aiwennba's Stars
wa1ki0g/Script-For-FridaHook
之前收集到本地的一些frida下常用的hook脚本,如自吐,脱壳,过root、frida检测等,有些是自己写的,有些是收集用过的,还有些是收集了还没用的,后续有空将逐个去测试并去删掉一些不好用的
lizhianyuguangming/TomcatScanPro
tomcat自动化漏洞扫描利用工具,支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含
jac11/LFI_Hunter
LFI Hunter is a command-line tool for testing and exploiting Local File Inclusion (LFI) vulnerabilities in web applications. This tool is designed to assist ethical hackers and security researchers in assessing web application security by exploiting file inclusion vulnerabilities in a controlled environment.
biggerstar/wedecode
全自动化,微信小程序 wxapkg 包 源代码还原工具, 线上代码安全审计
libaibaia/BucketVulTools
Burpsuite存储桶配置不当漏洞检测插件
stamparm/maltrail
Malicious traffic detection system
cws001/swagger-exp-knife4j
一款基 于Knife4j 的 Swagger 接口自动化测试未授权工具
saoshao/DetSql
Burp插件,快速探测可能存在SQL注入的请求并标记,提高测试效率
winezer0/APIFinderPlus
目标是成为当下最完善的API挖掘工具,实现自动提取响应敏感信息、URI信息,并且对URI进行自动|手动递归检查
Acmesec/PromptJailbreakManual
Prompt越狱手册
rsmudge/Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
testxxxzzz/geacon_pro
重构了Cobaltstrike Beacon,行为对国内主流杀软免杀,支持4.1以上的版本。 A cobaltstrike Beacon bypass anti-virus, supports 4.1+ version.
Z3ratu1/geacon_plus
CobaltStrike beacon written in golang
CrossC2/CrossC2Kit
CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session, thereby extending the functionality of Cobalt Strike.
gloxec/CrossC2
generate CobaltStrike's cross-platform payload
Sentinel-One/CobaltStrikeParser
Potato-py/csIntruder
本项目包含CobaltStrike密码爆破、伪造上线以及DDos功能。其中伪造上线支持常见魔改版CS。This project includes CobaltStrike password blasting, fake online and DDos functions. Among them, fake online supports common secondary development version CS.
LiAoRJ/CS_fakesubmit
一个可以伪装上线Cobaltstrike的脚本
k8gege/Ladon
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
k8gege/Aggressor
Ladon 911 for Cobalt Strike & Cracked Download,Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp
d3ckx1/OLa
lintstar/LSTAR
LSTAR - CobaltStrike 综合后渗透插件
yarrick/iodine
Official git repo for iodine dns tunnel
icyguider/ICMP-TransferTools
Transfer files to and from a Windows host via ICMP in restricted network environments.
FunnyWolf/Viper
Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台
coffinxp/loxs
best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect
danialhalo/AcuAutomate
Unofficial Acunetix CLI tool for automated pentesting and bug hunting across large scopes.
sule01u/AutorizePro
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.
Hackmanit/Web-Cache-Vulnerability-Scanner
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
honmashironeko/ProxyCat
一款部署于云端或本地的代理池中间件,可将静态代理IP灵活运用成隧道IP,提供固定请求地址,一次部署终身使用