Pinned Repositories
APPPrivacyDetect
响应工信部通报的应用隐私检测——Frida检测APP违规收集信息
awvs14-scan
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
Blasting_dictionary
爆破字典
BrowserGhost
这是一个抓取浏览器密码的工具,后续会添加更多功能
CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
CobaltStrike_CNA
使用多种WinAPI进行权限维持的CobaltStrike脚本,包含API设置系统服务,设置计划任务,管理用户等。
command
红队常用命令速查
CS-Loader
CS免杀
csOnvps
CobaltStrike4.4 一键部署脚本 随机生成密码、key、端口号、证书等,解决cs4.x无法运行在Linux上报错问题 灰常银杏化设计
CTF-Tools
这里存放的是我们团队做CTF题目的时候经常用到的一些工具
HitterGo's Repositories
HitterGo/APPPrivacyDetect
响应工信部通报的应用隐私检测——Frida检测APP违规收集信息
HitterGo/awvs14-scan
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
HitterGo/BrowserGhost
这是一个抓取浏览器密码的工具,后续会添加更多功能
HitterGo/CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
HitterGo/CobaltStrike_CNA
使用多种WinAPI进行权限维持的CobaltStrike脚本,包含API设置系统服务,设置计划任务,管理用户等。
HitterGo/command
红队常用命令速查
HitterGo/csOnvps
CobaltStrike4.4 一键部署脚本 随机生成密码、key、端口号、证书等,解决cs4.x无法运行在Linux上报错问题 灰常银杏化设计
HitterGo/CVE-2022-26134
CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection
HitterGo/CVE-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
HitterGo/fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
HitterGo/GBByPass
冰蝎 哥斯拉 WebShell bypass
HitterGo/Glass
Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。
HitterGo/Gobypass
一款可以过国内所有杀软可以过云查杀的shellcode loader
HitterGo/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
HitterGo/gophish
Open-Source Phishing Toolkit
HitterGo/JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
HitterGo/macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
HitterGo/ML
HitterGo/mobsfscan
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
HitterGo/nacos-poc
HitterGo/netspy
netspy是一款快速探测内网可达网段工具
HitterGo/nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
HitterGo/OneForAll
OneForAll是一款功能强大的子域收集工具
HitterGo/s2-062
远程代码执行S2-062 CVE-2021-31805验证POC
HitterGo/social-engineer-toolkit
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
HitterGo/superSearchPlus
superSearchPlus是聚合型信息收集插件,支持综合查询,资产测绘查询,信息收集 敏感信息提取 js资源扫描 目录扫描 vue组件扫描 整合了目前常见的资产测绘平台 专为白帽子提供快速侦测目标。
HitterGo/traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
HitterGo/webshell-free
webshell免杀案例
HitterGo/XSStrike
Most advanced XSS scanner.
HitterGo/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.