Python2编写的struts2漏洞全版本检测和利用工具

MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize

口令爆破字典，有键盘组合字典、拼音字典、字母与数字混合这三种类型

上传漏洞fuzz字典生成脚本

动态多线程敏感信息泄露检测工具

Plug-in type web vulnerability scanner

Active Directory Integrated DNS dumping by any authenticated user

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

Enumeration sub domains(枚举子域名)

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

NSA finest tool

Web Content Discovery Tool

Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload

被动式漏洞扫描系统

文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)

利用 Python 的 Socket 端口转发，用于远程维护

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Searching sensitive files and contents in GitHub associated to company name or other key words

CMS渗透测试框架-A CMS Exploit Framework

Scanning a network asset information script

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

Cobalt Strike team server password brute force tool

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution

目标端口扫描+系统服务指纹识别

自动爬取Github上文件敏感信息泄露，抓取邮箱密码并自动登录邮箱验证，支持126，qq，sina，163邮箱

宝塔面板Windows版提权方法

Amplify network visibility from multiple POV of other hosts

Transferred from https://github.com/DoubleLabyrinth/how-does-SecureCRT-encrypt-password

漏洞扫描：st2、tomcat、未授权访问等等