mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-08-13 03:17:26 +00:00
725 lines
90 KiB
Markdown
725 lines
90 KiB
Markdown
## <span id="head1"> Penetration_Testing_POC</span>
|
||
|
||
搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。
|
||
|
||
- [ Penetration_Testing_POC](#head1)
|
||
- [ 请善用搜索[`Ctrl+F`]查找](#head2)
|
||
- [IOT Device&Mobile Phone](#head3)
|
||
- [Web APP](#head4)
|
||
- [ 提权辅助相关](#head5)
|
||
- [ PC](#head6)
|
||
- [ tools-小工具集合](#head7)
|
||
- [ 文章/书籍/教程相关](#head8)
|
||
- [ 说明](#head9)
|
||
|
||
## <span id="head2"> 请善用搜索[`Ctrl+F`]查找</span>
|
||
|
||
## <span id="head3">IOT Device&Mobile Phone</span>
|
||
|
||
- [天翼创维awifi路由器存在多处未授权访问漏洞](天翼创维awifi路由器存在多处未授权访问漏洞.md)
|
||
- [华为WS331a产品管理页面存在CSRF漏洞](华为WS331a产品管理页面存在CSRF漏洞.md)
|
||
- [CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞](./CVE-2019-16313%20蜂网互联企业级路由器v4.31密码泄露漏洞.md)
|
||
- [D-Link路由器RCE漏洞](./CVE-2019-16920-D-Link-rce.md)
|
||
- [CVE-2019-13051-Pi-Hole路由端去广告软件的命令注入&权限提升](./CVE-2019-13051)
|
||
- [D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621)](https://github.com/s1kr10s/D-Link-DIR-859-RCE)
|
||
- [Huawei HG255 Directory Traversal[目录穿越]](https://packetstormsecurity.com/files/155954/huaweihg255-traversal.rb.txt)|[本地备份文件](./tools/huaweihg255-traversal.rb)
|
||
- [D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)CVE-2019-20215(Metasploit)](./POC_Details/D-Link%20Devices%20-%20Unauthenticated%20Remote%20Command%20Execution%20in%20ssdpcgi%20(Metasploit)%20CVE-2019-20215.rb)
|
||
- [从 Interfaces.d 到 RCE:Mozilla WebThings IoT 网关漏洞挖掘](https://research.nccgroup.com/2020/02/10/interfaces-d-to-rce/)
|
||
- [小米系列路由器远程命令执行漏洞(CVE-2019-18370,CVE-2019-18371)](https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/report/report.md)
|
||
- [Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload-未经验证即可替换固件)](https://www.exploit-db.com/exploits/48158)
|
||
- [cve-2020-8634&cve-2020-8635](https://www.exploit-db.com/exploits/48160)|[Wing FTP Server 6.2.3权限提升漏洞发现分析复现过程](https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php)|[Wing FTP Server 6.2.5权限提升](https://www.exploit-db.com/exploits/48154)
|
||
- [CVE-2020-9374-TP LINK TL-WR849N - RCE](./CVE-2020-9374.md)
|
||
- [CVE-2020-12753-LG 智能手机任意代码执行漏洞](https://github.com/shinyquagsire23/CVE-2020-12753-PoC)
|
||
- [CVE-2020-12695-UPnP 安全漏洞](https://github.com/yunuscadirci/CallStranger)
|
||
- [79款 Netgear 路由器遭远程接管0day](https://github.com/grimm-co/NotQuite0DayFriday/blob/master/2020.06.15-netgear/exploit.py)
|
||
- [dlink-dir610-exploits-Exploits for CVE-2020-9376 and CVE-2020-9377](https://github.com/renatoalencar/dlink-dir610-exploits)
|
||
- [wacker:一组脚本,可辅助对WPA3接入点执行在线词典攻击](https://github.com/blunderbuss-wctf/wacker)
|
||
|
||
## <span id="head4">Web APP</span>
|
||
|
||
- [致远OA_A8_getshell_0day](致远OA_A8_getshell_0day.md)
|
||
- [Couch through 2.0存在路径泄露漏洞 ](Couch%20through%202.0存在路径泄露漏洞.md)
|
||
- [Cobub Razor 0.7.2存在跨站请求伪造漏洞](Cobub%20Razor%200.7.2存在跨站请求伪造漏洞.md)
|
||
- [joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户](joyplus-cms%201.6.0存在CSRF漏洞可增加管理员账户.md)
|
||
- [MiniCMS 1.10存在CSRF漏洞可增加管理员账户](MiniCMS%201.10存在CSRF漏洞可增加管理员账户.md)
|
||
- [Z-Blog 1.5.1.1740存在XSS漏洞](Z-Blog%201.5.1.1740存在XSS漏洞.md)
|
||
- [YzmCMS 3.6存在XSS漏洞](YzmCMS%203.6存在XSS漏洞.md)
|
||
- [Cobub Razor 0.7.2越权增加管理员账户](Cobub%20Razor%200.7.2越权增加管理员账户.md)
|
||
- [Cobub Razor 0.8.0存在SQL注入漏洞](Cobub%20Razor%200.8.0存在SQL注入漏洞.md)
|
||
- [Cobub Razor 0.8.0存在物理路径泄露漏洞](Cobub%20Razor%200.8.0存在物理路径泄露漏洞.md)
|
||
- [五指CMS 4.1.0存在CSRF漏洞可增加管理员账户](五指CMS%204.1.0存在CSRF漏洞可增加管理员账户.md)
|
||
- [DomainMod的XSS集合](DomainMod的XSS集合.md)
|
||
- [GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户](GreenCMS%20v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户.md)
|
||
- [yii2-statemachine v2.x.x存在XSS漏洞](yii2-statemachine%20v2.x.x存在XSS漏洞.md)
|
||
- [maccms_v10存在CSRF漏洞可增加任意账号](maccms_v10存在CSRF漏洞可增加任意账号.md)
|
||
- [LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户](LFCMS%203.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户.md)
|
||
- [Finecms_v5.4存在CSRF漏洞可修改管理员账户密码](Finecms_v5.4存在CSRF漏洞可修改管理员账户密码.md)
|
||
- [Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞](Amazon%20Kindle%20Fire%20HD%20\(3rd%20Generation\)内核驱动拒绝服务漏洞.md)
|
||
- [Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞](Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞.md)
|
||
- [Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号](Hucart%20cms%20v5.7.4%20CSRF漏洞可任意增加管理员账号.md)
|
||
- [indexhibit cms v2.1.5 直接编辑php文件getshell](indexhibit%20cms%20v2.1.5%20直接编辑php文件getshell.md)
|
||
- [S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号](S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号.md)
|
||
- [S-CMS PHP v3.0存在SQL注入漏洞](S-CMS%20PHP%20v3.0存在SQL注入漏洞.md)
|
||
- [MetInfoCMS 5.X版本GETSHELL漏洞合集](MetInfoCMS%205.X版本GETSHELL漏洞合集.md)
|
||
- [discuz ml RCE 漏洞检测工具](discuz-ml-rce/README.md)
|
||
- [thinkphp5框架缺陷导致远程代码执行](thinkphp5框架缺陷导致远程代码执行.md)
|
||
- [FineCMS_v5.0.8两处getshell](FineCMS_v5.0.8两处getshell.md)
|
||
- [Struts2_045漏洞批量检测|搜索引擎采集扫描](Struts2_045-Poc)
|
||
- [thinkphp5命令执行](thinkphp5命令执行.md)
|
||
- [typecho反序列化漏洞](typecho反序列化漏洞.md)
|
||
- [CVE-2019-10173 Xstream 1.4.10版本远程代码执行](CVE-2019-10173%20Xstream%201.4.10版本远程代码执行漏洞.md)
|
||
- [IIS/CVE-2017-7269-Echo-PoC](./IIS/CVE-2017-7269-Echo-PoC)
|
||
- [CVE-2019-15107 Webmin RCE](./CVE-2019-15107)
|
||
- [thinkphp5 rce漏洞检测工具](./tp5-getshell)
|
||
- [thinkphp5_RCE合集](./tp5-getshell/TP5_RCE合集.md)
|
||
- [thinkphp3.X-thinkphp5.x](./tp5-getshell/ThinkPHP.md)
|
||
- [关于ThinkPHP框架的历史漏洞分析集合](https://github.com/Mochazz/ThinkPHP-Vuln)
|
||
- [CVE-2019-11510](./CVE-2019-11510)
|
||
- [Redis(<=5.0.5) RCE](./redis-rogue-server)
|
||
- [Redis 4.x/5.x RCE(主从复制导致RCE)](https://github.com/Ridter/redis-rce)
|
||
- [生成Redis恶意模块so文件配合主从复制RCE达到命令执行](https://github.com/n0b0dyCN/RedisModules-ExecuteCommand)|[相关文章](https://www.freebuf.com/vuls/224235.html)
|
||
- [RedisWriteFile-通过 `Redis` 主从写出无损文件,可用于 `Windows` 平台下写出无损的 `EXE`、`DLL`、 `LNK` 和 `Linux` 下的 `OS` 等二进制文件](https://github.com/r35tart/RedisWriteFile)
|
||
- [WeblogicScanLot系列,Weblogic漏洞批量检测工具](./WeblogicScanLot)
|
||
- [jboss_CVE-2017-12149](./jboss_CVE-2017-12149)
|
||
- [Wordpress的拒绝服务(DoS)-CVE-2018-6389](./CVE-2018-6389)
|
||
- [Webmin Remote Code Execution (authenticated)-CVE-2019-15642](https://github.com/jas502n/CVE-2019-15642)
|
||
- [CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞](./CVE-2019-16131%20OKLite%20v1.2.25%20任意文件上传漏洞.md)
|
||
- [CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞](./CVE-2019-16132%20OKLite%20v1.2.25%20存在任意文件删除漏洞.md)
|
||
- [CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞](./CVE-2019-16309%20FlameCMS%203.3.5%20后台登录处存在sql注入漏洞.md)
|
||
- [CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell](./CVE-2019-16314%20indexhibit%20cms%20v2.1.5%20存在重装并导致getshell.md)
|
||
- [泛微OA管理系统RCE漏洞利用脚本](./泛微OA管理系统RCE漏洞利用脚本.md)
|
||
- [CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit](./CVE-2019-16759%20vBulletin%205.x%200day%20pre-auth%20RCE%20exploit.md)
|
||
- [zentao-getshell 禅道8.2 - 9.2.1前台Getshell](./zentao-getshell)
|
||
- [泛微 e-cology OA 前台SQL注入漏洞](./泛微%20e-cology%20OA%20前台SQL注入漏洞.md)
|
||
- [Joomla-3.4.6-RCE](./Joomla-3.4.6-RCE.md)
|
||
- [Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH)](./Easy%20File%20Sharing%20Web%20Server%207.2%20-%20GET%20缓冲区溢出%20(SEH).md)
|
||
- [构建ASMX绕过限制WAF达到命令执行(适用于ASP.NET环境)](./构建ASMX绕过限制WAF达到命令执行.md)
|
||
- [CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass](./CVE-2019-17662-ThinVNC%201.0b1%20-%20Authentication%20Bypass.md)
|
||
- [CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd](./CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd.md)
|
||
- [CVE-2019-11043-PHP远程代码执行漏](./CVE-2019-11043)
|
||
- [ThinkCMF漏洞全集和](./ThinkCMF漏洞全集和.md)
|
||
- [CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行](./CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行.md)
|
||
- [ecologyExp.jar-泛微ecology OA系统数据库配置文件读取](./tools/ecologyExp.jar)
|
||
- [freeFTP1.0.8-'PASS'远程缓冲区溢出](./freeFTP1.0.8-'PASS'远程缓冲区溢出.md)
|
||
- [rConfig v3.9.2 RCE漏洞](./rConfig%20v3.9.2%20RCE漏洞.md)
|
||
- [apache_solr_rce](./solr_rce.md)
|
||
- [CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行](CVE-2019-7580%20thinkcmf-5.0.190111后台任意文件写入导致的代码执行.md)
|
||
- [Apache Flink任意Jar包上传导致远程代码执行](https://github.com/LandGrey/flink-unauth-rce)
|
||
- [用于检测JSON接口令牌安全性测试](https://github.com/ticarpi/jwt_tool)
|
||
- [cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC](cve-2019-17424%20nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC.md)
|
||
- [CVE-2019-12409_Apache_Solr RCE](https://github.com/jas502n/CVE-2019-12409)
|
||
- [Shiro RCE (Padding Oracle Attack)](https://github.com/wuppp/shiro_rce_exp)
|
||
- [CVE-2019-19634-class.upload.php <= 2.0.4任意文件上传](https://github.com/jra89/CVE-2019-19634)
|
||
- [Apache Solr RCE via Velocity Template Injection](./Apache%20Solr%20RCE%20via%20Velocity%20Template%20Injection.md)
|
||
- [CVE-2019-10758-mongo-express before 0.54.0 is vulnerable to Remote Code Execution ](https://github.com/masahiro331/CVE-2019-10758/)
|
