Pinned Repositories
-cve-2022-22947-
cve-2022-22947 spring cloud gateway 批量扫描脚本
2022-HW-POC
2022 护网行动 POC 整理
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
Active-Directory-Pentest-Notes
个人域渗透学习笔记
ActuatorExploit
SpringBoot Actuator未授权自动化利用,支持信息泄漏/RCE
Blasting_dictionary
爆破字典
DInvoke_shellcodeload_CSharp
ShellCodeLoader via DInvoke
Harbor-public-repo-leak
红队渗透:Harbor 公开镜像地址批量获取脚本
Poc
PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
dingxiao77's Repositories
dingxiao77/redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
dingxiao77/DInvoke_shellcodeload_CSharp
ShellCodeLoader via DInvoke
dingxiao77/ActuatorExploit
SpringBoot Actuator未授权自动化利用,支持信息泄漏/RCE
dingxiao77/Bughound
Static code analysis tool based on Elasticsearch
dingxiao77/bypass-av-note
免杀技术大杂烩---乱拳也打不死老师傅
dingxiao77/CoreMailUploadRce
Coremail任意文件上传漏洞POC
dingxiao77/DBJ
大宝剑-信息收集和资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)
dingxiao77/dirmap
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
dingxiao77/DNSStager
Hide your payload in DNS
dingxiao77/Doge-Loader
Cobalt Strike Shellcode Loader by Golang
dingxiao77/fastjson_rec_exploit
fastjson一键命令执行
dingxiao77/fastjsonScan
fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
dingxiao77/I-love-chinamobile
牛刀小试!一个人,再怎么修炼,也绝对比不过环境的影响和推动。 不是你自己悟出来的道理,给你你也接不住。
dingxiao77/JSINFO-SCAN
递归式寻找域名和api。
dingxiao77/kill-edr
A tool to kill antimalware protected processes
dingxiao77/Middleware-Vulnerability-detection
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
dingxiao77/pc_wxapkg_decrypt_python
PC微信小程序 wxapkg 解密
dingxiao77/PeiQi-WIKI-POC
鹿不在侧,鲸不予游🐋
dingxiao77/POChouse
POC&EXP仓库、hvv弹药库、Nday、1day
dingxiao77/PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
dingxiao77/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
dingxiao77/RmiTaste
RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.
dingxiao77/SharpCradle
dingxiao77/sharpwmi
sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
dingxiao77/ShellcodeLoader
将shellcode用rsa加密并动态编译exe,自带几种反沙箱技术。
dingxiao77/SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
dingxiao77/the-backdoor-factory-exe-
Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
dingxiao77/upload-fuzz-dic-builder
上传漏洞fuzz字典生成脚本
dingxiao77/webshell-detect-bypass
绕过专业工具检测的Webshell研究文章和免杀的Webshell
dingxiao77/windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合