└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Git-Daily 2 | Github Security Daily Repository. 3 | 4 | # Github 推出star项目分组功能,本repo无存在的必要,停止更新 5 | 6 | - 尝试记录github项目并添加关键词便于检索 7 | 8 | 9 | ## -- 10 | ### 20211126 11 | ``` 12 | https://github.com/busterb/msmailprobe 13 | Office 365 and Exchange爆破工具(go) 14 | 15 | 16 | https://github.com/scareing/UAC_wenpon 17 | 包含常用的几种UAC bypass技术,win7-win10 ,同时拥有一定的bypass 杀软的能力(cpp) 18 | 19 | 20 | https://github.com/nccgroup/SocksOverRDP 21 | 在RDP连接上开启Socks代理(cpp) 22 | 23 | 24 | https://github.com/icyguider/DumpNParse 25 | LSASS 转储工具和解析器(c#) 26 | 27 | 28 | https://github.com/niudaii/go-find 29 | 文件名、文件内容搜索工具(go) 30 | 31 | 32 | https://github.com/fullstorydev/grpcurl 33 | 类似于 cURL,用于与 gRPC 服务器交互的命令行工具(go) 34 | 35 | 36 | https://github.com/mrd0x/dll_inject_vs_binaries 37 | 用于进程注入的lolbin,存在于visual studio 38 | 39 | 40 | https://github.com/ufrisk/MemProcFS 41 | 通过挂载的文件系统进行快速简便的内存分析(c) 42 | 43 | 44 | https://github.com/zema1/yarx 45 | 一个自动化根据 xray poc 生成对应 server 的工具(go) 46 | 47 | 48 | https://github.com/API-Security/APIKit 49 | 主动/被动扫描发现应用泄露的API文档,并将API文档解析成BurpSuite中的数据包用于API安全测试。(java) 50 | 51 | 52 | https://github.com/API-Security/APISandbox 53 | 基于 Docker-Compose 的API漏洞靶场环境 54 | 55 | 56 | https://github.com/fangzesheng/free-api 57 | 收集免费的接口服务,做一个api的搬运工 58 | 59 | 60 | https://github.com/whwlsfb/BurpCrypto 61 | 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件(java) 62 | 63 | 64 | https://github.com/klinix5/InstallerFileTakeOver 65 | Windows Installer 提权POC(cpp) 66 | 67 | 68 | https://github.com/rasta-mouse/ThreatCheck 69 | 修改版DefenderCheck, 用于定位恶意文件被Windows Defender查杀的静态特征(C#) 70 | 71 | 72 | https://github.com/sharp-shooter/ChangeDomainMachinePassword 73 | 用于修改本地或者域控中计算机账号的密码(C#) 74 | 75 | 76 | https://github.com/Liang2580/rotateproxy 77 | 利用fofa搜索socks5开放代理进行代理池轮切的工具(改)(go) 78 | 79 | 80 | https://github.com/oXis/GPUSleep 81 | 在睡眠过程中将内存数据转移到GPU内存以规避内存扫描(cpp) 82 | 83 | 84 | https://github.com/uknowsec/getSystem 85 | 用于webshell下getsystem (c) 86 | 87 | ``` 88 | ### 20211118 89 | ``` 90 | https://github.com/3gstudent/SharpRDPCheck 91 | 检查rdp账号密码是否可用,支持明文密码与ntlmhash (c#) 92 | 93 | 94 | https://github.com/bigsizeme/fastjson-check 95 | fastjson回显payload生成,burp插件(java) 96 | 97 | 98 | https://github.com/trustedsec/COFFLoader 99 | COFF loader (AKA Beacon Object Files) (c) 100 | 101 | 102 | https://github.com/lab52io/StopDefender 103 | 从administrator权限提升到trustedinstaller再通过服务关闭Windows Defender(cpp) 104 | 105 | 106 | https://github.com/CCob/lsarelayx 107 | ntlm中继工具,能扩大中继范围,降级中继(cpp) 108 | 109 | 110 | https://github.com/no0be/DNSlivery 111 | DNS+powershell文件传输(py) 112 | 113 | 114 | https://github.com/Binject/awesome-go-security 115 | golang 安全相关项目收集(go) 116 | 117 | 118 | https://github.com/minio/asm2plan9s 119 | 为 Go 汇编生成字节序列的工具(go) 120 | 121 | 122 | https://github.com/aus/gopherheaven 123 | golang heaven's gate 直接从 32 位进程调用 64 