Pinned Repositories
AttackWebFrameworkTools-5.0
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
awesome-pentest-note
渗透测试☞经验/思路/总结/笔记
backdoor
A Linux Kernel Module that adds a backdoor to your system
beurk
BEURK Experimental Unix RootKit
bofhound
Generate BloodHound compatible JSON from logs written by ldapsearch BOF and pyldapsearch
bruteforce-database
Bruteforce database
BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
Empire
Empire is a PowerShell and Python post-exploitation agent.
webshell
This is a webshell open source project
bmf4ck's Repositories
bmf4ck/webshell
This is a webshell open source project
bmf4ck/AttackWebFrameworkTools-5.0
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
bmf4ck/awesome-pentest-note
渗透测试☞经验/思路/总结/笔记
bmf4ck/bofhound
Generate BloodHound compatible JSON from logs written by ldapsearch BOF and pyldapsearch
bmf4ck/BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
bmf4ck/CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
bmf4ck/exploits
Miscellaneous exploit code
bmf4ck/EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
bmf4ck/fuzzuli
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
bmf4ck/Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
bmf4ck/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)
bmf4ck/linux-exploit-suggester
Linux privilege escalation auditing tool
bmf4ck/linux-kernel-exploits
linux-kernel-exploits Linux平台提权漏洞集合
bmf4ck/Micro8
Gitbook
bmf4ck/Mind-Map
各种安全相关思维导图整理收集
bmf4ck/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
bmf4ck/Penetration_Testing_POC
有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
bmf4ck/Pentest_Dic
自己收集整理自用的字典
bmf4ck/PenTesting-Scripts
A ton of helpful tools
bmf4ck/Platypus
:hammer: A modern multiple reverse shell sessions manager written in go
bmf4ck/PowerSharpPack
bmf4ck/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
bmf4ck/pyldapsearch
Tool for issuing manual LDAP queries which offers bofhound compatible output
bmf4ck/reGeorg
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
bmf4ck/Seth
Perform a MitM attack and extract clear text credentials from RDP connections
bmf4ck/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
bmf4ck/SharpUserIP
在域控或远程提取登录日志,快速获取域用户对应的IP地址
bmf4ck/SpringCore0day
SpringCore0day from https://share.vx-underground.org/
bmf4ck/webssss
bmf4ck/windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合