fastjson 80 远程代码执行漏洞复现

CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!

An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.

Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器

A proxy to expose real tls handshake to the firewall

Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

Go package to natively decompress and unarchive tar.gz, tar.bzip2, tar.xz, zip and tar files.

A Post Exploitation Tool for High Value Systems

NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv

基于chrome、firefox插件的被动式信息泄漏检测工具

Linux/Windows post-exploitation framework made by linux user

Harvest passwords automatically from OpenSSH server

Shikata ga nai (仕方がない) encoder ported into go with several improvements

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

六大云存储，泄露利用检测工具

Prevents you from committing secrets and credentials into git repositories

Detect and validate 400+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.

MIME mail encoding and decoding package for Go

Adversary Emulation Framework

Some scripts to enumerate and attack Jenkins servers

A collection of pentest tools and resources targeting Hadoop environments

Find the password of protected ZIP files.

PyInstaller Extractor

Turn any dll into shellcode. Reflective loader was written in x64 assembly

使用纯C/C++编写的ShellCode生成框架

Identify servers running various SSL VPNs based on protocol-specific behaviors

SOCKS5 server in Golang

Daemonize Go applications deviously.