Stars
A curated list of awesome things related to Telegram Mini Apps (TMA).
APIKit 是Burp Suite 的一个API接口扫描插件,该版本APIKit是对API-Security项目的APIKit1.0进行的二开,增加了扫描开关,避免直接打开burp乱扫被抓起来
`Raw Files Server`(简称 RFS)是一个支持 HTTP/自定义TCP 协议双栈的文件分发服务端,适用于内网文件分发、免杀落地等场景。
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…
Windows Local Privilege Escalation Cookbook
A tool matrix for Russian APTs based on the Ransomware Tool Matrix
Automatic SQL injection and database takeover tool
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Powerful+Fast+Low Privilege Kubernetes discovery tools
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
📦 Make security testing of K8s, Docker, and Containerd easier.
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
WeChatOpenDevTool 微信小程序强制开启开发者工具
A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.