Stars
一个攻防知识库。A knowledge base for red teaming and offensive security.
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
实时监控网页变化,并发送通知(Monitor web page changes in real time and send notifications)
A curated list of GPT agents for cybersecurity
云安全利用工具-云平台AK/SK-WEB利用工具,添加AK/SK自动检测资源,无需手动执行,支持云服务器、存储桶、数据库操作
Automatically parse Malleable C2 profiled into CrossC2 rebinding library source code
Cobalt Strike random C2 Profile 修改版(适配腾讯云函数,亚马逊云函数和CrossC2自定义protocol)
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike
OFalwl / MobaXtermKeyGen
Forked from 31i45/MobaXtermKeyGenMobaXterm Pro Key Generator, support the old/latest/future versions.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…
渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理
A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions
An aggressor script that can help automate payload building in Cobalt Strike