||
- [CVE-2019-2107-Android播放视频-RCE-POC(Android 7.0版本,7.1.1版本,7.1.2版本,8.0版本,8.1版本,9.0版本)](https://github.com/marcinguy/CVE-2019-2107)
|
||
- [CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11)](https://github.com/ryu22e/django_cve_2019_19844_poc/)
|
||
- [CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞,影响: 4.0.0版本至4.6.0版本)](https://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817)
|
||
- [ZZCMS201910 SQL Injections](./ZZCMS201910%20SQL%20Injections.md)
|
||
- [WDJACMS1.5.2模板注入漏洞](./WDJACMS1.5.2模板注入漏洞.md)
|
||
- [CVE-2019-19781-Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway](https://github.com/projectzeroindia/CVE-2019-19781)
|
||
- [CVE-2019-19781.nse---use Nmap check Citrix ADC Remote Code Execution](https://github.com/cyberstruggle/DeltaGroup/tree/master/CVE-2019-19781)
|
||
- [Mysql Client 任意文件读取攻击链拓展](https://paper.seebug.org/1112/)
|
||
- [CVE-2020-5504-phpMyAdmin注入(需要登录)](https://xz.aliyun.com/t/7092)
|
||
- [CVE-2020-5509-Car Rental Project 1.0版本中存在远程代码执行漏洞](https://github.com/FULLSHADE/CVE-2020-5509-POC)
|
||
- [CryptoAPI PoC CVE-2020-0601](https://github.com/kudelskisecurity/chainoffools/blob/master/README.md)|[另一个PoC for CVE-2020-0601](https://github.com/ollypwn/CVE-2020-0601)
|
||
- [New Weblogic RCE (CVE-2020-2546、CVE-2020-2551) CVE-2020-2546](https://mp.weixin.qq.com/s/Q-ZtX-7vt0JnjNbBmyuG0w)|[WebLogic WLS核心组件RCE分析(CVE-2020-2551)](https://www.anquanke.com/post/id/199695)|[CVE-2020-2551-Weblogic IIOP 反序列化EXP](https://github.com/Y4er/CVE-2020-2551)
|
||
- [CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC](https://github.com/motikan2010/CVE-2020-5398/)
|
||
- [PHPOK v5.3&v5.4getshell](https://www.anquanke.com/post/id/194453) | [phpok V5.4.137前台getshell分析](https://forum.90sec.com/t/topic/728) | [PHPOK 4.7从注入到getshell](https://xz.aliyun.com/t/1569)
|
||
- [thinkphp6 session 任意文件创建漏洞复现 含POC](./books/thinkphp6%20session%20任意文件创建漏洞复现%20含POC.pdf) --- 原文在漏洞推送公众号上
|
||
- [ThinkPHP 6.x反序列化POP链(一)](./books/ThinkPHP%206.x反序列化POP链(一).pdf)|[原文链接](https://mp.weixin.qq.com/s/rEjt9zb-AksiVwF1GngFww)
|
||
- [ThinkPHP 6.x反序列化POP链(二)](./books/ThinkPHP%206.x反序列化POP链(二).pdf)|[原文链接](https://mp.weixin.qq.com/s/q8Xa3triuXEB3NoeOgka1g)
|
||
- [ThinkPHP 6.x反序列化POP链(三)](./books/ThinkPHP%206.x反序列化POP链(三).pdf)|[原文链接](https://mp.weixin.qq.com/s/PFNt3yF0boE5lR2KofghBg)
|
||
- [WordPress InfiniteWP - Client Authentication Bypass (Metasploit)](https://www.exploit-db.com/exploits/48047)
|
||
- [【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution](https://www.exploit-db.com/exploits/48051)
|
||
- [CVE-2020-7471-django1.11-1.11.282.2-2.2.103.0-3.0.3 StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC](https://github.com/Saferman/CVE-2020-7471)
|
||
- [CVE-2019-17564 : Apache Dubbo反序列化漏洞](https://www.anquanke.com/post/id/198747)
|
||
- [CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async)](https://github.com/lufeirider/CVE-2019-2725)
|
||
- [YzmCMS 5.4 后台getshell](https://xz.aliyun.com/t/7231)
|
||
- 关于Ghostcat(幽灵猫CVE-2020-1938漏洞):[CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc](https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC)|[Java版本POC](https://github.com/0nise/CVE-2020-1938)|[Tomcat-Ajp协议文件读取漏洞](https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/)|[又一个python版本CVE-2020-1938漏洞检测](https://github.com/xindongzhuaizhuai/CVE-2020-1938)|[CVE-2020-1938-漏洞复现环境及EXP](https://github.com/laolisafe/CVE-2020-1938)
|
||
- [CVE-2020-8840:Jackson-databind远程命令执行漏洞(或影响fastjson)](https://github.com/jas502n/CVE-2020-8840)
|
||
- [CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析(需要认证/或开启访客即可不需要登录)(一款Linux是基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具)](https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/)|[EXP](./CVE-2020-8813%20-%20Cacti%20v1.2.8%20RCE.md)|[CVE-2020-8813MSF利用脚本](https://www.exploit-db.com/exploits/48159)
|
||
- [CVE-2020-7246-PHP项目管理系统qdPM< 9.1 RCE](https://www.exploit-db.com/exploits/48146)
|
||
- [CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞](https://github.com/fairyming/CVE-2020-9547)
|
||
- [CVE-2020-9548:FasterXML/jackson-databind 远程代码执行漏洞](https://github.com/fairyming/CVE-2020-9548)
|
||
- [Apache ActiveMQ 5.11.1目录遍历/ Shell上传](https://cxsecurity.com/issue/WLB-2020030033)
|
||
- [CVE-2020-2555:WebLogic RCE漏洞POC](https://mp.weixin.qq.com/s/Wq6Fu-NlK8lzofLds8_zoA)|[CVE-2020-2555-Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE](https://github.com/Y4er/CVE-2020-2555)
|
||
- [CVE-2020-1947-Apache ShardingSphere UI YAML解析远程代码执行漏洞](https://github.com/jas502n/CVE-2020-1947)
|
||
- [CVE-2020-0554:phpMyAdmin后台SQL注入](./CVE-2020-0554:phpMyAdmin后台SQL注入.md)
|
||
- [泛微E-Mobile Ognl 表达式注入](./泛微e-mobile%20ognl注入.md)|[表达式注入.pdf](./books/表达式注入.pdf)
|
||
- [通达OA RCE漏洞](https://github.com/fuhei/tongda_rce)|[通达OAv11.6版本RCE复现分析+EXP](./books/通达OAv11.6版本漏洞复现分析.pdf)-[EXP下载](./tools/通达OA_v11.6_RCE_EXP.py)
|
||
- [CVE-2020-10673-jackson-databind JNDI注入导致远程代码执行](https://github.com/0nise/vuldebug)
|
||
- [CVE-2020-10199、CVE-2020-10204漏洞一键检测工具,图形化界面(Sonatype Nexus <3.21.1)](https://github.com/magicming200/CVE-2020-10199_CVE-2020-10204)
|
||
- [CVE-2020-2555-Oracle Coherence 反序列化漏洞](https://github.com/wsfengfan/CVE-2020-2555)|[分析文章](https://paper.seebug.org/1141/)
|
||
- [cve-2020-5260-Git凭证泄露漏洞](https://github.com/brompwnie/cve-2020-5260)
|
||
- [通达OA前台任意用户伪造登录漏洞批量检测](./通达OA前台任意用户伪造登录漏洞批量检测.md)
|
||
- [CVE-2020-11890 JoomlaRCE <3.9.17 远程命令执行漏洞(需要有效的账号密码)](https://github.com/HoangKien1020/CVE-2020-11890)
|
||
- [CVE-2020-10238【JoomlaRCE <= 3.9.15 远程命令执行漏洞(需要有效的账号密码)】&CVE-2020-10239【JoomlaRCE 3.7.0 to 3.9.15 远程命令执行漏洞(需要有效的账号密码)】](https://github.com/HoangKien1020/CVE-2020-10238)
|
||
- [CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3](https://github.com/hktalent/CVE_2020_2546)|[CVE-2020-2883-Weblogic coherence.jar RCE](https://github.com/Y4er/CVE-2020-2883)|[WebLogic-Shiro-shell-WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册filter内存shell](https://github.com/Y4er/WebLogic-Shiro-shell)
|
||
- [tongda_oa_rce-通达oa 越权登录+文件上传getshell](https://github.com/clm123321/tongda_oa_rce)
|
||
- [CVE-2020-11651-SaltStack Proof of Concept【认证绕过RCE漏洞】](https://github.com/0xc0d/CVE-2020-11651)|[CVE-2020-11651&&CVE-2020-11652 EXP](https://github.com/heikanet/CVE-2020-11651-CVE-2020-11652-EXP)
|
||
- [showdoc的api_page存在任意文件上传getshell](./showdoc的api_page存在任意文件上传getshell.md)
|
||
- [Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法](https://github.com/CaijiOrz/fastjson-1.2.47-RCE)
|
||
- [SpringBoot_Actuator_RCE](https://github.com/jas502n/SpringBoot_Actuator_RCE)
|
||
- [jizhicms(极致CMS)v1.7.1代码审计-任意文件上传getshell+sql注入+反射XSS](./books/jizhicms(极致CMS)v1.7.1代码审计引发的思考.pdf)
|
||
- [CVE-2020-9484:Apache Tomcat Session 反序列化代码执行漏洞](./tools/CVE-2020-9484.tgz)|[CVE-2020-9484:Apache Tomcat 反序列化RCE漏洞的分析和利用](https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/)
|
||
- [PHPOK 最新版漏洞组合拳 GETSHELL](./books/PHPOK最新版漏洞组合拳GETSHELL.pdf)
|
||
- [Apache Kylin 3.0.1命令注入漏洞](https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706)
|
||
- [weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory](https://github.com/hktalent/weblogic_java_des)
|
||
- [CVE-2020-5410 Spring Cloud Config目录穿越漏洞](https://xz.aliyun.com/t/7877)
|
||
- [NewZhan CMS 全版本 SQL注入(0day)](./books/NewZhan%20CMS%20全版本%20SQL注入(0day).pdf)
|
||
- [盲注 or 联合?记一次遇见的奇葩注入点之SEMCMS3.9(0day)](./books/盲注%20or%20联合?记一次遇见的奇葩注入点之SEMCMS3.9(0day).pdf)
|
||
- [从PbootCMS(2.0.3&2.0.7前台RCE+2.0.8后台RCE)审计到某狗绕过](./books/从PbootCMS(2.0.3&2.0.7前台RCE+2.0.8后台RCE)审计到某狗绕过.pdf)
|
||
- [CVE-2020-1948 : Apache Dubbo 远程代码执行漏洞](https://github.com/ctlyz123/CVE-2020-1948)
|
||
- [CVE-2020-5902-F5 BIG-IP 远程代代码执行(RCE)&任意文件包含读取](https://github.com/jas502n/CVE-2020-5902)|[CVE-2020-5902又一EXP加测试docker文件](https://github.com/superzerosec/cve-2020-5902)
|
||
- [CVE-2020-8193-Citrix未授权访问任意文件读取](https://github.com/jas502n/CVE-2020-8193)
|
||
- [通读审计之天目MVC_T框架带Home版(temmokumvc)_v2.01](./books/通读审计之天目MVC_T框架带Home版(temmokumvc)_v2.01.pdf)
|
||
- [CVE-2020-14645-WebLogic 远程代码执行漏洞](https://github.com/Y4er/CVE-2020-14645)|[Weblogic_CVE-2020-14645](https://github.com/DSO-Lab/Weblogic_CVE-2020-14645)
|
||
- [CVE-2020-6287-SAP NetWeaver AS JAVA 授权问题漏洞-创建用户EXP](https://github.com/duc-nt/CVE-2020-6287-exploit)|[SAP_RECON-PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)](https://github.com/chipik/SAP_RECON)
|
||
- [CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029-jenkins-rce](https://github.com/orangetw/awesome-jenkins-rce-2019)
|
||
- [CVE-2020-3452:Cisco ASA/FTD 任意文件读取漏洞](./CVE-2020-3452:Cisco_ASAFTD任意文件读取漏洞.md)
|
||
- [74CMS_v5.0.1后台RCE分析](./books/74CMS_v5.0.1后台RCE分析.pdf)
|
||
- [CVE-2020-8163 - Remote code execution of user-provided local names in Rails](https://github.com/sh286/CVE-2020-8163)
|
||
- [【0day RCE】Horde Groupware Webmail Edition RCE](./%E3%80%900day%20RCE%E3%80%91Horde%20Groupware%20Webmail%20Edition%20RCE.md)
|
||
- [pulse-gosecure-rce-Tool to test for existence of CVE-2020-8218](https://github.com/withdk/pulse-gosecure-rce-poc)
|
||
- [Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)](https://github.com/BishopFox/pwn-pulse)
