Pinned Repositories
2022-test
2022 护网行动 POC 整理
365-Stealer
365-Stealer is the tool written in python3 which steals data from victims office365 by using access_token which we get by phishing. It steals outlook mails, attachments, OneDrive files, OneNote notes and injects macros.
Active-Directory-Pentest-Notes
个人域渗透学习笔记
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
artillery
The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
AssetsView
Assets View资产发现、网络拓扑管理系统
AUTO-EARN
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
Auto-Root-Exploit
Auto Root Exploit Tool
AV_Evasion_Tool
掩日 - 免杀执行器生成工具
exe2shellcode
yuanxiangyua's Repositories
yuanxiangyua/AUTO-EARN
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
yuanxiangyua/exe2shellcode
yuanxiangyua/AV_Evasion_Tool
掩日 - 免杀执行器生成工具
yuanxiangyua/books
📚 All programming languages books
yuanxiangyua/BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
yuanxiangyua/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
yuanxiangyua/CTF_Hacker-Tools
CTF-渗透测试~工具合集
yuanxiangyua/dazzleUP
A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
yuanxiangyua/exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
yuanxiangyua/jxwaf
JXWAF(锦衣盾)是一款开源web应用防火墙
yuanxiangyua/Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon6.6内置74个模块,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列,密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
yuanxiangyua/opencanary_web
The web management platform of honeypot
yuanxiangyua/osctrl
Fast and efficient osquery management
yuanxiangyua/osquery-attck
Mapping the MITRE ATT&CK Matrix with Osquery
yuanxiangyua/owasp-modsecurity-crs
OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
yuanxiangyua/Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
yuanxiangyua/PoshC2
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
yuanxiangyua/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
yuanxiangyua/PowerZure
PowerShell framework to assess Azure security
yuanxiangyua/RedTeamTools
记录自己写的部分工具
yuanxiangyua/saferwall
A hackable malware sandbox for the 21st Century
yuanxiangyua/Sn1per
Automated pentest framework for offensive security experts
yuanxiangyua/taowu-cobalt-strike
yuanxiangyua/tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
yuanxiangyua/Unlock-netease-cloud-music
解锁网易云音乐客户端变灰歌曲
yuanxiangyua/venom
venom - shellcode generator/compiler/handler (metasploit)
yuanxiangyua/WAF_Bypass_Guide
Guide For WAF Bypass Techniques
yuanxiangyua/WebAliveScan
对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
yuanxiangyua/windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合
yuanxiangyua/WMIHACKER
A Bypass Anti-virus Software Lateral Movement Command Execution Tool