Github Security Daily Repository.
- 尝试记录github项目并添加关键词便于检索
https://github.com/busterb/msmailprobe
Office 365 and Exchange爆破工具(go)
https://github.com/scareing/UAC_wenpon
包含常用的几种UAC bypass技术,win7-win10 ,同时拥有一定的bypass 杀软的能力(cpp)
https://github.com/nccgroup/SocksOverRDP
在RDP连接上开启Socks代理(cpp)
https://github.com/icyguider/DumpNParse
LSASS 转储工具和解析器(c#)
https://github.com/niudaii/go-find
文件名、文件内容搜索工具(go)
https://github.com/fullstorydev/grpcurl
类似于 cURL,用于与 gRPC 服务器交互的命令行工具(go)
https://github.com/mrd0x/dll_inject_vs_binaries
用于进程注入的lolbin,存在于visual studio
https://github.com/ufrisk/MemProcFS
通过挂载的文件系统进行快速简便的内存分析(c)
https://github.com/zema1/yarx
一个自动化根据 xray poc 生成对应 server 的工具(go)
https://github.com/API-Security/APIKit
主动/被动扫描发现应用泄露的API文档,并将API文档解析成BurpSuite中的数据包用于API安全测试。(java)
https://github.com/API-Security/APISandbox
基于 Docker-Compose 的API漏洞靶场环境
https://github.com/fangzesheng/free-api
收集免费的接口服务,做一个api的搬运工
https://github.com/whwlsfb/BurpCrypto
支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件(java)
https://github.com/klinix5/InstallerFileTakeOver
Windows Installer 提权POC(cpp)
https://github.com/rasta-mouse/ThreatCheck
修改版DefenderCheck, 用于定位恶意文件被Windows Defender查杀的静态特征(C#)
https://github.com/sharp-shooter/ChangeDomainMachinePassword
用于修改本地或者域控中计算机账号的密码(C#)
https://github.com/Liang2580/rotateproxy
利用fofa搜索socks5开放代理进行代理池轮切的工具(改)(go)
https://github.com/oXis/GPUSleep
在睡眠过程中将内存数据转移到GPU内存以规避内存扫描(cpp)
https://github.com/uknowsec/getSystem
用于webshell下getsystem (c)
https://github.com/3gstudent/SharpRDPCheck
检查rdp账号密码是否可用,支持明文密码与ntlmhash (c#)
https://github.com/bigsizeme/fastjson-check
fastjson回显payload生成,burp插件(java)
https://github.com/trustedsec/COFFLoader
COFF loader (AKA Beacon Object Files) (c)
https://github.com/lab52io/StopDefender
从administrator权限提升到trustedinstaller再通过服务关闭Windows Defender(cpp)
https://github.com/CCob/lsarelayx
ntlm中继工具,能扩大中继范围,降级中继(cpp)
https://github.com/no0be/DNSlivery
DNS+powershell文件传输(py)
https://github.com/Binject/awesome-go-security
golang 安全相关项目收集(go)
https://github.com/minio/asm2plan9s
为 Go 汇编生成字节序列的工具(go)
https://github.com/aus/gopherheaven
golang heaven's gate 直接从 32 位进程调用 64 位代码(go)
https://github.com/wbenny/injdrv
injdrv 是一个概念验证 Windows 驱动程序,用于使用 APC 将 DLL 注入用户模式进程(c)
https://github.com/moloch--/sqlite
sqlite的纯go支持(go)
https://github.com/daem0nc0re/HEVD-CSharpKernelPwn
HackSys Extreme 易受攻击的驱动程序(c#)
https://github.com/klinix5/WindowsMDMLPE
win11提权(cpp)
https://github.com/AV1080p/Hacking-With-Golang
Golang安全资源合集(go)
https://github.com/xwuyi/STS2G
Struts2漏洞扫描利用工具 - Golang版(go)
https://github.com/Buzz2d0/0xpe
[windows]pe -> shellcode -> shellcodeLoader -> (pe2shellcode - go on?)(go)
https://github.com/riramar/Web-Attack-Cheat-Sheet
web攻击面总结
https://github.com/helpsystems/nanodump
更隐蔽的dump lsass(c)
https://github.com/DongHuangT1/Geacon
新修改的Geacon(beacon by golang) (go)
https://github.com/Maka8ka/NGLite
基于NKN区块链节点的C2 (go)
https://github.com/virusdefender/copy-cert
复制网站ssl证书(go)
https://github.com/lwch/natpass
新一代NAT内网穿透+shell+vnc工具(go)
https://github.com/L-codes/MX1014
短平快 端口扫描器(go)
https://github.com/taielab/Taie-Bugbounty-killer
自动化漏洞挖掘赏金技巧
https://github.com/wumansgy/goEncrypt
go语言封装的各种对称加密和非对称加密(go)
https://github.com/lqqyt2423/go-mitmproxy
Golang 版本的 mitmproxy(go)
https://github.com/r0eXpeR/supplier
主流供应商的一些攻击性漏洞汇总(md)
https://github.com/waterrr/BlackIP
公网扫描CobaltStrike的恶意IP合集(txt)
