Stars
Jenkins凭据解密脚本,增加对publish_over_ssh插件支持
This code silently installs Chrome extensions on Mac, Windows, and Linux
Silently Install Chrome Extension For Persistence
Chrome browser extension-based Command & Control
To learn common smart contract vulnerabilities using Foundry!
Jar Analyzer - 一个 JAR 包 GUI 分析工具,方法调用关系搜索,方法调用链 DFS 算法分析,模拟 JVM 的污点分析验证 DFS 结果,字符串搜索,Java Web 组件入口分析,CFG 程序分析,JVM 栈帧分析,自定义表达式搜索,紧跟 AI 技术发展,支持 MCP 调用,支持 n8n 工作流
A frida tool to dump dex in memory to support security engineers analyzing malware.
基础反检测 frida-server / Basic anti-detection frida-server
Frida hook some jni functions
BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in se…
Active Directory information dumper via LDAP
Check for LDAP protections regarding the relay of NTLM authentication
BloodyAD is an Active Directory Privilege Escalation Framework
smbclient-ng, a fast and user friendly way to interact with SMB shares.
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks
《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
Java Vulnerability Exploitation Platform
dddd是一款使用简单的批量信息收集,供应链漏洞探测工具,旨在优化红队工作流,减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标
A tool for automatic patch shellcode into binary file to bypass AV. / 一个自动patch shellcode到二进制文件的工具
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.