whizsail
不要不要,收到收到
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Pinned Repositories
-v1.0
冰蝎v1.0
0day
各种开源CMS 各种版本的漏洞以及EXP 该项目将不断更新
2021_Hvv
2021 hw
Blog
Bug-Bounty-Toolz
BBT - Bug Bounty Tools
domainTools
内网域渗透小工具
Fastjson
Fastjson姿势技巧集合
jdwp-codeifier-plancopy
基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本(动态执行Java/Js代码并获得回显)
JNDI
JNDI 注入利用工具
PhishMailer
Generate Professional Phishing Emails Fast And Easy
whizsail's Repositories
whizsail/520apkhook
把msf生成的安卓远控附加进普通的app中,并进行加固隐藏特征。可以绕过常见的手机安全管家。
whizsail/ADLab
Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.
whizsail/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
whizsail/anyproxy
Proxy server supporting http/ssh/socks4/socks5/shadowsocks on port
whizsail/artifact32
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD
whizsail/artifact64
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD
whizsail/AttackWebFrameworkTools
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等
whizsail/bypassAV-1
借助Win-PS2EXE项目编写cna脚本方便快速生成免杀可执行文件
whizsail/CallbackHell
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
whizsail/cobaltstrike-bof-toolset
在cobaltstrike中使用的bof工具集,收集整理验证好用的bof。
whizsail/CSAgent
CobaltStrike 4.x通用白嫖及汉化加载器
whizsail/EDRHunt
Scan installed EDRs and AVs on Windows
whizsail/EVA3
using hellsgate in EVA to get the syscalls
whizsail/exp-hub-1
漏洞利用:红队评估中的打点案例
whizsail/FindObjects-BOF
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
whizsail/Finger
一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具
whizsail/FireDog
开源跨平台轻量级病毒特征检测引擎。Open source cross-platform lightweight virus signature detection engine.
whizsail/goblin
一款适用于红蓝对抗中的仿真钓鱼系统
whizsail/henggeFish
自动化批量发送钓鱼邮件(横戈安全团队出品)
whizsail/inceptor
Template-Driven AV/EDR Evasion Framework
whizsail/misc-hub
杂项仓库:各种杂七杂八的内容
whizsail/post-hub
内网渗透:C2、免杀、代理、横向
whizsail/PSSW100AVB
A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
whizsail/RedTeam_toolkit
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teamming together.
whizsail/RedWarden
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
whizsail/SCShell
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
whizsail/SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
whizsail/unhook-bof
Remove API hooks from a Beacon process.
whizsail/web-sec
WEB安全手册,漏洞理解,漏洞利用,代码审计和渗透测试总结。【持续更新】
whizsail/WHALE
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD