Pinned Repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
AD-Pentest-Notes
用于记录内网渗透(域渗透)学习 :-)
AgentInjectTool
改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能
AlliN
A flexible scanner
API-SecurityEmpire
API Security Projecto aims to present unique attack & defense methods in API Security field
Awesome-CobaltStrike
cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
black-hat-go
《Black.Hat.Go》中文翻译
blind-ssrf-chains
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
BypassAnti-Virus
免杀姿势学习、记录、复现。
cloud-native-security
云原生安全
col4-eng's Repositories
col4-eng/cloud-native-security
云原生安全
col4-eng/0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
col4-eng/AgentInjectTool
改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能
col4-eng/AlliN
A flexible scanner
col4-eng/API-SecurityEmpire
API Security Projecto aims to present unique attack & defense methods in API Security field
col4-eng/BypassAnti-Virus
免杀姿势学习、记录、复现。
col4-eng/Cloud-Bucket-Leak-Detection-Tools
六大云存储,泄露利用检测工具
col4-eng/cobaltstrike4.4_cdf
cobaltstrike4.4\4.3版本破解、去除checksum8特征、bypass BeaconEye
col4-eng/CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
col4-eng/ddddocr
带带弟弟 通用验证码识别OCR pypi版
col4-eng/domain_hunter_pro
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
col4-eng/ecapture
ecapture是一款无需CA证书,就可以进行HTTPS通讯明文抓包的工具。
col4-eng/GetMail
利用NTLM Hash读取Exchange邮件
col4-eng/gitleaks
Scan git repos (or files) for secrets using regex and entropy 🔑
col4-eng/HackJava
《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
col4-eng/JavaSec
a rep for documenting my study, may be from 0 to 0.1
col4-eng/KrbRelay
Framework for Kerberos relaying
col4-eng/kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
col4-eng/ldap-log
一个LDAP请求监听器,摆脱dnslog平台和java
col4-eng/owa_info
获取Exchange信息的小工具
col4-eng/post-hub
后渗透:代理、C2、免杀、横向、域渗透
col4-eng/rebeyond-Mode
修改版rebeyond
col4-eng/Red_Team
Some scripts useful for red team activities
col4-eng/RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
col4-eng/SpringInspector
Java自动代码审计工具,尤其针对Spring框架,核心原理是模拟JVM栈帧进行分析,无需提供源码,通过一个JAR包即可
col4-eng/Swego
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features
col4-eng/veinmind-tools
veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
col4-eng/vulnerability-lab
漏洞研究☞OA/中间件/框架/路由器...
col4-eng/vulns-2022
本项目用于搜集 2022 年的漏洞,注意:本项目并不刻意搜集 POC 或 EXP,主要以 CVE-2022 为关键词,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
col4-eng/zscan
Zscan a scan blasting tool set