Pinned Repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
As-Exploits
中国蚁剑后渗透框架
Awesome-Redteam
一个攻防知识仓库
bruteforce-lists
Some files for bruteforcing certain things.
BT_Panel_Privilege_Escalation
宝塔面板Windows版提权方法
CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
ConfuserEx
An open-source, free protector for .NET applications
csplugin
自己开的cs插件
darkPulse
darkPulse是一个用go编写的shellcode Packer,用于生成各种各样的shellcode loader,目前免杀火绒,360,360核晶。
DCOMPotato
Some Service DCOM Object and SeImpersonatePrivilege abuse.
whesyar's Repositories
whesyar/0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
whesyar/Awesome-Redteam
一个攻防知识仓库
whesyar/bruteforce-lists
Some files for bruteforcing certain things.
whesyar/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
whesyar/darkPulse
darkPulse是一个用go编写的shellcode Packer,用于生成各种各样的shellcode loader,目前免杀火绒,360,360核晶。
whesyar/DCOMPotato
Some Service DCOM Object and SeImpersonatePrivilege abuse.
whesyar/DHLYK
大灰狼远控木马 V9.5 源码
whesyar/fofax
fofaX is a command line query tool based on the API of https://fofa.so/, simple is the best!
whesyar/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
whesyar/geacon_pro
跨平台重构了Cobaltstrike Beacon,适配了大部分Beacon的功能,行为对国内主流杀软免杀,支持4.1以上的版本。 A cobaltstrike Beacon bypass anti-virus, supports 4.1+ version.
whesyar/ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
whesyar/github-cve-monitor
实时监控github上新增的cve和安全工具更新,多渠道推送通知
whesyar/Go_Bypass
Golang Bypass Av Generator template
whesyar/GodPotato
whesyar/Hunter_view
Hunter view 是一款Hunter(鹰图平台)资产展示的浏览器油猴插件
whesyar/learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
whesyar/linuxStack
Linux技术栈
whesyar/netspy
netspy是一款快速探测内网可达网段工具(深信服深蓝实验室天威战队强力驱动)
whesyar/Pillager
Pillager是一个适用于后渗透期间的信息收集工具
whesyar/poc-cve-2021-4034
PoC for CVE-2021-4034 dubbed pwnkit
whesyar/PSSW100AVB
A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
whesyar/railgun
whesyar/scaninfo
fast scan for redtools
whesyar/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
whesyar/ShiroExp
shiro综合利用工具
whesyar/ShortPayload
如何将Java反序列化Payload极致缩小
whesyar/Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
whesyar/traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
whesyar/UACME
Defeating Windows User Account Control
whesyar/zabbix-saml-bypass-exp
cve-2022-23131 exp