#
Starred repositories
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执行、内存马注入、密码解密等(深信服深蓝实验室天威战队强力驱动)
Instant voice cloning by MIT and MyShell. Audio foundation model.
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用
kill anti-malware protected processes ( BYOVD) ( Microsoft Won)
Harvest passwords automatically from OpenSSH server
针对(CVE-2023-0179)漏洞利用 该漏洞被分配为CVE-2023-0179,影响了从5.5到6.2-rc3的所有Linux版本,该漏洞在6.1.6上被测试。 漏洞的细节和文章可以在os-security上找到。
命令执行不回显但DNS协议出网的命令回显场景解决方案(修改为使用ceye接收请求,添加自定义DNS服务器)
LPE exploit for CVE-2023-21768
A web client port-scanner written in GO, that supports the WASM/WASI interface for Browser WebAssembly runtime execution.
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules
Remote command execution with WMI that supports Pass-The-Hash
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
A PoC implementation for dynamically masking call stacks with timers.
This map lists the essential techniques to bypass anti-virus and EDR