Pinned Repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
aaaAyyYy
简单的分离免杀demo
Active-Directory-Pentest-Notes
个人域渗透学习笔记
AggressorScripts
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
Altman
the cross platform webshell tool in .NET
Exploit-Dictionary
MiscSecNotes
some learning notes about Web/Cloud/Docker Security、 Penetration Test、 Security Building
PrintSpoofer
Abusing Impersonation Privileges on Windows 10 and Server 2019 本地提权2012-2019
Windows-Fuck
Windows 下的提权大合集,提权,我的最爱!
zaproxy
The OWASP ZAP core project
whojeff's Repositories
whojeff/zaproxy
The OWASP ZAP core project
whojeff/Altman
the cross platform webshell tool in .NET
whojeff/awesome
:sunglasses: Curated list of awesome lists
whojeff/Burp-Non-HTTP-Extension
Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
whojeff/Burp_Suite_Doc_zh_cn
这是基于Burp Suite官方文档翻译而来的中文版文档
whojeff/burplugin-java-rce
******本软件仅限用于学习交流禁止用于任何非法行为****** 本版本支持elasticsearch java语言远程命令执行及文件上传 elasticsearchgroov语言远程命令执行及文件上传 struts2-005、struts2-009、struts2-013、struts2-016、struts2-019、struts2-020、struts2-devmode、 struts2-032、struts2-033、struts2-037、struts2-045、struts2-048、struts2-052 除struts2-053全部RCE漏洞验证并支持批量验证。 Struts2漏洞验证需要python环境并需要相关类库支持.点击python按钮初始化初始化python类库 如果初始化失败请按照如下步骤安装类库, 1、执行 $[python]/Scrips/easy_install pip 2、requests模块 安装方法 pip install requests 3、termcolor模块安装方法: pip install termcolor github: https://github.com/bigsizeme/java-rce-tools burpsuite源码地址:https://github.com/bigsizeme/burplugin-java-rce
whojeff/cmd.jsp
A super small jsp webshell with file upload capabilities.
whojeff/cortana-scripts
A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
whojeff/F-NAScan
Scanning a network asset information script
whojeff/F-Scrack
whojeff/fenghuangscanner
whojeff/filterbypass
Browser's XSS Filter Bypass Cheat Sheet
whojeff/findSubDomains
A tool finding sub domains for penetesters
whojeff/httpscan
一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR
whojeff/metasploit-framework
Metasploit Framework
whojeff/Meterpreter_Paranoid_Mode-SSL
Meterpreter Paranoid Mode - SSL/TLS connections
whojeff/msbuild-inline-task
whojeff/MSSQL-Fileless-Rootkit-WarSQLKit
Bildiğiniz üzere uzun zamandır MSSQL üzerine çalışmalar yapmaktayım. Bu yazımda uzun zamandır uğraştığım bir konuyu ele alacağım, MSSQL Rootkit. Bildiğiniz üzere şimdiye kadar MS-SQL için anlatılan post-exploitation işlemlerinin büyük çoğunluğu “xp_cmdshell” ve “sp_OACreate” stored procedure’lerini kullanarak anlatılır. Peki xp_cmdshell ve sp_OACreate stored procedure’lerinin olmadığı bir MSSQL sunucusunun “sa” hesabını ele geçirmişsek, o sisteme girmekten vaz mı geçeceğiz? Tabii ki vazgeçmememiz gerekiyor. Bu makale “sa” hesabının yakalandığı ve “xp_cmdshell”, “sp_OACreate”, “sp_OAMethod” vb. prosedürlerin hiç birinin çalışmadığı bir senaryo düşünülerek kaleme alınmıştır.
whojeff/new-pac
whojeff/pentest-bookmarks
A collection of penetration testing related sites
whojeff/PoC
Various PoCs
whojeff/python-pentest-tools
Python tools for penetration testers
whojeff/recon-ng
Recon-ng is a full-featured Web Reconnaissance framework written in Python.
whojeff/Scanners-Box
[Project-Kob-6]安全行业从业人员自研开源扫描器合集(不收录w3af、brakeman等知名扫描工具)
whojeff/searchHouse
皖水公寓房源自动查询
whojeff/SSRFX
CVE-2014-4210+Redis未授权访问
whojeff/Web-Security-Learning
Web-Security-Learning
whojeff/WindowsExploits
Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.
whojeff/xssfork
whojeff/xunfeng
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。