https://github.com/microsoft/Windows-classic-samples
微软官方的windows api samples(cpp)
https://github.com/avelino/awesome-go
精选的 Go 框架、库和软件的列表(go)
https://github.com/trustedsec/CS-Situational-Awareness-BOF
BOF用于主机信息收集(c)
https://github.com/wsummerhill/CobaltStrike_RedTeam_CheatSheet
Cobalt Strike Red Team Cheat Sheet, 常用的CobaltStrike命令(md)
https://github.com/jweny/xhttp
应用于扫描器场景下的http基础库(go)
https://github.com/asmcos/requests
模仿python request的golang http接口(go)
https://github.com/imroc/req
Go语言人性化HTTP请求库(go)
https://github.com/mgeeky/UnhookMe
windows api动态脱钩导入解析器(cpp)
https://github.com/sairson/MateuszEx
bypass AV生成工具,Golang shellcode加载器(go)
https://github.com/Rvn0xsy/PassDecode-jar
帆软/致远密码解密工具(java)
https://github.com/tatsushid/go-fastping
快速icmp请求库(go)
https://github.com/malfunkt/iprange
iprange是一个库,可用于从nmap格式中的字符串解析 IPv4 地址。(go)
https://github.com/jianfengye/collection
Collection包目标是用于替换golang原生的Slice,使用场景是在大量不追求极致性能,追求业务开发效能的场景。(go)
https://github.com/akkuman/gSigFlip
Golang版本的SigFlip, 将信息隐写入签名exe,不破坏证书(go)
https://github.com/knownsec/KCon
KCon PPT
https://github.com/akkuman/rotateproxy
利用fofa搜索socks5开放代理进行代理池轮切的工具(go)
https://github.com/r0eXpeR/fingerprint
各种工具指纹收集分享
https://github.com/FunnyWolf/TFirewall
防火墙出网探测工具,内网穿透型socks5代理(go)
https://github.com/sinamna/ChizBroker
grpc message broker(go)
https://github.com/dev-2null/ADCollector
AD信息收集工具 (C#)
https://github.com/BeichenDream/Kcon2021Code
Beichen在KCon的项目代码 (java)
https://github.com/akutz/memconn
内存网络连接实现,效率更高(go)
https://github.com/imroc/req
所谓更人性化的http请求库(go)
https://github.com/gvb84/pbscan
更快的syn扫描器(c)
https://github.com/ixty/mandibule
elf进程注入(c)
https://github.com/RichardKnop/machinery
分布式异步任务队列(go)
https://github.com/scythe-io/memory-module-loader
直接从内存中加载dll而不调用loadlibrary(c)
https://github.com/LloydLabs/delete-self-poc
文件自删除(c)
https://github.com/klezVirus/SharpSelfDelete
文件自删除(c#)
https://github.com/0xrawsec/whids
开源edr(go)
https://github.com/RedTeamWing/WingKit
Cobalt Strike 插件 by Wing (powershell/c)
https://github.com/cube0x0/SharpSystemTriggers
windows认证触发器 MS-EFS RPC/MS-RPRN RPC/DCOM Potato (c#)
https://github.com/bigb0sss/Bankai
又一个golang shellcode loader,优点是加载template比较多(go)
https://github.com/Crimson-io/AMSI
Golang AMSI Bypass (go)
https://github.com/RedTeamWing/SharpClearPass
.net获取明文密码(c#)
https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset
Cobalt Strike BOF工具集(c)
https://github.com/panjf2000/gnet
gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
https://github.com/0x727/AggressorScripts_0x727
0x727的cobalt strike插件(ps1)
https://github.com/klinix5/ProfSvcLPE
windows提权漏洞(cpp)
https://github.com/wzshiming/anyproxy
多种协议代理支持(go)
https://github.com/jfmaes/FunWithServerless
serverless proxy 代码示例 (python)
https://github.com/0x727/JNDIExploit
JNDI注入利用工具(java)
https://github.com/0x727/SpringBootExploit
SpringBoot利用工具(java)
https://github.com/nospaceships/raw-socket-sniffer
无需npcap抓包(c)
https://github.com/KaLendsi/CVE-2021-40449-Exploit
windows LPE提权 (cpp)
https://github.com/Tylous/ZipExec
从受密码保护的 zip 执行二进制文件的独特技术(POC)(go)
https://github.com/akkuman/toolset
免杀生成器,加载部分基于gld(go)
https://github.com/akkuman/gSchtasks
golang COM接口添加计划任务(go)
https://github.com/rxwx/spoolsystem
使用PrintSpooler提权的cna脚本(c)
https://github.com/Jumbo-WJB/PTH_Exchange
使用NTLM hash操作Exchange (python)
https://github.com/kindtime/nosferatu
NTLM身份验证后门(cpp)