|
||
- [Zblog默认Theme_csrf+储存xss+getshell](./Zblog默认Theme_csrf+储存xss+getshell.md)
|
||
- [用友GRP-u8 注入+天融信TopApp-LB 负载均衡系统sql注入](https://mrxn.net/Infiltration/292.html)|[绿盟UTS综合威胁探针管理员任意登录复现](https://mrxn.net/Infiltration/276.html)|[HW弹药库之深信服EDR 3.2.21 任意代码执行漏洞分析](https://mrxn.net/jswz/267.html)
|
||
- [CVE-2020-13935-Tomcat的WebSocket安全漏洞可导致拒绝服务攻击](https://github.com/RedTeamPentesting/CVE-2020-13935)
|
||
- [Douphp 网站后台存储型XSS漏洞分析](./books/Douphp%20网站后台存储型XSS漏洞分析.pdf)-[原文地址](https://mp.weixin.qq.com/s/dmFoMJaUH_ULnhu_T9jSGA)
|
||
- [Adminer 简单的利用](./books/Adminer简单的利用.pdf)-[原文地址](https://mp.weixin.qq.com/s/fgi4S-2vdvc-pSmFGGQzgw)
|
||
- [骑士CMS assign_resume_tpl远程代码执行分析](./books/骑士CMS%20远程代码执行分析%20-%20Panda.pdf)
|
||
|
||
## <span id="head5"> 提权辅助相关</span>
|
||
|
||
- [windows-kernel-exploits Windows平台提权漏洞集合](https://github.com/SecWiki/windows-kernel-exploits)
|
||
- [windows 溢出提权小记](https://klionsec.github.io/2017/04/22/win-0day-privilege/)/[本地保存了一份+Linux&Windows提取脑图](./tools/Local%20Privilege%20Escalation.md)
|
||
- [Windows常见持久控制脑图](./tools/Windows常见持久控制.png)
|
||
- [CVE-2019-0803 Win32k漏洞提权工具](./CVE-2019-0803)
|
||
- [脏牛Linux提权漏洞](https://github.com/Brucetg/DirtyCow-EXP)
|
||
- [远控免杀从入门到实践之白名单(113个)](https://github.com/TideSec/BypassAntiVirus)|[远控免杀从入门到实践之白名单(113个)总结篇.pdf](./books/远控免杀从入门到实践之白名单(113个)总结篇.pdf)
|
||
- [Linux提权-CVE-2019-13272 A linux kernel Local Root Privilege Escalation vulnerability with PTRACE_TRACEME](https://github.com/jiayy/android_vuln_poc-exp/tree/master/EXP-CVE-2019-13272-aarch64)
|
||
- [Linux权限提升辅助一键检测工具](https://github.com/mzet-/linux-exploit-suggester)
|
||
- [将powershell脚本直接注入到进程中执行来绕过对powershell.exe的限制](https://github.com/EmpireProject/PSInject)
|
||
- [CVE-2020-2696 – Local privilege escalation via CDE dtsession](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtsession_ipa.c)
|
||
- [CVE-2020-0683-利用Windows MSI “Installer service”提权](https://github.com/padovah4ck/CVE-2020-0683/)
|
||
- [Linux sudo提权辅助工具—查找sudo权限配置漏洞](https://github.com/TH3xACE/SUDO_KILLER)
|
||
- [Windows提权-CVE-2020-0668:Windows Service Tracing本地提权漏洞](https://github.com/RedCursorSecurityConsulting/CVE-2020-0668)
|
||
- [Linux提取-Linux kernel XFRM UAF poc (3.x - 5.x kernels)2020年1月前没打补丁可测试](https://github.com/duasynt/xfrm_poc)
|
||
- [linux-kernel-exploits Linux平台提权漏洞集合](https://github.com/SecWiki/linux-kernel-exploits)
|
||
- [Linux提权辅助检测Perl脚本](https://github.com/jondonas/linux-exploit-suggester-2)|[Linux提权辅助检测bash脚本](https://github.com/mzet-/linux-exploit-suggester)
|
||
- [CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost](https://github.com/danigargu/CVE-2020-0796)|[【Windows提取】Windows SMBv3 LPE exploit 已编译版.exe](https://github.com/f1tz/CVE-2020-0796-LPE-EXP)|[SMBGhost_RCE_PoC-远程代码执行EXP](https://github.com/chompie1337/SMBGhost_RCE_PoC)|[Windows_SMBv3_RCE_CVE-2020-0796漏洞复现](./books/Windows_SMBv3_RCE_CVE-2020-0796漏洞复现.pdf)
|
||
- [getAV---windows杀软进程对比工具单文件版](./tools/getAV/)
|
||
- [【Windows提权工具】Windows 7 to Windows 10 / Server 2019](https://github.com/CCob/SweetPotato)|[搭配Cobalt Strike的修改版可上线system权限的session](https://github.com/lengjibo/RedTeamTools/tree/master/windows/SweetPotato)
|
||
- [【Windows提权工具】SweetPotato修改版,用于webshell下执行命令](https://github.com/uknowsec/SweetPotato)|[本地编译好的版本](./tools/SweetPotato.zip)|[点击下载或右键另存为](https://raw.githubusercontent.com/Mr-xn/Penetration_Testing_POC/master/tools/SweetPotato.zip)|[SweetPotato_webshell下执行命令版.pdf](./books/SweetPotato_webshell下执行命令版.pdf)
|
||
- [【bypass UAC】Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe"](https://github.com/L3cr0f/DccwBypassUAC/)
|
||
- [【Windows提权】CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7](https://github.com/alpha1ab/CVE-2018-8120)
|
||
- [【Windows提权 Windows 10&Server 2019】PrintSpoofer-Abusing Impersonation Privileges on Windows 10 and Server 2019](https://github.com/itm4n/PrintSpoofer)|[配合文章食用-pipePotato复现](./books/pipePotato复现.pdf)|[Windows 权限提升 BadPotato-已经在Windows 2012-2019 8-10 全补丁测试成功](https://github.com/BeichenDream/BadPotato)
|
||
- [【Windows提权】Windows 下的提权大合集](https://github.com/lyshark/Windows-exploits)
|
||
- [【Windows提权】-CVE-2020-1048 | PrintDemon本地提权漏洞-漏洞影响自1996年以来发布(Windows NT 4)的所有Windows版本](https://github.com/ionescu007/PrintDemon)
|
||
- [【Windows bypass UAC】UACME-一种集成了60多种Bypass UAC的方法](https://github.com/hfiref0x/UACME)
|
||
- [CVE-2020–1088: Windows wersvc.dll 任意文件删除本地提权漏洞分析](https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2)
|
||
- [【Windows提权】CVE-2019-0863-Windows中错误报告机制导致的提权-EXP](https://github.com/sailay1996/WerTrigger)
|
||
- [【Windows提权】CVE-2020-1066-EXP](https://github.com/cbwang505/CVE-2020-1066-EXP)
|
||
- [【Windows提权】CVE-2020-0787-EXP-ALL-WINDOWS-VERSION-适用于Windows所有版本的提权EXP](https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION)
|
||
- [【Windows提权】CVE-2020-1054-Win32k提权漏洞Poc](https://github.com/0xeb-bp/cve-2020-1054)|[CVE-2020-1054-POC](https://github.com/Iamgublin/CVE-2020-1054)
|
||
- [【Linux提权】对Linux提权的简单总结](./books/对Linux提权的简单总结.pdf)
|
||
- [【Windows提权】wesng-Windows提权辅助脚本](https://github.com/bitsadmin/wesng)
|
||
- [【Windows提权】dazzleUP是一款用来帮助渗透测试人员进行权限提升的工具,可以在window系统中查找脆弱面进行攻击。工具包括两部分检查内容,exploit检查和错误配置检查。](https://github.com/hlldz/dazzleUP)
|
||
|
||
## <span id="head6"> PC</span>
|
||
|
||
- [ 微软RDP远程代码执行漏洞(CVE-2019-0708)](./BlueKeep)
|
||
- [CVE-2019-0708-python版](./BlueKeep/bluekeep-CVE-2019-0708-python)
|
||
- [MS17-010-微软永恒之蓝漏洞](https://github.com/Mr-xn/MS17-010)
|
||
- [macOS-Kernel-Exploit](./macOS-Kernel-Exploit)
|
||
- [CVE-2019-1388 UAC提权 (nt authority\system)](https://github.com/jas502n/CVE-2019-1388)
|
||
- [CVE-2019-1405和CVE-2019-1322:通过组合漏洞进行权限提升 Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation](https://github.com/apt69/COMahawk)
|
||
- [CVE-2019-11708](https://github.com/0vercl0k/CVE-2019-11708)
|
||
- [Telegram(macOS v4.9.155353) 代码执行漏洞](https://github.com/Metnew/telegram-links-nsworkspace-open)
|
||
- [Remote Desktop Gateway RCE bugs CVE-2020-0609 & CVE-2020-0610](https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/)
|
||
- [Microsoft SharePoint - Deserialization Remote Code Execution](https://github.com/Voulnet/desharialize/blob/master/desharialize.py)
|
||
- [CVE-2020-0728-Windows Modules Installer Service 信息泄露漏洞](https://github.com/irsl/CVE-2020-0728/)
|
||
- [CVE-2020-0618: 微软 SQL Server Reporting Services远程代码执行(RCE)漏洞](https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/)|[GitHub验证POC(其实前文的分析文章也有)](https://github.com/euphrat1ca/CVE-2020-0618)
|
||
- [CVE-2020-0767Microsoft ChakraCore脚本引擎【Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分】安全漏洞](https://github.com/phoenhex/files/blob/master/pocs/cve-2020-0767.js)
|
||
- [CVE-2020-0688:微软EXCHANGE服务的远程代码执行漏洞](https://github.com/random-robbie/cve-2020-0688)|[CVE-2020-0688_EXP---另一个漏洞检测利用脚本](https://github.com/Yt1g3r/CVE-2020-0688_EXP)|[又一个cve-2020-0688利用脚本](https://github.com/Ridter/cve-2020-0688)|[Exploit and detect tools for CVE-2020-0688](https://github.com/zcgonvh/CVE-2020-0688)
|
||
- [CVE-2020-0674: Internet Explorer远程代码执行漏洞检测](https://github.com/binaryfigments/CVE-2020-0674)
|
||
- [CVE-2020-8794: OpenSMTPD 远程命令执行漏洞](./CVE-2020-8794-OpenSMTPD%20远程命令执行漏洞.md)
|
||
- [Linux平台-CVE-2020-8597: PPPD 远程代码执行漏洞](https://github.com/marcinguy/CVE-2020-8597)
|
||
- [Windows-CVE-2020-0796:疑似微软SMBv3协议“蠕虫级”漏洞](https://cert.360.cn/warning/detail?id=04f6a686db24fcfa478498f55f3b79ef)|[相关讨论](https://linustechtips.com/main/topic/1163724-smbv3-remote-code-execution-cve-2020-0796/)|[CVE-2020–0796检测与修复](CVE-2020-0796检测与修复.md)|[又一个CVE-2020-0796的检测工具-可导致目标系统崩溃重启](https://github.com/eerykitty/CVE-2020-0796-PoC)
|
||
- [SMBGhost_RCE_PoC(CVE-2020-0796)](https://github.com/chompie1337/SMBGhost_RCE_PoC)
|
||
- [WinRAR 代码执行漏洞 (CVE-2018-20250)-POC](https://github.com/Ridter/acefile)|[相关文章](https://research.checkpoint.com/2019/extracting-code-execution-from-winrar/)|[全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250)](https://xlab.tencent.com/cn/2019/02/22/investigating-winrar-code-execution-vulnerability-cve-2018-20250-at-internet-scale/)
|
||
- [windows10相关漏洞EXP&POC](https://github.com/nu11secur1ty/Windows10Exploits)
|
||
- [shiro rce 反序列 命令执行 一键工具](https://github.com/wyzxxz/shiro_rce)
|
||
- [CVE-2019-1458-Win32k中的特权提升漏洞【shell可用-Windows提取】](https://github.com/unamer/CVE-2019-1458)
|
||
- [CVE-2019-1253-Windows权限提升漏洞-AppXSvc任意文件安全描述符覆盖EoP的另一种poc](https://github.com/sgabe/CVE-2019-1253)|[CVE-2019-1253](https://github.com/padovah4ck/CVE-2019-1253)
|
||
- [BypassAV【免杀】Cobalt Strike插件,用于快速生成免杀的可执行文件](https://github.com/hack2fun/BypassAV)
|
||
- [CVE-2020-0674:Internet Explorer UAF 漏洞exp【在64位的win7测试了IE 8, 9, 10, and 11】](https://github.com/maxpl0it/CVE-2020-0674-Exploit)
|
||
- [SMBGhost_AutomateExploitation-SMBGhost (CVE-2020-0796) Automate Exploitation and Detection](https://github.com/Barriuso/SMBGhost_AutomateExploitation)
|
||
- [MS Windows OLE 远程代码执行漏洞(CVE-2020-1281)](https://github.com/guhe120/Windows-EoP/tree/master/CVE-2020-1281)
|
||