位代码(go) 124 | 125 | 126 | https://github.com/wbenny/injdrv 127 | injdrv 是一个概念验证 Windows 驱动程序,用于使用 APC 将 DLL 注入用户模式进程(c) 128 | 129 | 130 | https://github.com/moloch--/sqlite 131 | sqlite的纯go支持(go) 132 | 133 | 134 | https://github.com/daem0nc0re/HEVD-CSharpKernelPwn 135 | HackSys Extreme 易受攻击的驱动程序(c#) 136 | 137 | 138 | https://github.com/klinix5/WindowsMDMLPE 139 | win11提权(cpp) 140 | 141 | 142 | https://github.com/AV1080p/Hacking-With-Golang 143 | Golang安全资源合集(go) 144 | 145 | 146 | https://github.com/xwuyi/STS2G 147 | Struts2漏洞扫描利用工具 - Golang版(go) 148 | 149 | 150 | https://github.com/Buzz2d0/0xpe 151 | [windows]pe -> shellcode -> shellcodeLoader -> (pe2shellcode - go on?)(go) 152 | 153 | 154 | https://github.com/riramar/Web-Attack-Cheat-Sheet 155 | web攻击面总结 156 | 157 | ``` 158 | 159 | ### 20211112 160 | ``` 161 | https://github.com/helpsystems/nanodump 162 | 更隐蔽的dump lsass(c) 163 | 164 | 165 | https://github.com/DongHuangT1/Geacon 166 | 新修改的Geacon(beacon by golang) (go) 167 | 168 | 169 | https://github.com/Maka8ka/NGLite 170 | 基于NKN区块链节点的C2 (go) 171 | 172 | 173 | https://github.com/virusdefender/copy-cert 174 | 复制网站ssl证书(go) 175 | 176 | 177 | https://github.com/lwch/natpass 178 | 新一代NAT内网穿透+shell+vnc工具(go) 179 | 180 | 181 | https://github.com/L-codes/MX1014 182 | 短平快 端口扫描器(go) 183 | 184 | 185 | https://github.com/taielab/Taie-Bugbounty-killer 186 | 自动化漏洞挖掘赏金技巧 187 | 188 | 189 | ``` 190 | ### 20211108 191 | ``` 192 | https://github.com/wumansgy/goEncrypt 193 | go语言封装的各种对称加密和非对称加密(go) 194 | 195 | 196 | https://github.com/lqqyt2423/go-mitmproxy 197 | Golang 版本的 mitmproxy(go) 198 | 199 | 200 | https://github.com/r0eXpeR/supplier 201 | 主流供应商的一些攻击性漏洞汇总(md) 202 | 203 | 204 | https://github.com/waterrr/BlackIP 205 | 公网扫描CobaltStrike的恶意IP合集(txt) 206 | 207 | 208 | https://github.com/microsoft/Windows-classic-samples 209 | 微软官方的windows api samples(cpp) 210 | 211 | 212 | https://github.com/avelino/awesome-go 213 | 精选的 Go 框架、库和软件的列表(go) 214 | 215 | 216 | https://github.com/trustedsec/CS-Situational-Awareness-BOF 217 | BOF用于主机信息收集(c) 218 | 219 | 220 | https://github.com/wsummerhill/CobaltStrike_RedTeam_CheatSheet 221 | Cobalt Strike Red Team Cheat Sheet, 常用的CobaltStrike命令(md) 222 | 223 | 224 | https://github.com/jweny/xhttp 225 | 应用于扫描器场景下的http基础库(go) 226 | 227 | 228 | https://github.com/asmcos/requests 229 | 模仿python request的golang http接口(go) 230 | 231 | 232 | https://github.com/imroc/req 233 | Go语言人性化HTTP请求库(go) 234 | 235 | 236 | https://github.com/mgeeky/UnhookMe 237 | windows api动态脱钩导入解析器(cpp) 238 | 239 | 240 | https://github.com/sairson/MateuszEx 241 | bypass AV生成工具,Golang shellcode加载器(go) 242 | 243 | 244 | https://github.com/Rvn0xsy/PassDecode-jar 245 | 帆软/致远密码解密工具(java) 246 | 247 | 248 | https://github.com/tatsushid/go-fastping 249 | 快速icmp请求库(go) 250 | 251 | ``` 252 | ### 20211104 253 | ``` 254 | https://github.com/malfunkt/iprange 255 | iprange是一个库,可用于从nmap格式中的字符串解析 IPv4 地址。