MDhost's Stars
mcw0/PoC
Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported.
terjanq/Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Ascotbe/Kernelhub
:palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
foryujian/ipintervalmerge
IP区间批量合并工具,合并重叠交集的IP范围
RedSiege/EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
w5teams/w5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
jayus0821/swagger-hack
自动化爬取并自动测试所有swagger接口
Power7089/PenetrationTest-Tips
渗透测试,渗透测试小技巧,渗透测试Tips,师傅们跟我一起维护更新吧~
knownsec/LSpider
LSpider 一个为被动扫描器定制的前端爬虫
EXP-Tools/threat-broadcast
威胁情报播报
nomi-sec/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Maskhe/cve-2020-2555
CVE-2020-2555
zhzyker/exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Y4er/CVE-2020-14756
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar
pandasec888/taowu-cobalt_strike
test502git/awvs14-scan
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项,支持联动xray、burp、w13scan等被动批量
lengjibo/RedTeamTools
记录自己编写、修改的部分工具
fengdongdongwsn/PdfTool
pdf转word
lz520520/railgun
tammypi/remote_control_tool
dafthack/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
BOFs/365CS
CobaltStrike优秀资源
s7ckTeam/LeakFinder
LeakFinder(觅露)为s7ck Team 红队云武器库F-Box里的一款信息泄露浏览搜集浏览器插件。
hayasec/360SafeBrowsergetpass
这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
cobbr/Covenant
Covenant is a collaborative .NET C2 framework for red teamers.
uknowsec/SharpDecryptPwd
对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)。源码:https://github.com/RowTeam/SharpDecryptPwd
s7ckTeam/Glass
Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。
s7ckTeam/HackTools
HackTools(如当)为s7ck Team 红队武器库F-Box里的一款汉化的红队浏览器插件。
Al1ex/CVE-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE
shadow1ng/fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。