wh0amitz
Red Team / Offensive Security. Web Security / Windows Active Directory / Post Exploitation
nt authority\systemBeijing
wh0amitz's Stars
s0md3v/Arjun
HTTP parameter discovery suite.
mbechler/marshalsec
docsifyjs/awesome-docsify
💖 A curated list of awesome things related to docsify
vletoux/pingcastle
PingCastle - Get Active Directory Security at 80% in 20% of the time
Hackndo/lsassy
Extract credentials from lsass remotely
pmiaowu/BurpShiroPassiveScan
一款基于BurpSuite的被动式shiro检测插件
cseroad/Exp-Tools
一款集成高危漏洞exp的实用性工具
bitsadmin/nopowershell
PowerShell rebuilt in C# for Red Teaming purposes
antonioCoco/SharPyShell
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
leoloobeek/LAPSToolkit
Tool to audit and attack LAPS environments
c0ny1/java-object-searcher
java内存对象搜索辅助工具
Metarget/cloud-native-security-book
《云原生安全:攻防实践与体系构建》资料仓库
wyzxxz/aksk_tool
AK资源管理工具,阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/百度云/七牛云存储 AccessKey AccessKeySecret,利用AK获取资源信息和操作资源,ECS/CVM/E2/UHOST/ECI/BCC执行命令,OSS/COS/S3/BOS管理,RDS/DB管理,域名管理,添加RAM/CAM/IAM账号等
rmb122/rogue_mysql_server
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
4ra1n/mysql-fake-server
MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)
FalconForceTeam/SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
abc123info/Struts2VulsScanTools
1、点击“检测漏洞”,会自动检测该URL是否存在S2-001、S2-005、S2-009、S2-013、S2-016、S2-019、S2-020/021、S2-032、S2-037、DevMode、S2-045/046、S2-052、S2-048、S2-053、S2-057、S2-061、S2相关log4j2十余种漏洞。 2、“批量验证”,(为防止批量geshell,此功能已经删除,并不再开发)。 3、S2-020、S2-021仅提供漏洞扫描功能,因漏洞利用exp很大几率造成网站访问异常,本程序暂不提供。 4、对于需要登录的页面,请勾选“设置全局Cookie值”,并填好相应的Cookie,程序每次发包都会带上Cookie。 5、作者对不同的struts2漏洞测试语句做了大量修改,执行
Enelg52/OffensiveGo
Golang weaponization for red teamers.
gaowei-space/markdown-blog
🍭 Markdown-Blog 是一款小而美的Markdown静态博客程序 | Markdown-Blog is incredibly fast, easy to use, and converts Markdown formatted text files into beautifully rendered HTML pages.
wh0amitz/SharpADWS
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
Lotus6/ConfluenceMemshell
Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入
x0xr00t/Automated-MUlti-UAC-Bypass
Automated Multi UAC BYPASS for win10|win11|win12-pre-release|ws2019|ws2022
Qihoo360/WatchAD2.0
WatchAD2.0是一款针对域威胁的日志分析与监控系统
Firebasky/CodeqlLearn
记录学习codeql的过程
mlgualtieri/NTLMRawUnHide
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl
decoder-it/ADCSCoercePotato
blackarrowsec/Handly
Abuse leaked token handles.
Wh04m1001/CVE-2024-20656
albertony/vss
Volume Shadow Copy Service (VSS) utilities
p0dalirius/CrackedNTDStoXLSX
A python tool to generate an Excel file linking the list of cracked accounts and their LDAP attributes.