Pinned Repositories
Apache-Solr-8.3.1-RCE
RCE on Apache Solr 8.3.1
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
CVE-2020-17144-EXP
Exchange2010 authorized RCE
CVE-2021-44529
CVE-2021-44529 PoC
GenericPotato
SweetPotato but for generic HTTP/SMB
Gila-CMS-1.16.0-shell-upload
HITCON-Training
For Linux binary Exploitation
HorizontCMS-1.0.0-beta-shell-upload
jamf-log4j
polyglot-xss-image
Script create polyglot-xss-image
jkana's Repositories
jkana/Apache-Solr-8.3.1-RCE
RCE on Apache Solr 8.3.1
jkana/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
jkana/axiom
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
jkana/azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
jkana/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
jkana/Cobalt-Strike
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
jkana/cve-2022-42475
POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
jkana/cve-2023-3519
jkana/CVE-2023-46604
jkana/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ
Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
jkana/CVE-2024-26229
CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
jkana/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
jkana/external_c2_framework
Python api for usage with cobalt strike's External C2 specification
jkana/File-Tunnel
Tunnel TCP connections through a file
jkana/GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
jkana/GregsBestFriend
GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
jkana/jar-analyzer
Jar Analyzer Project
jkana/JNDI-Injection-Exploit-Plus
50+ Gadgets(20 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
jkana/KnowledgeBase
Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff
jkana/malfluence
A PoC for a malicious Confluence plugin.
jkana/Malleable-C2-Profiles
Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.
jkana/Note
笔记
jkana/ProcessInjectionTechniques
This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques used by adversaries.
jkana/rce
Distributed, workflow-driven integration environment
jkana/ruler
A tool to abuse Exchange services
jkana/SpringBoot-Scan
针对SpringBoot的开源渗透框架
jkana/testing
jkana/vbulletin-exploits
Exploits targeting vBulletin.
jkana/vRealizeLogInsightRCE
POC for RCE using vulnerabilities described in VMSA-2023-0001
jkana/Weblogic-CVE-2023-21839