bgrstar Goto Github PK

ivy

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.

j2oswin

ja3

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

jarm

java-rce-echo

Java RCE 回显测试代码

java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

javafiledict

Java应用的一些配置文件字典，来源于公开的字典与平时收集

javasec_note1

关于学习java安全的一些知识,正在学习中ing,欢迎fork and star

javasecinterview

Java安全研究与安全开发面试题库，同是也是常见知识点的梳理和总结，包含问题和详细的答案，计划定期更新

jce-1

JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅助脚本

jdsrc-small-classroom

京东SRC小课堂系列文章

jndiexploit

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

jsphorse

JSPHorse Project Backup

kcon

KCon is a famous Hacker Con powered by Knownsec Team.

ksubdomain

Subdomain scanner, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

kunpeng

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

ladon

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、Netbios、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

lan-behavior_mis

This is an Internet Behavior Management System.

ldapmonitor

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

learning-codeql

CodeQL Java 全网最全的中文学习资料

log4j-affected-db

A community sourced list of log4j-affected software

log4j-payload-generator

Log4j jndi injects the Payload generator

log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j2-cve-2021-44228

Remote Code Injection In Log4j

log4j2-rce-scanner

BurpSuite Extension: Log4j2 RCE Scanner

log4jshell-pdf

The purpose of this project is to demonstrate the Log4Shell exploit with Log4J vulnerabilities using PDF as delivery channel

log4shell_cve-2021-44228_related_attacks_iocs

logmap

Log4j2 jndi injection fuzz tool (CVE-2021-44228)

macro_pack

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

magicude

分布式端口（漏洞）扫描、资产安全管理、实时威胁监控与通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架