Pinned Repositories
1earn
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
BlueKeep
Proof of concept for CVE-2019-0708
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
impacket
Impacket is a collection of Python classes for working with network protocols.
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon7.0内置83个模块,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列,密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
PKI_CA
自建三级CA架构
postshell
PostShell - Post Exploitation Bind/Backconnect Shell
sentinel-scanner
Next Generation Distributed Web Security Scanner with Futuristic Architecture and UI :dizzy: 混沌守望者(扫描器),多策略(爬虫扫描&POC 扫描)、模块化、分布式的智能网络空间测绘、管理与安全探测
hittimes's Repositories
hittimes/PKI_CA
自建三级CA架构
hittimes/2021_Hvv
2021 hw
hittimes/404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
hittimes/apkleaks
Scanning APK file for URIs, endpoints & secrets.
hittimes/botbay
botbay-以生物多样性为命题的私有机器人赋能平台
hittimes/chainbreaker
Mac OS X Keychain Forensic Tool, export private key
hittimes/Cobalt4.4
WIPE YOUR ASS WITH THE REAL COBALT STRIKE
hittimes/CoreMailUploadRce
Coremail任意文件上传漏洞POC
hittimes/cSubsidiary
利用天眼查查询企业子公司
hittimes/CVE-2021-1732-Exploit
CVE-2021-1732 Exploit
hittimes/CVE-2021-3158
CVE-2021-3156: Sudo heap overflow exploit for Debain 10
hittimes/fofa_viewer
一个简单易用的fofa客户端,使用javafx编写,便于跨平台使用
hittimes/github-cve-monitor
监控github上新增的cve编号项目漏洞,推送钉钉或者server酱
hittimes/GoScan
GoScan是采用Golang语言编写的一款分布式综合资产管理系统,适合红队、SRC等使用
hittimes/grok-1
Grok open release
hittimes/jeecg-boot
基于代码生成器的低代码平台,超越传统商业平台!前后端分离架构SpringBoot 2.x,SpringCloud,Ant Design&Vue,Mybatis-plus,Shiro,JWT。强大的代码生成器让前后端代码一键生成,无需写任何代码! 引领新低代码开发模式OnlineCoding->代码生成->手工MERGE,帮助Java项目解决70%重复工作,让开发更关注业务,既能快速提高开发效率,帮助公司节省成本,同时又不失灵活性。
hittimes/Kernelhub
:palm_tree:Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file
hittimes/Keychain-Dumper
A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
hittimes/PeiQi-WIKI-POC
鹿不在侧,鲸不予游🐋
hittimes/Pentest-Cheatsheets
hittimes/PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile
hittimes/pocsuite3-goby
pocsuite3 goby plugin
hittimes/ProxyLogon
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
hittimes/SecondaryDevCobaltStrike
二次开发过后的CobaltStrike,版本为4.1.在原来CobaltStrike的基础上修改多处特征,解决流量查杀问题.
hittimes/ServerGuard
hittimes/UACME
Defeating Windows User Account Control
hittimes/Viper
Viper (炫彩蛇) 图形化内网渗透工具
hittimes/weblogic-framework
weblogic-framework
hittimes/wmproxy
http/https/socks5 proxy by rust, nat, 内网穿透, 反向代理
hittimes/YYeTsBot
🎬 人人影视bot,完全对接人人影视全部无删减资源