- [CVE-2020-1350-Windows的DNS服务器RCE检测的powershell脚本](https://github.com/T13nn3s/CVE-2020-1350)|[CVE-2020-1350-DoS](https://github.com/maxpl0it/CVE-2020-1350-DoS)
|
||
- [CVE-2020-1362-Microsoft Windows WalletService权限提升漏洞](https://github.com/Q4n/CVE-2020-1362)
|
||
- [CVE-2020-10713-GRUB2 本地代码执行漏洞](https://github.com/eclypsium/BootHole)
|
||
- [CVE-2020-1313-Microsoft Windows Update Orchestrator Service权限提升漏洞,可用于Windows提权操作,支持新版的Windows server 2004](https://github.com/irsl/CVE-2020-1313)
|
||
- [CVE-2020-1337-exploit-Windows 7/8/10上Print Spooler组件漏洞修复后的绕过](https://github.com/math1as/CVE-2020-1337-exploit/)|[cve-2020-1337-poc](https://github.com/sailay1996/cve-2020-1337-poc)
|
||
- [CVE-2020-1472: NetLogon特权提升漏洞(接管域控制器)](https://github.com/VoidSec/CVE-2020-1472)|[CVE-2020-1472 .NET版本的,可以编译成独立EXE文件,可以尝试webshell执行](https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon/SharpZeroLogon)|[同类型脚本](https://github.com/SecuraBV/CVE-2020-1472)|[同类型脚本二](https://github.com/dirkjanm/CVE-2020-1472)|[同类型脚本三](https://github.com/risksense/zerologon)|[同类型脚本4](https://github.com/bb00/zer0dump)
|
||
|
||
|
||
## <span id="head7"> tools-小工具集版本合</span>
|
||
|
||
- [java环境下任意文件下载情况自动化读取源码的小工具](https://github.com/Artemis1029/Java_xmlhack)
|
||
- [Linux SSH登录日志清除/伪造](./tools/ssh)
|
||
- [python2的socks代理](./tools/s5.py)
|
||
- [dede_burp_admin_path-dedecms后台路径爆破(Windows环境)](./tools/dede_burp_admin_path.md)
|
||
- [PHP 7.1-7.3 disable_functions bypass](./tools/PHP%207.1-7.3%20disable_functions%20bypass.md)
|
||
- [一个各种方式突破Disable_functions达到命令执行的shell](https://github.com/l3m0n/Bypass_Disable_functions_Shell)
|
||
- [【PHP】bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)](https://github.com/yangyangwithgnu/bypass_disablefunc_via_LD_PRELOAD)
|
||
- [另一个bypass PHP的disable_functions](https://github.com/mm0r1/exploits)
|
||
- [cmd下查询3389远程桌面端口](./tools/cmd下查询3389远程桌面端口.md)
|
||
- [伪装成企业微信名片的钓鱼代码](./tools/伪装成企业微信名片的钓鱼代码.txt)
|
||
- [vbulletin5-rce利用工具(批量检测/getshell)](https://github.com/theLSA/vbulletin5-rce)/[保存了一份源码:vbulletin5-rce.py](./tools/vbulletin5-rce.py)
|
||
- [CVE-2017-12615](./tools/CVE-2017-12615.py)
|
||
- [通过Shodan和favicon icon发现真实IP地址](https://github.com/pielco11/fav-up)
|
||
- [Cobalt_Strike扩展插件](./tools/Cobalt_Strike扩展插件.md)
|
||
- [Windows命令行cmd的空格替换](./tools/Windows命令行cmd的空格替换.md)
|
||
- [绕过disable_function汇总](./tools/绕过disable_function汇总.md)
|
||
- [WAF Bypass](https://chybeta.gitbooks.io/waf-bypass/content/)
|
||
- [命令注入总结](./tools/命令注入总结.md)
|
||
- [隐藏wifi-ssid获取 · theKingOfNight's Blog](./books/隐藏wifi-ssid获取%20·%20theKingOfNight's%20Blog.pdf)
|
||
- [crt.sh证书/域名收集](./tools/crt.sh证书收集.py)
|
||
- [TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993](https://github.com/Mr-xn/TPscan)
|
||
- [Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993](https://github.com/Mr-xn/struts-scan)
|
||
- [sqlmap_bypass_D盾_tamper](./tools/sqlmap_bypass_D盾_tamper.py)
|
||
- [sqlmap_bypass_安全狗_tamper](./tools/sqlmap_bypass_安全狗_tamper.py)
|
||
- [sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper](./tools/sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper.py)
|
||
- [sqlmap_bypass_云锁_tamper](./tools/sqlmap_bypass_云锁_tamper.py)
|
||
- [sqlmap bypass云锁tamper(利用云锁的注释不拦截缺陷,来自t00ls师傅)](https://github.com/Hsly-Alexsel/Bypass)-[t00ls原文地址](https://www.t00ls.net/thread-57788-1-1.html)|[项目留存PDF版本](./books/10种方法绕过云锁以及tamper.pdf)
|
||
- [masscan+nmap扫描脚本](./tools/masscan%2Bnmap.py)
|
||
- [PHP解密扩展](https://github.com/Albert-Zhan/php-decrypt)
|
||
- [linux信息收集/应急响应/常见后门检测脚本](https://github.com/al0ne/LinuxCheck)
|
||
- [RdpThief-从远程桌面客户端提取明文凭据辅助工具](https://github.com/0x09AL/RdpThief)
|
||
- [使用powershell或CMD直接运行命令反弹shell](https://github.com/ZHacker13/ReverseTCPShell)
|
||
- [GitHack-.git泄露利用脚本](https://github.com/lijiejie/GitHack)
|
||
- [GitHacker---比GitHack更好用的git泄露利用脚本](https://github.com/WangYihang/GitHacker)
|
||
- [SVN源代码泄露全版本Dump源码](https://github.com/admintony/svnExploit)
|
||
- [多进程批量网站备份文件扫描](https://github.com/sry309/ihoneyBakFileScan)
|
||
- [Empire](https://github.com/BC-SECURITY/Empire/)|相关文章:[后渗透测试神器Empire详解](https://mp.weixin.qq.com/s/xCtkoIwVomx5f8hVSoGKpA)
|
||
- [FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera](https://github.com/0nise/fofa_view)
|
||
- [Zoomeye Tools-一款利用Zoomeye 获取有关当前网页IP地址的各种信息(需要登录)](https://chrome.google.com/webstore/detail/zoomeye-tools/bdoaeiibkccgkbjbmmmoemghacnkbklj)
|
||
- [360 0Kee-Team 的 crawlergo动态爬虫 结合 长亭XRAY扫描器的被动扫描功能](https://github.com/timwhitez/crawlergo_x_XRAY)
|
||
- [内网神器Xerosploit-娱乐性质(端口扫描|DoS攻击|HTML代码注入|JavaScript代码注入|下载拦截和替换|嗅探攻击|DNS欺骗|图片替换|Web页面篡改|Drifnet)](https://github.com/LionSec/xerosploit)
|
||
- [一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo](https://github.com/c0ny1/xxe-lab)
|
||
- [内网常见渗透工具包](https://github.com/yuxiaokui/Intranet-Penetration)
|
||
- [从内存中加载 SHELLCODE bypass AV查杀](https://github.com/brimstone/go-shellcode)|[twitter示例](https://twitter.com/jas502n/status/1213847002947051521)
|
||
- [流量转发工具-pingtunnel是把tcp/udp/sock5流量伪装成icmp流量进行转发的工具](https://github.com/esrrhs/pingtunnel)
|
||
- [内网渗透-创建Windows用户(当net net1 等常见命令被过滤时,一个文件执行直接添加一个管理员【需要shell具有管理员权限l】](https://github.com/newsoft/adduser)|[adduser使用方法](./adduser添加用户.md) |[【windows】绕过杀软添加管理员用户的两种方法](https://github.com/lengjibo/RedTeamTools/tree/master/windows/bypass360%E5%8A%A0%E7%94%A8%E6%88%B7)|[【windows】使用vbs脚本添加管理员用户](./使用vbs脚本添加管理员用户.md)
|
||
- [pypykatz-通过python3实现完整的Mimikatz功能(python3.6+)](https://github.com/skelsec/pypykatz)
|
||
- [【windows】Bypassing AV via in-memory PE execution-通过在内存中加载多次XOR后的payload来bypass杀软](https://blog.dylan.codes/bypassing-av-via/)|[作者自建gitlab地址](https://git.dylan.codes/batman/darkarmour)
|
||
- [wafw00f-帮助你快速识别web应用是否使用何种WAF(扫描之前很有用)](https://github.com/EnableSecurity/wafw00f)
|
||
- [Linux提取其他用户密码的工具(需要root权限)](https://github.com/huntergregal/mimipenguin)
|
||
- [apache2_BackdoorMod-apache后门模块](https://github.com/VladRico/apache2_BackdoorMod)
|
||
- [对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)](https://github.com/uknowsec/SharpDecryptPwd)
|
||
- [一个简单探测jboss漏洞的工具](https://github.com/GGyao/jbossScan)
|
||
- [一款lcx在golang下的实现-适合内网代理流量到公网,比如阿里云的机器代理到你的公网机器](https://github.com/cw1997/NATBypass)
|
||
- [Cobalt Strike Aggressor 插件包](https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts)
|
||
- [Erebus-Cobalt Strike后渗透测试插件,包括了信息收集、权限获取、密码获取、痕迹清除等等常见的脚本插件](https://github.com/DeEpinGh0st/Erebus)
|
||
- [cobaltstrike后渗透插件,偏向内网常用工具(目前包含1.定位域管理员2.信息收集(采用ADfind)3.权限维持(增加了万能密码,以及白银票据)4.内网扫描(nbtscan(linux/windows通用))5.dump数据库hash(支持mysql/mssql(快速获取数据库的hash值)))](https://github.com/wafinfo/cobaltstrike)
|
||
- [IP/IP段资产扫描-->扫描开放端口识别运行服务部署网站-->自动化整理扫描结果-->输出可视化报表+整理结果](https://github.com/LangziFun/LangNetworkTopology3)
|
||
- [A script to scan for unsecured Laravel .env files](https://github.com/tismayil/laravelN00b)
|
||
- [STS2G-Struts2漏洞扫描Golang版-【特点:单文件、全平台支持、可在webshell下使用】](https://github.com/x51/STS2G)|[编译好的Windows版本](./tools/ST2G.exe)|[Linux版本](./tools/ST2SG_linux)
|
||
- [Struts2_Chek_BypassWAF.jar-struts2全版本漏洞测试工具17-6过WAF版 by:ABC_123 仅供天融信内部使用,勿用于非法用途](./tools/Struts2_Chek_BypassWAF.jar)
|
||
- [ShiroScan-Shiro<=1.2.4反序列化,一键检测工具](https://github.com/sv3nbeast/ShiroScan)|[Apache shiro <= 1.2.4 rememberMe 反序列化漏洞利用工具](https://github.com/acgbfull/Apache_Shiro_1.2.4_RCE)
|
||
- [weblogicScanner-完整weblogic 漏洞扫描工具修复版](https://github.com/0xn0ne/weblogicScanner)
|
||
- [GitHub敏感信息泄露监控](https://github.com/FeeiCN/GSIL)
|
||
- [Java安全相关的漏洞和技术demo](https://github.com/threedr3am/learnjavabug)
|
||
- [在线扫描-网站基础信息获取|旁站|端口扫描|信息泄露](https://scan.top15.cn/web/)
|
||
- [bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统](https://github.com/CTF-MissFeng/bayonet)
|
||
- [SharpToolsAggressor-内网渗透中常用的c#程序整合成cs脚本,直接内存加载](https://github.com/uknowsec/SharpToolsAggressor)
|
||
- [【漏洞库】又一个各种漏洞poc、Exp的收集或编写](https://github.com/coffeehb/Some-PoC-oR-ExP)
|
||
- [【内网代理】内网渗透代理转发利器reGeorg](https://github.com/sensepost/reGeorg)|**相关文章:**[配置reGeorg+Proxifier渗透内网](https://www.k0rz3n.com/2018/07/06/如何使用reGeorg+Proxifier渗透内网)|[reGeorg+Proxifier实现内网sock5代理](http://jean.ink/2018/04/26/reGeorg/)|[内网渗透之reGeorg+Proxifier](https://sky666sec.github.io/2017/12/16/内网渗透之reGeorg-Proxifier)|[reGeorg+Proxifier使用](https://xz.aliyun.com/t/228)
|
||
- [【内网代理】Neo-reGeorg重构的reGeorg ](https://github.com/L-codes/Neo-reGeorg)
|
||
- [【内网代理】Tunna-通过http隧道将TCP流量代理出来](https://github.com/SECFORCE/Tunna)
|
||
- [【内网代理】proxy.php-单文件版的php代理](https://github.com/mcnemesis/proxy.php)
|
||
- [【内网代理】pivotnacci-通过HTTP隧道将TCP流量代理出来或进去](https://github.com/blackarrowsec/pivotnacci)
|
||
- [【内网代理】毒刺(pystinger)通过webshell实现**内网SOCK4代理**,**端口映射**.](https://github.com/FunnyWolf/pystinger)|[pystinger.zip-下载](./tools/pystinger.zip)
|
||
- [【内网代理】php-proxy-app-一款代理访问网站的工具](https://github.com/Athlon1600/php-proxy-app)
|
||
- [get_Team_Pass-获取目标机器上的teamviewerID和密码(你需要具有有效的目标机器账号密码且目标机器445端口可以被访问(开放445端口))](https://github.com/kr1shn4murt1/get_Team_Pass/)
|
||
- [chromepass-获取chrome保存的账号密码/cookies-nirsoft出品在win10+chrome 80测试OK](./tools/chromepass/)|[SharpChrome-基于.NET 2.0的开源获取chrome保存过的账号密码/cookies/history](https://github.com/djhohnstein/SharpChrome)|[ChromePasswords-开源获取chrome密码/cookies工具](https://github.com/malcomvetter/ChromePasswords)