(go) 256 | 257 | 258 | https://github.com/jianfengye/collection 259 | Collection包目标是用于替换golang原生的Slice,使用场景是在大量不追求极致性能,追求业务开发效能的场景。(go) 260 | 261 | 262 | https://github.com/akkuman/gSigFlip 263 | Golang版本的SigFlip, 将信息隐写入签名exe,不破坏证书(go) 264 | 265 | 266 | https://github.com/knownsec/KCon 267 | KCon PPT 268 | 269 | 270 | https://github.com/akkuman/rotateproxy 271 | 利用fofa搜索socks5开放代理进行代理池轮切的工具(go) 272 | 273 | 274 | https://github.com/r0eXpeR/fingerprint 275 | 各种工具指纹收集分享 276 | 277 | 278 | https://github.com/FunnyWolf/TFirewall 279 | 防火墙出网探测工具,内网穿透型socks5代理(go) 280 | 281 | 282 | https://github.com/sinamna/ChizBroker 283 | grpc message broker(go) 284 | 285 | 286 | https://github.com/dev-2null/ADCollector 287 | AD信息收集工具 (C#) 288 | 289 | 290 | https://github.com/BeichenDream/Kcon2021Code 291 | Beichen在KCon的项目代码 (java) 292 | 293 | ``` 294 | 295 | ### 20211029 296 | ``` 297 | https://github.com/akutz/memconn 298 | 内存网络连接实现,效率更高(go) 299 | 300 | 301 | https://github.com/imroc/req 302 | 所谓更人性化的http请求库(go) 303 | 304 | 305 | https://github.com/gvb84/pbscan 306 | 更快的syn扫描器(c) 307 | 308 | 309 | https://github.com/ixty/mandibule 310 | elf进程注入(c) 311 | 312 | ``` 313 | ### 20211027 314 | ``` 315 | https://github.com/RichardKnop/machinery 316 | 分布式异步任务队列(go) 317 | 318 | 319 | https://github.com/scythe-io/memory-module-loader 320 | 直接从内存中加载dll而不调用loadlibrary(c) 321 | 322 | ``` 323 | 324 | 325 | ### 20211026 326 | ``` 327 | https://github.com/LloydLabs/delete-self-poc 328 | 文件自删除(c) 329 | 330 | 331 | https://github.com/klezVirus/SharpSelfDelete 332 | 文件自删除(c#) 333 | 334 | 335 | https://github.com/0xrawsec/whids 336 | 开源edr(go) 337 | 338 | 339 | 340 | https://github.com/RedTeamWing/WingKit 341 | Cobalt Strike 插件 by Wing (powershell/c) 342 | 343 | 344 | 345 | https://github.com/cube0x0/SharpSystemTriggers 346 | windows认证触发器 MS-EFS RPC/MS-RPRN RPC/DCOM Potato (c#) 347 | 348 | 349 | 350 | https://github.com/bigb0sss/Bankai 351 | 又一个golang shellcode loader,优点是加载template比较多(go) 352 | 353 | 354 | https://github.com/Crimson-io/AMSI 355 | Golang AMSI Bypass (go) 356 | 357 | 358 | ``` 359 | 360 | ### 20211024 361 | ``` 362 | https://github.com/RedTeamWing/SharpClearPass 363 | .net获取明文密码(c#) 364 | 365 | 366 | https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset 367 | Cobalt Strike BOF工具集(c) 368 | 369 | 370 | https://github.com/panjf2000/gnet 371 | gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。 372 | ``` 373 | 374 | ### 20211023 375 | ``` 376 | https://github.com/0x727/AggressorScripts_0x727 377 | 0x727的cobalt strike插件(ps1) 378 | 379 | https://github.com/klinix5/ProfSvcLPE 380 | windows提权漏洞(cpp) 381 | 382 | 383 | https://github.com/wzshiming/anyproxy 384 | 多种协议代理支持(go) 385 | 386 | ``` 387 | 388 | 389 | ### 20211022 390 | ``` 391 | https://github.com/jfmaes/FunWithServerless 392 | serverless proxy 代码示例 (python) 393 | 394 | 395 | https://github.com/0x727/JNDIExploit 396 | JNDI注入利用工具(java) 397 | 398 | 399 | https://github.com/0x727/SpringBootExploit 400 | SpringBoot利用工具(java) 401 | 402 | 403 | https://github.com/nospaceships/raw-socket-sniffer 404 | 无需npcap抓包(c) 405 | 406 | https://github.com/KaLendsi/CVE-2021-40449-Exploit 407 | windows LPE提权 (cpp) 408 | ``` 409 | 410 | 411 | ### 20211021 412 | ``` 413 | https://github.com/Tylous/ZipExec 414 | 从受密码保护的 zip 执行二进制文件的独特技术(POC)(go) 415 | 416 | 417 | https://github.com/akkuman/toolset 418 | 免杀生成器,加载部分基于gld(go) 419 | 420 | 421 | https://github.com/akkuman/gSchtasks 422 | golang COM接口添加计划任务(go) 423 | 424 | 425 | https://github.com/rxwx/spoolsystem 426 | 使用PrintSpooler提权的cna脚本(c) 427 | 428 | 429 | https://github.com/Jumbo-WJB/PTH_Exchange 430 | 使用NTLM hash操作Exchange (python) 431 | 432 | 433 | https://github.com/kindtime/nosferatu 434 | NTLM身份验证后门(cpp) 435 | 436 | ``` 437 | 438 | 439 | ### 20211020 440 | ``` 441 | https://github.com/m0rv4i/go-hunt-weak-pes 442 | 从系统寻找未开启保护的exe,dll (go) 443 | 444 | 445 | https://github.com/Mzack9999/roundrobin 446 | 可配置策略轮询 (go) 447 | 448 | 449 | https://github.com/akkuman/rotateproxy 450 | 利用fofa搜索socks5开放代理进行代理池轮切的工具(go) 451 | 452 | ``` 453 | 454 | ### 20211019 455 | ``` 456 | https://github.com/lkarlslund/adalanche 457 | adalanche提供即时结果,显示用户和组在 Active Directory 中的权限。它可用于可视化和探索谁可以接管帐户、机器或整个域,并可用于查找和显示错误配置。(go) 458 | 459 | 460 | https://github.com/asmcos/requests 461 | 与python requests类似的golang包 (go) 462 | 463 | ``` 464 | 465 | 466 | ### 20211018 467 | ``` 468 | https://github.com/mez-0/InMemoryNET 469 | 内存执行.net程序,assembly execute (cpp) 470 | 471 | 472 | https://github.com/caddyserver/caddy 473 | https服务器 (go) 474 | 475 | 476 | https://github.com/L-codes/MX1014 477 | 快速端口扫描器(go) 478 | 479 | ``` 480 | 481 | ### 20211016 482 | ``` 483 | https://github.com/Cobalt-Strike/sleep_python_bridge 484 | 使用python写Cobalt Strike插件(python) 485 | 486 | 487 | https://github.com/timwhitez/ScareCrow-Common 488 | ScareCrow框架学习,生成后的代码可读版本(go) 489 | 490 | ``` 491 | 492 | ### 20211015 493 | ``` 494 | https://github.com/FourCoreLabs/EDRHunt 495 | 查找本机安装的edr以及反病毒产品(go) 496 | 497 | 498 | https://github.com/howmp/CobaltStrikeDetect 499 | cobalt strike 检测(c) 500 | 501 | ``` 502 | 503 | ### 20211014 504 | ``` 505 | https://github.com/aaaddress1/Skrull 506 | Skrull针对DRM的恶意软件保护,可防止AV/EDR自动提交样本以及从内核进行签名扫描。它生成的启动器可以使用进程重影技术在受害者身上运行恶意软件。启动器是完全反复制的,并且在提交时自然会损坏。(c) 507 | 508 | ``` 509 | 510 | 511 | ### 20211013 512 | ``` 513 | https://github.com/EspressoCake/HandleKatz_BOF 514 | 通过lsass句柄克隆进行转储与混淆的BOF版本 (c) 515 | 516 | 517 | https://github.com/optiv/ScareCrow/releases/tag/v3.0 518 | scarecrow3.0 最好的golang加载器项目(go) 519 | 520 | ``` 521 | 522 | 523 | ### 20211012 524 | ``` 525 | https://github.com/yaklang/yakit/ 526 | 基于yaklang的集成化单兵安全能力平台(TypeScript) 527 | 528 | 529 | https://github.com/dismantl/ImprovedReflectiveDLLInjection 530 | 改进的RDI(反射DLL注入)技术 (c) 531 | 532 | 533 | https://github.com/akkuman/alifc_email 534 | 利用阿里云函数发送邮件(go) 535 | 536 | 537 | https://github.com/zu1k/good-mitm 538 | Rust写的mitm中间人代理(rust) 539 | 540 | 541 | https://github.com/magnusstubman/MagnusKatz 542 | 重写mimikatz达到免杀效果(cpp) 543 | 544 | ``` 545 | 546 | 547 | ### 20211011 548 | ``` 549 | https://github.com/plackyhacker/UnhookBitDefender 550 | 通过ReMapping的方式绕过bitdefender的api hook (c#) 551 | 552 | 553 | https://github.com/tihanyin/PSSW100AVB 554 | 100%(2021_09)静态免杀的powershell脚本 (ps1) 555 | 556 | 557 | https://github.com/ouqiang/goproxy 558 | Go HTTP(S)代理库, 支持中间人代理解密HTTPS (go) 559 | 560 | 561 | https://github.com/timwhitez/DarkLoadLibrary 562 | DarkLoadLibrary在VS2019 x64 release下的可用版本#非最新版 (c) 563 | 564 | ``` 565 | 566 | ### 20211010 567 | 568 | ``` 569 | https://github.com/rookuu/BOFs/tree/main/MiniDumpWriteDump 570 | 重写MiniDunpWriteDump bof (c) 571 | 572 | 573 | https://github.com/w1u0u1/minidump 574 | MiniDumpWriteDump函数的自定义实现。使用静态系统调用替换低级函数,借鉴了上述项目(c) 575 | 576 | 577 | https://github.com/k4nfr3/Dumpert 578 | dumpert修改项目,绕过本地字符串拦截,mcafee等(c) 579 | 580 | 581 | https://github.com/bats3c/DarkLoadLibrary 582 | 代替LoadLibrary,更隐蔽(c) 583 | 584 | 585 | https://github.com/panagioto/SyscallHide 586 | 采用Syscall添加注册表后门(cpp) 587 | 588 | ``` 589 | 590 | ### 20211008 591 | 592 | ``` 593 | https://github.com/mgeeky/ShellcodeFluctuation/releases/tag/v0.2 594 | 595 | 内存免杀项目v0.2版本,修改后的protect从RW更新为NO_ACCESS,修改Protect还原值为初始值 (cpp) 596 | 597 | 598 | https://github.com/Tylous/SourcePoint/releases/tag/2.0 599 | 600 | Cobalt Strike profile配置生成工具SourcePoint大版本更新v2.0 (go) 601 | 602 | 603 | 604 | https://github.com/codewhitesec/HandleKatz 605 | 606 | 通过lsass句柄克隆进行转储与混淆 (c) 607 | 608 | 609 | https://github.com/thefLink/C-To-Shellcode-Examples 610 | 611 | C源码转换为shellcode, 按照模板编写C代码以实现与位置无关shellcode存在.text段并可直接提取使用 (c) 612 | 613 | 614 | https://github.com/JustasMasiulis/inline_syscall 615 | 616 | 添加标头的方式以实现方便的系统调用/syscall (cpp) 617 | 618 | 619 | https://github.com/boku7/Ninja_UUID_Dropper 620 | 621 | Module Stomping + UUID注入 + HellsGate + HalosGate + EnumSystemLocalesA(回调执行,无新线程) (c) 622 | ./SourcePoint -PE_Clone 18 -PostEX_Name 13 -Sleep 3 -Profile 4 -Outfile myprofile.profile -Host -Injector NtMapViewOfSection 623 | 624 | https://github.com/vxunderground/WinAPI-Tricks 625 | 626 | 恶意软件使用或滥用的各种 WINAPI 技巧/功能的集合, 反调试,字符串哈希等 (c) 627 | 628 | 629 | https://github.com/hydra13142/sma 630 | 631 | golang实现的多种字符串匹配算法 (go) 632 | 633 | 634 | https://github.com/mgeeky/ThreadStackSpoofer 635 | 636 | 线程堆栈欺骗,通过sleep时修改_AddressOfReturnAddress()地址实现断链 (cpp) 637 | 638 | 639 | https://github.com/ORCA666/WHALE 640 | 641 | 基于Huan项目的修改,加入反沙箱,反调试等 (c/cpp) 642 | 643 | 644 | https://github.com/slaeryan/AQUARMOURY/blob/master/Wraith/Src/Injector.h 645 | 646 | "Advanced Bird" APC Queue Code Injection(cpp) 647 | 648 | ``` 649 | 650 | 651 | --------------------------------------------------------------------------------