bakaralisec's Projects
一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
Project to enumerate proxy configurations and generate shellcode from CobaltStrike
Instant, Open source API security → API discovery, automated business logic testing and runtime detection.
一个能快速开启和关闭匿名SMB共享的红队脚本
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
A tool to extract IP/URL endpoints from APKs by disassembling and decompiling
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
一站式自动下载部署常用安全工具小脚本.
AutoRedTools是一款轻量级一站式自动下载/自动更新常用开源软件的工具,主要帮助安全从业者/安全开发人员快速进行环境搭建以及常用软件的更新,节约软件的更新或者安 装的时间,从而提升生产效率或工作效率。
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Config files for my GitHub profile.
Red Team Home Lab for breaching-defenses.com with an ELK stack
A Bumblebee-inspired Crypter
Burp Suite Certified Practitioner Exam Study
Ultimate Burp Suite Exam and PortSwigger Labs Guide.
An open-source post-exploitation framework for students, researchers and developers.
Automated Adversary Emulation Platform
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
Programmatically extract saved passwords from Chromium based browsers.
Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
A Red Team tool for exfiltrating sensitive data from Confluence pages.
An opensource Prank Startup Malware for windows developed using C Programming Language.
Gather and update all available and newest CVEs with their PoC.
PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527
Identifies the bytes that Microsoft Defender flags on.
DevOps Roadmap for 2023. with learning resources
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点