Iamnotbad

Iamnotbad's Stars

• API-Security/APIKit

  APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

  Language:Java1.9k166

• theLSA/emergency-response-checklist

  应急响应指南 / emergency response checklist

  666132

• DiogoMRSilva/websitesVulnerableToSSTI

  Simple websites vulnerable to Server Side Template Injections(SSTI)

  Language:PHP37284

• PortSwigger/bypass-bot-detection

  Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection

  Language:Java1868

• esrrhs/spp

  A simple and powerful proxy

  Language:Go828117

• miss-mumu/developer2gwy

  公务员从入门到上岸，最佳程序员公考实践教程

  8k675

• lemono0/FastJsonParty

  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

  Language:Python81293

• dogadmin/windodws-logs-analysis

  windows日志一键分析小工具

  32045

• threedr3am/JSP-WebShells

  Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势

  Language:Java1.3k321

• vxCrypt0r/Voidgate

  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.

  Language:C++44170

• fofapro/Hosts_scan

  这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

  Language:Python1.1k158

• X1r0z/EBurstGo

  利用 Exchange 服务器 Web 接口爆破邮箱账户 | Brute force email accounts using Exchange server web endpoints

  Language:Go798

• T4y1oR/RingQ

  一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

  Language:C++1.1k100

• whocansee/FilelessAgentMemShell

  无需文件落地Agent内存马生成器

  Language:Java21314

• f0ng/captcha-killer-modified

  captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

  Language:Java1.4k140

• wy876/POC

  收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1000多个poc/exp，长期更新。

  3.6k744

• onewinner/POCS

  收集最新漏洞POC（Yaml\Python）

  Language:Python11724

• F6JO/RouteVulScan

  Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件

  Language:Java1.1k80

• INotGreen/Webshell-loader

  ASPX内存执行shellcode,绕过Windows Defender（AV/EDR）

  Language:ASP.NET10511

• OsmanKandemir/web-wordlist-generator

  WEB-Wordlist-Generator creates related wordlists after scanning your web applications.

  Language:Python416

• wafinfo/DecryptTools

  DecryptTools-综合解密

  87397

• Naturehi666/searchall

  强大的敏感信息搜索工具

  Language:Go79766

• Accenture/Spartacus

  Spartacus DLL/COM Hijacking Toolkit

  Language:C#979130

• xinxin999/My-Summarizing

  我自己的一些总结

  5016

• CodingGay/BlackDex

  BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.

  Language:C++5.7k1.2k

• R4gd0ll/I-Wanna-Get-All

  OA漏洞利用工具

  97877

• skylot/jadx

  Dex to Java decompiler

  Language:Java41.1k4.8k

• horsicq/XAPKDetector

  APK/DEX detector for Windows, Linux and MacOS.

  Language:C++59588

• WindXaa/Android-Vulnerability-Mining

  Android APP漏洞之战系列，主要讲述如何快速挖掘APP漏洞

  Language:Python58987

• firerpa/lamda

  ⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化取证 ALL-IN-ONE 框架，你的工作从未如此简单快捷。

  Language:Python5.9k836