zhangding222's Stars
nim-lang/Nim
Nim is a statically typed compiled systems programming language. It combines successful concepts from mature languages like Python, Ada and Modula. Its design focuses on efficiency, expressiveness, and elegance (in that order of priority).
chaitin/xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
shmilylty/OneForAll
OneForAll是一款功能强大的子域收集工具
ctf-wiki/ctf-wiki
Come and join us, we need you!
LOLBAS-Project/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
rebeyond/Behinder
“冰蝎”动态二进制加密网站管理客户端
TideSec/BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
BC-SECURITY/Empire
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
zer0yu/Awesome-CobaltStrike
List of Awesome CobaltStrike Resources
TheWover/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Ascotbe/Kernelhub
:palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
byt3bl33d3r/OffensiveNim
My experiments in weaponizing Nim (https://nim-lang.org/)
trickster0/OffensiveRust
Rust Weaponization for Red Team Engagements.
rabbitmask/WeblogicScan
Weblogic一键漏洞检测工具,V1.5,更新时间:20200730
0xn0ne/weblogicScanner
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
uknowsec/Active-Directory-Pentest-Notes
个人域渗透学习笔记
awake1t/linglong
一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
sleventyeleven/linuxprivchecker
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
a3vilc0de/PentesterSpecialDict
渗透测试工作中经常使用的字典集合
jthuraisamy/SysWhispers2
AV/EDR evasion via direct system calls.
S3cur3Th1sSh1t/PowerSharpPack
FunnyWolf/pystinger
Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
l3m0n/Bypass_Disable_functions_Shell
一个各种方式突破Disable_functions达到命令执行的shell
Lucifer1993/TPscan
一键ThinkPHP漏洞检测
1n7erface/PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
mgeeky/ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
mai1zhi2/SharpBeacon
CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
STMCyber/boobsnail
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
ajpc500/NimlineWhispers
A very proof-of-concept port of InlineWhispers for using syscalls in Nim projects.
STMCyber/Awesome-Excel4.0
List of Awesome Excel4.0/XLM tricks and functions useful for Red Team and Blue Team. This list is for anyone wishing to learn about Excel4.0/XLM for Red Team but do not have a starting point.