20142995/sectool 20142995/sectool

  • Stars
    star
    187
  • Rank 205,281 (Top 5 %)
  • Language
    Python
  • Created almost 2 years ago
  • Updated 5 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
20142995/sectool
github

20142995

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

个人向的工具导航,Ctrl + F

更新于 2024-01-14 08:39:41

近15天release更新记录

更新时间 项目名称 版本 更新内容
2024-01-13 22:52:54 ChatGPT-Shortcut v3.1.6 v3.1.6 Update - Feature: Customiz
able username modification - Fix: Reso
lve multiple issues with registration
functionality and browser warnings - R
efactor: Simplify API logic a
2024-01-13 10:14:51 PyWxDump v2.4.16 [Auto Release] Update PyWxDump to ref
s/tags/v2.4.16
2024-01-12 19:04:35 containerd v1.6.27 Welcome to the v1.6.27 release of con
tainerd! The twenty-seventh patch rele
ase for containerd 1.6 contains variou
s fixes and updates. ### Notable Updat
es * **Improve /etc/group han
2024-01-12 14:25:11 Elkeid v1.9.0.
4_202401
12_elkei
d_ko
2024-01-11 19:00:24 subfinder v2.6.4 ## What's Changed * Added pagination
support to SecurityTrails source by @
dogancanbakir in https://github.com/pr
ojectdiscovery/subfinder/pull/1105 * A
dded extended limit for crtsh
2024-01-11 11:34:28 trivy v0.48.3 ## Changelog * eac751339 chore(deps):
bump github.com/cloudflare/circl from
1.3.6 to 1.3.7 (#5892) * d866b71dd ch
ore(deps): bump google.golang.org/prot
obuf from 1.31.0 to 1.32.0 (#
2024-01-11 11:28:44 safeline v4.1.1 ### 修复 - 修复 IP 组在线订阅失败时会
保存错误内容的问题
2024-01-11 02:59:12 autoDecoder 0.37-be
ta1		 ## 2024.1.11 更新0.37-beta1 1. 修复DE
S解密出错问题 感谢微信群师傅@春至 @w
反馈
2024-01-10 22:58:29 faker v22.2.0 See .
2024-01-10 13:30:18 WeChatMsg v1.0.3 # 新增功能 * 支持批量导出聊天记录 *
支持自定义选择导出时间 * exe程序支持显
示群聊 # 优化 * 加快启动速度 * 修复空
格导致的语音消息失效的问题 #281 #289 *
修复没有ContactLabel表导致的无法启动的
问题 #274 * 修复光标显示异常的问题 * 修
复exe程序图片显示导致的错误问题 # 1.1.x
更新预告 1. 个
2024-01-10 13:27:49 nuclei v3.1.5 ## What's Changed ### Other Changes
* Fixed a bug introduced in previous v
ersion by @tarunKoyalwar in https://gi
thub.com/projectdiscovery/nuclei/pull/
4608 Full Changelog: http
2024-01-09 14:52:33 Pillager AutoBui
ld
2024-01-09 06:44:58 afrog v2.9.9 【BUG】修复 proxy 命令中的 BUG,解决
在使用 HTTP 代理进行 HTTPS 请求时因 use
r canceled 操作而导致 afrog 未能接收到
响应的问题。 Fix the BUG in the proxy c
ommand, addressing the issue where afr
og fails to receive a respon
2024-01-08 19:16:52 ImageMagick 7.1.1-2
6		 ## What's Changed * fix error: 'libra
w_data_t' has no member named 'rawpara
ms' by @remicollet in https://github.c
om/ImageMagick/ImageMagick/pull/6989 *
Make Magick++-config work fr
2024-01-08 14:34:59 ObserverWard v2024.1
.8
2024-01-07 20:45:56 dbeaver 23.3.2 - Metadata editor: - New database ob
jects wizard was redesigned - Primary/
unique key can be created automaticall
y along with new columns - SQL Editor:
- Outline viewer of SQL quer
2024-01-07 04:24:29 PEASS-ng 2024010
7-6fec90
a8
2024-01-06 04:21:30 grype v0.74.0 ### Added Features - Vulnerabilities
marked as fixed in distro packages sho
uld be reported as fixed for all conta
ined packages too @luhring] ### Bug
Fixes - Parameter quiet is ig
2024-01-05 21:41:12 syft v0.100.
0		 ### Added Features - Add more functio
nality to the ErLang parser @LaurentG
oderre] - Added OpenSSL binary matcher
@LaurentGoderre] - Add ability to ex
tend the binaries cataloguers
2024-01-05 02:10:15 BlueTeamTools BlueTea
mToolsV0
.92版本		 2024.01.05 修正"反序列化数据包分析"功
能的变量未初始化导致解析错误。 2024.01.
03 修正"查询ip对应物理地址"功能,直接
输入ip列表也可以查询物理地址。
2024-01-04 21:28:56 ImHex v1.32.2 ## Additions - Fixed the M1 build c
ompletely - I went out and bought a
MacBook Air just for this, I hope you'
re happy - Completely overhauled the
external plugin system - I
2024-01-04 07:34:37 Sign-Sacker 代码微
调,项目
停更		 微调代码,设置仅支持exe,dll文件 rele
ase下载地址:https://langsasec.lanzout
.com/iBjmL1jzwojg 解压密码:langsasec
到此,该项目不再更新
2024-01-04 05:03:48 captcha-killer-mo
dified		 0.24.4 【2024-1-4】 0.24.4 - 服务端识别代码
增加算术接口,可以进行算术验证码的识别
2024-01-03 22:20:06 sqlmap 1.8 Stable version 1.8 ()
2024-01-03 11:29:33 locust 2.20.1 ## What's Changed * Add charset_norma
lizer dependency by @KellyP5 in https:
//github.com/locustio/locust/pull/2506
* Bump Requests to 2.26.0, remove exp
licit dependency on charset_n
2024-01-03 03:35:21 nemo_go v2.11.0 ### Update - worker支持socks5代理扫描
; - 在web中可查看和管理worker的启动参
数及运行负载情况; - 优化指纹获取方式;
指纹获取不再调用observe_ward,通过httpx
保存的reseponse信息被动匹配fingerprinth
ub的指纹; - 增加fingerprintx作为httpx
的补充,用于获取非HTTP端口
2024-01-02 14:06:57 arthas arthas-
all-3.7.
2		 Issues: https://github.com/alibaba/ar
thas/milestone/50?closed=1 * arthas-sp
ring-boot-starter support spring boot3
. #2524 * upgrade spring-boot 2 to 2.7
.15, spring boot 3 to 3.1.7 *

近15天commit提交记录

提交时间 项目名称 更新内容
2024-01-14 00:31:16 PoC-in-GitHub Auto Update 2024/01/14 00:31:16
2024-01-14 00:00:03 free updated_at 01-14 08:00
2024-01-13 21:59:00 ChatGPT-Shortcut chore(deps): bump follow-redirects from 1.15.2 to 1
.15.5 (#45) Bumps from 1.15.2 to 1.15.5. - - ---
updated-dependencies: - dependency-name: follow-redi
rects dependency-type: in
2024-01-13 21:35:10 PocOrExp_in_Githu
b		 update 2024-01-14 05:35:10
2024-01-13 18:32:50 anti-AD Auto renew the anti-AD list.
2024-01-13 17:45:53 john Armory format: Switch from scatter to gather on MIC
2024-01-13 17:21:19 WeChatMsg 修改HTML默认聊天数据
2024-01-13 15:36:49 PEASS-ng Merge pull request #405 from d4t4s3c/patch-1 useful
for when on the victim host we have access to the i
nternet but…
2024-01-13 15:05:32 DIE-engine Update module: Detect-It-Easy 2024-01-13
2024-01-13 12:34:25 v2rayfree update
2024-01-13 10:10:42 PyWxDump fix
2024-01-13 08:44:31 logging-log4j2 Move OSGi caches to target directory
2024-01-13 08:28:18 PST-Bucket pixpin: Update to version 1.5.0.0
2024-01-13 02:09:28 SmsForwarder 优化:自动任务的触发条件充电状态中充电器增加不限选
项 #I8VOE3
2024-01-12 23:34:13 ImHex impr: Make plugin features and subcommands work in
statically linked builds
2024-01-12 22:39:13 syft Replace core SBOM-creation API with builder pattern
(#1383) * remove existing cataloging API Signed-off
-by: Alex Goodman * add file cataloging config Sign
ed-off-by: Alex Goodman
2024-01-12 22:18:33 containerd Merge pull request #8355 from Jenkins-J/move-Defaul
tSnapshotter Move DefaultSnapshotter constants
2024-01-12 21:54:52 nuclei fix panic in interactsh process interaction ( nil c
heck on compiled operators) (#4511) * nil check * mi
sc updates --------- Co-authored-by: Tarun Koyalwar
2024-01-12 21:47:37 dbeaver CB-4309 add keep alive interval for data source (#2
2316) * CB-4309 add keep alive interval for data sou
rce * CB-4463 do not run datasource monitor job in c
b --------- Co-authored-b
2024-01-12 15:23:35 clair build(deps): bump golang.org/x/net from 0.19.0 to 0
.20.0 Bumps from 0.19.0 to 0.20.0. - --- updated-d
ependencies: - dependency-name: golang.org/x/net dep
endency-type: direct:prod
2024-01-12 15:04:09 metasploit-framew
ork		 Land #18682, Add tests for Msf::Exploit::Local expl
oit_type and sysinfo methods
2024-01-12 13:08:57 gshark Merge pull request #195 from madneal/dependabot/npm
_and_yarn/web/follow-redirects-1.15.4 Bump follow-re
directs from 1.15.3 to 1.15.4 in /web
2024-01-12 10:54:02 neuvector Merge pull request #1167 from jeffhuang4704/NVSHAS-
7720-Enhance_UI_Performance_adjust_quick_filter_beha
vior NVSHAS-7720-Enhance_UI_Performance, adjust quic
k filter behavior
2024-01-12 10:30:57 suo5 Merge pull request #47 from dust-life/main add Suo5
VirtualPath memshell
2024-01-12 06:17:23 jumpserver feat: 同步ldap用户消息通知
2024-01-12 06:01:55 kube-bench build(deps): bump alpine from 3.18.3 to 3.19.0 (#15
35) Bumps alpine from 3.18.3 to 3.19.0. --- updated-
dependencies: - dependency-name: alpine dependency-t
ype: direct:production up
2024-01-12 05:59:24 fofaEX fofaHack 界面可排序 Signed-off-by: 10cks
2024-01-12 04:36:55 trivy docs(misconf): multiple ignores in comment (#5926)
2024-01-12 03:49:01 murphysec chore(deps): bump github.com/cloudflare/circl from
1.3.6 to 1.3.7 Bumps from 1.3.6 to 1.3.7. - - ---
updated-dependencies: - dependency-name: github.com
/cloudflare/circl depende
2024-01-12 03:28:02 appshark Merge remote-tracking branch 'origin/main'
2024-01-12 00:59:48 afrog poc update
2024-01-11 20:46:39 impacket ntlmrelayx.py: Make SOCKS5 address and port configu
rable (#1636) * ntlmrelayx.py: Make SOCKS5 address a
nd port configurable * Fix API port
2024-01-11 20:21:44 locust Remove orphaned dist js file
2024-01-11 18:35:51 subfinder version update
2024-01-11 18:28:08 sliver Merge pull request #1551 from BishopFox/v1.6.0/daem
on-tailscale-flag Add support for tailscale to daemo
n mode
2024-01-11 17:26:54 audacity Merge pull request #5856 from saintmatthieu/5795-te
mpo-detection-benchmarking-improvement 5795 tempo de
tection benchmarking improvement
2024-01-11 16:30:29 ImageMagick export an exception when functions do not include a
n enclosing parenthesis (https://github.com/ImageMag
ick/ImageMagick/discussions/4533)
2024-01-11 15:11:40 sqlmap Implementing #5506
2024-01-11 15:00:40 FreeRDP [uwac] output: take a max scale into scaling code F
ix for a hybrid multimonitor configurations: Previou
s code was working for me because the display with s
cale=2 was last on the wa
2024-01-11 13:10:49 Qianji Update README.md 停止维护啦哈哈 江湖再见 下棋去了
2024-01-11 10:58:48 safeline feat: release v4.1.1
2024-01-11 08:59:32 vulnerability CVE-2024-0300
2024-01-11 06:47:53 rustdesk tcp rendezvous works now
2024-01-11 06:36:51 Mobile-Security-F
ramework-MobSF		 Update SECURITY.md (#2323) updated security policy
2024-01-11 05:24:54 autoDecoder Update FAQ.md
2024-01-10 22:57:56 faker Bump version: 22.1.0 → 22.2.0
2024-01-10 09:44:57 Elkeid Merge pull request #570 from bytedance/fix-procfs f
ix procfs compile error
2024-01-10 09:08:30 veinmind-tools docs: update qr_code (#271)
2024-01-09 21:20:55 grype chore(deps): bump github.com/cloudflare/circl from
1.3.3 to 1.3.7 (#1651) Bumps from 1.3.3 to 1.3.7. -
- --- updated-dependencies: - dependency-name: gi
thub.com/cloudflare/circl
2024-01-09 14:10:16 WebGoat chore: bump io.github.bonigarcia:webdrivermanager f
rom 5.3.3 to 5.6.3 (#1716) Bumps from 5.3.3 to 5.6.
3. - - - --- updated-dependencies: - dependency-n
ame: io.github.bonigarcia
2024-01-09 12:52:34 Pillager Update Chrome.cs
2024-01-09 10:50:50 frp Fix missing prefix for transport.tls.force in the e
xample (#3921)
2024-01-09 01:41:01 nemo_go Update: remove observe_ward binary in package
2024-01-08 17:07:29 ctf-archives Shaastra chals
2024-01-08 14:39:09 ObserverWard 删除nuclei调试代码
2024-01-08 08:52:58 DecoyMini Update README.md
2024-01-08 03:15:25 captcha-killer-mo
dified		 Update FAQ.md
2024-01-08 02:47:29 404StarLink weekly update at 2024-01-08
2024-01-07 22:42:41 CTFd File upload improvements (#2451) * Calculate a file
s sha1sum on upload for future local change detectio
n purposes * Allow clients to control the location o
f an uploaded file * Adds
2024-01-07 06:19:58 dperf Merge pull request #399 from pengjianzhang/main sug
gestions for handling init errors
2024-01-07 03:01:42 Umi-OCR 优化文件表格的状态文本
2024-01-07 01:33:31 beef Merge branch 'dependabot/bundler/net-smtp-0.4.0.1'
2024-01-06 10:51:22 GZCTF feat: use css with console log
2024-01-05 23:32:09 dirsearch Merge pull request #1355 from maurosoria/shelld3v-p
atch-5 Bug fix
2024-01-05 18:46:03 rengine Merge pull request #1153 from jxdv/update-license c
hore: update LICENSE
2024-01-05 14:23:59 codeql-cli-binari
es		 Add change note re Java 21 support in 2.15.4
2024-01-05 10:31:56 domain_hunter_pro clearComments
2024-01-05 03:31:11 Awesome-Redteam update ransomware decryption
2024-01-05 02:10:41 BlueTeamTools Update README.md
2024-01-04 11:56:25 ghauri updated readme with installation guideline by @Born
unique911, fixed #119
2024-01-04 10:43:46 X-Marshal Update README.md
2024-01-04 09:26:20 FrameVul Update and rename readme to readme.md
2024-01-04 07:39:09 Sign-Sacker 项目停更 项目停更
2024-01-04 03:13:18 Vulhub-Reproduce update apache ofbiz & activemq
2024-01-04 03:12:12 Vulnerability-Wik
i		 update apache ofbiz & activemq
2024-01-02 19:08:03 volatility3 Merge pull request #1075 from gcmoreira/linux_kmsg_
older_kernels_support Linux: Add support for kernels
earlier than version 3.11 in linux.kmsg.Kmsg plugin
2024-01-02 10:23:59 HackerPermKeeper upload
2024-01-02 07:54:00 arthas upgrade spring-boot 2 to 2.7.15, spring boot 3 to 3
.1.7
2024-01-02 03:07:36 RsaCtfTool Update Dockerfile
2024-01-01 05:37:50 dalfox Merge pull request #516 from hahwul/add-dependabot.
yml Update dependabot.yml
2023-12-31 13:07:11 ThinkAdmin 去非必需的文件
2023-12-31 05:25:42 all-in-one-v2 add mantle to zerius refuel
2023-12-31 03:08:26 Viper Update Jetbrains Logo
2023-12-30 18:04:55 vulhub update environments.toml

