Pinned Repositories
2020-Vulnerabilities
2020年漏洞复现大全
acunetix-api
acunetix
Acunetix11-API-Documentation
Inofficial Acunetix11 API Documentation
ad-password-protection
Active Directory password filter featuring breached password checking and custom complexity rules
Aggressor
Ladon for Cobalt Strike & Cracked Download,Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp
AggressorScripts
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
APT34
APT34/OILRIG leak
RedTeamer
红方人员作战执行手册
sharpwmi
sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
suricata_optimize
Suricata安装部署&丢包优化&性能调优&规则调整&Pfring设置
xizhimen's Repositories
xizhimen/Aggressor
Ladon for Cobalt Strike & Cracked Download,Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp
xizhimen/Apt_t00ls
高危漏洞利用工具
xizhimen/ARL
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
xizhimen/AttackDetection
Attack Detection
xizhimen/Binary-Learning
二进制安全相关的学习笔记,感谢滴水逆向的所有老师辛苦教学。
xizhimen/BREAK
业务风险枚举与规避知识(Business Risk Enumeration & Avoidance Kownledge)
xizhimen/bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
xizhimen/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com
xizhimen/CVE-2023-21839
Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)
xizhimen/ddddocr
带带弟弟 通用验证码识别OCR pypi版
xizhimen/domainTools
内网域渗透小工具
xizhimen/DPDK_SURICATA-4_1_1
dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter
xizhimen/geektime-books
:books: 极客时间电子书
xizhimen/gofun
一些内网渗透中可能用到的东拼西凑做出来的小工具
xizhimen/gohangout
使用 golang 模仿的 Logstash。用于消费 Kafka 数据,处理后写入 ES、Clickhouse 等。
xizhimen/HackJava
《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
xizhimen/JavaDecompileTool-GUI
Java Decompile Tool GUI-JAVA反编译工具(界面版)
xizhimen/Log4j_RCE_Tool
Log4j 多线程批量检测利用工具
xizhimen/network-testing
Network Testing Tools for testing the Linux network stack
xizhimen/nginx_dump
该工具用于把Openresty(Nginx+Lua) 请求参数和响应 dump出来,用于旁路HTTP流量分析、风控、资产识别、API数据泄露等等
xizhimen/openrasp-iast
IAST 灰盒扫描工具
xizhimen/Penetration_Testing_POC
有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
xizhimen/pypykatz
Mimikatz implementation in pure Python
xizhimen/qnsm
QNSM is network security monitoring framework based on DPDK.
xizhimen/Security_Q-A
安全面试题与解答
xizhimen/SerializationDumper
A tool to dump Java serialization streams in a more human readable form.
xizhimen/SharpNoPSExec
Get file less command execution for lateral movement.
xizhimen/suricata-rules
Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
xizhimen/swagger-exp
A Swagger API Exploit
xizhimen/vulnerability-paper
收集的文章