Pinned Repositories
BlueLotus_XSSReceiver
XSS平台 CTF工具 Web安全工具
Bypass-PHP-GD-Process-To-RCE
Reference: http://www.secgeek.net/bookfresh-vulnerability/
coremail-address-book
📧Coremail邮件系统组织通讯录导出脚本
exserial
Java Untrusted Deserialization Exploits Tools
fastjson_rce_tool
fastjson_rce工具,不用搭建HTTP服务,不受JDK版本限制
GoogleScraper
A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, Baidu and others) by using proxies (socks4/5, http proxy) and with many different IP's, including asynchronous networking support (very fast).
icmpsh
Simple reverse ICMP shell
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
lazykatz
Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software.
peepingtom
Rainism's Repositories
Rainism/coremail-address-book
📧Coremail邮件系统组织通讯录导出脚本
Rainism/fastjson_rce_tool
fastjson_rce工具,不用搭建HTTP服务,不受JDK版本限制
Rainism/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Rainism/MemoryShellLearn
分享几个直接可用的内存马,记录一下学习过程中看过的文章
Rainism/net_user_tools_bypass_hook_net.exe
绕过net监控小工具集
Rainism/Adamantium-Thief
Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks. Version > 80 is supported.
Rainism/avList
avList - 杀软进程对应杀软名称
Rainism/BurpCrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Rainism/CNVD-2020-10487-Tomcat-Ajp-lfi
Tomcat-Ajp协议文件读取漏洞
Rainism/CVE-2019-11539
Exploit for the Post-Auth RCE vulnerability in Pulse Secure Connect
Rainism/CVE-2019-11932
double-free bug in WhatsApp exploit poc
Rainism/CVE-2020-0688
Exploit and detect tools for CVE-2020-0688
Rainism/Fake-flash.cn
www.flash.cn 的钓鱼页,中文+英文
Rainism/HexDnsEchoT
命令执行不回显但DNS协议出网的命令回显场景解决方案(修改为使用ceye接收请求,添加自定义DNS服务器)
Rainism/JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
Rainism/loginlog_windows
读取登录过本机的登录失败或登录成功的所有计算机信息,快速定位运维管理人员。 Reference: https://github.com/ysrc/yulong-hids
Rainism/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Rainism/minhook
The Minimalistic x86/x64 API Hooking Library for Windows
Rainism/mssqlproxy
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse.
Rainism/noPac
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Rainism/pyinstaller
Freeze (package) Python programs into stand-alone executables
Rainism/pywinrm
Python library for Windows Remote Management (WinRM)
Rainism/ReBeacon_Src
Rainism/red-kube
Red Team KubeCTL Cheat Sheet
Rainism/redis-rogue-server
Redis(<=5.0.5) RCE
Rainism/scrun
BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
Rainism/SharpAddDomainMachine
SharpAddDomainMachine
Rainism/template-injection-workshop
Rainism/test
test
Rainism/test1
test