安全

CTF

AWD

靶场

项目名称 版本 项目描述 最近提交时间
wordpress AWD靶机 2018-12-11 07:45:27
AWDDocker 标准化AWD靶场Docker 2021-05-15 17:04:47
20190511_awd_dock
er		 2019 年 5 月 11 日防灾科技学院 “应急挑战杯” 大学生
网络安全邀请赛 AWD 靶机题目。		 2019-05-14 23:45:01
AWD_CTF_Platform 一个简单的AWD训练平台 2020-01-04 14:18:23
Liaoning-provinci
al-competition-tar
get-1		 第三届辽宁省ctf线下awd靶机1web 2020-11-01 13:12:58
awd-platform platform for awd 2018-09-11 05:59:33

防护

项目名称 版本 项目描述 最近提交时间
AoiAWD AoiAWD-专为比赛设计,便携性好,低权限运行的EDR系统。 2020-10-18 03:24:49
k4l0ng_WAF A broute detect WAF by PHP using to AWD 2018-06-28 12:12:25
CTF-WAF 针对CTF线下赛的通用WAF,日志审计功能。 2022-11-27 12:14:05

脚本

项目名称 版本 项目描述 最近提交时间
Prepare-for-AWD AWD攻防赛脚本集合 2019-10-17 01:09:44
AWD-Predator-Fram
ework		 AWD攻防赛webshell批量利用框架 2019-06-19 13:29:22
awd_attack_framew
ork		 awd攻防常用脚本+不死马+crontab+防御方法 2019-06-07 09:24:55

开源平台

项目名称 版本 项目描述 最近提交时间
JJUCTF_V2.0 JJU网络安全靶场实训平台 2021-05-01 10:38:51
H1ve 1.1.3 An Easy / Quick / Cheap Integrated Platform 2020-11-25 14:01:11
Cardinal v0.7.3 CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD pla
tform - 欢迎 Star~ ✨		 2021-11-12 18:17:48
CTF_AWD_Platform CTF 攻防对抗平台 2019-09-16 08:11:50
GZCTF v0.17.7 The GZ::CTF project, an open source CTF platform. 2024-01-06 10:51:22
MarsCTF V1.2.1 Vue+Springboot开发的CTF学习平台,提供动态靶机、学习
模块、writeup模块等等CTF平台的核心功能。提供docker版本		 2022-08-09 12:20:31

Crypto

古典密码

autokey
项目名称 版本 项目描述 最近提交时间
breakautokey breakautokey 2020-06-15 01:27:06

现代密码

RSA
项目名称 版本 项目描述 最近提交时间
CTF-RSA-tool a little tool help CTFer solve RSA problem 2018-08-26 09:17:20
RSA 2022-08-22 15:31:16
rsa-wiener-attack A Python implementation of the Wiener attack on RSA
public-key encryption scheme.		 2017-02-25 17:52:55
RsaCtfTool RSA attack tool (mainly for ctf) - retrieve private
key from weak public key and/or uncipher data		 2024-01-02 03:07:36
国密
项目名称 版本 项目描述 最近提交时间
gmhelper 基于BC库:国密SM2/SM3/SM4算法简单封装;实现SM2 X509v
3证书的签发;实现SM2 pfx证书的签发		 2023-11-12 03:07:34
sm-crypto 国密算法js版 2023-11-07 12:40:00

Misc

16进制编辑

项目名称 版本 项目描述 最近提交时间
ImHex v1.32.2 🔍 A Hex Editor for Reverse Engineers, Programmers a
nd people who value their retinas when working at 3 A
M.		 2024-01-12 23:34:13

编码解码

项目名称 版本 项目描述 最近提交时间
CTFCrackTools 4.0.7 China's first CTFTools framework.中国国内首个CTF工具
框架,旨在帮助CTFer快速攻克难关		 2022-11-16 22:23:09
Ciphey 5.14.0 ⚡ Automatically decrypt encryptions without knowing
the key or cipher, decode encodings, and crack hashe
s ⚡		 2023-10-12 07:20:40
CyberChef v10.5.2 The Cyber Swiss Army Knife - a web app for encryptio
n, encoding, compression and data analysis		 2023-07-14 18:01:41
TomatoTools v1.0.2 TomatoTools 一款CTF杂项利器,支持36种常见编码和密码
算法的加密和解密,31种密文的分析和识别,支持自动提取fl
ag,自定义插件等。		 2022-12-02 06:41:15

二维码批量识别

项目名称 版本 项目描述 最近提交时间
QrScan v2.9.0 离线批量检测图片是否包含二维码以及识别二维码 2023-09-22 05:46:17

自动拼图

项目名称 版本 项目描述 最近提交时间
PuzzleSolver v1.0.1-
beta		 一款专门为CTF比赛设计的拼图工具 2021-04-27 10:49:31

综合

项目名称 版本 项目描述 最近提交时间
CTF_Hacker-Tools
qsnctf-python 0.0.8.1
0		 青少年CTF的Python包,方便大家调用一些CTF常用功能。 2023-08-26 02:35:55
CTF-Tools v1.3.7 一款Python+Pyqt写的CTF编码、解码、加密、解密工具。 2022-07-21 08:40:01

Pwn

项目名称 版本 项目描述 最近提交时间

Reverse

Java反编译

项目名称 版本 项目描述 最近提交时间
JavaDecompileTool
-GUI		 V1.2 Java Decompile Tool GUI-JAVA反编译工具(界面版) 2021-04-12 21:56:10
CodeReviewTools v1.31 通过正则搜索、批量反编译特定Jar包中的class名称 2021-12-06 16:48:04

pyc逆向

项目名称 版本 项目描述 最近提交时间
stegosaurus 1.0 A steganography tool for embedding payloads within P
ython bytecode.		 2019-10-07 13:15:43
python-uncompyle6 3.9.0 A cross-version Python bytecode decompiler 2023-12-17 15:52:32
pyinstxtractor 2023.12 PyInstaller Extractor 2023-12-03 18:19:07

查壳

项目名称 版本 项目描述 最近提交时间
DIE-engine 3.09 DIE engine 2024-01-13 15:05:32

Web

定向目录扫描

项目名称 版本 项目描述 最近提交时间
ctf-wscan 在kingkaki的项目上进行了修改,改为单线程,可以在任意
目录下执行,对重复的请求进行了过滤		 2020-11-07 06:57:22

相关资源

项目名称 版本 项目描述 最近提交时间
http://www.ctftools.com/
apachecn-ctf-wiki 2022-04-26 07:03:04
CTFd 3.6.1 CTFs as you need them 2024-01-07 22:42:41
ctf-tools CTF 工具集合 2022-08-10 11:25:15
BerylEnigma 1.15.0 ffffffff0x team toolset for penetration testing, cry
ptography research, CTF and daily use.		 ffffffff0x
团队工具集,用来进行渗透测试,密码学研究,CTF和日常使
用。
CTFd_chinese_CN v1.2.0 对CTFd平台各版本的汉化记录。key:中文、汉化、翻译、ch
inese、CN、CTFd		 2023-09-16 07:11:09
CTF-Note CTF笔记:该项目主要记录CTF知识、刷题记录、工具等。 2022-08-17 09:28:58
ctf_ics_traffic 工控CTF比赛工具,各种网络数据包处理脚本 2018-08-09 02:48:04
CTF-QuickStart 源仓库存档 2023-11-05 08:22:46
CTFtools-wiki 【Hello CTF】录常用 / 优秀 的CTF工具项目及其文档,一
个对各阶段CTFer都很友好的工具仓库,让所有的工具都发挥作
用!		 2023-07-07 13:19:18
SecToolKit Cybersecurity tool repository / Wiki 收录常用 / 前沿
的CTF和渗透工具以及其 官方/使用 文档,致力于让每个工
具都能发挥作用ww,不管你是萌新还是领域从业者希望你都能
在这里找到适合你的工具或者获得一定的启发。		 2023-09-02 12:11:27
CTF-Tools 渊龙Sec安全团队CTF&AWD工具箱 2023-01-26 05:21:12
ctf-archives CTF Archives: Collection of CTF Challenges. 2024-01-08 17:07:29

红队

Web安全

漏洞发现库

安卓漏洞扫描
项目名称 版本 项目描述 最近提交时间
appshark v0.1.2 Appshark is a static taint analysis platform to scan
vulnerabilities in an Android app.		 2024-01-12 03:28:02
安卓抓包辅助
项目名称 版本 项目描述 最近提交时间
r0capture 安卓应用层抓包通杀脚本 2023-10-20 11:59:50
半自动漏洞扫描
项目名称 版本 项目描述 最近提交时间
myscan myscan 被动扫描 2021-03-19 12:18:34
DarkAngel/
xray 1.9.11 一款完善的安全评估工具,支持常见 web 安全问题扫描和
自定义 poc		 使用之前务必先阅读文档
Fvuln Fvuln-1
.4.9		 F-vuln(全称:Find-Vulnerability)是为了自己工作方便
专门编写的一款自动化工具,主要适用于日常安全服务、渗透
测试人员和RedTeam红队人员,它集合的功能包括:存活IP探
测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、s
sh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大
量web漏洞检测模块。		 2023-07-22 02:03:42
EasyPen EasyPen is a GUI program which helps pentesters do t
arget discovery, vulnerability scan and exploitation		 2022-10-19 08:46:57
nuclei v3.1.5 Fast and customizable vulnerability scanner based on
simple YAML based DSL.		 2024-01-12 21:54:52
QingTing v0.3 蜻蜓安全一个安全工具编排平台,可以自由编排你的工具流,
集成108款工具,包括xray、nmap、awvs等;你可以将喜欢的工
具编排成一个场景,快速打造适合自己的安全工作台~		 2023-03-21 08:07:56
NextScan v1.2.0 飞刃是一套完整的企业级黑盒漏洞扫描系统,集成漏洞扫描
、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测
引擎和丰富的插件库,覆盖多种漏洞类型和应用程序框架。		 2023-05-05 09:39:23
POC-bomber POC-bom
ber-for-
Redteam-
v3.0.0		 利用大量高威胁poc/exp快速获取目标权限,用于渗透和红
队快速打点		 2023-06-09 13:20:09
w13scan Passive Security Scanner (被动式安全扫描器) 2022-07-06 09:24:36
afrog v2.9.9 A Security Tool for Bug Bounty, Pentest and Red Team
ing.		 2024-01-12 00:59:48
vulmap v0.9 Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps
进行漏洞扫描, 并且具备漏洞验证功能		 2022-04-13 13:23:54
代码审计
java
项目名称 版本 项目描述 最近提交时间
code-inspector 0.2-bet
a		 JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分
 2023-06-03 16:43:44
jar-analyzer-gui 1.1 建议使用新版:https://github.com/jar-analyzer/jar-an
alyzer		 2023-11-30 03:59:12
codeql-cli-binari
es		 v2.15.5 Binaries for the CodeQL CLI 2024-01-05 14:23:59
CodeQLpy CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,
目前仅支持java语言。实现从源码反编译,数据库生成,脆弱
性发现的全过程,可以辅助代码审计人员快速定位源码可能存
在的漏洞。		 2023-07-06 06:32:34
JVWA java 代码审计学习靶场 2023-05-28 11:11:53
other
项目名称 版本 项目描述 最近提交时间
Kunlun-M v2.6.5 KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、J
avaScript的语义扫描,基础安全、组件安全扫描,Chrome E
xt\Solidity的基础扫描。		 2023-10-25 03:49:28
murphysec v3.1.1 An open source tool focused on software supply chain
security. 墨菲安全专注于软件供应链安全,具备专业的软
件成分分析(SCA)、漏洞检测、专业漏洞库。		 2024-01-12 03:49:01
fortify fortify内置规则加密破解 2020-07-10 03:38:21
python
项目名称 版本 项目描述 最近提交时间
python_code_audit python 代码审计项目 2021-10-10 07:49:46
python_sec python安全和代码审计相关资料收集 resource collection
of python security and code review		 2020-08-06 02:31:20
口令爆破
项目名称 版本 项目描述 最近提交时间
web-brutator Fast Modular Web Interfaces Bruteforcer 2021-11-16 14:29:28
thc-hydra-windows v9.1 The great THC-HYDRA tool compiled for Windows 2023-02-06 09:01:04
ssb v0.1.1 Secure Shell Bruteforcer — A faster & simpler way t
o bruteforce SSH server		 2021-12-17 06:56:13
SNETCracker 1.0.201
90715		 超级弱口令检查工具是一款Windows平台的弱口令审计工具
,支持批量多线程检查,可快速发现弱密码、弱口令账号,密
码支持和用户名结合进行检查,大大提高成功率,支持自定义
服务端口和字典。		 2019-08-01 05:56:13
WebCrack WebCrack是一款web后台弱口令/万能密码批量检测工具,在
工具中导入后台地址即可进行自动化检测。		 2021-09-07 12:19:54
john John the Ripper jumbo - advanced offline password cr
acker, which supports hundreds of hash and cipher typ
es, and runs on many operating systems, CPUs, GPUs, a
nd even some FPGAs		 2024-01-13 17:45:53
thc-hydra v9.5 hydra 2023-08-13 11:07:10
漏洞发现
项目名称 版本 项目描述 最近提交时间
Ingram v2.0.0 网络摄像头漏洞扫描工具 Webcam vulnerability scanni
ng tool
Dude 2023-05-11 16:05:14
漏洞扫描框架
项目名称 版本 项目描述 最近提交时间
Godscan Godscan Godscan 是一款python编写的具有图形化界面的漏洞检测框
架,可以之定义漏洞检测 poc ,主要是帮助安全测试者,更
好的去记录和整理历史漏洞,以便更好的进行漏洞检测,提高
工作效率!		 2021-09-18 00:52:20
pocassist 1.0.5 傻瓜式漏洞PoC测试框架 2022-06-21 03:43:47
pocsuite3 v2.0.5 pocsuite3 is an open-sourced remote vulnerability te
sting framework developed by the Knownsec 404 Team.		 2023-07-26 21:18:59
Gr33k 图形化漏洞利用集成工具 2021-09-15 08:10:11
kunpeng 2019052
7		 kunpeng是一个Golang编写的开源POC框架/库,以动态链接
库的形式提供各种语言调用,通过此项目可快速开发漏洞检测
类的系统。		 2020-11-20 07:23:06
FrameScan-GUI v1.4.3 FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面
的cms漏洞检测框架。		 2023-04-24 07:24:25
微信小程序辅助
项目名称 版本 项目描述 最近提交时间
wxapkg v1.5.0 微信小程序反编译工具,.wxapkg 文件扫描 + 解密 + 解包
工具		 2023-08-03 12:33:41
信息泄露监控
项目名称 版本 项目描述 最近提交时间
code6 1.6.4 码小六 - GitHub 代码泄露监控系统 2023-04-27 08:45:04
gshark v1.4.0 Scan for sensitive information easily and effectivel
y.		 2024-01-12 13:08:57
中间件&框架漏洞扫描
项目名称 版本 项目描述 最近提交时间
Jiraffe v2.0.6 One stop place for exploiting Jira instances in your
proximity		 2021-05-08 12:37:38
WeblogicScan Weblogic一键漏洞检测工具,V1.5,更新时间:20200730 2022-01-26 02:56:25
Artillery v1.0_20
220519		 JAVA 插件化漏洞扫描器,Gui基于javafx。POC 目前集成 W
eblogic、Tomcat、Shiro、Spring等。		 2022-08-08 00:39:34
weblogic-infodete
ctor		 0.2.4 woodpecker框架weblogic信息探测插件 2022-03-23 08:33:43

