Pinned Repositories
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
7kbscan-WebPathBrute
7kbscan-WebPathBrute Web路径暴力探测工具
AntSword-Loader
AntSword 加载器
Apache-Solr-RCE
Apache Solr Exploits 🌟
Arjun
(HTTP参数发现工具)HTTP parameter discovery suite.
AV_Evasion_Tool
掩日 - 免杀执行器生成工具
AzureGoat
AzureGoat : A Damn Vulnerable Azure Infrastructure
Behinder
“冰蝎”动态二进制加密网站管理客户端
C2concealer
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
Webshell_Generate
用于生成各类免杀webshell
zhuxi1965's Repositories
zhuxi1965/CodeQL
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
zhuxi1965/CVE-2023-25157-and-CVE-2023-25158
GeoServer & GeoTools SQL Injection (CVE-2023-25157 & CVE-2023-25158)
zhuxi1965/CVE-2023-32315-Openfire-Bypass
rce
zhuxi1965/CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
zhuxi1965/evil_minio
EXP for CVE-2023-28434 MinIO unauthorized to RCE
zhuxi1965/frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
zhuxi1965/GoBypassAV
整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一些资料和工具。
zhuxi1965/GodPotato
zhuxi1965/goon
goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含:ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如netbios探测等功能。
zhuxi1965/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
zhuxi1965/Heimdallr
一款完全被动监听的谷歌插件,用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗
zhuxi1965/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
zhuxi1965/jarm
TLS 指纹识别
zhuxi1965/jjjjjjjjjjjjjs
爬网站JS文件,自动fuzz api接口,指定api接口(针对前后端分离项目,可指定后端接口地址),回显api响应
zhuxi1965/Kunlun-M
KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。
zhuxi1965/msmap
Msmap is a Memory WebShell Generator.内存马生成器。
zhuxi1965/nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
zhuxi1965/oFx
漏洞批量验证框架
zhuxi1965/OLa
cs post exp plugin
zhuxi1965/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
zhuxi1965/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
zhuxi1965/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
zhuxi1965/Security-Datasets
Re-play Security Events
zhuxi1965/SecurityList
A list for Web Security and Code Audit
zhuxi1965/Serein
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
zhuxi1965/uro
declutters url lists for crawling/pentesting
zhuxi1965/VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
zhuxi1965/vscan
开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
zhuxi1965/yongyou-nc-rce
用友nc-反序列化漏洞验证加利用
zhuxi1965/YongyouNC-Unserialize-Tools
用友NC反序列化漏洞payload生成