Pinned Repositories
1earn
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
All-Defense-Tool
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
blog-2
:dart: 钝悟的博客
CVE-2022-39197-RCE
CVE-2022-39197 RCE POC
Memory-horse
关于内存马的学习研究支持新手从0到1,从内存马原理,内存马植入 内存马检测 到内存马防御与内存马应急以及内存马查杀全系列java内存马/php/.net/c++/python 喜欢可以点个star 后续持续更新
PostConfluence
哥斯拉Confluence后渗透插件 MakeToken SearchPage ListAllUser AddAdminUser ListAllPage ........
Rat-winos4.0-gh0st
免杀远控木马源码整理开源(银狐 winos 大灰狼 gh0st) Rat
Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
ysogate
Java反序列化/JNDI注入/恶意类生成工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。
TsojanScan
An integrated BurpSuite vulnerability detection plug-in.
TheCryingGame's Repositories
TheCryingGame/CVE-2022-39197-RCE
CVE-2022-39197 RCE POC
TheCryingGame/All-Defense-Tool
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
TheCryingGame/PostConfluence
哥斯拉Confluence后渗透插件 MakeToken SearchPage ListAllUser AddAdminUser ListAllPage ........
TheCryingGame/auth_analyzer
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
TheCryingGame/Awesome-RedTeam-Cheatsheet
Active Directory & Red-Team Cheat-Sheet in constant expansion.
TheCryingGame/CSAgent
CobaltStrike 4.x通用白嫖及汉化加载器
TheCryingGame/CVE-2022-23222
CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
TheCryingGame/CVE-2022-26134
[PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)
TheCryingGame/CVE-2022-26134-Godzilla-MEMSHELL
TheCryingGame/CVE-2022-30075
Tp-Link Archer AX50 Authenticated RCE (CVE-2022-30075)
TheCryingGame/CVE-2022-30190-follina-Office-MSDT-Fixed
CVE-2022-30190-follina.py-修改版,可以自定义word模板,方便实战中钓鱼使用。
TheCryingGame/CVE-2022-39197
CobaltStrike <= 4.7.1 RCE
TheCryingGame/CVE-2022-41040-metasploit-ProxyNotShell
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.
TheCryingGame/FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
TheCryingGame/follina.py
Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes
TheCryingGame/freeBokuLoader
A simple BOF that frees UDRLs
TheCryingGame/inforgation
TheCryingGame/Ingram
A tool for hacking cameras
TheCryingGame/Invoke-ACLPwn
TheCryingGame/knife
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
TheCryingGame/my-re0-k8s-security
:atom: [WIP] 整理过去的分享,从零开始的Kubernetes攻防 ...
TheCryingGame/PoC
Proofs-of-concept
TheCryingGame/SharpUserIP
在域控或远程提取登录日志,快速获取域用户对应的IP地址
TheCryingGame/SXF_aTrust_sandbox_bypass
深信服零信任沙箱逃逸( 正常功能,所以我也不打算再提交CNVD, 给使用这款产品的用户介绍下功能效果)
TheCryingGame/TEST-CVE-05-2022-0438
TheCryingGame/tomcat-jmxproxy-rce-exp
Apache Tomcat JMXProxy RCE
TheCryingGame/webshell
This is a webshell open source project
TheCryingGame/winget-cli
Windows Package Manager CLI (aka winget)
TheCryingGame/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
TheCryingGame/ysoserial-for-woodpecker
给woodpecker框架量身定制的ysoserial