漏洞利用库

OA产品漏洞
OA综合
项目名称 版本 项目描述 最近提交时间
MYExploit V2.0.4 OAExploit一款基于产品的一键扫描工具。 2022-09-20 14:50:31
OA-EXPTOOL 0.83 OA综合利用工具,集合将近20款OA漏洞批量扫描 2023-10-28 04:46:18
泛微OA
项目名称 版本 项目描述 最近提交时间
CNVD-2021-49104 CNVD-2021-49104——泛微E-Office文件上传漏洞 2021-12-01 08:12:09
DBconfigReader 泛微ecology OA系统接口存在数据库配置信息泄露漏洞 2020-07-13 08:20:12
Weaver-OA-E-colog
y-Database-Leak		 泛微OA数据库配置泄漏检测脚本 2019-10-27 12:02:14
e-cology-OA-SQL 泛微 e-cology OA 前台SQL注入 2019-10-11 12:53:14
e-cology e-cology OA_Beanshell_RCE 2019-09-29 04:36:36
蓝凌OA
项目名称 版本 项目描述 最近提交时间
Landray-OA-Treexm
l-Rce		 蓝凌OA远程代码执行漏洞批量检查 2022-07-07 03:13:24
LandrayDES V1 蓝凌OA的前后台密码的加解密工具 2020-12-21 06:54:42
通达OA
项目名称 版本 项目描述 最近提交时间
TongdaOATools 2023-05-12 06:37:26
TDOA_RCE v1.0 通达OA综合利用工具 2021-03-17 08:51:32
TongDaOA-Fake-Use
r		 通达OA 任意用户登录漏洞 2020-08-27 11:38:27
TongDa-OA 通达OA一些漏洞点 2020-08-20 07:01:50
用友OA
项目名称 版本 项目描述 最近提交时间
yonyou_exp_plus 用友系列全漏洞检测工具 2023-04-10 00:55:59
fupo_for_yonyou 2.0RC1 用友漏洞检测,持续更新漏洞检测模块 2023-08-08 07:10:46
yonyou-nc-decrypt
er		 0.1.0 用友 nc 系列密码解密 2023-04-07 07:32:55
NCTOOls 一款针对用友NC综合漏洞利用工具 2023-11-27 06:09:58
YongYouNcTool 1.0 用友NC系列漏洞检测利用工具,支持一键检测、命令执行回
显、文件落地、一键打入内存马、文件读取等		 2023-08-19 14:50:28
致远OA
项目名称 版本 项目描述 最近提交时间
SeeyonExploit-GUI 致远OA综合利用工具V1.0 2021-07-07 15:01:16
PassDecode-jar v0.1 帆软/致远密码解密工具 2021-07-29 08:52:34
seeyon_exp 致远OA综合利用工具 2021-06-03 08:03:40
A8-OA-seeyon-RCE A Zhiyuan OA Collaborative Office Remote Code Execut
ion Vulnerability on Windows		 2019-06-27 13:53:06
半自动化漏洞利用
项目名称 版本 项目描述 最近提交时间
Goby Beta2.2
.0		 Attack surface mapping 2023-03-17 11:35:53
railgun v1.5.5 2023-05-08 17:00:45
zpscan v1.8.39 一个有点好用的信息收集工具。A somewhat useful inform
ation gathering tool.		 2023-09-06 04:26:00
编辑器漏洞
UEditor
项目名称 版本 项目描述 最近提交时间
UEditorGetShell UEditor编辑器批量GetShell / Code By:Tas9er 2022-07-10 06:52:19
产品or组件or框架漏洞
Apache Airflow
项目名称 版本 项目描述 最近提交时间
CVE-2022-40127 Apache Airflow < 2.4.0 DAG example_bash_operator RCE
POC		 2022-11-19 10:35:50
Apache Dubbo
项目名称 版本 项目描述 最近提交时间
dubbo-exp dubbo学习demo,之前删了,重新上传。 2022-10-12 08:48:36
Apache Log4j
项目名称 版本 项目描述 最近提交时间
log4jscanner v0.5.0 A log4j vulnerability filesystem scanner and Go pack
age for analyzing JAR files.		 2022-05-25 22:02:38
logging-log4j2 rel/3.0
.0-beta1		 Apache Log4j 2 is a versatile, feature-rich, efficie
nt logging API and backend for Java.		 2024-01-13 08:44:31
Log4j2-CVE-2021-4
4228		 Remote Code Injection In Log4j 2022-01-18 12:01:52
CVE-2021-44228-Po
C-log4j-bypass-wor
ds		 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit -
WAF bypass tricks		 2022-01-15 16:18:44
Apache Shiro
项目名称 版本 项目描述 最近提交时间
ShiroExploit-Depr
ecated		 v2.51 Shiro550/Shiro721 一键化利用工具,支持多种回显方式 2020-11-09 02:23:07
shiro_attack 2.2 shiro反序列化漏洞综合利用,包含(回显执行命令/注入内
存马)		 2021-06-22 01:51:08
ShiroAttack2 4.7.0 shiro反序列化漏洞综合利用,包含(回显执行命令/注入内
存马)修复原版中NoCC的问题 https://github.com/j1anFen/
shiro_attack		 2023-07-28 07:09:56
shiro_rce_tool shiro 反序列 命令执行辅助检测工具 2022-12-28 02:37:14
SHIRO-550 Shiro RememberMe 1.2.4 反序列化 漏洞 2019-10-25 09:51:01
ShiroScan Shiro<=1.2.4反序列化,一键检测工具 2021-03-04 04:23:43
shiro-550-with-No
CC		 V1.1 Shiro-550 不依赖CC链利用工具 2022-07-18 06:22:34
shiro-cve-2020-17
523		 shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套
的漏洞环境		 2021-02-07 09:41:41
shiro-exploit Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key
爆破,配合ysoserial,生成回显Payload		 2021-05-28 03:39:57
Apache Solr
项目名称 版本 项目描述 最近提交时间
solr_exploit Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit 2020-07-08 06:51:47
CVE-2019-0193 Apache Solr DataImport Handler RCE 2019-08-12 02:23:38
Apache-Solr-RCE Apache Solr Exploits 🌟 2020-10-13 11:45:16
solr-injection Apache Solr Injection Research 2020-01-28 17:20:28
CVE-2019-12409 Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true") 2019-11-19 09:17:59
solr_rce Apache Solr RCE via Velocity template 2019-11-13 06:22:58
Solr-SSRF Apache Solr SSRF(CVE-2021-27905) 2021-04-21 10:00:59
CVE-2019-17558_So
lr_Vul_Tool		 1.0 CVE-2019-17558 Solr模板注入漏洞图形化一键检测工具。C
VE-2019-17558 Solr Velocity Template Vul POC Tool.		 2020-01-10 10:58:43
CVE-2019-0192 RCE on Apache Solr using deserialization of untruste
d data via jmx.serviceUrl		 2019-03-10 18:33:42
Apache Struts2
项目名称 版本 项目描述 最近提交时间
Struts2-Scan Struts2全漏洞扫描利用工具 2020-12-23 09:04:37
STS2G 1.0 Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner
Written in Golang		 2022-01-10 14:04:39
struts-pwn_CVE-20
18-11776		 An exploit for Apache Struts CVE-2018-11776 2018-08-26 02:31:30
S2-053-CVE-2017-1
2611		 A simple script for exploit RCE for Struts 2 S2-053(
CVE-2017-12611)		 2017-09-08 11:59:19
struts-pwn An exploit for Apache Struts CVE-2017-5638 2018-05-21 18:32:57
struts-pwn_CVE-20
17-9805		 An exploit for Apache Struts CVE-2017-9805 2017-10-17 14:55:58
CVE-2019-0230 CVE-2019-0230 & s2-059 poc. 2020-08-21 12:41:13
struts-scan Python2编写的struts2漏洞全版本检测和利用工具 2019-05-07 02:12:16
S2-061 some struts tag , attributes which out of the range
will call SetDynamicAttribute() function, it will cau
se ONGL expression execute		 2020-12-14 15:54:05
Struts2Environmen
t		 Struts2 历史版本的漏洞环境 2017-01-20 05:59:05
Struts2VulsTools 2.3.201
90927		 Struts2系列漏洞检查工具 2019-09-24 17:17:50
Struts-S2-xxx 整理收集Struts2漏洞环境 2018-01-09 09:42:13
s2-016-exp S2-016 Exploit && Scanner 2015-03-15 04:39:24
Apache Tomcat
项目名称 版本 项目描述 最近提交时间
AttackTomcat V1 Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上
传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆
破、CVE-2020-1938 Tomcat AJP文件读取/包含		 2022-11-15 09:05:50
Tomcat_PUT_GUI_EX
P		 1.4 Tomcat PUT方法任意文件写入(CVE-2017-12615)exp 2023-03-14 07:39:41
CVE-2017-12617 Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 /
< 7.0.8 - JSP Upload Bypass / Remote Code Execution		 2017-10-11 07:43:49
CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows 2019-11-27 07:39:39
CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows - CGI
-BIN		 2019-04-17 02:42:02
CVE-2017-12615 POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 P
UT JSP vulnerability.		 2019-12-20 07:22:16
CVE-2020-9484 用Kali 2.0复现Apache Tomcat Session反序列化代码执行
漏洞		 2020-05-21 15:13:11
Fastjson
项目名称 版本 项目描述 最近提交时间
FastjsonScan v1.1 Fastjson扫描器,可识别版本、依赖库、autoType状态等。
A tool to distinguish fastjson ,version and dependenc
y		 2022-10-07 18:08:32
FastjsonExploit Fastjson vulnerability quickly exploits the framewor
k(fastjson漏洞快速利用框架)		 2020-03-06 07:48:16
FastjsonVulns [fastjson 1.2.80] CVE-2022-25845 aspectj fileread &
groovy remote classload		 2022-09-02 11:00:22
fastjson-autotype
-bypass-dem
fastjson_rec_expl
oit		 fastjson一键命令执行 2020-07-21 13:50:22
Fastjson Fastjson姿势技巧集合 2023-10-20 02:50:54
fastjson 1.2.83 FASTJSON 2.0.x has been released, faster and more se
cure, recommend you upgrade.		 2023-05-12 06:16:03
fastjsonVul fastjson 80 远程代码执行漏洞复现 2022-09-07 06:18:46
fastjson-check beta fastjson 被动扫描、不出网payload生成 2021-11-19 04:46:45
Grafana
项目名称 版本 项目描述 最近提交时间
grafanaExp V1.1 A exploit tool for Grafana Unauthorized arbitrary fi
le reading vulnerability (CVE-2021-43798), it can bur
st plugins / extract secret_key / decrypt data_source
info automatic.		 2023-11-07 02:48:45
Hikvision
项目名称 版本 项目描述 最近提交时间
HikvisionDecode 2023-07-04 10:25:23
IIS
项目名称 版本 项目描述 最近提交时间
IIS_shortname_Sca
nner		 an IIS shortname Scanner 2022-12-08 10:54:13
JBoss
项目名称 版本 项目描述 最近提交时间
jexboss JexBoss: Jboss (and Java Deserialization Vulnerabili
ties) verify and EXploitation Tool		 2017-03-28 01:34:04
jboss-_CVE-2017-1
2149		 CVE-2017-12149 jboss反序列化 可回显 2019-03-13 08:56:59
log4j
项目名称 版本 项目描述 最近提交时间
log4j-shell-poc A Proof-Of-Concept for the CVE-2021-44228 vulnerabil
ity.		 2023-02-08 23:30:22
Nacos
项目名称 版本 项目描述 最近提交时间
HKEcho_Nacos 2023-12-07 14:13:43
SmartBI
项目名称 版本 项目描述 最近提交时间
SmartBIAttackTool v1.0 SmartBI 登录代码逻辑漏洞导致的远程代码执行利用工具 2023-07-16 13:16:27
Spring Boot
项目名称 版本 项目描述 最近提交时间
SpringBootExploit 1.3 项目是根据LandGrey/SpringBootVulExploit清单编写,目
的hvv期间快速利用漏洞、降低漏洞利用门槛。		 2022-11-07 02:30:45
SpringBoot-Scan-G
UI		 v1.2.2 2023-02-15 02:40:09
SpringExploit 0.1.9 🚀 一款为了学习go而诞生的漏洞利用工具 2022-06-14 12:28:15
Spring_All_Reacha
ble		 v2.1 Spring漏洞综合利用工具 2023-07-05 09:49:55
ThinkCMF
项目名称 版本 项目描述 最近提交时间
ThinkCMF_getshell ThinkCMF 框架上的任意内容包含漏洞 2019-10-28 05:48:18
Thinkphp
项目名称 版本 项目描述 最近提交时间
thinkphp_gui_tool
s		 v2.4.2 ThinkPHP漏洞综合利用工具, 图形化界面, 命令执行, 一键
getshell, 批量检测, 日志遍历, session包含,宝塔绕过		 2022-07-02 09:01:52
VulnerabilityTool
s		 [CVE_2023_28432漏洞 、CVE_2023_32315漏洞、 ThinkPHP
2.x 任意代码执行漏洞 、ThinkPHP5 5.0.22/5.1.29 远程代
码执行漏洞、 ThinkPHP5 5.0.23 远程代码执行漏洞 ThinkPH
P 多语言本地文件包含漏洞]		 2023-08-31 06:46:17
ThinkphpGUI 1.3 Thinkphp(GUI)漏洞利用工具,支持各版本TP漏洞检测,命
令执行,getshell。		 2022-06-01 18:48:29
Aazhen-RexHa 自研JavaFX图形化漏洞扫描工具,支持扫描的漏洞分别是:
ThinkPHP-2.x-RCE, ThinkPHP-5.0.23-RCE, ThinkPHP5.0
.x-5.0.23通杀RCE, ThinkPHP5-SQL注入&敏感信息泄露, T
hinkPHP 3.x 日志泄露NO.1, ThinkPHP 3.x 日志泄露NO.2
, ThinkPHP 5.x 数		 2023-03-27 07:38:18
ThinkphpRCE Thinkphp rce扫描脚本,附带日志扫描 2020-06-19 05:18:13
thinkphp-RCE-POC-
Collection		 thinkphp v5.x 远程代码执行漏洞-POC集合 2019-01-15 07:04:12
tphack Thinkphp3/5 Log文件泄漏利用工具 2018-02-04 18:13:19
tp5-getshell thinkphp5 rce getshell 2018-12-14 03:20:50
ThinkPHP-Vuln 关于ThinkPHP框架的历史漏洞分析集合 2020-01-18 16:11:00
fastadmin 基于 ThinkPHP5 和 Bootstrap 的极速后台开发框架,一键
生成 CRUD,自动生成控制器、模型、视图、JS、语言包、菜
单、回收站。		 2022-05-30 06:51:49
ThinkAdmin 基于 ThinkPHP6 的极简后台管理系统,内置注解权限、异
步多任务、应用插件生态等,支持类 PaaS 更新公共模块和应
用插件,插件可本地化定制开发。		 2023-12-31 13:07:11
TPscan 一键ThinkPHP漏洞检测 2022-09-28 09:27:15
vmware
项目名称 版本 项目描述 最近提交时间
Vm4J A tool for detect&exploit vmware product log4j(cve-2
021-44228) vulnerability.Support VMware HCX/vCenter/N
SX/Horizon/vRealize Operations Manager		 2022-01-07 01:01:13
VcenterKiller v1.3.6 一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2
021-21972、CVE-2021-21985以及CVE-2021-22005、One Acce
ss的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提
供一键上传webshell,命令执行或者上传公钥使用SSH免密连
 2022-12-15 04:07:21
Weblogic
项目名称 版本 项目描述 最近提交时间
CVE-2023-21839 2023-04-23 17:54:49
weblogic-framewor
k		 v0.2.3 weblogic-framework is the best tool for detecting we
blogic vulnerabilities.		 2022-01-25 07:51:44
WeblogicTool v1.3 WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执
行、内存马注入、密码解密等(深信服深蓝实验室天威战队强
力驱动)		 2023-07-06 16:05:15
Decrypt_Weblogic_
Password		 搜集了市面上绝大部分weblogic解密方式,整理了7种解密w
eblogic的方法及响应工具。		 2019-11-29 15:39:17
weblogicScanner weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力
:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-201
7-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628
、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-201
8		 2022-07-17 12:41:40
CVE-2017-10271 CVE-2017-10271 WEBLOGIC RCE (TESTED) 2017-12-23 13:10:09
Weblogic Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执
 2019-07-15 06:02:30
WebLogicPasswordD
ecryptorUi		 v2.0 解密weblogic AES或DES加密方法 2020-12-03 04:29:33
WeblogicScan 增强版WeblogicScan、检测结果更精确、插件化、添加CVE-
2019-2618,CVE-2019-2729检测,Python3支持		 2019-06-24 06:06:26
CVE-2020-2551 how detect CVE-2020-2551 poc exploit python Weblogic
RCE with IIOP		 2023-03-05 12:40:58
CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 2019-05-26 13:36:18
cve-2019-2618 Weblogic Upload Vuln(Need username password)-CVE-201
9-2618		 2019-04-17 15:05:08
CVE-2019-2890 CVE-2019-2890 WebLogic 反序列化RCE漏洞 2019-12-08 05:50:42
CVE-2020-2551 Weblogic RCE with IIOP 2020-01-18 07:14:33
CVE-2018-2894 CVE-2018-2894 WebLogic Unrestricted File Upload Lead
To RCE Check Script		 2018-07-20 12:46:37
WeblogicEnvironme
nt		 Weblogic环境搭建工具 2020-04-23 07:36:47
WeblogicScanLot WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2 2020-08-01 02:45:01
CVE-2020-14645 Weblogic CVE-2020-14645 UniversalExtractor JNDI inje
ction getDatabaseMetaData()		 2020-07-20 03:51:05
CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelper.class of c
oherence.jar		 2021-01-27 01:40:55
CVE-2020-2551 Weblogic IIOP CVE-2020-2551 2020-04-07 03:32:23
CVE-2020-2555 Weblogic com.tangosol.util.extractor.ReflectionExtra
ctor RCE		 2022-12-15 00:36:55
CVE-2020-2883 Weblogic coherence.jar RCE 2020-05-10 09:29:35
常规web漏洞
CLRF
项目名称 版本 项目描述 最近提交时间
CRLFsuite
CORS
项目名称 版本 项目描述 最近提交时间
CORScanner 1.0.1 🎯 Fast CORS misconfiguration vulnerabilities scanne
r		 2021-11-25 07:25:11
DOS
项目名称 版本 项目描述 最近提交时间
slowhttptest v1.9.0 Application Layer DoS attack simulator 2023-09-11 17:57:32
JWT
项目名称 版本 项目描述 最近提交时间
JWT_GUI replace
_brute_e
rror		 基于pyqt5和pyjwt实现的jwt加解密爆破一体化工具(ps:其
实是水的python课设)		 2023-07-24 12:26:10
JWTPyCrack JWT 弱口令 Key 爆破以及生成 NONE 加密的无 Key 的 JWT
String		 2021-09-22 05:49:33
jwt-hack v1.1.2 🔩 jwt-hack is tool for hacking / security testing t
o JWT. Supported for En/decoding JWT, Generate payloa
d for JWT attack and very fast cracking(dict/brutefoc
e)		 2023-05-06 07:33:26
jwt_tool v2.2.6 🐍 A toolkit for testing, tweaking and cracking
JSON Web Tokens		 2022-09-09 11:00:11
RS256-2-HS256 JWT Attack to change the algorithm RS256 to HS256 2023-05-08 13:07:03
c-jwt-cracker JWT brute force cracker written in C 2021-01-12 17:34:41
jwt-fuzzer JWT fuzzer 2018-07-24 15:22:26
JWT4B 2.3 JWT Support for Burp 2023-04-21 09:25:29
SQL注入
项目名称 版本 项目描述 最近提交时间
ghauri 1.3 An advanced cross-platform tool that automates the p
rocess of detecting and exploiting SQL injection secu
rity flaws		 2024-01-04 11:56:25
sqlmap 1.8 Automatic SQL injection and database takeover tool 2024-01-11 15:11:40
MSSQL_SQL_BYPASS_
WIKI		 MSSQL注入提权,bypass的一些总结 2023-02-16 16:25:30
MYSQL_SQL_BYPASS_
WIKI		 mysql注入,bypass的一些心得 2023-02-16 16:24:50
sql-injection-pay
load-list		 🎯 SQL Injection Payload List 2021-06-09 17:45:57
SSRF
项目名称 版本 项目描述 最近提交时间
SSRFmap Automatic SSRF fuzzer and exploitation tool 2023-05-27 19:30:08
ssrf-sheriff A simple SSRF-testing sheriff written in Go 2019-10-14 16:55:34
SSTI
项目名称 版本 项目描述 最近提交时间
tplmap v0.5 Server-Side Template Injection and Code Injection De
tection and Exploitation Tool		 2022-02-06 15:13:15
SSTImap v1.1 Automatic SSTI detection tool with interactive inter
face		 2023-06-01 22:42:34
ssti-payload SSTI Payload Generator 2019-07-03 15:41:35
XSS
项目名称 版本 项目描述 最近提交时间
beef v0.5.4.
0		 The Browser Exploitation Framework Project 2024-01-07 01:33:31
xsscrapy XSS spider - 66/66 wavsep XSS detected 2022-04-25 16:15:45
findom-xss A fast DOM based XSS vulnerability scanner with simp
licity.		 2022-03-02 15:50:42
dalfox v2.9.1 🌙🦊 Dalfox is a powerful open-source XSS scanner an
d utility focused on automation.		 2024-01-01 05:37:50
Chromium-based-XS
S-Taint-Tracking		 v0.3 Cyclops 是一款具有 XSS 检测功能的浏览器 2022-06-05 23:43:51
XXE
项目名称 版本 项目描述 最近提交时间
oxml_xxe A tool for embedding XXE/XML exploits into different
filetypes		 2023-05-05 11:11:20
docem 1.3 Uility to embed XXE and XSS payloads in docx,odt,pp
tx,etc (OXML_XEE on steroids)		 2020-07-28 10:30:41
解析漏洞

