Pinned Repositories
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
2024-PocLib
此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉
CVE-2024-38077-RDLCheck
检测RDL服务是否运行,快速排查受影响资产
fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
JDumpSpider
HeapDump敏感信息自动化提取工具
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
metasploit-framework
Metasploit Framework
Neo-reGeorg
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Webshell_Generate
用于生成各类免杀webshell
zhuxi1965's Repositories
zhuxi1965/CVE-2024-38077-RDLCheck
检测RDL服务是否运行,快速排查受影响资产
zhuxi1965/2024-PocLib
此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉
zhuxi1965/nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
zhuxi1965/CodeQL
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
zhuxi1965/CVE-2023-25157-and-CVE-2023-25158
GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158)
zhuxi1965/CVE-2023-32315-Openfire-Bypass
rce
zhuxi1965/CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
zhuxi1965/EternalBlueC
EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
zhuxi1965/evil_minio
EXP for CVE-2023-28434 MinIO unauthorized to RCE
zhuxi1965/frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
zhuxi1965/GoBypassAV
整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一些资料和工具。
zhuxi1965/GodPotato
zhuxi1965/goon
goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含:ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如netbios探测等功能。
zhuxi1965/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
zhuxi1965/Heimdallr
一款完全被动监听的谷歌插件,用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗
zhuxi1965/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
zhuxi1965/jarm
TLS 指纹识别
zhuxi1965/jjjjjjjjjjjjjs
爬网站JS文件,自动fuzz api接口,指定api接口(针对前后端分离项目,可指定后端接口地址),回显api响应
zhuxi1965/Kunlun-M
KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。
zhuxi1965/oFx
漏洞批量验证框架
zhuxi1965/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
zhuxi1965/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
zhuxi1965/poc-runner
Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB
zhuxi1965/Security-Datasets
Re-play Security Events
zhuxi1965/SecurityList
A list for Web Security and Code Audit
zhuxi1965/Serein
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
zhuxi1965/uro
declutters url lists for crawling/pentesting
zhuxi1965/VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
zhuxi1965/yongyou-nc-rce
用友nc-反序列化漏洞验证加利用
zhuxi1965/YongyouNC-Unserialize-Tools
用友NC反序列化漏洞payload生成