|
||
- [java-jdwp远程调试利用](https://github.com/Lz1y/jdwp-shellifier)|相关文章:[jdwp远程调试与安全](https://qsli.github.io/2018/08/12/jdwp/)
|
||
- [社会工程学密码生成器,是一个利用个人信息生成密码的工具](https://github.com/zgjx6/SocialEngineeringDictionaryGenerator)
|
||
- [云业CMS(yunyecms)的多处SQL注入审计分析](./books/云业CMS(yunyecms)的多处SQL注入审计分析.pdf)|[原文地址](https://xz.aliyun.com/t/7302)|[官网下载地址](http://www.yunyecms.com/index.php?m=version&c=index&a=index)|[sqlmap_yunyecms_front_sqli_tamp.py](./tools/sqlmap_yunyecms_front_sqli_tamp.py)
|
||
- [www.flash.cn 的钓鱼页,中文+英文](https://github.com/r00tSe7en/Fake-flash.cn)
|
||
- [织梦dedecms全版本漏洞扫描](https://github.com/Mr-xn/dedecmscan)
|
||
- [CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection)
|
||
- [Dirble -快速目录扫描和爬取工具【比dirsearch和dirb更快】](https://github.com/nccgroup/dirble)
|
||
- [RedRabbit - Red Team PowerShell脚本](https://github.com/securethelogs/RedRabbit)
|
||
- [Pentest Tools Framework - 渗透测试工具集-适用于Linux系统](https://github.com/pikpikcu/Pentest-Tools-Framework)
|
||
- [白鹿社工字典生成器,灵活与易用兼顾。](https://github.com/HongLuDianXue/BaiLu-SED-Tool)
|
||
- [NodeJsScan-一款转为Nodejs进行静态代码扫描开发的工具](https://github.com/ajinabraham/NodeJsScan)
|
||
- [一款国人根据poison ivy重写的远控](https://github.com/killeven/Poison-Ivy-Reload)
|
||
- [NoXss-可配合burpsuite批量检测XSS](https://github.com/lwzSoviet/NoXss)
|
||
- [fofa 采集脚本](https://raw.githubusercontent.com/ggg4566/SomeTools/master/fofa_search.py)
|
||
- [java web 压缩文件 安全 漏洞](https://github.com/jas502n/Java-Compressed-file-security)
|
||
- [可以自定义规则的密码字典生成器,支持图形界面](https://github.com/bit4woo/passmaker)
|
||
- [dump lass 工具(绕过/干掉卡巴斯基)](./books/dump%20lass%20工具.pdf)|[loader.zip下载](./tools/loader.zip)
|
||
- [GO语言版本的mimikatz-编译后免杀](https://github.com/vyrus001/go-mimikatz)
|
||
- [CVE-2019-0708-批量检测扫描工具](./tools/cve0708.rar)
|
||
- [dump lsass的工具](https://github.com/outflanknl/Dumpert)|[又一个dump lsass的工具](https://github.com/7hmA3s/dump_lsass)
|
||
- [Cobalt Strike插件 - RDP日志取证&清除](https://github.com/QAX-A-Team/EventLogMaster)
|
||
- [xencrypt-一款利用powershell来加密并采用Gzip/DEFLATE来绕过杀软的工具](https://github.com/the-xentropy/xencrypt)
|
||
- [SessionGopher-一款采用powershell来解密Windows机器上保存的session文件,例如: WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop,支持远程加载和本地加载使用](https://github.com/Arvanaghi/SessionGopher)
|
||
- [CVE-2020-0796 Local Privilege Escalation POC-python版本](https://github.com/ZecOps/CVE-2020-0796-LPE-POC)|[CVE-2020-0796 Remote Code Execution POC](https://github.com/ZecOps/CVE-2020-0796-RCE-POC)
|
||
- [Windows杀软在线对比辅助](https://github.com/r00tSe7en/get_AV)
|
||
- [递归式寻找域名和api](https://github.com/p1g3/JSINFO-SCAN)
|
||
- [mssqli-duet-用于mssql的sql注入脚本,使用RID爆破,从Active Directory环境中提取域用户](https://github.com/Keramas/mssqli-duet)
|
||
- [【Android 移动app渗透】之一键提取APP敏感信息](https://github.com/TheKingOfDuck/ApkAnalyser)
|
||
- [【android 移动app渗透】apkleaks-扫描APK文件提取URL、终端和secret](https://github.com/dwisiswant0/apkleaks)
|
||
- [ShiroExploit-Deprecated-Shiro系列漏洞检测GUI版本-ShiroExploit GUI版本](https://github.com/feihong-cs/ShiroExploit-Deprecated)
|
||
- [通过phpinfo获取cookie突破httponly](./通过phpinfo获取cookie突破httponly.md)
|
||
- [phpstudy RCE 利用工具 windows GUI版本](https://github.com/aimorc/phpstudyrce)
|
||
- [WebAliveScan-根据端口快速扫描存活的WEB](https://github.com/broken5/WebAliveScan)
|
||
- [扫描可写目录.aspx](./tools/扫描可写目录.aspx)
|
||
- [PC客户端(C-S架构)渗透测试](https://github.com/theLSA/CS-checklist)
|
||
- [wsltools-web扫描辅助python库](https://github.com/Symbo1/wsltools)
|
||
- [struts2_check-用于识别目标网站是否采用Struts2框架开发的工具](https://github.com/coffeehb/struts2_check)
|
||
- [sharpmimi.exe-免杀版mimikatz](./tools/sharpmimi.exe)
|
||
- [thinkPHP代码执行批量检测工具](https://github.com/admintony/thinkPHPBatchPoc)
|
||
- [pypykatz-用纯Python实现的Mimikatz](https://github.com/skelsec/pypykatz)
|
||
- [Flux-Keylogger-具有Web面板的现代Javascript键盘记录器](https://github.com/LimerBoy/Flux-Keylogger)
|
||
- [JSINFO-SCAN-递归式寻找域名和api](https://github.com/p1g3/JSINFO-SCAN)
|
||
- [FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架](https://github.com/qianxiao996/FrameScan-GUI)
|
||
- [SRC资产信息聚合网站](https://github.com/cckuailong/InformationGather)
|
||
- [Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测](https://github.com/rabbitmask/SB-Actuator)
|
||
- [JNDI 注入利用工具【Fastjson、Jackson 等相关漏洞】](https://github.com/JosephTribbianni/JNDI)
|
||
- [各种反弹shell的语句集合页面](https://krober.biz/misc/reverse_shell.php)
|
||
- [解密weblogic AES或DES加密方法](https://github.com/Ch1ngg/WebLogicPasswordDecryptorUi)
|
||
- [使用 sshLooterC 抓取 SSH 密码](https://github.com/mthbernardes/sshLooterC)|[相关文章](https://www.ch1ng.com/blog/208.html)|[本地版本](./books/使用sshLooterC抓取SSH密码.pdf)
|
||
- [redis-rogue-server-Redis 4.x/5.x RCE](https://github.com/AdministratorGithub/redis-rogue-server)
|
||
- [Rogue-MySql-Server-搭建mysql虚假服务端来读取链接的客户端的文件](https://github.com/allyshka/Rogue-MySql-Server)
|
||
- [ew-内网穿透(跨平台)](https://github.com/idlefire/ew)
|
||
- [xray-weblisten-ui-一款基于GO语言写的Xray 被动扫描管理](https://github.com/virink/xray-weblisten-ui)
|
||
- [SQLEXP-SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据](https://github.com/ggg4566/SQLEXP)
|
||
- [SRC资产在线管理系统 - Shots](https://github.com/broken5/Shots)
|
||
- [luject:可以将动态库静态注入到指定应用程序包的工具,目前支持Android/iPhonsOS/Windows/macOS/Linux](https://github.com/lanoox/luject)|[相关文章](https://tboox.org/cn/2020/04/26/luject/)
|
||
- [CursedChrome:Chrome扩展植入程序,可将受害Chrome浏览器转变为功能齐全的HTTP代理,使你能够以受害人身份浏览网站](https://github.com/mandatoryprogrammer/CursedChrome)
|
||
- [pivotnacci:通过HTTP隧道进行Socks连接](https://github.com/blackarrowsec/pivotnacci)
|
||
- [PHPFuck-一款适用于php7以上版本的代码混淆](https://github.com/splitline/PHPFuck)|[[PHPFuck在线版本](https://splitline.github.io/PHPFuck/)
|
||
- [冰蝎 bypass open_basedir 的马](./tools/冰蝎bypass_open_basedir_shell.md)
|
||
- [goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理](https://github.com/snail007/goproxy-heroku)
|
||
- [xFTP6密码解密](./tools/xFTP6密码解密.md)
|
||
- [Mars-战神TideSec出品的WDScanner的重写一款综合的漏洞扫描,资产发现/变更,域名监控/子域名挖掘,Awvs扫描,POC检测,web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等工具](https://github.com/TideSec/Mars)
|
||
- [Shellcode Compiler:用于生成Windows 和 Linux平台的shellcode工具](https://github.com/NytroRST/ShellcodeCompiler)
|
||
- [BadDNS 是一款使用 Rust 开发的使用公共 DNS 服务器进行多层子域名探测的极速工具](https://github.com/joinsec/BadDNS)
|
||
- [【Android脱壳】XServer是一个用于对方法进行分析的Xposed插件](https://github.com/monkeylord/XServer)|[相关文章:Xposed+XServer无需脱壳抓取加密包](https://xz.aliyun.com/t/7669)|[使用xserver对某应用进行不脱壳抓加密包](https://blog.csdn.net/nini_boom/article/details/104400619)
|
||
- [masscan_to_nmap-基于masscan和nmap的快速端口扫描和指纹识别工具](https://github.com/7dog7/masscan_to_nmap)
|
||
- [Evilreg -使用Windows注册表文件的反向Shell (.Reg)](https://github.com/thelinuxchoice/evilreg)
|
||
- [Shecodject工具使用python注入shellcode bypass 火絨,360,windows defender](https://github.com/TaroballzChen/Shecodject)
|
||
- [Malleable-C2-Profiles-Cobalt Strike的C2隐藏配置文件相关](https://github.com/xx0hcd/Malleable-C2-Profiles)|[渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗](https://xz.aliyun.com/t/4191)
|
||
- [AutoRemove-自动卸载360](https://github.com/DeEpinGh0st/AutoRemove)
|
||
- [ligolo:用于渗透时反向隧道连接工具](https://github.com/sysdream/ligolo)
|
||
- [RMIScout: Java RMI爆破工具](https://github.com/BishopFox/rmiscout)
|
||
- [【Android脱壳】FRIDA-DEXDump-【使用Frida来进行Android脱壳】](https://github.com/hluwa/FRIDA-DEXDump)
|
||
- [XAPKDetector-全平台的android查壳工具](https://github.com/horsicq/XAPKDetector)
|
||
- [Donut-Shellcode生成工具](https://github.com/TheWover/donut)
|
||
- [JSP-Webshells集合【2020最新bypass某云检测可用】](https://github.com/threedr3am/JSP-Webshells)
|
||
- [one-scan-多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息](https://github.com/Jackeriss/one-scan)
|
||
- [ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。](https://github.com/Adminisme/ServerScan)
|
||
- [域渗透-Windows hash dump之secretsdump.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py)|[相关文章](https://github.com/PythonPig/PythonPig.github.io/blob/730be0e55603df96f45680c25c56ba8148052d2c/_posts/2019-07-16-Windows%20hash%20dump%E4%B9%8Bsecretsdump.md)
|
||
- [WindowsVulnScan:基于主机的漏洞扫描工【类似windows-exp-suggester】](https://github.com/chroblert/WindowsVulnScan)
|
||
- [SpoofWeb:一键部署HTTPS钓鱼站](https://github.com/klionsec/SpoofWeb)
|
||
- [VpsEnvInstall:一键部署VPS渗透环境](https://github.com/klionsec/VpsEnvInstall)
|
||
- [tangalanga:Zoom会议扫描工具](https://github.com/elcuervo/tangalanga)
|
||
- [碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC](https://github.com/Cl0udG0d/SZhe_Scan)
|
||
- [Taie-RedTeam-OS-泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统](https://github.com/taielab/Taie-RedTeam-OS)
|
||
- [naiveproxy-一款用C语言编写类似于trojan的代理工具](https://github.com/klzgrad/naiveproxy)
|
||
- [BrowserGhost-一个抓取浏览器密码的工具,后续会添加更多功能](https://github.com/QAX-A-Team/BrowserGhost)
|
||
- [GatherInfo-渗透测试信息搜集/内网渗透信息搜集](https://github.com/Paper-Pen/GatherInfo)
|
||
- [EvilPDF:一款把恶意文件嵌入在 PDF 中的工具](https://github.com/thelinuxchoice/evilpdf)
|
||
- [SatanSword-红队综合渗透框架,支持web指纹识别、漏洞PoC检测、批量web信息和端口信息查询、路径扫描、批量JS查找子域名、使用google headless、协程支持、完整的日志回溯](https://github.com/Lucifer1993/SatanSword)
|
||
