cri1stur's Stars
Zjackky/CodeScan
一款轻量级匹配Sink点的代码审计扫描器,为了帮助红队过程中快速代码审计的小工具
pingc0y/URLFinder
一款快速、全面、易用的页面信息提取工具,可快速发现和提取页面中的JS、URL和敏感信息。
gbonacini/CVE-2016-5195
A CVE-2016-5195 exploit example.
berdav/CVE-2021-4034
CVE-2021-4034 1day
JDArmy/DCSec
域控安全one for all
INotGreen/SharpScan
内网资产收集、探测主机存活、端口扫描、域控定位、文件搜索、各种服务爆破(SSH、SMB、MsSQL等)、Socks代理,一键自动化+无文件落地扫描
N0el4kLs/JSHunter
JSHunter-一款针对于前端的未授权访问扫描工具
StarfireLab/SharpWeb
一个浏览器数据(密码|历史记录|Cookie|书签|下载记录)的导出工具,支持主流浏览器。
esrrhs/spp
A simple and powerful proxy
Vipersec1/InJectEyes
vxCrypt0r/Voidgate
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
es3n1n/no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
HavocFramework/Havoc
The Havoc Framework.
wangfly-me/LoaderFly
助力每一位RT队员,快速生成免杀木马
FSecureLABS/SharpGPOAbuse
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
kong030813/Z-Godzilla_ekp
哥斯拉webshell管理工具二次开发规避流量检测设备
unode/firefox_decrypt
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
AabyssZG/PHP-Bypass_Neo-reGeorg
本项目是基于Neo-reGeorg进行二次开发,对PHP木马添加了AES加密,修改了请求体和响应体特征
Pennyw0rth/NetExec
The Network Execution Tool
0xn1k5/Red-Teaming
Collection of Notes and CheatSheets used for Red teaming Certs
WADComs/WADComs.github.io
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
collabnix/kubelabs
Get Started with Kubernetes
ExpLangcn/NucleiTP
自动整合全网Nuclei的漏洞POC,实时同步更新最新POC!
The-Viper-One/PsMapExec
A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec
hoodoer/XSS-Data-Exfil
Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.
d4t4s3c/suForce
Obtains a user's password by abusing the su binary.
RickdeJager/stegseek
:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap:
qishibo/AnotherRedisDesktopManager
🚀🚀🚀A faster, better and more stable Redis desktop manager [GUI client], compatible with Linux, Windows, Mac.
samratashok/nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
safe6Sec/PentestDB
各种数据库的利用姿势