flywithoutwings Goto Github PK
Name: HGW XX/7
Type: User
Name: HGW XX/7
Type: User
搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享
office漏洞CVE-2017-11882 File Generator PoC
blog
枚举Active Directory中所有用户的ACL,标记出特权帐户。A script for advanced discovery of Privileged Accounts - includes Shadow Admins
基于asyncio(协程)的CVE-2020-0796 速度还是十分可观的,方便运维师傅们对内网做下快速检测。
Maintained by shadowsocksrr
Python3编写的CMS漏洞检测框架
AntSword is a cross-platform website management toolkit.
AntSword 加载器
一款功能强大的软件源代码分析与审计工具A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
APT & CyberCriminal Campaign Collection
Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules
aria2 is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink.
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
渗透测试技术手册 ATTCK-PenTester-Book
加密免杀工具 Antivirus evasion project
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
红队渗透资源List of Awesome Red Teaming Resources
Steal Net-NTLM Hash using Bad-PDF
信息泄漏批量扫描脚本A tiny Batch weB vulnerability Scanner
“冰蝎”动态二进制加密网站管理客户端
强大的域信息搜集工具,可用图形化展现域账户、主机之间的登录历史与管理关系,信息搜集脚本在Ingestors中,kali可直接使用apt安装 Six Degrees of Domain Admin
远控免杀系列文章及配套工具,搜集汇总了互联网上的几十种免杀工具和免杀方法,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
Check-LocalAdminHash是一款基于PowerShell开发的工具,它可以尝试通过WMI或SMB来对多台主机进行身份验证,并通过密码哈希来判断用户提供的凭证是否属于本地管理员账户。Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin on a network. It is essentially a Frankenstein of two of my favorite tools along with some of my own code. It utilizes Kevin Robertson's (@kevin_robertson) Invoke-TheHash project for the credential checking portion. Additionally, the script utilizes modules from PowerView by Will Schroeder (@harmj0y) and Matt Graeber (@mattifestation) to enumerate domain computers to find targets for testing admin access against.
powershell混淆脚本工具 Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
A fast TCP tunnel over HTTP
Cisco IOS SNMP RCE PoC
Mac上的clash客户端
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.