- [Get-WeChat-DB-获取目标机器的微信数据库和密钥](https://github.com/A2kaid/Get-WeChat-DB)
|
||
- [ThinkphpRCE-支持代理IP池的批量检测Thinkphp漏洞或者日志泄露的py3脚本](https://github.com/sukabuliet/ThinkphpRCE)
|
||
- [fakelogonscreen-伪造(Windows)系统登录页面,截获密码](https://github.com/bitsadmin/fakelogonscreen)
|
||
- [WMIHACKER-仅135端口免杀横向移动](https://github.com/360-Linton-Lab/WMIHACKER)|[使用方法以及介绍](./books/WMIHACKER(仅135端口免杀横向移动).pdf)|[横向移动工具WMIHACKER](./books/横向移动工具WMIHACKER.pdf)|[原文链接](https://www.anquanke.com/post/id/209665)
|
||
- [cloud-ranges-部分公有云IP地址范围](https://github.com/pry0cc/cloud-ranges)
|
||
- [sqltools_ch-sqltools2.0汉化增强版](./ttools/sqltools_ch.rar)
|
||
- [railgun-poc_1.0.1.7-多功能端口扫描/爆破/漏洞利用/编码转换等](./tools/railgun-poc_1.0.1.7.zip)|[railgun作者更新到GitHub了,目前是1.2.8版本](https://github.com/lz520520/railgun)|[railgun-v1.2.8.zip-存档](./tools/railgun.zip)
|
||
- [dede_funcookie.php-DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell](./tools/dede_funcookie.php)
|
||
- [WAScan-一款功能强大的Web应用程序扫描工具【基于python开发的命令行扫描器】](https://github.com/m4ll0k/WAScan)
|
||
- [Peinject_dll-Cobalt Strike插件之另类持久化方法-PE感染](https://github.com/m0ngo0se/Peinject_dll)
|
||
- [MSSQL_BackDoor-摆脱MSSMS和 Navicat 调用执行 sp_cmdExec](https://github.com/evi1ox/MSSQL_BackDoor)
|
||
- [xShock-一款针对Shellshock漏洞的利用工具【例如低版本cgi的默认配置页面进行利用】](https://github.com/capture0x/xShock/)
|
||
- [tini-tools-针对红蓝对抗各个场景使用的小工具-【主要是Java写的工具】【目前有phpstudy.jar和域名转IP工具.jar】](https://github.com/sunird/tini-tools)
|
||
- [code6-码小六是一款 GitHub 代码泄露监控系统,通过定期扫描 GitHub 发现代码泄露行为](https://github.com/4x99/code6)
|
||
- [taowu-cobalt-strike-适用于cobalt strike3.x与cobalt strike4.x的插件](https://github.com/pandasec888/taowu-cobalt-strike)
|
||
- [Weblogic-scan-Weblogic 漏洞批量扫描工具](./tools/Weblogic-scan)
|
||
- [revp:反向HTTP代理,支持Linux,Windows和macOS](https://github.com/jafarlihi/revp)
|
||
- [fofa2Xray-一款联合fofa与xray的自动化批量扫描工具,使用Golang编写,适用于windows与linux](https://github.com/piaolin/fofa2Xray)
|
||
- [CasExp-Apereo CAS 反序列化利用工具](https://github.com/potats0/CasExp)
|
||
- [C_Shot-shellcode远程加载器](https://github.com/anthemtotheego/C_Shot)|[相关文章](./books/C_shot–shellcode远程加载器.pdf)
|
||
- [dz_ml_rce.py-Discuz! ml RCE漏洞利用工具](./tools/dz_ml_rce.py)
|
||
- [Redis未授权访问漏洞利用工具](./tools/Redis_Exp-by_PANDA墨森.zip)
|
||
- [Shiro 回显利用工具](./tools/shiroPoc-1.0-SNAPSHOT-jar-with-dependencies_20200726_130831.jar)|[相关文章](./books/Shiro_回显利用工具.pdf)
|
||
- [GetIPinfo-用于寻找多网卡主机方便内网跨网段渗透避免瞎打找不到核心网](https://github.com/r35tart/GetIPinfo)
|
||
- [Layer子域名挖掘机-Layer5.0 SAINTSEC](https://github.com/euphrat1ca/LayerDomainFinder)
|
||
- [cve_2020_14644.jar-Weblogic 远程命令执行漏洞(CVE-2020-14644)回显利用工具](./tools/cve_2020_14644.jar)
|
||
- [TechNet-Gallery-PowerShell武器库](https://github.com/MScholtes/TechNet-Gallery)|[Powershell ebserver:PowerShell实现的Web服务器,无需IIS,支持PowerShell命令执行、脚本执行、上传、下载等功能](https://github.com/MScholtes/TechNet-Gallery/tree/master/Powershell%20Webserver)|[PS2EXE-GUI:将PowerShell脚本转换为EXE文件](https://github.com/MScholtes/TechNet-Gallery/tree/master/PS2EXE-GUI)
|
||
- [spybrowse:窃取指定浏览器的配置文件](https://github.com/1d8/spybrowse)
|
||
- [FavFreak:执行基于favicon.ico的侦察](https://github.com/devanshbatham/FavFreak)
|
||
- [gorailgun_v1.0.7-集漏洞端口扫描利用于一体的工具](./tools/gorailgun_v1.0.7.zip)
|
||
- [【shell管理工具】Godzilla-哥斯拉](https://github.com/BeichenDream/Godzilla)|[AntSword-蚁剑](https://github.com/AntSwordProject)|[Behinder-冰蝎](https://github.com/rebeyond/Behinder)
|
||
- [由python编写打包的Linux下自动巡检工具](./tools/linux_auto_xunjian)|[源处](https://github.com/heikanet/linux_auto_xunjian)
|
||
- [【内网探测】SharpNetCheck-批量检测机器是否有出网权限,可在dnslog中回显内网ip地址和计算机名,可实现内网中的快速定位可出网机器](https://github.com/uknowsec/SharpNetCheck)
|
||
- [fofa搜索增强版-使用fofa的url+cookies即可自动下载所有结果](./tools/fofa搜索增强版.zip)
|
||
- [SharpBlock-A method of bypassing EDR's active projection DLL's by preventing entry point exection](https://github.com/CCob/SharpBlock)|[相关文章](https://www.pentestpartners.com/security-blog/patchless-amsi-bypass-using-sharpblock/)
|
||
- [bypasswaf-云锁数字型注入tamper/安全狗的延时、布尔、union注入绕过tamper](https://github.com/pureqh/bypasswaf)
|
||
- [通达OA 2017 版本SQL注入脚本](./tools/tongda_oa_2017_sql_injection.py)
|
||
- [t14m4t:一款封装了THC-Hydra和Nmap的自动化爆破工具](https://github.com/MS-WEB-BN/t14m4t)
|
||
- [ksubdomain:一款基于无状态子域名爆破工具](https://github.com/knownsec/ksubdomain)
|
||
- [smuggler-一款用python3编写的http请求走私验证测试工具](https://github.com/defparam/smuggler)
|
||
- [Fuzz_dic:又一个类型全面的参数和字典收集项目](https://github.com/SmithEcon/Fuzz_dic)
|
||
- [【爆破字典】自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用](https://github.com/cwkiller/Pentest_Dic)
|
||
- [【爆破字典】基于实战沉淀下的各种弱口令字典](https://github.com/Mr-xn/SuperWordlist)
|
||
- [【爆破字典整合推荐】PentesterSpecialDict-该项目对 [ fuzzDicts | fuzzdb | Dict ] 等其他网上字典开源项目进行整合精简化和去重处理](https://github.com/ppbibo/PentesterSpecialDict)
|
||
- [PowerUpSQL:为攻击SQLServer而设计的具有攻击性的PowerShell脚本](https://github.com/NetSPI/PowerUpSQL)|[利用PowerUpSQL攻击SQL Server实例](./books/%E5%88%A9%E7%94%A8PowerUpSQL%E6%94%BB%E5%87%BBSQL%20Server%E5%AE%9E%E4%BE%8B.pdf)
|
||
- [adbsploit-一个基于Python3和ADB的安卓设备漏洞利用和管理工具](https://github.com/mesquidar/adbsploit)
|
||
- [monsoon-一个用Go语言编写的目录扫描工具,类似于dirsearch](https://github.com/RedTeamPentesting/monsoon)
|
||
- [【Android脱壳】Youpk-又一款基于ART的主动调用的脱壳机](https://github.com/Youlor/Youpk)
|
||
- [【webshell免杀】php免杀D盾webshell生成工具](https://github.com/pureqh/webshell)
|
||
- [Steganographer-一款能够帮助你在图片中隐藏文件或数据的Python隐写工具](https://github.com/priyansh-anand/steganographer)
|
||
- [AV_Evasion_Tool:掩日 - 免杀执行器生成工具](https://github.com/1y0n/AV_Evasion_Tool)
|
||
- [GODNSLOG-河马师傅(河马webshell检测作者)基于go语言开发的一款DNSLOG工具,支持docker一键部署](https://github.com/chennqqi/godnslog)
|
||
- [SweetPotato_Cobalt Strike-修改的SweetPotato,使之可以用于CobaltStrike v4.0](https://github.com/Tycx2ry/SweetPotato_CS)
|
||
- [ServerScan-一款使用Golang开发的高并发网络扫描、服务探测工具](https://github.com/Adminisme/ServerScan)
|
||
- [ShellcodeLoader-将shellcode用rsa加密并动态编译exe,自带几种反沙箱技术](https://github.com/Hzllaga/ShellcodeLoader)
|
||
- [Invoke-CustomKatz.ps1-bypass AMSI 的Mimikatz PS脚本](./tools/Invoke-CustomKatz.ps1)-[原文地址](https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/)-[原gits链接](https://gist.github.com/S3cur3Th1sSh1t/b33b978ea62a4b0f6ef545f1378512a6)
|
||
- [SimpleShellcodeInjector-shellcode加载器](https://github.com/DimopoulosElias/SimpleShellcodeInjector)
|
||
- [Arsenal-Cobalt Strike直接生成payload插件免杀360和火绒](https://github.com/Cliov/Arsenal)
|
||
- [abuse-ssl-bypass-waf-使用不同的ssl加密方式来寻找防火墙不支持但服务器支持的加密方式来绕过waf](https://github.com/LandGrey/abuse-ssl-bypass-waf)
|
||
- [CrossC2 framework - 生成CobaltStrike的跨平台beacon](https://github.com/Mr-xn/CrossC2)
|
||
- [csbruter-爆破Cobalt Strike的服务端密码](https://github.com/ryanohoro/csbruter)
|
||
- [yjdirscan-御剑目录扫描专业版【仅支持windows】](https://github.com/foryujian/yjdirscan)
|
||
- [Vmware Vcenter 任意文件读取批量检测](./books/Vmware%20Vcenter%20任意文件读取批量检测.md)
|
||
- [CVE-2020-16898检测工具](https://github.com/advanced-threat-research/CVE-2020-16898)
|
||
- [Nette框架远程代码执行(CVE-2020-15227)](https://github.com/hu4wufu/CVE-2020-15227)
|
||
- [flask-session-cookie-manager-Flask Session Cookie Decoder/Encoder(flask框架的cookie或session编码/解码工具)](https://github.com/noraj/flask-session-cookie-manager)
|
||
- [【钓鱼】Mail-Probe-邮箱探针后台管理系统](https://github.com/r00tSe7en/Mail-Probe)
|
||
- [momo-code-sec-inspector-java-IDEA静态代码安全审计及漏洞一键修复插件](https://github.com/momosecurity/momo-code-sec-inspector-java)
|
||
- [pyrdp-RDP中间人攻击工具](https://github.com/GoSecure/pyrdp)
|
||
- [【端口爆破】PortBrute-一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD](https://github.com/awake1t/PortBrute)
|
||
- [【端口爆破】x-crack-一款FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令爆破工具](https://github.com/netxfly/x-crack)
|
||
- [【威胁日志分析】DeepBlueCLI-通过Windows事件日志来搜寻威胁的powershell模块](https://github.com/sans-blue-team/DeepBlueCLI)
|
||
- [Pentest-and-Development-Tips-三好学生大佬出品的有关渗透测试和开发的小技巧](https://github.com/3gstudent/Pentest-and-Development-Tips)
|
||
- [【免杀】ImgLoaderShellCode-将shellcode注入bmp图片文件](https://github.com/sv3nbeast/ImgLoaderShellCode)-[配合这个更佳](https://www.svenbeast.com/post/xue-xi-tu-pian-yin-xie-shellcode-jin-xing-yuan-cheng-jia-zai-guo-av/)
|
||
- [【免杀】DLL 代理转发与维权](./books/[免杀]DLL 代理转发与维权.pdf)-[原文地址](https://mp.weixin.qq.com/s/zUXrNsf9IsZWocrb7z3i1Q)
|
||
- [LangNetworkTopologys-快速进行内网资产扫描,支持端口扫描,指纹识别,网站探测,结果支持图表展示](https://github.com/LangziFun/LangNetworkTopologys)
|
||
- [weblogic_exploit-weblogic漏洞利用工具【包括了weblogic常见高危漏洞的利用】](https://github.com/21superman/weblogic_exploit)
|
||
- [rsync_weakpass.py-rsync弱口令爆破脚本](https://github.com/hi-unc1e/some_scripts/blob/master/EXPs/rsync_weakpass.py)
|
||
- [Findomain-跨平台的子域名爆破工具](https://github.com/Findomain/Findomain)
|
||
- [wfuzz-web应用fuzz工具kali自带工具之一](https://github.com/xmendez/wfuzz)
|
||
- [ffuf-基于go开发的快速fuzz工具](https://github.com/ffuf/ffuf)
|
||
- [linglong-一款甲方资产巡航扫描系统,系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示](https://github.com/awake1t/linglong)
|
||
- [fscan-一键大保健(支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写私钥、计划任务反弹shell、读取win网卡信息等)](https://github.com/shadow1ng/fscan)
|
||
- [anti-honeypot-一款可以检测WEB蜜罐并阻断请求的Chrome插件](https://github.com/cnrstar/anti-honeypot)
|
||
|
||
## <span id="head8"> 文章/书籍/教程相关</span>
|
