-2022-22965_rce

SpringFramework 远程代码执行漏洞CVE-2022-22965

tabby

A terminal for a more modern age

upx

UPX - the Ultimate Packer for eXecutables

uuidshellcodeexec

PoC for UUID shellcode execution using DInvoke