Pinned Repositories
0day
各种开源CMS 各种版本的漏洞以及EXP 该项目将不断更新
1book
《Web安全之机器学习入门》
7kbscan-WebPathBrute
7kbscan-WebPathBrute Web路径暴力探测工具
altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
anapickle
Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.
Android-GetAPKInfo
获取Android应用基本信息的工具集
antSword
AntSword is a cross-platform website management toolkit.
aquatone
A Tool for Domain Flyovers
cvelist
Pilot program for CVE submission through GitHub
Oracle-WebLogic-CVE-2017-10271-master
lonehand's Repositories
lonehand/awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
lonehand/crawlergo
A powerful dynamic crawler for web vulnerability scanners
lonehand/CVE-2018-13379
CVE-2018-13379
lonehand/dirmap
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
lonehand/dirsearch
Web path scanner
lonehand/dnsgen
Generates combination of domain names from the provided input.
lonehand/EasyProtector
一行代码检测XP/调试/多开/模拟器/root
lonehand/FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
lonehand/fileleak
又一款敏感文件泄漏检测工具
lonehand/fingerprintjs2
Modern & flexible browser fingerprinting library
lonehand/K8CScan
大型内网渗透自定义插件化扫描器(附C#/VC/Delphi/Python插件Demo源码) 程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆、系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本
lonehand/kubernetes-goat
Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐
lonehand/kunpeng
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
lonehand/lonehand.github.io
lonehand/nps
一款轻量级、功能强大的内网穿透代理服务器。支持tcp、udp流量转发,支持内网http代理、内网socks5代理,同时支持snappy压缩、站点保护、加密传输、多路复用、header修改等。支持web图形化管理,集成多用户模式。
lonehand/OneForAll
OneForAll是一款功能强大的子域收集工具
lonehand/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
lonehand/Penetration_Testing_Case
用于记录分享一些有趣的案例
lonehand/rdpy
Remote Desktop Protocol in Twisted Python
lonehand/redis-rce
Redis 4.x/5.x RCE
lonehand/redis-rogue-server
Redis(<=5.0.5) RCE
lonehand/RedTeam-BCS
BCS(北京网络安全大会)2019 红队行动会议重点内容
lonehand/save_code
lonehand/sec_tools
lonehand/Struts2-Scan
Struts2全漏洞扫描利用工具
lonehand/subfinder
SubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
lonehand/SUDO_KILLER
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
lonehand/TIPS
lonehand/w13scan
Passive Security Scanner (被动安全扫描器)
lonehand/wesng
Windows Exploit Suggester - Next Generation