||
|
||
- [windwos权限维持系列12篇PDF](./books/Window权限维持)
|
||
- [Linux 权限维持之进程注入(需要关闭ptrace)](./books/Linux%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81%E4%B9%8B%E8%BF%9B%E7%A8%8B%E6%B3%A8%E5%85%A5%20%C2%AB%20%E5%80%BE%E6%97%8B%E7%9A%84%E5%8D%9A%E5%AE%A2.pdf) | [在不使用ptrace的情况下,将共享库(即任意代码)注入实时Linux进程中。(不需要关闭ptrace)](https://github.com/DavidBuchanan314/dlinject)|[[总结]Linux权限维持](./books/[总结]Linux权限维持.pdf)-[原文地址](https://www.cnblogs.com/-mo-/p/12337766.html)
|
||
- [44139-mysql-udf-exploitation](./books/44139-mysql-udf-exploitation.pdf)
|
||
- [emlog CMS的代码审计_越权到后台getshell](./books/emlog%20CMS的代码审计_越权到后台getshell%20-%20先知社区.pdf)
|
||
- [PHPOK 5.3 最新版前台注入](./books/PHPOK%205.3%20最新版前台注入%20-%20先知社区.pdf)
|
||
- [PHPOK 5.3 最新版前台无限制注入(二)](./books/PHPOK%205.3%20最新版前台无限制注入(二)%20-%20先知社区.pdf)
|
||
- [Thinkphp5 RCE总结](./books/Thinkphp5%20RCE总结%20_%20ChaBug安全.pdf)
|
||
- [rConfig v3.9.2 RCE漏洞分析](./books/rConfig%20v3.9.2%20RCE漏洞分析.pdf)
|
||
- [weiphp5.0 cms审计之exp表达式注入](./books/weiphp5.0%20cms审计之exp表达式注入%20-%20先知社区.pdf)
|
||
- [zzzphp1.7.4&1.7.5到处都是sql注入](./books/zzzphp1.7.4%261.7.5到处都是sql注入.pdf)
|
||
- [FCKeditor文件上传漏洞及利用-File-Upload-Vulnerability-in-FCKEditor](./books/FCKeditor文件上传漏洞及利用-File-Upload-Vulnerability-in-FCKEditor.pdf)
|
||
- [zzcms 2019 版本代码审计](./books/zzcms%202019%E7%89%88%E6%9C%AC%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%20-%20%E5%85%88%E7%9F%A5%E7%A4%BE%E5%8C%BA.pdf)
|
||
- [利用SQLmap 结合 OOB 技术实现音速盲注](./books/手把手带你利用SQLmap结合OOB技术实现音速盲注.pdf)
|
||
- [特权提升技术总结之Windows文件服务内核篇(主要是在webshell命令行执行各种命令搜集信息)](https://xz.aliyun.com/t/7261)|[(项目留存PDF版本)](./books/特权提升技术总结之Windows文件服务内核篇%20-%20先知社区.pdf)
|
||
- [WellCMS 2.0 Beta3 后台任意文件上传](./books/WellCMS%202.0%20Beta3%20后台任意文件上传.pdf)
|
||
- [国外详细的CTF分析总结文章(2014-2017年)](https://github.com/ctfs)
|
||
- [这是一篇“不一样”的真实渗透测试案例分析文章-从discuz的后台getshell到绕过卡巴斯基获取域控管理员密码](./books/这是一篇"不一样"的真实渗透测试案例分析文章-从discuz的后台getshell到绕过卡巴斯基获取域控管理员密码-%20奇安信A-TEAM技术博客.pdf)|[原文地址](https://blog.ateam.qianxin.com/post/zhe-shi-yi-pian-bu-yi-yang-de-zhen-shi-shen-tou-ce-shi-an-li-fen-xi-wen-zhang/)
|
||
- [表达式注入.pdf](./books/表达式注入.pdf)
|
||
- [WordPress ThemeREX Addons 插件安全漏洞深度分析](./books/WordPress%20ThemeREX%20Addons%20插件安全漏洞深度分析.pdf)
|
||
- [通达OA文件包含&文件上传漏洞分析](./books/通达OA文件包含&文件上传漏洞分析.pdf)
|
||
- [高级SQL注入:混淆和绕过](./books/高级SQL注入:混淆和绕过.pdf)
|
||
- [权限维持及后门持久化技巧总结](./books/权限维持及后门持久化技巧总结.pdf)
|
||
- [Windows常见的持久化后门汇总](./books/Windows常见的持久化后门汇总.pdf)
|
||
- [Linux常见的持久化后门汇总](./books/Linux常见的持久化后门汇总.pdf)
|
||
- [CobaltStrike4.0用户手册_中文翻译_3](./books/CobaltStrike4.0用户手册_中文翻译_3.pdf)
|
||
- [Cobaltstrike 4.0之 我自己给我自己颁发license.pdf](./books/Cobaltstrike%204破解之%20我自己给我自己颁发license.pdf)
|
||
- [Cobalt Strike 4.0 更新内容介绍](./books/Cobalt%20Strike%204.0%20更新内容介绍.pdf)
|
||
- [Cobal_Strike_自定义OneLiner](./books/Cobal_Strike_自定义OneLiner_Evi1cg's_blog.pdf)
|
||
- [cobalt strike 快速上手 [ 一 ]](./books/cobalt_strike_快速上手%5B%20一%20%5D.pdf)
|
||
- [Cobalt strike3.0使用手册](./books/Cobalt_strike3.0使用手册.pdf)
|
||
- [Cobalt_Strike_Spear_Phish_Cobalt Strike邮件钓鱼制作](./books/Cobalt_Strike_Spear_Phish_Evi1cg's%20blog%20%20CS邮件钓鱼制作.md)
|
||
- [Remote NTLM relaying through Cobalt Strike](./books/Remote_NTLM_relaying_through_CS.pdf)
|
||
- [渗透测试神器Cobalt Strike使用教程](./books/渗透测试神器Cobalt%20Strike使用教程.pdf)
|
||
- [Cobalt Strike的teamserver在Windows上快速启动脚本](./books/CS_teamserver_win.md)
|
||
- [ThinkPHP v6.0.0_6.0.1 任意文件操作漏洞分析](./books/ThinkPHP%20v6.0.0_6.0.1%20任意文件操作漏洞分析.pdf)
|
||
- [Django_CVE-2020-9402_Geo_SQL注入分析](./books/Django_CVE-2020-9402_Geo_SQL注入分析.pdf)
|
||
- [CVE-2020-10189_Zoho_ManageEngine_Desktop_Central_10反序列化远程代码执行](./books/CVE-2020-10189_Zoho_ManageEngine_Desktop_Central_10反序列化远程代码执行.pdf)
|
||
- [安全狗SQL注入WAF绕过](./books/安全狗SQL注入WAF绕过.pdf)
|
||
- [通过将JavaScript隐藏在PNG图片中,绕过CSP](https://www.secjuice.com/hiding-javascript-in-png-csp-bypass/)
|
||
- [通达OA任意文件上传_文件包含GetShell](./books/通达OA任意文件上传_文件包含GetShell.pdf)
|
||
- [文件上传Bypass安全狗4.0](./books/文件上传Bypass安全狗4.0.pdf)
|
||
- [SQL注入Bypass安全狗4.0](./books/SQL注入Bypass安全狗4.0.pdf)
|
||
- [通过正则类SQL注入防御的绕过技巧](./books/通过正则类SQL注入防御的绕过技巧.pdf)
|
||
- [MYSQL_SQL_BYPASS_WIKI-mysql注入,bypass的一些心得](https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI)
|
||
- [bypass云锁注入测试](./books/bypass云锁注入测试.md)
|
||
- [360webscan.php_bypass](./books/360webscan.php_bypass.pdf)
|
||
- [think3.2.3_sql注入分析](./books/think3.2.3_sql注入分析.pdf)
|
||
- [UEditor SSRF DNS Rebinding](./books/UEditor%20SSRF%20DNS%20Rebinding)
|
||
- [PHP代码审计分段讲解](https://github.com/bowu678/php_bugs)
|
||
- [京东SRC小课堂系列文章](https://github.com/xiangpasama/JDSRC-Small-Classroom)
|
||
- [windows权限提升的多种方式](https://medium.com/bugbountywriteup/privilege-escalation-in-windows-380bee3a2842)|[Privilege_Escalation_in_Windows_for_OSCP](./books/Privilege_Escalation_in_Windows_for_OSCP.pdf)
|
||
- [bypass CSP](https://medium.com/bugbountywriteup/content-security-policy-csp-bypass-techniques-e3fa475bfe5d)|[Content-Security-Policy(CSP)Bypass_Techniques](./books/Content-Security-Policy(CSP)Bypass_Techniques.pdf)
|
||
- [个人维护的安全知识框架,内容偏向于web](https://github.com/No-Github/1earn)
|
||
- [PAM劫持SSH密码](./PAM劫持SSH密码.md)
|
||
- [零组资料文库-(需要邀请注册)](https://wiki.0-sec.org/)
|
||
- [redis未授权个人总结-Mature](./books/redis未授权个人总结-Mature.pdf)
|
||
- [NTLM中继攻击的新方法](https://www.secureauth.com/blog/what-old-new-again-relay-attack)
|
||
- [PbootCMS审计](./books/PbootCMS审计.pdf)
|
||
- [De1CTF2020系列文章](https://github.com/De1ta-team/De1CTF2020)
|
||
- [xss-demo-超级简单版本的XSS练习demo](https://github.com/haozi/xss-demo)
|
||
- [空指针-Base_on_windows_Writeup--最新版DZ3.4实战渗透](./books/空指针-Base_on_windows_Writeup--最新版DZ3.4实战渗透.pdf)
|
||
- [入门KKCMS代码审计](./books/入门KKCMS代码审计.pdf)
|
||
- [SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist](https://github.com/LandGrey/SpringBootVulExploit)
|
||
- [文件上传突破waf总结](./books/文件上传突破waf总结.pdf)
|
||
- [极致CMS(以下简称_JIZHICMS)的一次审计-SQL注入+储存行XSS+逻辑漏洞](./books/极致CMS(以下简称_JIZHICMS)的一次审计-SQL注入+储存行XSS+逻辑漏洞.pdf)|[原文地址](https://xz.aliyun.com/t/7872)
|
||
- [代码审计之DTCMS_V5.0后台漏洞两枚](./books/代码审计之DTCMS_V5.0后台漏洞两枚.pdf)
|
||
- [快速判断sql注入点是否支持load_file](./快速判断sql注入点是否支持load_file.md)
|
||
- [文件上传内容检测绕过](./books/文件上传内容检测绕过.md)
|
||
- [Fastjson_=1.2.47反序列化远程代码执行漏洞复现](./books/Fastjson_=1.2.47反序列化远程代码执行漏洞复现.pdf)
|
||
- [【Android脱壳】_腾讯加固动态脱壳(上篇)](./books/移动安全(九)_TengXun加固动态脱壳(上篇).pdf)
|
||
- [【Android脱壳】腾讯加固动态脱壳(下篇)](./books/移动安全(十)_TengXun加固动态脱壳(下篇).pdf)
|
||
- [【Android脱壳】记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务](./books/记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务.pdf)
|
||
- [【Android抓包】记一次APP测试的爬坑经历.pdf](./books/记一次APP测试的爬坑经历.pdf)
|
||
- [完整的内网域渗透-暗月培训之项目六](./books/完整的内网域渗透-暗月培训之项目六.pdf)
|
||
- [Android APP渗透测试方法大全](./books/Android%20APP渗透测试方法大全.pdf)
|
||
- [App安全检测指南-V1.0](./books/App安全检测指南-V1.0.pdf)
|
||
- [借github上韩国师傅的一个源码实例再次理解.htaccess的功效](./books/借github上韩国师傅的一个源码实例再次理解.htaccess的功效.pdf)
|
||
- [Pentest_Note-渗透Tips,总结了渗透测试常用的工具方法](https://github.com/xiaoy-sec/Pentest_Note)
|
||
- [红蓝对抗之Windows内网渗透-腾讯SRC出品](./books/红蓝对抗之Windows内网渗透-腾讯SRC出品.pdf)
|
||
- [远程提取Windows中的系统凭证](./books/远程提取Windows中的系统凭证.pdf)
|
||
- [绕过AMSI执行powershell脚本](./books/绕过AMSI执行powershell脚本.md)|[AmsiScanBufferBypass-相关项目](https://github.com/rasta-mouse/AmsiScanBufferBypass)
|
||
- [踩坑记录-Redis(Windows)的getshell](./books/踩坑记录-Redis(Windows)的getshell.pdf)
|
||
- [Cobal_Strike踩坑记录-DNS Beacon](./books/Cobal_Strike踩坑记录-DNS%20Beacon.pdf)
|
||
- [windows下隐藏webshell的方法](./books/windows下隐藏webshell的方法.md)
|
||
- [DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell](./books/DEDECMS伪随机漏洞分析(三)碰撞点.pdf)
|
||
- [针对宝塔的RASP及其disable_functions的绕过](./books/针对宝塔的RASP及其disable_functions的绕过.pdf)
|
||
- [渗透基础WMI学习笔记](./books/渗透基础WMI学习笔记.pdf)
|
||
- [【海洋CMS】SeaCMS_v10.1代码审计实战](./books/SeaCMS_v10.1代码审计实战.pdf)
|
||
- [红队攻防实践:闲谈Webshell在实战中的应用](./books/红队攻防实践:闲谈Webshell在实战中的应用.pdf)
|
||
- [红队攻防实践:unicode进行webshell免杀的思考](./books/红队攻防实践:unicode进行webshell免杀的思考.pdf)
|
||
- [php无eval后门](./books/php无eval后门.pdf)
|
||
- [【代码审计】ThinkPhp6任意文件写入](./books/[代码审计]ThinkPhp6任意文件写入.pdf)
|
||
- [YzmCMS代码审计](./books/YzmCMS代码审计.pdf)
|
||
- [BadUSB简单免杀一秒上线CobaltStrike](./books/BadUSB/BadUSB简单免杀一秒上线CobaltStrike.pdf)
|
||
- [BasUSB实现后台静默执行上线CobaltStrike](./books/BadUSB/BadUSB实现后台静默执行上线CobaltStrike.pdf)
|
||
- [手把手带你制作一个X谁谁上线的BadUSB](./books/BadUSB/手把手带你制作一个X谁谁上线的BadUSB.pdf)|[近源渗透-BadUsb](./books/近源渗透-BadUsb.pdf)-[原文地址](https://mp.weixin.qq.com/s/3tX6uxqw0_tjhQK0ARec5A)
|
||
- [一文学会Web_Service漏洞挖掘](./books/一文学会Web_Service漏洞挖掘.pdf)
|
||
- [唯快不破的分块传输绕WAF](./books/唯快不破的分块传输绕WAF.pdf)
|
||
- [Unicode的规范化相关漏洞挖掘思路实操](./books/Unicode的规范化相关漏洞挖掘思路实操.pdf)
|
||
- [换一种姿势挖掘任意用户密码重置漏洞-利用不规范化的Unicode编码加burp挖掘](./books/换一种姿势挖掘任意用户密码重置漏洞-利用Unicode域名加burp挖掘.pdf)
|
||
- [全方面绕过安全狗2](./books/全方面绕过安全狗2.pdf)
|
||
- [冰蝎——从入门到魔改](./books/冰蝎——从入门到魔改.pdf)
|
||
- [冰蝎——从入门到魔改(续)](./books/冰蝎——从入门到魔改(续).pdf)
|
||
- [技术分享_ 内网渗透手动学习实践](./books/技术分享%20_%20内网渗透手动学习实践.pdf)
|
||
- [权限维持之打造不一样的映像劫持后门](./books/权限维持之打造不一样的映像劫持后门.pdf)
|
||
- [Jboss漏洞利用总结](./books/Jboss漏洞利用总结.pdf)
|
||
- [Java RMI服务远程命令执行利用](./books/Java_RMI服务远程命令执行利用.pdf)|[小天之天的测试工具-attackRMI.jar](./tools/attackRMI.jar)
|
||
