Stars
大宝剑-边界资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)
Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
集Fofa、Hunter鹰图、Shodan、360 quake、Zoomeye 钟馗之眼、censys 为一体的空间测绘gui图形界面化工具,支持一键采集爬取和导出fofa、shodan等数据,方便快捷查看
Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported.
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
ICP备案查询,可查询企业或域名的ICP备案信息,自动完成滑动验证,保存结果到Excel表格,适用于新版的工信部备案管理系统网站,告别频繁拖动验证,以及某站*工具要开通VIP才可查看备案信息的坑
FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架。
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构,并集成了长亭出品的rad爬虫的功能,内置了一万多条互联网开源的指纹信息。
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
基于masscan和nmap的快速端口扫描和指纹识别工具,优化版本(获取标题,页面长度,过滤防火墙)
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。
autoDecoder的用法及案例,包含加解密方法、绕waf、替换参数等操作。
Shiro-721 RCE Via RememberMe Padding Oracle Attack
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus