DevilMayCrying

Pinned Repositories

0days
00000000000000000000
Language:C00
520apkhook
对安卓APP注入MSF PAYLOAD，并且对手机管家进行BYPASS。
Language:Python0 0 00
amap_arrivalRange
Language:Vue00
Android-Vulnerability-Mining
Android APP漏洞之战系列，主要讲述如何快速挖掘APP漏洞
Language:Python0 0 00
AndroidFridaBeginnersBook
《安卓Frida逆向与抓包实战》随书附件
Language:C00
AndroidTools
0 1 00
burpsuit
Language:PHP1 0 01
huntingday.github.io
Language:HTML1 0 00
powercat
netshell features all in version 2 powershell
Language:PowerShell1 0 00
XSS-Payloads
List of XSS Vectors/Payloads
1 0 00

DevilMayCrying's Repositories

DevilMayCrying/ApkShellingDemo
使用 xposed 框架，获取通过 360加固、梆梆加固、腾讯乐固、百度加固这种免费加固过应用的 dex文件。实现反编译
Language:Java00
DevilMayCrying/Awesome-WAF
🔥 Everything awesome about web-application firewalls (WAF).
Language:Python00
DevilMayCrying/BADministration
DevilMayCrying/behinder_source
冰蝎的源码（Decompile & Fixed）
DevilMayCrying/bypassWAF
bypassD盾、安全狗、云锁
DevilMayCrying/Cobalt-Strike-Aggressor-Scripts
Cobalt Strike Aggressor 插件包
DevilMayCrying/CVE-2019-7238
Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0
DevilMayCrying/Fake-flash.cn
www.flash.cn 的钓鱼页，中文+英文
DevilMayCrying/fastjson-blacklist
Language:Java
DevilMayCrying/FastjsonExploit
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
DevilMayCrying/Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS，后面更新的慢，所以公开出来希望跟小伙伴们一起更新维护~
DevilMayCrying/Invoke-PortscanPro
一个可以识别常见服务、获取web title、获取netbios信息的powershell扫描脚本
DevilMayCrying/Java-Security
Java Security Documents
DevilMayCrying/jd-assistant
京东抢购助手：包含登录，查询商品库存/价格，添加/清空购物车，抢购商品(下单)，查询订单等功能
DevilMayCrying/jsEncrypter
一个用于前端加密Fuzz的Burp Suite插件
DevilMayCrying/Ladon
大型内网渗透扫描器&Cobalt Strike，包含信息收集/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、Weblogic、ActiveMQ、Tomcat等，密码口令爆破含(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB)等,可高度自定义插件支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器一键生成Web漏洞POC,可快速扩展扫描或利用能力。支持Cobalt Strike插件化直接内存加载Ladon扫描快速拓展内网横向移动
DevilMayCrying/note
记录自己写的工具和学习笔记
DevilMayCrying/scripts
主要是收集自己编写、改造的一些小的脚本:ip-reverse-to-domain| findSubDomains| Shodan| ZoomEye| Censys|ecshop|vul-info-collect|cve_for_today|telnet
DevilMayCrying/ServerScan
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
DevilMayCrying/SharpToolsAggressor
内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
DevilMayCrying/SpringBootScan
扫描网站是否存在SpringBoot API信息泄漏或阿里云存储OSSKEY泄漏
DevilMayCrying/SRC-script
挖掘src常用脚本
DevilMayCrying/SSRFmap
Automatic SSRF fuzzer and exploitation tool
DevilMayCrying/tools
一些实用的python脚本
DevilMayCrying/Trishul
Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.
DevilMayCrying/Vxscan
python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。
DevilMayCrying/WeblogicEnvironment
Weblogic环境搭建工具
DevilMayCrying/webshell-detect-bypass
绕过专业工具检测的Webshell研究文章和免杀的Webshell
DevilMayCrying/Wordlists
Various Payload wordlists
DevilMayCrying/XSS-Fishing2-CS
鱼儿在cs上线后自动收杆|Automatically stop fishing in javascript after the fish is hooked