####### Nginx

项目名称 版本 项目描述 最近提交时间
nginxpwner Nginxpwner is a simple tool to look for common Nginx
misconfigurations and vulnerabilities.		 2022-10-27 07:15:00
文件包含
项目名称 版本 项目描述 最近提交时间
liffy Local file inclusion exploitation tool 2022-09-30 18:35:20
漏洞检测利用仓库
项目名称 版本 项目描述 最近提交时间
PocList Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-
25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic
-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-Ultr
aVires/Redis-Unauthori		 2023-05-11 14:36:58
Some-PoC-oR-ExP 各种漏洞poc、Exp的收集或编写 2023-08-23 07:23:32
POChouse POC&EXP仓库、hvv弹药库、Nday、1day 2022-11-11 08:02:58
0day 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC
,该项目将持续更新		 2023-09-12 00:57:05
vulnerability 收集、整理、修改互联网上公开的漏洞POC 2024-01-11 08:59:32
Awesome-Exploit 一个漏洞利用工具仓库 2023-07-05 01:49:54
CVE-Master v1.0.1 收集本人自接触渗透测试用于漏洞验证的所有热门CVE、POC
、CNVD攻击有效载荷+测试工具+FUZZ,一个仓库满足许多攻击
测试场景,开箱即用.		 2022-09-18 14:43:11
poc-hub 2023-04-04 03:20:05
PocOrExp_in_Githu
b		 聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Au
to Collect Poc Or Exp from Github by CVE ID.		 2024-01-13 21:35:10
exphub Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat
、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CV
E-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-202
0-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555
、C		 2021-04-04 09:13:57
漏洞利用辅助
项目名称 版本 项目描述 最近提交时间
JNDIExploit 1.1 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JND
I项目的代码,支持直接植入内存shell,并集成了常见的byp
ass 高版本JDK的方式,适用于与自动化工具配合使用。		 2022-08-30 12:47:34
cola_dnslog v1.3.2 Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探
测辅助平台 完全开源 dnslog httplog ldaplog rmilog 支持
dns http ldap rmi等协议 提供API调用方式便于与其他工具
结合 支持钉钉机器人、Bark等提醒 支持docker一键部署 后
端完全使用python实现 前端基于vue-elemen		 2023-02-06 04:48:56
godnslog v0.7.0 An exquisite dns&http log server for verify SSRF/XXE
/RFI/RCE vulnerability		 2022-03-14 07:39:00
Exp-Tools v1.2.3 一款集成高危漏洞exp的实用性工具 2023-10-15 07:28:21
ysoserial v0.0.6 A proof-of-concept tool for generating payloads that
exploit unsafe Java object deserialization.		 2022-07-16 19:09:00
DNSlog-GO master DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具
,自带WEB界面 / DNSLog-GO is a monitoring tool written
in Golang that monitors DNS resolution records. It c
omes with a web interface.		 2023-10-08 02:32:31
revsuit v0.7.1 RevSuit is a flexible and powerful reverse connectio
n platform designed for receiving connection from tar
get host in penetration.		 2023-06-01 16:36:44
JNDIExploit-1 v1.2 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue
JNDI 项目的代码,支持直接植入内存shell,并集成了常见
的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
(from https://github.com/feihong-cs/JNDIExploit)		 2021-12-15 12:09:05
JNDIExploit 2023-07-11 08:58:52
ddddocr 带带弟弟 通用验证码识别OCR pypi版 2023-08-30 13:24:01
ysoserial 2023-04-19 12:00:21
Gopherus This tool generates gopher link for exploiting SSRF
and gaining RCE in various servers		 2022-07-11 12:11:56
ysomap v0.1.5 A helpful Java Deserialization exploit framework. 2023-12-20 07:41:33
JNDIExploit v1.4 对原版https://github.com/feihong-cs/JNDIExploit 进行
了实用化修改		 2022-10-16 17:13:30
Antenna v1.3.5 Antenna是58同城安全团队打造的一款辅助安全从业人员验
证网络中多种漏洞是否存在以及可利用性的工具。其基于带外
应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能
力通过插件的形式进行集合,通过与目标进行out-bind的数据
通信方式进行辅助检测。		 2023-06-06 10:04:37
jndi_tool JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存she
ll,高版本JDK场景下利用等,fastjson rce命令执行,log4
j rce命令执行 漏洞检测辅助工具		 2022-08-17 09:34:47
DNSLog DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具
 2018-11-14 09:07:48
Alphalog 1.0.0.R
elease		 DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全
匿名 产品(fuzz.red),Alphalog与传统DNSLog不同,更快、
更安全。		 2023-04-07 05:29:54
DNSLog-Platform-G
olang		 v0.3 DNSLOG平台 golang 2021-12-30 03:29:29
JNDI-Exploit-Kit JNDI-Exploitation-Kit(A modified version of the gre
at JNDI-Injection-Exploit created by @welk1n. This to
ol can be used to start an HTTP Server, RMI Server an
d LDAP Server to exploi		 2022-01-11 06:21:45
JNDI-Injection-Ex
ploit		 v1.0 JNDI注入测试工具(A tool which generates JNDI links
can start several servers to exploit JNDI Injection v
ulnerability,like Jackson,Fastjson,etc)		 2020-01-19 03:49:07
JNDIMonitor 一个LDAP请求监听器,摆脱dnslog平台 2023-04-07 10:19:37
漏洞利用框架
项目名称 版本 项目描述 最近提交时间
woodpecker-framew
ork-release		 1.3.5 高危漏洞精准检测与深度利用框架 2023-01-08 09:11:17
漏洞文库
项目名称 版本 项目描述 最近提交时间
VulWiki VulWiki 2021-03-09 08:16:32
FrameVul POC集合,框架nday漏洞利用 2024-01-04 09:26:20
bylibrary 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开
项目		 2022-08-15 14:27:05
vulbase 各大漏洞文库合集 2021-10-05 01:04:37
PoC-ExP 【漏洞Poc知识库】一个网络安全爱好者对网络上一些已知
漏洞payload的收录,持续更新。并编写了利用脚本,可用于
日常学习或批量的src漏洞挖掘		 2022-09-23 05:22:17
Report_Public DVPNET 公开漏洞知识库 2021-06-10 06:26:03
yougar0.github.io 漏洞知识库 2021-03-31 10:57:28
BUG-Pocket 小型漏洞库,提供FOFA语法及批量脚本,具体利用法请参考
别的漏洞库,共4种类型47项		 2021-07-31 02:01:39
PeiQi-WIKI-Book 面向网络安全从业者的知识文库🍃 2023-11-08 06:09:01
WiKi 稻草人安全团队漏洞库 2021-07-24 07:10:31
Awesome-POC 一个漏洞POC知识库 2023-11-30 09:43:04
Vulhub-Reproduce 一个Vulhub漏洞复现知识库 2024-01-04 03:13:18
Vulnerability-Wik
i		 v1.0 基于 docsify 部署,目前漏洞数量 1000+ 2024-01-04 03:12:12
PoC-in-GitHub 📡 PoC auto collect from GitHub. ⚠️ Be careful Mal
ware.		 2024-01-14 00:31:16
信息泄露漏洞
.DS_Store泄露
项目名称 版本 项目描述 最近提交时间
ds_store_exp A .DS_Store file disclosure exploit. It parses .DS_S
tore file and downloads files recursively.		 2022-06-16 02:22:00
.git泄露
项目名称 版本 项目描述 最近提交时间
git-dumper A tool to dump a git repository from a website 2022-05-07 04:39:31
GitHack .git 泄漏利用工具,可还原历史版本 2020-02-25 10:15:10
scrabble Simple tool to recover .git folder from remote serve
r		 2014-10-09 17:36:37
GitHack A .git folder disclosure exploit 2022-05-09 13:16:57
GitDorker A Python program to scrape secrets from GitHub throu
gh usage of a large repository of dorks.		 2021-05-07 06:11:57
Git_Extract 提取远程 git 泄露或本地 git 的工具 2020-11-14 14:48:56
.svn泄露
项目名称 版本 项目描述 最近提交时间
svnExploit SvnExploit支持SVN源代码泄露全版本Dump源码 2022-12-20 09:22:50
heapdump泄露
项目名称 版本 项目描述 最近提交时间
JDumpSpider dev-202
30406T03
1230		 HeapDump敏感信息提取工具 2023-04-06 03:11:35
heapdump_tool heapdump敏感信息查询工具,例如查找 spring heapdump中
的密码明文,AK,SK等		 2023-11-07 10:53:08
idea
项目名称 版本 项目描述 最近提交时间
idea_exploit Gather sensitive information from (.idea) folder for
pentesters		 2022-08-05 11:20:35
key泄露
项目名称 版本 项目描述 最近提交时间
cloudTools main 云资产管理工具 目前工具定位是云安全相关工具,目前是
两个模块 云存储工具、云服务工具, 云存储工具主要是针对
oss存储、查看、删除、上传、下载、预览等等 云服务工具
主要是针对rds、服务器的管理,查看、执行命令、接管等等		 2023-10-14 08:49:08
AliyunAccessKeyTo
ols		 1.0 阿里云AccessKey泄漏利用工具 2021-07-16 00:52:34
API-T00L v1.2 互联网厂商API利用工具。 2023-09-14 10:11:38
cf 2023-07-05 00:29:39
Cloud-Bucket-Leak
-Detection-Tools		 v0.4.0 六大云存储,泄露利用检测工具 2022-08-25 09:31:28
aksk_tool AK资源管理工具,阿里云/腾讯云/华为云/AWS/UCLOUD/京东
云/百度云/七牛云存储 AccessKey AccessKeySecret,利用AK
获取资源信息和操作资源,ECS/CVM/E2/UHOST/ECI/BCC执行命
令,OSS/COS/S3/BOS管理,RDS/DB管理,域名管理,添加RAM/
CAM/IAM账号等		 2023-04-24 09:21:41
swagger接口
项目名称 版本 项目描述 最近提交时间
swagger-hack 自动化爬取并自动测试所有swagger接口 2021-08-02 05:39:49
swagger-exp A Swagger API Exploit 2023-04-21 06:44:01
Webpack接口
项目名称 版本 项目描述 最近提交时间
Packer-Fuzzer v1.4 Packer Fuzzer is a fast and efficient scanner for se
curity detection of websites constructed by javascrip
t module bundler such as Webpack.		 2023-01-17 09:41:54
代码泄露综合
项目名称 版本 项目描述 最近提交时间
dvcs-ripper Rip web accessible (distributed) version control sys
tems: SVN/GIT/HG...		 2020-08-17 16:38:26
dumpall v0.4.0 一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏
和目录列出		 2022-07-05 05:30:40
敏感数据泄露
项目名称 版本 项目描述 最近提交时间
JSFScan.sh Automation for javascript recon in bug bounty. 2022-11-04 03:20:29
SecretFinder SecretFinder - A python script for find sensitive da
ta (apikeys, accesstoken,jwt,..) and search anything
on javascript files		 2021-06-26 07:43:14
Mantra v.1.1 「🔑」A tool used to hunt down API key leaks in JS f
iles and pages		 2023-07-08 18:59:06
重点CMS利用
项目名称 版本 项目描述 最近提交时间
wprecon
wpreconx 2.4.5 WPRecon, is a tool for the recognition of vulnerabil
ities and blackbox information for wordpress.		 2022-10-22 19:35:25
CMSmap CMSmap is a python open source CMS scanner that auto
mates the process of detecting security flaws of the
most popular CMSs.		 2018-10-26 18:45:03
QVD-2023-13065 Nacos JRaft Hessian 反序列化 RCE EXP 2023-06-13 09:56:04
wordpress-exploit
-framework		 v2.0.1 A Ruby framework designed to aid in the penetration
testing of WordPress systems.		 2019-11-24 19:04:43
CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exp
loit		 2023-06-01 05:54:25
EgGateWayGetShell Code By:Tas9er 2021-01-14 01:05:29
Apt_t00ls v0.7 高危漏洞利用工具 2023-08-13 12:33:36
wpscan v3.8.25 WPScan WordPress security scanner. Written for secur
ity professionals and blog maintainers to test the se
curity of their WordPress websites. Contact us via co
[email protected]		 2023-12-01 17:44:24
LandrayExploit 2021-07-27 08:20:41
weaver_exp 泛微OA漏洞综合利用脚本 2021-06-28 19:02:37
2021hvv_vul 2021hvv漏洞汇总 2021-04-24 04:17:06
CMS-Exploit-Frame
work		 CMS Exploit Framework 2014-11-30 05:17:43
CMS-Hunter CMS漏洞测试用例集合 2018-12-20 06:44:32
子域接管
项目名称 版本 项目描述 最近提交时间
SubOver v1.2 A Powerful Subdomain Takeover Tool 2018-08-30 00:38:45

端口服务安全

服务漏洞

JDWP
项目名称 版本 项目描述 最近提交时间
jdwp-shellifier 2017-01-14 00:36:18
jdwp-shellifier 修改利用方式为通过对Sleeping的线程发送单步执行事件,
达成断点,从而可以直接获取上下文、执行命令,而不用等待
断点被击中。		 2020-02-27 12:27:27
jdwp-codeifier 基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本(动态执
行Java/Js代码并获得回显)		 2023-12-06 07:45:48
rdp
项目名称 版本 项目描述 最近提交时间
CVE-2019-0708 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rd
pscan Bluekeep Check)		 2019-06-13 13:07:02
CVE-2019-0708 CVE-2019-0708 (BlueKeep) 2020-07-07 15:27:55
RMI
项目名称 版本 项目描述 最近提交时间
attackRmi v2.0 2021-12-30 08:06:46
rmiscout v1.4 RMIScout uses wordlist and bruteforce strategies to
enumerate Java RMI functions and exploit RMI paramete
r unmarshalling vulnerabilities		 2020-12-08 12:51:04
BaRMIe v1.01 Java RMI enumeration and attack tool. 2017-09-28 22:37:50
attackRmi v0.1 attackRmi 2020-10-14 08:07:36
数据库利用
mssql
项目名称 版本 项目描述 最近提交时间
mssqlproxy 0.1 mssqlproxy is a toolkit aimed to perform lateral mov
ement in restricted environments through a compromise
d Microsoft SQL Server via socket reuse		 2020-08-13 11:53:38
SharpSQLTools 41 SharpSQLTools 和@Rcoil一起写的小工具,可上传下载文件
,xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集
执行相应操作。		 2021-08-05 12:39:51
SqlKnife_0x727 1.2 适合在命令行中使用的轻巧的SQL Server数据库安全检测工
 2021-10-22 06:18:03
PySQLTools Mssql利用工具 2023-08-07 05:03:28
Oracle
项目名称 版本 项目描述 最近提交时间
odat 5.1.1 ODAT: Oracle Database Attacking Tool 2022-06-20 08:09:48
oracleShell oracle 数据库命令执行 2020-11-06 02:20:25
postgresql
项目名称 版本 项目描述 最近提交时间
postgresql_udf_he
lp		 PostgreSQL 提权辅助脚本 2021-08-23 08:25:06
redis
项目名称 版本 项目描述 最近提交时间
RabR 0.6.2 Redis-Attack By Replication (通过主从复制攻击Redis) 2022-11-25 06:43:58
redis-rogue-serve
r		 Redis 4.x/5.x RCE 2020-12-06 07:02:12
redis-rogue-serve
r		 Redis(<=5.0.5) RCE 2022-10-13 03:29:51
redis-rce Redis 4.x/5.x RCE 2021-11-30 14:55:59
RedisEXP 0.0.3 Redis 漏洞利用工具 2023-08-02 16:59:50
redis_rce v0.1.0 Redis primary/secondary replication RCE 2022-04-18 02:32:09
RedisModules-Exec
uteCommand-for-Win
dows		 可在Windows下执行系统命令的Redis模块,可用于Redis主
从复制攻击。		 2022-11-25 06:46:12
综合
项目名称 版本 项目描述 最近提交时间
RequestTemplate 2023-04-07 07:26:03
Databasetools 1.2 一款用Go语言编写的数据库自动化提权工具,支持Mysql、M
SSQL、Postgresql、Oracle、Redis数据库提权、命令执行、
爆破以及ssh连接		 2023-02-19 10:42:49
MDUT v2.1.1 MDUT - Multiple Database Utilization Tools 2022-10-13 05:34:29
PentestDB 各种数据库的利用姿势 2023-03-28 05:09:44
Sylas beta 数据库综合利用工具 2022-02-16 14:41:49

后渗透

代理转发

项目名称 版本 项目描述 最近提交时间
http://rootkiter.com/Termite/
dns2tcp v0.5.2 2017-11-23 14:59:37
nps v0.26.1
0		 一款轻量级、高性能、功能强大的内网穿透代理服务器。支
持tcp、udp、socks5、http等几乎所有流量转发,可用来访问
内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns
解析、内网socks5代理等等……,并带有功能强大的web管理
端。a lightweight, high-performance, powerful intranet
penet		 2021-10-09 07:18:41
pingtunnel 2.8 Pingtunnel is a tool that send TCP/UDP traffic over
ICMP		 2023-11-29 03:52:29
frp v0.53.2 A fast reverse proxy to help you expose a local serv
er behind a NAT or firewall to the internet.		 2024-01-09 10:50:50
pystinger v1.6 Bypass firewall for traffic forwarding using webshel
l 一款使用webshell进行流量转发的出网工具		 2021-09-29 13:13:36
Erfrp v0.1 Erfrp-frp二开-免杀与隐藏 2022-12-04 10:46:57
dnscat2 2022-01-03 20:48:20
ngrok Introspected tunnels to localhost 2016-05-31 00:10:41
icmpsh
PortForward 0.5.0 The port forwarding tool developed by Golang solves
the problem that the internal and external networks c
annot communicate in certain scenarios		 2021-04-23 16:40:39
Neo-reGeorg v5.1.0 Neo-reGeorg is a project that seeks to aggressively
refactor reGeorg		 2023-07-09 09:31:18
rakshasa v0.2.3 基于go编写的跨平台、稳定、隐秘的多级代理内网穿透工具 2023-04-23 06:50:02
frp_cmd v0.38.0
_modify		 frp修改版,增加socks、pf命令,便捷启用socks5代理、端
口转发,且去除流量特征,增加loadini命令,支持命令行参
数导入base64编码的配置文件		 2021-12-05 14:25:30
Stowaway v2.1 👻Stowaway -- Multi-hop Proxy Tool for pentesters 2023-10-28 04:17:23
slcx v1.0.2 端口转发工具,绕过流量安全检测。 2023-08-05 07:52:12
reGeorg The successor to reDuh, pwn a bastion webserver and
create SOCKS proxies through the DMZ. Pivot and pwn.		 2017-02-16 11:39:15
goproxy v14.1 🔥 Proxy is a high performance HTTP(S) proxies, SOCK
S5 proxies,WEBSOCKET, TCP, UDP proxy server implement
ed by golang. Now, it supports chain-style proxies,na
t forwarding in differe		 2023-10-24 04:45:51
suo5 v1.0.0 一款高性能 HTTP 代理隧道工具 A high-performance ht
tp proxy tunneling tool
https://www.proxifier.com/

后渗透框架

项目名称 版本 项目描述 最近提交时间
metasploit-framew
ork		 Metasploit Framework 2024-01-12 15:04:09

内网横向工具

项目名称 版本 项目描述 最近提交时间
Intranet-Movement
-Kit		 V1.0 内网横向移动工具箱 2023-08-28 07:22:55
OLa OLa__20
220724		 2022-08-15 06:37:48
impacket impacke
t_0_11_0		 Impacket is a collection of Python classes for worki
ng with network protocols.		 2024-01-11 20:46:39
VMInjector DLL Injection tool to unlock guest VMs 2012-11-14 15:08:04
Intranet-tools 2023-09-15 04:31:07
sharpwmi v2 sharpwmi是一个基于rpc的横向移动工具,具有上传文件和
执行命令功能。		 2021-01-11 07:10:53
WMIHACKER A Bypass Anti-virus Software Lateral Movement Comman
d Execution Tool		 2023-01-30 13:17:30
java-impacket-gui java-impacket-gui 2023-09-07 12:55:07
Impacket_For_Web 2023-09-06 05:26:46
wmiexec-Pro v0.2.6 New generation of wmiexec.py 2023-07-31 03:58:14
impacket-gui impacket-gui 2023-09-04 08:25:09
https://xz.aliyun.com/t/9382

内网漏洞发现

项目名称 版本 项目描述 最近提交时间
Template v1.2.5 Next generation RedTeam heuristic intranet scanning
下一代RedTeam启发式内网扫描
ServerScan v1.0.2 ServerScan一款使用Golang开发的高并发网络扫描、服务探
测工具。		 2021-02-23 05:57:32
ADCSKiller An ADCS Exploitation Automation Tool Weaponizing Cer
tipy and Coercer		 2023-05-19 14:43:36
Gscan v1.0 Gscan is a high concurrency scanner based on golang 2020-01-12 01:25:03
goon v3.5 goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具
。功能包含:ip探活、port扫描、web指纹扫描、title扫描、
压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgre
s、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如ne
tbios探测等功能。		 2022-08-23 16:20:26
InScan 边界打点后的自动化渗透工具 2021-07-19 09:34:40
kscan v1.85 Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协
议检测、指纹识别,暴力破解等功能。支持协议1200+,协议
指纹10000+,应用指纹20000+,暴力破解协议10余种。		 2023-08-22 10:45:48
fscan 1.8.3 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描
 2023-12-25 09:57:28

内网信息收集

项目名称 版本 项目描述 最近提交时间
ATAttack 敌后侦察 2020-04-05 14:06:02
netspy v0.0.5 netspy是一款快速探测内网可达网段工具(深信服深蓝实验
室天威战队强力驱动)		 2022-05-12 06:38:37
SharpHostInfo v0.0.1 SharpHostInfo是一款快速探测内网主机信息工具(深信服
深蓝实验室天威战队强力驱动)		 2022-12-15 12:49:17
HostInfoScan 红队小工具 利用DCERPC协议,无需认证获取Windows机器
主机信息和多网卡信息
netdiscover netdiscover 2022-10-12 12:28:44
Adinfo v0.3 域信息收集工具 2022-09-16 07:49:23
ClipboardHistoryT
hief		 POC tool to extract all persistent clipboard history
data from clipboard service process memory		 2023-04-15 07:09:20
TakeMyRDP A keystroke logger targeting the Remote Desktop Prot
ocol (RDP) related processes, It utilizes a low-level
keyboard input hook, allowing it to record keystroke
s in certain contexts		 2023-08-02 02:23:28

权限提升

linux提权
项目名称 版本 项目描述 最近提交时间
PEASS-ng 2024010
7-6fec90
a8		 PEASS - Privilege Escalation Awesome Scripts SUITE (
with colors)		 2024-01-13 15:36:49
dirtycow Dirty Cow exploit - CVE-2016-5195 2021-04-08 11:35:12
traitor v0.0.14 ⬆️ ☠️ 🔥 Automatic L
inux privesc via exploitation of low-hanging fruit e.
g. gtfobins, pwnkit, dirty pipe, +w docker.sock		 2023-03-07 22:06:41
LinEnum Scripted Local Linux Enumeration & Privilege Escalat
ion Checks		 2020-01-07 09:20:33
https://i.hacking8.com/tiquan/
windows提权
项目名称 版本 项目描述 最近提交时间
BadPotato Windows 权限提升 BadPotato 2020-05-10 15:42:20
Windows-exploits Windows
Exploits
Collecti
ons		 Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用
工具。 A large collection of rights raising vulnerabil
ities on the windows platform, which collects various
rights raising vulnerability utilization tool		 2023-01-04 11:10:42
CoercedPotato Windows potato to privesc 2023-11-03 20:58:16
综合
项目名称 版本 项目描述 最近提交时间
Kernelhub v1.1 🌴Linux、macOS、Windows Kernel privilege es
calation vulnerability collection, with compilation e
nvironment, demo GIF map, vulnerability details, exec
utable file (提权漏洞合集)		 2023-02-15 06:44:08

权限维持

Shell管理
项目名称 版本 项目描述 最近提交时间
antSword 2.1.15 中国蚁剑是一款跨平台的开源网站管理工具。AntSword is
a cross-platform website management toolkit.		 2022-08-18 01:49:03
Godzilla v4.0.1-
godzilla		 哥斯拉 2023-03-07 07:33:10
WebshellManager w8ay 一句话WEB端管理工具 2017-02-01 05:18:26
Cknife Cknife 2016-08-03 08:24:36
Webshell_Generate v1.2.3 用于生成各类免杀webshell 2023-06-19 03:21:09
java-memshell-gen
erator-release		 v1.0.7.
beta3		 一款支持高度自定义的 Java 内存马生成工具 2023-11-01 04:18:55
Behinder Behinde
r_v4.0.6		 “冰蝎”动态二进制加密网站管理客户端 2022-08-23 02:50:39
Platypus v1.5.0 🔨 A modern multiple reverse shell sessions ma
nager written in go		 2023-08-16 02:43:03
As-Exploits 中国蚁剑后渗透框架 2021-08-09 12:58:00
webshell
项目名称 版本 项目描述 最近提交时间
webshell 这是一些常用的webshell 2017-08-10 05:55:01
AwesomeScript AntSword Shell 脚本分享/示例 2021-05-23 06:02:50
AntSword-Loader 4.0.3 AntSword 加载器 2019-06-17 02:57:28
AwesomeEncoder AntSword 自定义编(解)码器分享 2021-03-05 14:46:57
vagent v1.0.0 多功能 java agent 内存马 2023-10-08 05:21:38
后门
项目名称 版本 项目描述 最近提交时间
CloneX_0x727 1.0 进行克隆用户、添加用户等账户防护安全检测的轻巧工具 2021-09-03 09:08:01
SchTask_0x727 v1.0 创建隐藏计划任务,权限维持,Bypass AV 2021-09-01 01:34:51
HackerPermKeeper 6.0 2024-01-02 10:23:59
CreateHiddenAccou
nt		 0.2 A tool for creating hidden accounts using the regist
ry
ShadowUser 影子用户 克隆 2021-12-30 03:19:17
免杀
项目名称 版本 项目描述 最近提交时间
AV_Evasion_Tool 2023082
3		 掩日 - 免杀执行器生成工具 2023-08-23 06:25:21
killEscaper Shellcode 免杀生成器 绕过火绒、360(Windows版本) 2023-06-15 01:17:47
ShellCode_Loader v0.0.1 ShellCode_Loader - Msf&CobaltStrike免杀ShellCode加载
器、Shellcode_encryption - 免杀Shellcode加密生成工具,
目前测试免杀360&火绒&电脑管家&Windows Defender(其他杀
软未测试)。		 2022-09-20 07:24:25
encdecshellcode Shellcode Encrypter & Decrypter via XOR Cipher 2019-08-29 11:19:16
SysWhispers2 AV/EDR evasion via direct system calls. 2022-09-03 07:31:06
shellcodeloader v1.1 shellcodeloader 2020-12-02 05:51:58
GobypassAV-shellc
ode		 shellcode免杀加载器,使用go实现,免杀bypass火绒、360
、核晶、def等主流杀软		 2023-08-03 04:37:38
Qianji Qianji_
BypassAV
-sandbox
-2023111
5		 千机-红队免杀木马自动生成器 Bypass defender、火绒、3
60等国内主流杀软 随机加密混淆shellcode快速生成免杀马		 2024-01-11 13:10:49
bypassAV 免杀shellcode加载器 2021-05-18 05:03:03
BypassAntiVirus 远控免杀系列文章及配套工具,汇总测试了互联网上的几十
种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干
免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀
和杀软对抗免杀提供参考。		 2022-08-23 08:00:46
GoBypassAV 整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测
试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一
些资料和工具。		 2022-08-23 08:03:28
SharpShellcodeLoa
der_Rc4Aes		 用于解密并加载shellcode,支持RC4和AES两种解密方法,
并使用DInvoke来动态调用WinAPI函数,从而尝试绕过某些安
全解决方案		 2023-10-07 07:22:24
noterce 1.3 一种另辟蹊径的免杀执行系统命令的木马 2023-05-10 10:30:39
ZheTian v3 ::ZheTian / 强大的免杀生成工具,Bypass All. 2022-12-05 09:55:50
go-shellcode Load shellcode into a new process 2021-06-02 12:52:36
0xUBypass 1.0.0 AntiAV shellcode loader 2023-11-21 01:27:44
免杀相关
痕迹隐藏
项目名称 版本 项目描述 最近提交时间
go-strip v3.0 清除Go编译时自带的信息 2022-07-20 05:56:33
签名伪造
项目名称 版本 项目描述 最近提交时间
Sign-Sacker 代码微
调,项目
停更		 Sign-Sacker(签名掠夺者):一款数字签名复制器,可将其
他官方exe中数字签名,图标,详细信息复制到没有签名的exe
中,作为免杀,权限维持,伪装的一种小手段。		 2024-01-04 07:39:09
SigThief Stealing Signatures and Making One Invalid Signature
at a Time		 2021-08-11 19:34:42
图标提取
项目名称 版本 项目描述 最近提交时间
BeCyIconGrabberPo
rtable		 BeCyIconGrabber allows you to extract icons from alm
ost any file!		 2019-06-30 08:30:25
文件时间修改
项目名称 版本 项目描述 最近提交时间
ChTimeStamp Changing the Creation time and the Last Written time
of a dropped file by the timestamp of other one , li
ke the "kernel32.dll" timestamp		 2022-10-01 17:03:03
ChangeTimestamp 一键修改exe、dll的编译时间、创建时间、修改时间和访问
时间		 2023-04-16 03:10:07
远控
项目名称 版本 项目描述 最近提交时间
trojan_simple_dem
o		 简单的用python写的远控demo 执行命令 只一个心跳完成所
有操作		 2022-10-07 12:51:43
Supershell v2.0.0 Supershell C2 远控平台,基于反向SSH隧道获取完全交互
式Shell		 2023-09-26 13:49:47
SimpleRemoter v1.0.0.
5		 基于gh0st的远程控制器:实现了终端管理、进程管理、窗
口管理、远程桌面、文件管理、语音管理、视频管理、服务管
理、注册表管理等功能,优化全部代码及整理排版,修复内存
泄漏缺陷,程序运行稳定。项目代码仅限于学习和交流用途。		 2021-03-14 12:55:22
sliver v1.5.41 Adversary Emulation Framework 2024-01-11 18:28:08

域渗透工具

项目名称 版本 项目描述 最近提交时间
ShuiYing_0x727 V1.0 检测域环境内,域机器的本地管理组成员是否存在弱口令和
通用口令,对域用户的权限分配以及域内委派查询		 2021-08-10 07:27:37
BloodHound v4.3.1 Six Degrees of Domain Admin 2023-08-08 21:48:35

综合

项目名称 版本 项目描述 最近提交时间
Viper 2023-12
-03-13-4
4-27		 Redteam operation platform with webui 图形化红队行动
辅助平台		 2023-12-31 03:08:26
Ladon v12.2 Ladon大型内网渗透工具,可PowerShell模块化、可CS插件
化、可内存加载,无文件扫描。含端口扫描、服务识别、网络
资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以
及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支
持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,
网络资产探测模块32个通过多种协议(ICMP\N		 2023-12-19 15:05:38

客户端漏洞

向日葵

项目名称 版本 项目描述 最近提交时间
sunlogin_rce new 向日葵 RCE 2022-02-16 16:11:42

社工

钓鱼辅助

项目名称 版本 项目描述 最近提交时间
EmailSender 钓鱼邮件便捷发送工具(GUI) 2023-06-12 06:26:00
goblin v0.4.6 一款适用于红蓝对抗中的仿真钓鱼系统 2023-05-30 17:34:53

相关资源

代理池

项目名称 版本 项目描述 最近提交时间
rotateproxy v0.7.2 利用fofa搜索socks5开放代理进行代理池轮切的工具 2023-02-13 06:04:33
ProxyPoolxSocks v1.2 ☁️Socks代理池服务端自动化搭建工具☁️ 2023-06-07 23:53:40
Gofreeproxy v0.1 自用的动态代理小工具 2023-01-06 03:43:37
proxy_pool 2.4.1 Python ProxyPool for web spider 2023-06-07 06:23:01
mubeng v0.14.1 An incredibly fast proxy checker & IP rotator with e
ase.		 2023-08-29 15:14:11
go_proxy_pool 2022.11
.22		 无环境依赖开箱即用的代理IP池 2023-05-03 03:33:23
proxyServer v1.0 本项目其实就是个简单的代理服务器,把代理池集成进来来
了。		 2020-10-30 03:21:30
Venom-Transponder 毒液流量转发器:自动化捡洞/打点/跳板必备神器,支持联
动URL爬虫、各种被动扫描器。		 2023-08-17 12:40:16
Auto_proxy 利用IP地址池进行自动切换Http代理,防止IP封禁。 2022-11-15 08:42:22

工具集

项目名称 版本 项目描述 最近提交时间
K8tools K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描
工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payl
oad/priviledge/BypassUAC/OverFlow/WebShell/PenTest) W
eb GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Ap
a		 2023-12-16 17:23:36

工具集成环境

项目名称 版本 项目描述 最近提交时间
ApoalypseSecTools ApoalypseSecTool更新地址 2023-04-26 02:03:35
Pentest-Windows v2.2 Windows11 Penetration Suite Toolkit 一个开箱即用的wi
ndows渗透测试环境		 2023-10-31 01:56:54
PST-Bucket Scoop-Buket for Penetration Suite Toolkit 2024-01-13 08:28:18
PenKitGui 渗透测试武器库 2022-10-29 10:29:09
GUI_Tools V1.1 一个由各种图形化渗透工具组成的工具集 2023-04-03 02:20:44
commando-vm Complete Mandiant Offensive VM (Commando VM), a full
y customizable Windows-based pentesting virtual machi
ne distribution. [email protected]		 2023-10-03 19:02:49
okfafu-pentestVM-
public		 okfafu渗透虚拟机公开版 2023-10-15 02:45:18
Taie-RedTeam-OS 泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作
系统		 2021-06-03 03:00:20
FreeGui v2.5 freeGui:基于ttkbootstrap开发的一款用来管理自己的渗
透测试工具的一个小工具,并提供一些实用小功能,例如打开
目录,运行工具,工具备忘命令。		 2023-01-13 14:46:36
Online_tools 0.5.0 该工具是一个集成了非常多渗透测试工具,类似软件商城的
工具可以进行工具下载,工具的更新,工具编写了自动化的安
装脚本,不用担心工具跑不起来。		 2023-12-09 15:00:53

