2021hvv漏洞汇总

Cobalt Strike random C2 Profile generator

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities

Attack Surface Management since before Attack Surface Management was a thing

Sign-Sacker(签名掠夺者)：一款数字签名复制器，可将其他官方exe中数字签名，图标，详细信息复制到没有签名的exe中，作为免杀，权限维持，伪装的一种小手段。

java source code static code analysis and danger function identify prog

CVE-2021-21972 Exploit

Volatility plugin for extracts configuration data of known malware

Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.

NERVE Continuous Vulnerability Scanner

一个简单的现代化公司域名使用规律预测及生成工具

功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构，并集成了长亭出品的rad爬虫的功能，内置了一万多条互联网开源的指纹信息。

自动反编译闭源应用，创建codeql数据库

一款SRC密码生成工具，尝试top字典无果后，可以根据域名、公司名等因素来生成特定的字典

腾讯开源作品整理

命令执行不回显但DNS协议出网的命令回显场景解决方案

Code and yara rules to detect and analyze Cobalt Strike

Fancy Bear Source Code

SpringBoot Actuator未授权自动化利用，支持信息泄漏/RCE

获取Exchange信息的小工具

一款Web在线自动免杀工具

A simple python script to generate XML payloads works for XMLDecoder based on ProcessBuilder and Runtime exec

bypassAll静态引擎，如绕过QVM，绕过VT所有静态引擎

Dump TeamViewer ID and password from memory. Works much better than other tools.

爬取各大SRC当日公告 | 通过微信通知的小工具 | 赏金工具

A Tool For Fuzzing Sub-domain.

Grab passwords from Chrome > v80 using their new AES encryption

本科毕设, 分布式网络资产扫描系统，受shodan启发，首创无状态网络爬虫，超越scraper跑满带宽；代码质量较差，不输ZoomEye

A set of useful command line tools to interact with telegram using telethon and python-fire.