自研JavaFX图形化漏洞扫描工具，支持扫描的漏洞分别是： ThinkPHP-2.x-RCE， ThinkPHP-5.0.23-RCE， ThinkPHP5.0.x-5.0.23通杀RCE， ThinkPHP5-SQL注入&敏感信息泄露， ThinkPHP 3.x 日志泄露NO.1， ThinkPHP 3.x 日志泄露NO.2， ThinkPHP 5.x 数据库信息泄露的漏洞检测，以及批量检…

A SimpleHTTPServer written in Go, enhanced with features and with a nice design - https://goshs.de

Struts2系列漏洞检查工具

ebpfkit is a rootkit powered by eBPF

Advanced Telegram x Discord C2, great for data Exfitration and Network evasion 🔷

GeoServer Remote Code Execution

基于 Layui 的后台前端管理框架

Resources related to GitHub Security Lab

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

A Java Route Collection Tool

burp插件 ShiroScan 主要用于框架、无dnslog key检测

MemoryModule which compatible with Win32 API and support exception handling

Loading BOF & ShellCode without executable permission memory.

基于 OPSEC 的 CobaltStrike 后渗透自动化链

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

土司网站签到脚本

T00ls签到、域名查询自动推送脚本（搭配云函数使用）

Burpsuite - Js Route Scan 正则匹配获取响应中的路由进行被动探测与递归目录探测的burp插件

Windows Local Privilege Escalation Cookbook

A lightweight, high-performance go mqtt server(v3.0|v3.1.1|v5.0) supporting distributed cluster

hrms tool

HCM宏景加解密工具

Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit

GUI Tool To Remove Ads From Various Places Around Windows 11

Kolmogorov Arnold Networks

burp手工检测fastjson辅助

Adversary Emulation Framework

The Havoc Framework

fscan免杀

[WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