Pinned Repositories
1195777-chrome0day
1996
工作笔记
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
2021_Hvv
2021 hw
2021hvv_vul
2021hvv漏洞汇总
360SafeBrowsergetpass
这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
CVE-2021-26084_Confluence
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection 回显
OSINT_Intel_Tracker
OSINT Intelligence for different areas ( useful for different type of investigations and learning etc)
prettyrecon's Repositories
prettyrecon/OSINT_Intel_Tracker
OSINT Intelligence for different areas ( useful for different type of investigations and learning etc)
prettyrecon/1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
prettyrecon/API-s-for-OSINT
List of API's for gathering information about phone numbers, addresses, domains etc
prettyrecon/APISandbox
Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.
prettyrecon/appwrite
Appwrite is a secure end-to-end backend server for Web, Mobile, and Flutter developers that is packaged as a set of Docker containers for easy deployment 🚀
prettyrecon/braktooth_esp32_bluetooth_classic_attacks
A Series of Baseband & LMP Exploits against Bluetooth Classic Controllers
prettyrecon/bugbounty-openvpn-socks
Run all your bug bounty VPN profiles in parallel and expose them via multiple local SOCKS proxies.
prettyrecon/BurpCrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
prettyrecon/busybox-fuzzing
prettyrecon/CallbackHell
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
prettyrecon/cero
Scrape domain names from SSL certificates of arbitrary hosts
prettyrecon/cloud-native-security-book
《云原生安全:攻防实践与体系构建》资料仓库
prettyrecon/CSAgent
CobaltStrike 4.x通用白嫖及汉化加载器
prettyrecon/CVE-2021-22205
Pocsuite3 For CVE-2021-22205
prettyrecon/CVE-2021-33044
Dahua IPC/VTH/VTO devices auth bypass exploit
prettyrecon/DataExtractor
A simple Burp Suite extension to extract datas from source code.
prettyrecon/HostCollision
用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
prettyrecon/jolokia-exploitation-toolkit
jolokia-exploitation-toolkit
prettyrecon/JSPHorse
结合反射调用、Javac动态编译、ScriptEngine调用JS技术和各种代码混淆技巧的一款免杀JSP Webshell生成工具,已支持蚁剑免杀
prettyrecon/karma_v2
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
prettyrecon/ovia
Oversecured Vulnerable iOS App
prettyrecon/privacy.sexy
Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆
prettyrecon/resolvers
List of periodically validated public DNS resolvers
prettyrecon/rotateproxy
利用fofa搜索socks5开放代理进行代理池轮切的工具
prettyrecon/SimplesApachePathTraversal
Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
prettyrecon/teler
Real-time HTTP Intrusion Detection
prettyrecon/TLS-poison
prettyrecon/vcenter_saml_login
A tool to extract the IdP cert from vCenter backups and log in as Administrator
prettyrecon/VMware_vCenter
VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
prettyrecon/weird_proxies
Reverse proxies cheatsheet