A tool to dump Java serialization streams in a more human readable form.

Deserialization payload generator for a variety of .NET formatters

Java 内存马开聚会 🎉

本Burp Suite插件专为文件上传漏洞检测设计，提供自动化Fuzz测试，共300+条payload。

Burp suite 短信轰炸辅助绕过插件

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callb…

漏洞报告已脱敏

TartarusGate, Bypassing EDRs

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…

基于 BurpSuite 新版 MontoyaAPI 的 SSRF 漏洞自动探测插件

A CAT called tabby ( Code Analysis Tool )

☕️ Java Security，安全编码和代码审计

图形化Java反序列化利用工具，集成Ysoserial

Burp插件，快速探测可能存在SQL注入的请求并标记，提高测试效率

Encrypted shellcode Injection to avoid Kernel triggered memory scans

Multilayered AV/EDR Evasion Framework

一款利用爬虫技术实现前端JS加密自动化绕过的爆破登陆渗透测试工具

个人向自写JS Hook脚本

Hit-And-Run: Syscall Method for Bypassing EDRs via Vectored Exception Handler and Call Stack Theft.

SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in a Windows x64 environment.

Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode

自动化找白文件，用于扫描 EXE 文件的导入表，列出导入的DLL文件，并筛选出非系统DLL，符合条件的文件将被复制到特定的 X64 或 X86 文件夹

Generate DLL Hijacking Payload in batches.

Automated Hosting Information Hunting Tool - Windows 主机信息自动化狩猎工具

一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具

🤖 The most powerful Android RPA framework, the next generation of mobile automation robots.