cri1stur

cri1stur's Stars

• Zjackky/CodeScan

  一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具

  Language:Go22718

• pingc0y/URLFinder

  一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。

  Language:Go2.6k194

• gbonacini/CVE-2016-5195

  A CVE-2016-5195 exploit example.

  Language:C++314120

• berdav/CVE-2021-4034

  CVE-2021-4034 1day

  Language:C2k511

• JDArmy/DCSec

  域控安全one for all

  699110

• INotGreen/SharpScan

  内网资产收集、探测主机存活、端口扫描、域控定位、文件搜索、各种服务爆破（SSH、SMB、MsSQL等）、Socks代理，一键自动化+无文件落地扫描

  Language:C#17915

• N0el4kLs/JSHunter

  JSHunter-一款针对于前端的未授权访问扫描工具

  Language:Go8

• StarfireLab/SharpWeb

  一个浏览器数据（密码|历史记录|Cookie|书签|下载记录）的导出工具，支持主流浏览器。

  Language:C#57054

• esrrhs/spp

  A simple and powerful proxy

  Language:Go829119

• Vipersec1/InJectEyes

  7

• vxCrypt0r/Voidgate

  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.

  Language:C++46271

• es3n1n/no-defender

  A slightly more fun way to disable windows defender + firewall. (through the WSC api)

  1.9k10

• HavocFramework/Havoc

  The Havoc Framework.

  Language:Go6.8k952

• wangfly-me/LoaderFly

  助力每一位RT队员，快速生成免杀木马

  Language:C70795

• FSecureLABS/SharpGPOAbuse

  SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

  Language:C#1k136

• kong030813/Z-Godzilla_ekp

  哥斯拉webshell管理工具二次开发规避流量检测设备

  80041

• unode/firefox_decrypt

  Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles

  Language:Python2k303

• AabyssZG/PHP-Bypass_Neo-reGeorg

  本项目是基于Neo-reGeorg进行二次开发，对PHP木马添加了AES加密，修改了请求体和响应体特征

  6

• Pennyw0rth/NetExec

  The Network Execution Tool

  Language:Python3k319

• 0xn1k5/Red-Teaming

  Collection of Notes and CheatSheets used for Red teaming Certs

  12141

• WADComs/WADComs.github.io

  WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

  Language:HTML1.4k167

• collabnix/kubelabs

  Get Started with Kubernetes

  Language:Ruby2.8k951

• ExpLangcn/NucleiTP

  自动整合全网Nuclei的漏洞POC，实时同步更新最新POC！

  2.6k341

• The-Viper-One/PsMapExec

  A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec

  Language:PowerShell87096

• hoodoer/XSS-Data-Exfil

  Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.

  Language:JavaScript137

• d4t4s3c/suForce

  Obtains a user's password by abusing the su binary.

  Language:Shell3012

• RickdeJager/stegseek

  :zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap:

  Language:C++1k111

• qishibo/AnotherRedisDesktopManager

  🚀🚀🚀A faster, better and more stable Redis desktop manager [GUI client], compatible with Linux, Windows, Mac.

  Language:JavaScript30.4k2.6k

• samratashok/nishang

  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

  Language:PowerShell8.7k2.4k

• safe6Sec/PentestDB

  各种数据库的利用姿势

  988190