Pinned Repositories
EmailPasswordBrute
stmp password brute
SiteJsEncrypt
解决渗透中前端加密较复杂,加密算法不易提取情况下爆破问题。
libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
2023Hvv
2023 HVV情报速递~
2023HW
关于2023HW的漏洞、poc、技战法等
2024-PocLib
此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉
4-ZERO-3
403/401 Bypass Methods + Bash Automation + Your Support ;)
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
accesskey_tools
阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具,accesskey利用工具,包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,aws accesskey rce;remote command execute
Amaterasu
Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
goodwozou's Repositories
goodwozou/awesome-hacking-lists
平常看到好的渗透hacking工具和多领域效率工具的集合
goodwozou/JNDIMap
JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK
goodwozou/java-memshell-generator
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
goodwozou/jar-analyzer
Jar Analyzer - 一个JAR包分析工具,SCA漏洞分析,批量分析JAR包,方法调用关系搜索,字符串搜索,Spring组件分析,CFG程序分析,JVM栈帧分析,进阶表达式搜索,字节码指令级的动态调试分析,反编译JAR包一键导出,一键提取序列化数据恶意代码
goodwozou/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
goodwozou/tabby
A CAT called tabby ( Code Analysis Tool )
goodwozou/PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
goodwozou/JYso
It can be either a JNDIExploit or a ysoserial.
goodwozou/gogo-templates
gogo-templates
goodwozou/gogo
面向红队的, 高度可控可拓展的自动化引擎
goodwozou/CVE-2024-38077
RDL的堆溢出导致的RCE
goodwozou/CVE-2024-38077-POC
伪代码,备份用,非原创,请关注原文作者: 漏洞作者已经发布分析文章第一篇:https://sites.google.com/site/zhiniangpeng/blogs/MadLicense
goodwozou/2024-PocLib
此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉
goodwozou/DirectoryFuzz
渗透测试目录扫描字典
goodwozou/BloodHound
Six Degrees of Domain Admin
goodwozou/Amsi-Bypass-Powershell
This repo contains some Amsi Bypass methods i found on different Blog Posts.
goodwozou/evilgophish
evilginx3 + gophish
goodwozou/gophish
Open-Source Phishing Toolkit
goodwozou/Rubeus
Trying to tame the three-headed dog.
goodwozou/accesskey_tools
阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具,accesskey利用工具,包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,aws accesskey rce;remote command execute
goodwozou/ScopeSentry
ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点
goodwozou/eladmin
eladmin jpa 版本:项目基于 Spring Boot 2.6.4、 Jpa、 Spring Security、Redis、Vue的前后端分离的后台管理系统,项目采用分模块开发方式, 权限控制采用 RBAC,支持数据字典与数据权限管理,支持一键生成前后端代码,支持动态路由
goodwozou/404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
goodwozou/impacket
Impacket is a collection of Python classes for working with network protocols.
goodwozou/wordlists-2
Automated & Manual Wordlists provided by Assetnote
goodwozou/HackBrowserData
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
goodwozou/beanshooter
JMX enumeration and attacking tool.
goodwozou/frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
goodwozou/spray
Next Generation HTTP Dir/File Fuzz Tool
goodwozou/utils