工具周边

arl
项目名称 版本 项目描述 最近提交时间
ARL-Finger-ADD 灯塔(最新版)指纹添加脚本! 2021-08-12 09:28:15
Burpsuite
绕过指纹检测
项目名称 版本 项目描述 最近提交时间
burp-awesome-tls v1.1.0 Fixes Burp Suite's poor TLS stack. Bypass WAF, spoof
any browser.		 2023-06-22 21:36:19
漏洞扫描
项目名称 版本 项目描述 最近提交时间
BurpCRLFScan 1.4 使用java编写的CRLF-Injection-burp被动扫描插件 2022-12-20 08:16:10
JsonDetect v1.0 A burp Extender to detect json, include fastjson,jac
kson,gson		 2022-09-22 03:09:07
Log4j-check log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和b
urp内置DNS、可配合JNDIExploit生成payload		 2021-12-13 09:18:19
GadgetProbe v1.0 Probe endpoints consuming Java serialized objects to
identify classes, libraries, and library versions on
remote Java classpaths.		 2021-02-19 18:47:05
BpScan 1.0.0 一款用于辅助渗透测试工程师日常渗透测试的Burp被动漏扫
插件		 2022-11-25 11:42:34
log4j2burpscanner 0.25.0 CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ce
ye.io api or other apis,including internal networks		 2023-06-13 09:17:54
RouteVulScan RouteVu
lScan1.5
.1		 Burpsuite - Route Vulnerable Scanning 递归式被动检测
脆弱路径的burp插件		 2023-12-25 08:40:10
semgrepper v1.3 An extension to use Semgrep inside Burp Suite. 2023-08-28 09:28:41
BurpBountyPlus 3 BurpBounty 魔改版本 2022-03-21 07:38:34
FastjsonScan 1.0 一个简单的Fastjson反序列化检测burp插件 2021-06-18 15:09:22
SpringScan V1.7 SpringScan 漏洞检测 Burp插件 2022-06-22 05:17:06
PowerScanner 1.1.3 面向HW的红队半自动扫描器 2021-12-16 07:53:45
BurpFastJsonScan BurpFas
tJsonSca
n-2.2.2		 一款基于BurpSuite的被动式FastJson检测插件 2022-06-26 17:02:17
BurpShiroPassiveS
can		 BurpShi
roPassiv
eScan-2.
0.0		 一款基于BurpSuite的被动式shiro检测插件 2022-06-30 02:35:20
burp-text4shell v0.1 Text4Shell scanner for Burp Suite 2022-10-27 10:47:36
信息收集
项目名称 版本 项目描述 最近提交时间
Sylas 1.1.1 新一代子域名主/被动收集工具 - Subdomain automatic/pa
ssive collection tool		 2022-10-09 11:06:28
domain_hunter v1.5 A Burp Suite Extension that try to find all sub-doma
in, similar-domain and related-domain of an organizat
ion automatically! 基于流量自动收集整个企业或组织的子
域名、相似域名、相关域名的burp插件		 2022-01-16 07:42:41
domain_hunter_pro v1.9 domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动
化资产收集;快速Title获取;外部工具联动;等等		 2024-01-05 10:31:56
BurpJSLinkFinder Burp Extension for a passive scanning JS files for e
ndpoint links.		 2022-10-17 09:27:42
BurpExtractor v1.3.4 A Burp extension for generic extraction and reuse of
data within HTTP requests and responses.		 2022-02-01 22:50:06
漏洞利用
项目名称 版本 项目描述 最近提交时间
shiro-check shiroch
ek3.0		 Shiro反序列化回显利用、内存shell、检查 Burp插件 2021-03-15 07:59:36
fastjson-exp
其他
项目名称 版本 项目描述 最近提交时间
burp-api-drops burp插件开发指南 2021-08-08 15:52:46
功能拓展
项目名称 版本 项目描述 最近提交时间
knife v2.2 A burp extension that add some useful function to Co
ntext Menu 添加一些右键菜单让burp用起来更顺畅		 2023-09-10 08:12:57
reCAPTCHA v1.0 reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender
that recognize CAPTCHA and use for intruder payload
自动识别图形验证码并用于burp intruder爆破模块的插件		 2023-11-23 07:25:00
captcha-killer 0.1.2 burp验证码识别接口调用插件 2020-09-28 06:38:53
chunked-coding-co
nverter		 0.4.0 Burp suite 分块传输辅助插件 2021-11-13 08:17:25
passive-scan-clie
nt		 0.3.1 Burp被动扫描流量转发插件 2023-02-03 10:10:16
sqlmap4burp-plus-
plus		 0.2 sqlmap4burp++是一款兼容Windows,mac,linux多个系统平
台的Burp与sqlmap联动插件		 2019-11-07 05:50:04
JC-AntiToken burp插件:python版,token防重放绕过 2021-01-16 07:58:37
HackBar 2.0 HackBar plugin for Burpsuite 2021-04-15 11:26:55
burp-cph 3.0 Custom Parameter Handler extension for Burp Suite. 2019-08-17 16:22:26
autoDecoder 0.37-be
ta1		 Burp插件,根据自定义来达到对数据包的处理(适用于加解
密、爆破等),类似mitmproxy,不同点在于经过了burp中转
,在自动加解密的基础上,不影响APP、网站加解密正常逻辑
等。		 2024-01-11 05:24:54
captcha-killer-mo
dified		 0.24.4 captcha-killer的修改版,支持关键词识别base64编码的图
片,添加免费ocr库,用于验证码爆破,适配新版Burpsuite		 2024-01-08 03:15:25
HaE 2.4.6 HaE - Highlighter and Extractor, 赋能白帽 高效作战 2023-02-22 09:36:50
base64encode 1.0 burpsuite POST数据包base64编码插件 2021-07-02 08:35:12
Burp_AES_Plugin Burpsuite Plugin For AES Crack 2020-06-17 17:15:45
OutLook
AutoRepeater Automated HTTP Request Repeating With Burp Suite 2020-10-08 21:22:46
BurpSuiteHTTPSmug
gler		 v0.1 A Burp Suite extension to help pentesters to bypass
WAFs or test their effectiveness using a number of te
chniques		 2019-05-04 06:15:41
http-request-smug
gler		 2023-01-10 10:59:45
burp-requests v0.2.4 Copy as requests plugin for Burp Suite 2020-02-06 13:39:42
NEW_xp_CAPTCHA 4.2 xp_CAPTCHA(瞎跑 白嫖版) burp 验证码 识别 burp插件 2022-10-27 08:04:03
xia_Liao 1.6 xia Liao(瞎料)burp插件 用于Windows在线进程/杀软识
别 与 web渗透注册时,快速生成需要的资料用来填写,资料
包含:姓名、手机号、身份证、统一社会信用代码、组织机构
代码、银行卡,以及各类web语言的hello world输出和生成弱
口令字典等。		 2022-12-01 01:47:51
BurpSuite_403Bypa
sser		 Burpsuite Extension to bypass 403 restricted directo
ry		 2021-08-21 21:14:57
LoggerPlusPlus v3.20.0 Advanced Burp Suite Logging Extension 2023-06-05 15:36:27
插件仓库
项目名称 版本 项目描述 最近提交时间
BurpSuite-collect
ions		 有关burpsuite的插件(非商店),文章以及使用技巧的收集(
此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net
下载)---Collection of burpsuite plugins (non-stores),
articles and tips for using Burpsuite, no crack versi
on file		 2023-08-04 13:50:07
未分类
项目名称 版本 项目描述 最近提交时间
JustC2file v1.0.2 Burp插件,Malleable C2 Profiles生成器;可以通过Burp
代理选中请求,生成Cobalt Strike的profile文件(CSprofile
)		 2022-01-15 11:47:46
Burp-Non-HTTP-Ext
ension		 2023-10-04 07:41:43
HopLa 1.2 HopLa Burp Suite Extender plugin - Adds autocomplet
ion support and useful payloads in Burp Suite		 2021-05-12 16:21:29
burpFakeIP 1.1 服务端配置错误情况下用于伪造ip地址进行测试的Burp Sui
te插件		 2022-09-29 09:12:23
burpJsEncrypter 0.1 More Easier Burp Extension To Solve Javascript Front
End Encryption,一款更易使用的解决前端加密问题的Burp
插件。		 2020-04-15 07:01:16
SpringVulScan SpringV
ulScan-1
.1		 burpsuite 的Spring漏洞扫描插件。SpringVulScan:支持
检测:路由泄露		 CVE-2022-22965
TsojanScan v1.4.4 一个集成的BurpSuite漏洞探测插件 2023-03-09 12:56:21
BurpSuite-Extende
r-fastjson		 Reference:https://www.w2n1ck.com/article/44/ 2020-03-07 13:23:21
OneScan v1.4.0 OneScan是递归目录扫描的BurpSuite插件 2023-11-07 16:04:17
HackTools 1.5 提高渗透测试效率。#Burp插件##渗透测试##小工具# 2023-06-07 02:55:02
BurpSuite-Xkeys A Burp Suite Extension to extract interesting string
s (key, secret, token, or etc.) from a webpage.		 2020-06-19 15:46:17
npscrack npscrac
k-1.0		 蓝队利器、溯源反制、NPS 漏洞利用、NPS exp、NPS poc、
Burp插件、一键利用		 2023-03-14 09:43:45
HostHeaderAttack 0.1.1 检测host头攻击的Burpsuite被动扫描插件,Burpsuite pas
sive scanning plugin responsible for detecting host h
eader attack		 2023-04-28 15:04:16
BurpCrypto BurpCrypto is a collection of burpsuite encryption p
lug-ins, support AES/RSA/DES/ExecJs(execute JS encryp
tion code in burpsuite). 支持多种加密算法或直接执行JS
代码的用于爆破前端加密的BurpSuite插件		 2023-08-04 02:53:50
Log4j2Scan dev-202
30804T02
5448		 Log4j2 RCE Passive Scanner plugin for BurpSuite 2023-08-04 02:54:16
passive-scan-clie
nt-plus		 v0.4.12
.0		 burpsuite passive-scan-client 插件维护分支 2023-02-06 03:07:24
sweetPotato version
1.6		 基于burpsuite的资产分析工具 2023-04-29 20:11:02
fastjsonScan fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog
,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检
测和TomcatEcho,SpringEcho回显方案。		 2021-05-14 09:18:12
CORSScanner CORS 跨域漏洞 burp 插件 2021-11-24 09:23:41
Fastjson-Scanner a burp extension to find where use fastjson 2020-03-29 00:57:58
taborator A Burp extension to show the Collaborator client in
a tab		 2022-12-23 13:54:44
collaborator-ever
ywhere		 A Burp Suite Pro extension which augments your proxy
traffic by injecting non-invasive headers designed t
o reveal backend systems by causing pingbacks to Burp
Collaborator		 2023-01-09 14:43:32
awesome-burp-exte
nsions		 A curated list of amazingly awesome Burp Extensions 2023-09-06 22:17:52
BurpCollaboratorD
NSTunnel		 A DNS tunnel utilizing the Burp Collaborator 2019-10-08 21:34:51
awesome-burp-suit
e		 Awesome Burp Suite Resources. 400+ open source Burp
plugins, 400+ posts and videos.		 2020-02-20 02:06:32
