hackmiss's Stars
Daybr4ak/ShiroScan
burp插件 ShiroScan 主要用于框架、无dnslog key检测
EddieIvan01/rustdesk-hvnc
HVNC based on RustDesk
MD-SEC/MDPOCS
猫蛋儿安全团队编写的poc能报就能打。企业微信、海康、Metabase、Openfire、泛微OA......
pureqh/Hyacinth
一款java漏洞集合工具
L-codes/Neo-reGeorg
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
tarihub/blackjump
JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021
xqx12/daily-info
ad-calcium/CVE-2023-22515
Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具
huoji120/ACPI_SANDBOX_DETECT
通过ACPI检测沙箱
insightglacier/Shiro_exploit
Apache Shiro 反序列化漏洞检测与利用工具
dark-kingA/cloudTools
云资产管理工具 目前工具定位是云安全相关工具,目前是两个模块 云存储工具、云服务工具, 云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等 云服务工具主要是针对rds、服务器的管理,查看、执行命令、接管等等
malcomvetter/Periscope
Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)
Pizz33/360QVM_bypass
通过生成不同hash的ico并写入程序中,实现批量bypass360QVM
f0ng/autoDecoder
Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。
coffeehb/PhishingBook
钓鱼攻击资源汇总&备忘录
ldbfpiaoran/subdns
协程子域名爆破工具
ticarpi/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
Funsiooo/chunsou
Chunsou(春蒐),Python3编写的多线程Web指纹识别工具,适用于安全测试人员前期的资产识别、风险收敛以及企业互联网资产风险摸查。
fasnow/idebug
企业微信、企业飞书接口调用工具。
ba0gu0/520apkhook
将安卓远控Apk附加进普通的App中,运行新生成的App时,普通App正常运行,远控正常上线。Attach the Android remote control APK to a regular app. When the newly generated app is launched, the regular app operates as normal while the remote control goes online seamlessly.
XiaoliChan/zerologon-Shot
Zerologon exploit with restore DC password automatically
ja9er/go_proxy_pool
无环境依赖开箱即用的代理IP池
vxunderground/VX-API
Collection of various malicious functionality to aid in malware development
SofianeHamlaoui/Pentest-Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
A0WaQ4/Weaver_ofslogin_vul
组合利用泛微信息泄漏漏洞和任意用户登录漏洞,可获取全部loginId并测试登录
0xlane/BypassUAC
Use ICMLuaUtil to Bypass UAC!
ZeroMemoryEx/Blackout
kill anti-malware protected processes ( BYOVD) (Microsoft Won )
LordNoteworthy/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
WKL-Sec/HiddenDesktop
HVNC for Cobalt Strike
m3rcer/Chisel-Strike
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.