- [PbootCMS任意代码执行(从v1.0.1到v2.0.9)的前世今生](./books/PbootCMS任意代码执行(从v1.0.1到v2.0.9)的前世今生.pdf)
|
||
- [实战绕过双重waf(玄武盾+程序自身过滤)结合编写sqlmap的tamper获取数据](./books/实战绕过双重waf(玄武盾+程序自身过滤)结合编写sqlmap的tamper获取数据.pdf)
|
||
- [OneThink前台注入分析](./books/OneThink前台注入分析.pdf)
|
||
- [记一次从源代码泄漏到后台(微擎cms)获取webshell的过程](./books/记一次从源代码泄漏到后台(微擎cms)获取webshell的过程.pdf)
|
||
- [Android抓包—关于抓包的碎碎念-看雪论坛-Android板块ChenSem](./books/关于抓包的碎碎念.pdf)|[原文地址](https://bbs.pediy.com/thread-260965.htm)
|
||
- [CVE-2020-15778-Openssh-SCP命令注入漏洞复现报告](./books/CVE-2020-15778-Openssh-SCP命令注入漏洞复现报告.pdf)
|
||
- [bolt_cms_V3.7.0_xss和远程代码执行漏洞](./books/bolt_cms_V3.7.0_xss和远程代码执行漏洞.pdf)
|
||
- [关于Cobalt_Strike检测方法与去特征的思考](./books/关于Cobalt_Strike检测方法与去特征的思考.pdf)
|
||
- [代码审计_PHPCMS_V9前台RCE挖掘分析](./books/代码审计_PHPCMS_V9前台RCE挖掘分析.pdf)
|
||
- [【免杀】C++免杀项目推荐](./books/C++免杀项目推荐.pdf)-[附件下载](./tools/RefacterC.zip)|[原文地址](https://mp.weixin.qq.com/s/0OB0yQAiOfsU4JqkCDUi7w)
|
||
- [利用图片隐写术来远程动态加载shellcode](./books/利用图片隐写术来远程动态加载shellcode.pdf)|[原文地址](https://mp.weixin.qq.com/s/QZ5YlRZN47zne7vCzvUpJw)
|
||
- [[后渗透]Mimikatz使用大全](./books/[后渗透]Mimikatz使用大全.pdf)|[原文地址](https://www.cnblogs.com/-mo-/p/11890232.html)
|
||
- [渗透测试XiaoCms之自力更生代码审计-后台数据库备份SQL注入到getshell](./books/渗透测试XiaoCms之自力更生代码审计-后台数据库备份SQL注入到getshell.pdf)|[原文地址](https://mp.weixin.qq.com/s/K2nUSMyE4PwVYqa7t95BTQ)
|
||
- [HW礼盒:深信服edr RCE,天融信dlp unauth和通达OA v11.6版本RCE](./books/HW%E7%A4%BC%E7%9B%92%EF%BC%9A%E6%B7%B1%E4%BF%A1%E6%9C%8Dedr%20RCE%EF%BC%8C%E5%A4%A9%E8%9E%8D%E4%BF%A1dlp%20unauth%E5%92%8C%E9%80%9A%E8%BE%BEOA%20v11.6%E7%89%88%E6%9C%ACRCE.pdf)
|
||
- [[0day]通达 OA v11.7 后台 SQL 注入到 RCE](./books/[0day]通达%20OA%20v11.7%20后台%20SQL%20注入到%20RCE.pdf)-[原文地址](https://mp.weixin.qq.com/s/rtX9mJkPHd9njvM_PIrK_Q)
|
||
- [wordpress 评论插件 wpDiscuz 任意文件上传漏洞分析](./books/wordpress%20%E8%AF%84%E8%AE%BA%E6%8F%92%E4%BB%B6%20wpDiscuz%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.pdf)
|
||
- [Gopher协议使用总结](./books/Gopher协议使用总结.pdf)-[原文地址](https://mp.weixin.qq.com/s/SjGvsl3jxOtyg6BtGgFf5A)
|
||
- [sqlmap使用总结](./books/sqlmap使用总结.pdf)|[【实战技巧】sqlmap不为人知的骚操作](./books/%E3%80%90%E5%AE%9E%E6%88%98%E6%8A%80%E5%B7%A7%E3%80%91sqlmap%E4%B8%8D%E4%B8%BA%E4%BA%BA%E7%9F%A5%E7%9A%84%E9%AA%9A%E6%93%8D%E4%BD%9C_Summer's_blog.pdf)-[原文地址](https://blog.csdn.net/sun1318578251/article/details/102524100)|[记一份SQLmap 使用手册小结(一)](./books/记一份SQLmap%20使用手册小结(一).pdf)|[记一份SQLmap 使用手册小结(二)](./books/记一份SQLmap%20使用手册小结(二).pdf)
|
||
- [mac上Parallels Desktop安装kali linux 2020.2a并安装好Parallels Tools+Google拼音输入法](./books/mac%E4%B8%8AParallels%20Desktop%E5%AE%89%E8%A3%85kali%20linux%202020.2a%E5%B9%B6%E5%AE%89%E8%A3%85%E5%A5%BDParallels%20Tools+Google%E6%8B%BC%E9%9F%B3%E8%BE%93%E5%85%A5%E6%B3%95.docx)
|
||
- [通达OA v11.5 多枚0day漏洞复现](./books/%E9%80%9A%E8%BE%BEOA%20v11.5%20%E5%A4%9A%E6%9E%9A0day%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0.pdf)|[续集 _ 再发通达OA多枚0day](./books/%E7%BB%AD%E9%9B%86%20_%20%E5%86%8D%E5%8F%91%E9%80%9A%E8%BE%BEOA%E5%A4%9A%E6%9E%9A0day.pdf)-[原文地址](https://mp.weixin.qq.com/s/RlOpohHvjHv_Qg3mNgDCAQ)
|
||
- [POSCMS(20200821)_任意 SQL 语句执行(需要登录后台)](./books/POSCMS_%E4%BB%BB%E6%84%8F%20SQL%20%E8%AF%AD%E5%8F%A5%E6%89%A7%E8%A1%8C%EF%BC%88%E9%9C%80%E8%A6%81%E7%99%BB%E5%BD%95%E5%90%8E%E5%8F%B0%EF%BC%89.pdf)-[原文地址](https://www.t00ls.net/thread-57551-1-1.html)|[POSCMS v3.2.0漏洞复现(getshell+前台SQL注入)](./books/POSCMS%20v3.2.0%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0(getshell+%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5).pdf)-[原文地址](https://xz.aliyun.com/t/4858)
|
||
- [多线程+二分法的巧用——通达OA 2017 SQL盲注](./books/%E5%A4%9A%E7%BA%BF%E7%A8%8B+%E4%BA%8C%E5%88%86%E6%B3%95%E7%9A%84%E5%B7%A7%E7%94%A8%E2%80%94%E2%80%94%E9%80%9A%E8%BE%BEOA%20SQL%E7%9B%B2%E6%B3%A8.pdf)-[原文地址](https://mp.weixin.qq.com/s/zH13q6xBRc58ggHqfKKi_g)
|
||
- [宝塔面板webshell隐藏小技巧](./books/宝塔面板webshell隐藏小技巧.pdf)-[原文地址](https://mp.weixin.qq.com/s/-8JE1ovWKOorNr6MCAgejg)
|
||
- [配合隐写术远程动态加载 shellcode](./books/%E9%85%8D%E5%90%88%E9%9A%90%E5%86%99%E6%9C%AF%E8%BF%9C%E7%A8%8B%E5%8A%A8%E6%80%81%E5%8A%A0%E8%BD%BD%20shellcode.pdf)|[原文地址](https://www.t00ls.net/thread-57618-1-1.html)
|
||
- [MySQL蜜罐获取攻击者微信ID](./books/MySQL蜜罐获取攻击者微信ID.pdf)-[原文地址](https://mp.weixin.qq.com/s/m4I_YDn98K_A2yGAhv67Gg)
|
||
- [蓝天采集器 v2.3.1 后台getshell(需要管理员权限)](./books/蓝天采集器%20v2.3.1%20后台getshell(需要管理员权限).pdf)
|
||
- [实战-从社工客服拿到密码登录后台加SQL注入绕过安全狗写入webshell到提权进内网漫游](./books/实战-从社工客服拿到密码登录后台加SQL注入绕过安全狗写入webshell到提权进内网漫游.pdf)-[原文地址](https://mp.weixin.qq.com/s/JBspfEHTDZBiOXEyI14QKQ)
|
||
- [0day安全_软件漏洞分析技术(第二版)](https://cloud.189.cn/t/7ziI3imqMzI3)
|
||
- [安恒信息《渗透攻击红队百科全书》](https://cloud.189.cn/t/Jzeuuq3YFr2e)
|
||
- [lcx端口转发(详解)](./books/lcx端口转发(详解).pdf)
|
||
- [php_bugs-PHP代码审计分段讲解](https://github.com/bowu678/php_bugs)
|
||
- [深信服edr终端检测响应平台(<3.2.21)代码审计挖掘(RCE)](./books/深信服edr终端检测响应平台(<3.2.21)代码审计挖掘(RCE).pdf)-[原文地址](https://mp.weixin.qq.com/s/3TC7TRAFceBWgj_ANA2etQ)
|
||
- [深信服edr终端检测响应平台(<3.2.21)代码审计挖掘(权限绕过)](./books/深信服edr终端检测响应平台(<3.2.21)代码审计挖掘(权限绕过).pdf)-[原文地址](https://mp.weixin.qq.com/s/4Z4QF-Wdq2PhqCkGKB8Q6Q)
|
||
- [Hook梦幻旅途之Frida](./books/Hook梦幻旅途之Frida.pdf)
|
||
- [简单的源码免杀过av](./books/简单的源码免杀过av.pdf)
|
||
- [duomicms代码审计](./books/duomicms代码审计.pdf)
|
||
- [劫持got表绕过disable_functions](./books/劫持got表绕过disable_functions.pdf)-[原文地址](https://mp.weixin.qq.com/s/NDkDc7j5rFbcHWTM26zeGQ)
|
||
- [【代码审计】xyhcms3.5后台任意文件读取](./books/[代码审计]xyhcms3.5后台任意文件读取.pdf)-[原文地址](https://mp.weixin.qq.com/s/hQq7Owew2V_MyCJLKHnR4g)
|
||
- [CVE-2020-1472 域内提权完整利用](./books/CVE-2020-1472%20域内提权完整利用.pdf)-[原文地址](https://mp.weixin.qq.com/s/RUkGMxM5GjFrEiKa8aH6JA)
|
||
- [CVE-2020-15148 Yii框架反序列化RCE利用链 exp](./books/CVE-2020-15148%20Yii框架反序列化RCE利用链%20exp.pdf)
|
||
- [Yii框架反序列化RCE利用链分析](./books/Yii框架反序列化RCE利用链分析.pdf)-[原文链接](https://mp.weixin.qq.com/s/KNhKti5Kcl-She4pU3D-5g)|[Yii 框架反序列化 RCE 利用链 2(官方无补丁)](./books/Yii%20框架反序列化%20RCE%20利用链%202(官方无补丁).pdf)-[原文链接](https://mp.weixin.qq.com/s/h-mbaw3vfHwx2SAZhiDe5Q)|[怎样挖掘出属于自己的 php 反序列化链](./books/怎样挖掘出属于自己的%20php%20反序列化链.pdf)-[原文链接](https://xz.aliyun.com/t/8082)
|
||
- [Apache 的. htaccess 利用技巧](./books/Apache%20的.%20htaccess%20利用技巧.pdf)
|
||
- [fastadmin(V1.0.0.20200506_beta) 前台 getshell(文件上传解析) 漏洞分析](./books/fastadmin(V1.0.0.20200506_beta)%20前台%20getshell(文件上传解析)%20漏洞分析.pdf)
|
||
- [HW2020-0day总结](./books/HW2020-0day总结.pdf)
|
||
- [Ecshop 4.0 SQL(代码审计从Nday到0day )](Ecshop%204.0%20SQL(代码审计从Nday到0day%20).pdf)
|
||
- [Yii2框架Gii模块 RCE 分析](./books/Yii2框架Gii模块%20RCE%20分析.pdf)
|
||
- [Windows操作系统基线核查](./books/Windows操作系统基线核查.pdf)
|
||
- [phpmyadmin getshell的五种方式](./books/phpmyadmin%20getshell的五种方式.pdf)
|
||
- [Adminer≤4.6.2任意文件读取漏洞](./books/Adminer≤4.6.2任意文件读取漏洞.pdf)-[原文地址](https://mp.weixin.qq.com/s/ZYGN8WceT2L-P4yF6Z8gyQ)
|
||
- [Ueditor最新版XML文件上传导致存储型XSS](./books/Ueditor最新版XML文件上传导致存储型XSS.pdf)
|
||
- [Nette框架远程代码执行(CVE-2020-15227)-七月火mochazz师傅分析](./books/Nette框架远程代码执行(CVE-2020-15227).md)
|
||
- [红队技巧:隐藏windows服务](./books/红队技巧:隐藏windows服务.pdf)
|
||
- [蓝队技巧:查找被隐藏的Windows服务项](./books/蓝队技巧:查找被隐藏的Windows服务项.pdf)
|
||
- [VHAdmin虚拟主机提权实战案例](./books/VHAdmin虚拟主机提权实战案例.pdf)-[原文地址](https://mp.weixin.qq.com/s/LmXi6niSJ4s-Cmq3jWSjaQ)
|
||
- [移动安全-APP渗透进阶之AppCan本地文件解密](./books/移动安全-APP渗透进阶之AppCan本地文件解密.pdf)-[原文地址](https://mp.weixin.qq.com/s/ybaiTkHetbbbshH1KZXRaQ)
|
||
- [【建议收藏】Cobalt Strike学习笔记合集](./books/[建议收藏]CS学习笔记合集20%_20%Teams20%Six.pdf)
|
||
- [Cobalt Strike4.1系列在线手册](https://wbglil.gitbook.io/cobalt-strike/)
|
||
- [域渗透之NTML-Hash总结](./books/域渗透之NTML-Hash总结.pdf)-[原文地址](https://ssooking.github.io/yu-shen-tou-zhi-ntml-hash/)
|
||
- [SQLite手工注入Getshell技巧](./books/SQLite手工注入Getshell技巧.pdf)-[原文地址](https://fuping.site/2017/07/19/SQLite-Injection-Get-WebShell/)
|
||
- [CVE-2020-1472 NetLogon 特权提升漏洞环境+详细复现步骤](./books/CVE-2020-1472%20NetLogon%20特权提升漏洞.pdf)-[原文地址](https://www.svenbeast.com/post/fu-xian-cve-2020-1472-netlogon-te-quan-ti-sheng-lou-dong/)
|
||
- [猪哥的读书笔记-主要包括内网安全攻防-渗透测试指南&专注 APT 攻击与防御 - Micro8](https://github.com/zhutougg/book_notes)
|
||
- [高版本AES-GCM模式加密的Shiro漏洞利用](./books/高版本AES-GCM模式加密的Shiro漏洞利用.pdf)-[原文地址](https://mp.weixin.qq.com/s/otschvw7rJkNH-HsbKkqBA)
|
||
- [[CVE-2020-14882_14883]WebLogioc console认证绕过+任意代码执行](./books/%5BCVE-2020-14882_14883%5DWebLogioc%20console认证绕过%2B任意代码执行.pdf)-[原文地址](https://mp.weixin.qq.com/s/u8cZEcku-uIbGAVAcos5Tw)
|
||
- [JNDI注入学习](./books/JNDI注入学习.pdf)-[原文地址](https://www.redteaming.top/2020/08/24/JNDI-Injection/)
|
||
- [绕过CDN查找真实IP方法总结](./books/绕过CDN查找真实IP方法总结.pdf)-[原文地址](https://mp.weixin.qq.com/s/aSD6kTTOdVgoZXJuqTSqDQ)
|
||
- [SQL注入简单总结——过滤逗号注入(附绕过tamper)](./books/SQL注入简单总结——过滤逗号注入.pdf)-[原地址](https://www.jianshu.com/p/d10785d22db2)
|
||
|
||
|
||
## <span id="head9"> 说明</span>
|
||
|
||
### 免责声明
|
||
> 1.此项目所有文章、代码部分来源于互联网,版权归原作者所有,转载留存的都会写上原著出处,如有遗漏,还请说明,谢谢!
|
||
> 2.此项目仅供学习参考使用,严禁用于任何非法行为!使用即代表你同意自负责任!
|
||
> 3.如果项目中涉及到你的隐私或者需要删除的,请issue留言指名具体文件内容,附上你的证明,或者邮箱联系我,核实后即刻删除。
|
||
|
||
<details>
|
||
<summary>其他杂项</summary>
|
||
|
||
### 喜讯
|
||
|
||
在`2020-08-16`登上`GitHub`的`Trending`日榜,谢谢大家支持,谢谢那些在freebuf和公众号推荐的师傅,我会继续努力,期待有靠谱的师傅一起来维护优化,感兴趣的邮箱联系我吧!
|
||
|
||
|
||
## Stargazers over time
|
||
|
||
[](https://starchart.cc/Mr-xn/Penetration_Testing_POC)
|
||
|
||
</details>
|
||
|
||
### 最后,选一个屁股吧!
|
||
|
||
|