Pinned Repositories
2022-HW-POC
2022 护网行动 POC 整理
ActiveDirectoryRedTeaming
Tools & TTP's for Active Directory Red Teaming
ADReaper
A fast enumeration tool for Windows Active Directory Pentesting written in Go
AhMyth-Android-RAT
Android Remote Administration Tool
black
Windows权限维持工具(Windows_shell)
log4j2_burp_scan
log4j2 被动 burp rce扫描工具 get post cookie 全参数识别
node-let-s-encrypt-aliyun-job
基于阿里云DNS解析的`Let's Encrypt` 一键式申请管理SSL脚本。
scLoader
CS shellcode 加载器
M00nT0's Repositories
M00nT0/2022-HW-POC
2022 护网行动 POC 整理
M00nT0/ActiveDirectoryRedTeaming
Tools & TTP's for Active Directory Red Teaming
M00nT0/blogs
PentestNotes
M00nT0/BypassAnti-Virus
免杀姿势学习、记录、复现。
M00nT0/CVE-2022-0995
CVE-2022-0995 exploit
M00nT0/CVE-2022-30190-follina-Office-MSDT-Fixed
CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。
M00nT0/FinalShell-Decoder
FinallShell 密码解密GUI工具
M00nT0/GatherInfo
渗透测试信息收集/内网渗透信息收集
M00nT0/go-inject
Process injection techniques written in Go.
M00nT0/go-shellcode-loader
GO免杀shellcode加载器混淆AES加密
M00nT0/GoBypassAV
整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一些资料和工具。
M00nT0/GodzillaSource
哥斯拉源码-v3.03-godzilla
M00nT0/HW-POC
HW-POC
M00nT0/iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11
M00nT0/JNDI-Injection-Exploit-Plus
50+ Gadgets(20 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
M00nT0/linux_dirty
更改后的脏牛提权代码,可以往任意文件写入任意内容,去除交互过程
M00nT0/PetitPotam
替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized
M00nT0/pyyso
pyyso is a Python package that generate java serialized poc. Including CommonsCollections1-7, JDK7u21, JDK8u20, ldap for jndi, shiro-550, CommonsBeanutils1 no cc, JRMPClient, high version JDK Bypass, Fake MySQL for JDBC attack
M00nT0/RDPHijack-BOF
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
M00nT0/RedisEXP
Redis 漏洞利用工具
M00nT0/RedTeamNotes
红队笔记
M00nT0/sanfor_log_center_rce_poc
sanfor_log_center_rce_poc
M00nT0/scan4all
基于优化后的vscan,继续走更多集成、自动化功能,集成subfinder(子域名爆破)、naabu(集成nmap,端口扫描、服务识别)、httpx(web扫描)、nuclei(漏洞扫描)、kscan 11种弱口令检测...
M00nT0/scaninfo
fast scan for redtools
M00nT0/ssrf_redis_getshell
通过ssrf漏洞对redis资产进行getshell的常见姿势
M00nT0/SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
M00nT0/TrampHook
x86 Trampoline Hook
M00nT0/tsh-go
Tiny SHell Go - An open-source backdoor written in Go
M00nT0/xray1.9.0-Preview-Cracked
xray1.9.0(Preview) cracked
M00nT0/yapi
Docker for YApi 一键部署YApi