https://github.com/m0rv4i/go-hunt-weak-pes
从系统寻找未开启保护的exe,dll (go)
https://github.com/Mzack9999/roundrobin
可配置策略轮询 (go)
https://github.com/akkuman/rotateproxy
利用fofa搜索socks5开放代理进行代理池轮切的工具(go)
https://github.com/lkarlslund/adalanche
adalanche提供即时结果,显示用户和组在 Active Directory 中的权限。它可用于可视化和探索谁可以接管帐户、机器或整个域,并可用于查找和显示错误配置。(go)
https://github.com/asmcos/requests
与python requests类似的golang包 (go)
https://github.com/mez-0/InMemoryNET
内存执行.net程序,assembly execute (cpp)
https://github.com/caddyserver/caddy
https服务器 (go)
https://github.com/L-codes/MX1014
快速端口扫描器(go)
https://github.com/Cobalt-Strike/sleep_python_bridge
使用python写Cobalt Strike插件(python)
https://github.com/timwhitez/ScareCrow-Common
ScareCrow框架学习,生成后的代码可读版本(go)
https://github.com/FourCoreLabs/EDRHunt
查找本机安装的edr以及反病毒产品(go)
https://github.com/howmp/CobaltStrikeDetect
cobalt strike 检测(c)
https://github.com/aaaddress1/Skrull
Skrull针对DRM的恶意软件保护,可防止AV/EDR自动提交样本以及从内核进行签名扫描。它生成的启动器可以使用进程重影技术在受害者身上运行恶意软件。启动器是完全反复制的,并且在提交时自然会损坏。(c)
https://github.com/EspressoCake/HandleKatz_BOF
通过lsass句柄克隆进行转储与混淆的BOF版本 (c)
https://github.com/optiv/ScareCrow/releases/tag/v3.0
scarecrow3.0 最好的golang加载器项目(go)
https://github.com/yaklang/yakit/
基于yaklang的集成化单兵安全能力平台(TypeScript)
https://github.com/dismantl/ImprovedReflectiveDLLInjection
改进的RDI(反射DLL注入)技术 (c)
https://github.com/akkuman/alifc_email
利用阿里云函数发送邮件(go)
https://github.com/zu1k/good-mitm
Rust写的mitm中间人代理(rust)
https://github.com/magnusstubman/MagnusKatz
重写mimikatz达到免杀效果(cpp)
https://github.com/plackyhacker/UnhookBitDefender
通过ReMapping的方式绕过bitdefender的api hook (c#)
https://github.com/tihanyin/PSSW100AVB
100%(2021_09)静态免杀的powershell脚本 (ps1)
https://github.com/ouqiang/goproxy
Go HTTP(S)代理库, 支持中间人代理解密HTTPS (go)
https://github.com/timwhitez/DarkLoadLibrary
DarkLoadLibrary在VS2019 x64 release下的可用版本#非最新版 (c)
https://github.com/rookuu/BOFs/tree/main/MiniDumpWriteDump
重写MiniDunpWriteDump bof (c)
https://github.com/w1u0u1/minidump
MiniDumpWriteDump函数的自定义实现。使用静态系统调用替换低级函数,借鉴了上述项目(c)
https://github.com/k4nfr3/Dumpert
dumpert修改项目,绕过本地字符串拦截,mcafee等(c)
https://github.com/bats3c/DarkLoadLibrary
代替LoadLibrary,更隐蔽(c)
https://github.com/panagioto/SyscallHide
采用Syscall添加注册表后门(cpp)
https://github.com/mgeeky/ShellcodeFluctuation/releases/tag/v0.2
内存免杀项目v0.2版本,修改后的protect从RW更新为NO_ACCESS,修改Protect还原值为初始值 (cpp)
https://github.com/Tylous/SourcePoint/releases/tag/2.0
Cobalt Strike profile配置生成工具SourcePoint大版本更新v2.0 (go)
https://github.com/codewhitesec/HandleKatz
通过lsass句柄克隆进行转储与混淆 (c)
https://github.com/thefLink/C-To-Shellcode-Examples
C源码转换为shellcode, 按照模板编写C代码以实现与位置无关shellcode存在.text段并可直接提取使用 (c)
https://github.com/JustasMasiulis/inline_syscall
添加标头的方式以实现方便的系统调用/syscall (cpp)
https://github.com/boku7/Ninja_UUID_Dropper
Module Stomping + UUID注入 + HellsGate + HalosGate + EnumSystemLocalesA(回调执行,无新线程) (c)
./SourcePoint -PE_Clone 18 -PostEX_Name 13 -Sleep 3 -Profile 4 -Outfile myprofile.profile -Host <TeamServer> -Injector NtMapViewOfSection
https://github.com/vxunderground/WinAPI-Tricks
恶意软件使用或滥用的各种 WINAPI 技巧/功能的集合, 反调试,字符串哈希等 (c)
https://github.com/hydra13142/sma
golang实现的多种字符串匹配算法 (go)
https://github.com/mgeeky/ThreadStackSpoofer
线程堆栈欺骗,通过sleep时修改_AddressOfReturnAddress()地址实现断链 (cpp)
https://github.com/ORCA666/WHALE
基于Huan项目的修改,加入反沙箱,反调试等 (c/cpp)
https://github.com/slaeryan/AQUARMOURY/blob/master/Wraith/Src/Injector.h
"Advanced Bird" APC Queue Code Injection(cpp)