blackboxprotobuf Blackbox protobuf is a Burp Suite extension for deco
ding and modifying arbitrary protobuf messages withou
t the protobuf type definition.		 2023-10-16 05:23:46
BurpBounty BurpBou
nty_v4.0		 Burp Bounty (Scan Check Builder in BApp Store) is a
extension of Burp Suite that allows you, in a quick a
nd simple way, to improve the active and passive scan
ner by means of person		 2023-03-27 06:42:05
burp-bounty Burp Bounty profiles 2022-01-02 19:16:13
burp-wildcard 1.08 Burp extension intended to compact Burp extension ta
bs by hijacking them to own tab.		 2020-12-28 18:33:35
AES-Killer v4.0 Burp Plugin to decrypt AES encrypted traffic on the
fly		 2021-05-06 14:54:20
BurpSuite-Asset_D
iscover		 Burp Suite extension to discover assets from HTTP re
sponse.		 2020-07-13 04:54:04
burp-UnicodeAutoD
ecode		 Burpsuite插件,Unicode自动转码为中文,提高测试效率。 2021-08-23 16:15:13
CaA 0.5 CaA - BurpSuite Collector and Analyzer 2022-09-30 09:17:43
checkburp Detect burp 2021-06-07 04:13:11
generator-burp-ex
tension		 Everything you need about Burp Extension Generation 2020-08-19 12:42:15
upload-scanner HTTP file upload scanner for Burp Proxy 2022-02-25 16:00:54
inql v5.0.2 InQL is a robust, open-source Burp Suite extension f
or advanced GraphQL testing, offering intuitive vulne
rability detection, customizable scans, and seamless
Burp integration.		 2023-07-24 08:19:08
J2EEScan v2.0.0 J2EEScan is a plugin for Burp Suite Proxy. The goal
of this plugin is to improve the test coverage during
web application penetration tests on J2EE applicatio
ns.		 2021-06-17 06:38:27
Jsdir Jsdir is a Burp Suite extension that extracts hidden
paths from js files and beautifies it for further re
ading.		 2020-09-12 21:35:09
JSONP-Hunter JSONP Hunter in burpsuite. 2020-04-01 06:39:01
Burp2Malleable Quick python utility I wrote to turn HTTP requests f
rom burp suite into Cobalt Strike Malleable C2 profil
es		 2023-04-06 15:23:19
SQL-Injection-Pay
loads		 SQL Injection Payloads for Burp Suite, OWASP Zed Att
ack Proxy,...		 2019-12-23 13:26:08
ssrf-king v1.12 SSRF plugin for burp Automates SSRF Detection in all
of the Request		 2021-01-20 04:53:04
Brida v0.6pre The new bridge between Burp Suite and Frida! 2023-07-28 15:29:31
turbo-intruder 1.0.19 Turbo Intruder is a Burp Suite extension for sending
large numbers of HTTP requests and analyzing the res
ults.		 2023-10-20 12:58:44
Wsdler 2.0.12 WSDL Parser extension for Burp 2018-06-25 21:25:35
xia_sql 3.3 xia SQL (瞎注) burp 插件 ,在每个参数后面填加一个单
引号,两个单引号,一个简单的判断注入小插件。		 2023-05-18 11:41:41
wooyun-payload 1.0 从wooyun中提取的payload,以及burp插件 2020-09-02 03:58:58
BurpCollect 基于BurpCollector的二次开发, 记录Burpsuite Site Map
记录的里的数据包中的目录路径参数名信息,并存入Sqlite,
并可导出txt文件。		 2019-05-08 07:02:42
Caidao-AES-Versio
n		 一个Burp插件,实现用AES算法透明加密原版菜刀Caidao.ex
e与服务器端交互的http数据流		 2019-01-19 04:36:46
jsEncrypter 0.3.2 一个用于前端加密Fuzz的Burp Suite插件 2020-03-06 08:35:33
HTTPHeadModifer v0.1 一款快速修改HTTP数据包头的Burp Suite插件 2018-10-10 15:34:48
cobaltstrike
项目名称 版本 项目描述 最近提交时间
SharkExec 内网渗透 红队工具
geacon_pro
LSTAR v2.1 LSTAR - CobaltStrike 综合后渗透插件 2022-01-30 14:39:17
taowu-cobalt-stri
ke		 2022-06-13 08:56:55
Registry-Recon Cobalt Strike Aggressor Script that Performs System/
AV/EDR Recon		 2022-06-06 14:39:11
RedWarden Cobalt Strike C2 Reverse proxy that fends off Blue T
eams, AVs, EDRs, scanners through packet inspection a
nd malleable profile correlation		 2022-10-07 14:00:31
malleable-c2 Cobalt Strike Malleable C2 Design and Reference Guid
e		 2023-11-08 17:57:11
csbruter Cobalt Strike team server password brute force tool 2018-01-30 18:57:32
EventLogMaster Cobalt Strike插件 - RDP日志取证&清除 2019-12-23 10:30:44
Cobalt_Strike_wik
i		 Cobalt Strike系列 2023-02-16 16:24:12
CVE-2022-39197 CobaltStrike <= 4.7.1 RCE 2022-10-25 05:32:54
Erebus V1.3.6 CobaltStrike后渗透测试插件 2021-10-28 06:19:18
fofa
项目名称 版本 项目描述 最近提交时间
fofa_GUI v1.0.0 2022-01-28 08:39:54
fofa_viewer 1.1.13 A simple FOFA client written in JavaFX. Made by WgpS
ec, Maintained by f1ashine.		 2023-06-27 13:38:48
fofax v0.1.44 fofax is a command line query tool based on the API
of https://fofa.info/, simple is the best!		 2023-06-20 01:26:33
fofaEX java8_v
2.2		 FOFA EX 是一款基于fofa api实现的红队综合利用工具,可
基于模板进行插件加载,目前集成了httpX可进行fofa搜索结
果一键探活,插件已支持nuclei,可进行一键扫描。集成了 f
ofa 官方的四十个 api 接口,增加搜索数量调整、翻页、ic
onHash生成、搜索耗时统计、当前用户个人账户信息查询等
功能,查询结果可实施编辑与表内搜索,可进行导出		 2024-01-12 05:59:24
frida
项目名称 版本 项目描述 最近提交时间
frida-skeleton v2.0.0 基于frida的安卓hook框架,提供了很多frida自身不支持的
功能,将hook安卓变成简单便捷,人人都会的事情		 2022-12-10 08:09:05
frp
项目名称 版本 项目描述 最近提交时间
frpCracker v0.1 一款golang编写的,批量检测frp server未授权访问、弱to
ken的工具		 2023-05-01 06:41:05
goby
项目名称 版本 项目描述 最近提交时间
Library-POC 基于Pocsuite3、goby编写的漏洞poc&exp存档 2023-12-19 05:53:39
IDA
项目名称 版本 项目描述 最近提交时间
mipsAudit IDA MIPS静态扫描脚本,汇编审计辅助脚本 2020-12-18 10:34:44
IDA-Pro-tips IDA Pro每周小技巧 2022-11-11 12:36:13
AlphaGolang IDApython Scripts for Analyzing Golang Binaries 2023-07-18 20:59:31
ida_python_extrac
tCode		 ida提取特征码脚本 2019-11-30 14:29:18
nessus
项目名称 版本 项目描述 最近提交时间
NessusReportInChi
nese		 半自动化将 Nessus 英文报告(csv格式)生成中文 excel
,中文漏洞库已有700多条常见漏洞,后续再进一步加上新漏
洞自动翻译,实现全自动化		 2018-11-04 05:35:36
NessusToReport v1.2 Nessus扫描报告自动化生成工具 2023-05-30 06:51:06
CN_Nessus_Plugins
_Interface		 1 nessus插件中文查询接口 2023-03-05 02:02:20
nessus_api Nessus REST API 封装 2022-02-18 06:34:57
docker_nessus_unl
imited		 docker build nessus with unlimited ip 2021-08-23 03:18:51
nuclei
项目名称 版本 项目描述 最近提交时间
NucleiTP 2023-08-03 22:30:16
nucleix 整合nuclei与xray(社区版、自带高级版),实现被动扫描+p
oc扫描自动化渗透流程		 2022-04-08 07:39:05
nuclei-plus v7.0.0 Functional enhancement based on nuclei 2023-02-24 08:06:16
pocassist
项目名称 版本 项目描述 最近提交时间
pocassistdb 1.0.2 database of pocassist(漏洞库) 2021-07-09 10:11:13
pocsuite3
项目名称 版本 项目描述 最近提交时间
ExpToPocsuite3 v1.0 goby exp批量转换为pocsuite3 exp脚本 2023-01-09 07:27:17
some_pocsuite 用于漏洞排查的pocsuite3验证POC代码 2022-08-07 01:30:07
rsas
项目名称 版本 项目描述 最近提交时间
RSAS-Data-Export 2022-9-
9		 绿盟极光远程安全评估系统(RSAS)-RSAS漏洞数据导出工具 2022-10-27 01:52:53
RSAS-Task-Release v1.0 绿盟极光远程安全评估系统(RSAS)-RSAS批量下任务工具 2022-08-25 05:16:56
nsfocus-rsas-know
ledge-base		 绿盟科技漏洞扫描器(RSAS)漏洞库 2019-05-30 06:58:39
volatility
项目名称 版本 项目描述 最近提交时间
tool-for-CTF Virtual machine configuration for CTF 2021-03-28 01:16:58
xray
项目名称 版本 项目描述 最近提交时间
super-xray 1.7 Web漏洞扫描工具XRAY的GUI启动器 2023-05-19 11:02:17
Xray_Cracked v1.9.11 Update Xray1.9.11 Cracked for Windows,Linux and Mac
OS.		 2023-04-24 06:48:58
xray-poc-generati
on		 🧬 辅助生成 XRay YAML POC 2019-08-23 08:21:38
yarx v0.2.0 An awesome reverse engine for xray poc. 一个自动化
根据 xray poc 生成对应靶站的工具
ZoomEye
项目名称 版本 项目描述 最近提交时间
ZoomEye-go v1.5 The Golang SDK and CLI of ZoomEye@Knownsec by gyyyy. 2021-03-31 08:51:25
Kunyu v1.7.2 Kunyu, more efficient corporate asset collection 2022-04-21 02:15:13
ZoomEye-python v2.2.0 ZoomEye-python: The official Python library and CLI
by Knownsec 404 Team.		 2023-09-25 02:51:15
浏览器扩展
项目名称 版本 项目描述 最近提交时间
anti-honeypot 一款可以检测WEB蜜罐并阻断请求的Chrome插件 2020-10-30 02:59:02
superSearchPlus 谷歌插件版本- superSearchPlus是聚合型信息收集插件,
支持综合查询,资产测绘查询,信息收集 敏感信息提取 js资
源扫描 目录扫描 vue组件扫描 整合了目前常见的资产测绘平
台 同时支持数据导出		 2023-08-20 05:06:09
SwitchyOmega v2.5.20 Manage and switch between multiple proxies quickly &
easily.		 2023-03-30 08:39:34
untrusted-types 1.1.1 2021-10-12 17:37:56
fofa_view v0.0.5 FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目
前兼容 Chrome、Firefox、Opera。		 2022-02-16 17:26:12
Heimdallr 2023-01-19 08:59:39
Zoomeye-Tools Zoomeye Tools是配合Zoomeye使用的Chrome插件 2021-12-14 08:38:45
Hack-Tools 0.5.0 The all-in-one Red Team extension for Web Pentester
🛠		 2023-03-14 21:39:08
mitaka v1.4.1 A browser extension for OSINT search 2023-12-08 10:58:41
antiHoneypot 0.7.2 一个拦截 XSSI & 识别Web蜜罐的Chrome扩展 2023-02-02 10:44:55

