Pinned Repositories
-cve-2022-22947-
cve-2022-22947 spring cloud gateway 批量扫描脚本
2022-HW-POC
2022 护网行动 POC 整理
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
Active-Directory-Pentest-Notes
个人域渗透学习笔记
ActuatorExploit
SpringBoot Actuator未授权自动化利用,支持信息泄漏/RCE
Blasting_dictionary
爆破字典
DInvoke_shellcodeload_CSharp
ShellCodeLoader via DInvoke
Harbor-public-repo-leak
红队渗透:Harbor 公开镜像地址批量获取脚本
Poc
PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
dingxiao77's Repositories
dingxiao77/amber
Reflective PE packer.
dingxiao77/apache-log4j-poc
Apache Log4j 远程代码执行
dingxiao77/ApkAnalyser
一键提取安卓应用中可能存在的敏感信息。
dingxiao77/AppInfoScanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
dingxiao77/Bankai
Another Go Shellcode Loader using Windows APIs
dingxiao77/BehinderClientSource
冰蝎客户端源码-3.0-BETA11.t00ls
dingxiao77/CodeqlNote
Codeql学习笔记
dingxiao77/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
dingxiao77/EHole
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
dingxiao77/Gadgets
Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。
dingxiao77/goShellCodeByPassVT
通过线程注入及-race参数免杀全部VT
dingxiao77/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
dingxiao77/JNDIExploit-1
一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
dingxiao77/JSPHorse
结合反射调用、动态编译、BCEL、defineClass0,ScriptEngine、Expression等技术的一款免杀JSP Webshell生成工具
dingxiao77/lanproxy
lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...)。技术交流QQ群 678776401
dingxiao77/Log4j-RCE-Scanner
Remote command execution vulnerability scanner for Log4j.
dingxiao77/Log4j2Scan
Log4j2 RCE Passive Scanner for BurpSuite
dingxiao77/Log4j2Scan-1
Log4j2 RCE Passive Scanner plugin for BurpSuite
dingxiao77/pe_to_shellcode
Converts PE into a shellcode
dingxiao77/pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
dingxiao77/pystinger
Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
dingxiao77/reapoc
OpenSource Poc && Vulnerable-Target Storage Box.
dingxiao77/Rubeus
Trying to tame the three-headed dog.
dingxiao77/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
dingxiao77/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
dingxiao77/Sharp-Suite
Also known by Microsoft as Knifecoat :hot_pepper:
dingxiao77/SharpKatz
Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
dingxiao77/ShellCodeLoaderCSharp
A small shellcode loader library written in C#
dingxiao77/wxapkg-convertor
一个反编译微信小程序的工具,仓库也收集各种微信小程序/小游戏.wxapkg文件
dingxiao77/yonyou-nc-exp
用友NC-OA漏洞利用