渗透工具集合(虚拟机)

项目名称 版本 项目描述 最近提交时间
penetration-suite
-toolkit		 v4.0 本项目制作的初衷是帮助渗透新手快速搭建工作环境,工欲
善其事,必先利其器。		 2022-12-11 11:22:06
TranSec transec
os1.0		 Internet of Vehicles Penetration testing OS.车联网渗
透测试系统,开箱即用的测试环境,包含上百个常见用于车联
网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、
蓝牙、云平台等安全测试		 2023-12-08 01:55:29

优秀项目集合

项目名称 版本 项目描述 最近提交时间
RedTeamTools 分享红队常用的工具 2021-06-10 08:39:46
All-Defense-Tool 本项目集成了全网优秀的攻防武器工具项目,包含自动化利
用,子域名、目录扫描、端口扫描等信息收集工具,各大中间
件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓
鱼以及应急响应等资料。		 2023-12-14 07:29:24
404StarLink 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全
开源项目		 2024-01-08 02:47:29
About-Attack 一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资
源进行分类收集,降低红队技术门槛的手册【持续更新】		 2023-04-12 07:14:03
Scanners-Box A powerful and open-source toolkit for hackers and s
ecurity automation - 安全行业从业者自研开源扫描器合辑		 2023-12-07 02:33:06

知识库

项目名称 版本 项目描述 最近提交时间
Threathunting-boo
k
PenetrationTestti
ps		 渗透测试Tips - Version1.3 2021-10-15 02:33:11
1earn 暂停维护 ffffffff0x 团队维护的安全知识框架,内容包
括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署
、后渗透、Linux安全、各类靶机writup
Pentools-wiki 先是渗透工具合集,其次是wiki,做点不一样的x 2023-06-24 18:33:52
Intranet_Penetrat
ion_Tips		 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整
理出来希望跟小伙伴们一起更新维护~		 2023-02-24 06:58:54
Awesome-Redteam v1.0 一个攻防知识仓库 2024-01-05 03:31:11
Vuln-List (持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行
整理,主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等
,并且会持续更新。		 2023-11-02 19:35:52
SecurityInterview
Guide		 网络信息安全从业者面试指南 2023-11-01 04:16:51

字典

项目名称 版本 项目描述 最近提交时间
PasswordDic 2011-2019年Top100弱口令密码字典 Top1000密码字典 服务
器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域
名字典		 2020-11-02 13:22:34
Dictionary-Of-Pen
testing		 Dictionary collection project such as Pentesing, Fuz
zing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘
、爆破、Fuzzing等字典收集项目。		 2022-12-07 09:17:15
Dirpath_List Dirpath_List 目录扫描字典 2017-11-07 12:35:47
AboutSecurity v2 Everything for pentest. 用于渗透测试的 payload 和
bypass 字典.
JavaFileDict Java应用的一些配置文件字典,来源于公开的字典与平时收
 2022-04-26 15:18:29
fuzzDicts Web Pentesting Fuzz 字典,一个就够了。 2023-11-13 03:48:29
wpa-dictionary WPA/WPA2 密码字典,用于 wifi 密码暴力破解 2021-07-21 02:11:05
Blasting_dictiona
ry		 爆破字典 2022-03-21 12:11:18
bottleneckOsmosis 瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf 2022-07-20 01:49:00
SaiDict 弱口令,敏感目录,敏感文件等渗透测试常用攻击字典 2021-12-16 13:41:07
BurpCollector 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破
来发现隐藏资产。		 2019-03-19 12:09:51
name-fuzz 针对目标已知信息的字典生成工具 2022-09-21 11:11:36
gendict v1.0.5 字典生成工具 2023-09-20 01:52:09

信息收集

apk

项目名称 版本 项目描述 最近提交时间
Mobile-Security-F
ramework-MobSF		 v3.7.6 Mobile Security Framework (MobSF) is an automated, a
ll-in-one mobile application (Android/iOS/Windows) pe
n-testing, malware analysis and security assessment f
ramework capable of pe		 2024-01-11 06:36:51
ApkAnalyser 一键提取安卓应用中可能存在的敏感信息。 2021-10-21 02:33:58

C段信息收集

项目名称 版本 项目描述 最近提交时间
IPSearch v0.1 离线IP Whois查询工具。可根据IP查询所属IP段信息、根据
关键词查询IP段信息		 2023-03-25 04:02:31

IP反查域名

项目名称 版本 项目描述 最近提交时间
iplookup v1.1 IP反查域名 2021-08-06 16:11:39
reverseip_py Domain Parser for IPAddress.com Reverse IP Lookup 2023-01-02 13:05:33

WAF识别

项目名称 版本 项目描述 最近提交时间
identYwaf Blind WAF identification tool 2022-01-13 21:41:53

端口扫描

项目名称 版本 项目描述 最近提交时间
portscan 2023-04-08 05:12:18
TXPortMap v1.1.2 Port Scanner & Banner Identify From TianXiang 2021-12-10 11:35:55
yujianportscan 一个基于VB.NET + IOCP模型开发的高效端口扫描工具,支
持IP区间合并,端口区间合并,端口指纹深度探测		 2020-02-11 18:14:16
webfinder-next 对小米范webfinder http://www.cnblogs.com/SEC-fsq/p/5
610981.html 进行了小修改		 2022-04-24 03:33:57
naabu v2.2.0 A fast port scanner written in go with a focus on re
liability and simplicity. Designed to be used in comb
ination with other tools for attack surface discovery
in bug bounties and p		 2023-12-22 07:14:43
scaninfo v1.1.0 fast scan for redtools 2022-03-23 12:57:09

反查域名

项目名称 版本 项目描述 最近提交时间
ipInfoSearch ip域名反查、权重查询以及ICP备案查询。便于提交SRC时资
产过滤。		 2023-03-30 05:33:29

目录扫描

项目名称 版本 项目描述 最近提交时间
rad 1.0 2021-04-30 12:14:50
Dirscan v.1.5.2 Dirscan是一款由go编写的高性能、高并发的目录扫描器,
现在已经支持GET、HEAD、递归扫描、代理、爬虫等功能功能,
后续努力实现更多功能。		 2023-08-13 00:50:23
cansina 1.0.0 Web Content Discovery Tool 2022-10-04 09:10:02
feroxbuster v2.10.1 A fast, simple, recursive content discovery tool wri
tten in Rust.		 2023-11-25 14:51:50
ffuf v2.1.0 Fast web fuzzer written in Go 2023-10-22 14:34:24
yjdirscan yjdirsc
an		 御剑目录扫描专业版,简单实用的命令行网站目录扫描工具
,支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404
自动过滤、扫描控速等功能。		 2020-10-25 03:14:19
dirmap An advanced web directory & file scanning tool that
will be more powerful than DirBuster, Dirsearch, cans
ina, and Yu Jian.一个高级web目录、文件扫描工具,功能
将会强于DirBuster、Dirsearch、cansina、御剑。		 2022-06-01 08:21:11
yuhScan v1.0 web目录快速扫描工具 2021-07-19 06:45:00
gospider v1.1.6 Gospider - Fast web spider written in Go 2023-01-17 05:49:54
dirsearch_bypass4
03		 v0.2 目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别 2023-09-07 09:08:29
BBScan v1.5 A fast vulnerability scanner 2023-02-13 11:22:44
dirsearch v0.4.3 Web path scanner 2024-01-05 23:32:09
URLFinder 2023.9.
9		 一款快速、全面、易用的页面信息提取工具,可快速发现和
提取页面中的JS、URL和敏感信息。		 2023-09-09 14:01:45
urlbrute v1.0.2 Directory/Subdomain scanner developed in GoLang. 2020-12-05 15:54:27
SWebScan 5.0.201
8.08.21		 SWebScan是一款基于C#的Web目录扫描器。 2019-09-24 17:19:34
JSFinder JSFinder is a tool for quickly extracting URLs and s
ubdomains from JS files on a website.		 2020-12-10 18:25:03
ihoneyBakFileScan
_Modify		 批量网站备份文件扫描器,增加文件规则,优化内存占用 2023-11-08 03:15:06

企业信息收集

项目名称 版本 项目描述 最近提交时间
IEyes v0.1.2 icp备案查询 2022-08-18 08:50:42
ENScan_GO 0.0.15 一款基于各大企业信息API的工具,解决在遇到的各种针对
国内企业信息收集难题。一键收集控股公司ICP备案、APP、小
程序、微信公众号等信息聚合导出。		 2023-08-16 02:07:01

小程序信息收集

项目名称 版本 项目描述 最近提交时间
wxapkgUnpack 1.0 wxapkg解密解包工具,提供C#和wxappUnpacker两个版本的
解包,并提取JS中的URL和IP。		 2023-02-19 18:06:05

邮箱信息收集

项目名称 版本 项目描述 最近提交时间
EmailAll EmailAll is a powerful Email Collect tool — 一款强
大的邮箱收集工具		 2022-02-24 09:03:00

域名信息查询

项目名称 版本 项目描述 最近提交时间
QueryTools IP/域名资产验证神器(补天 权重、CNVD

指纹识别

项目名称 版本 项目描述 最近提交时间
ObserverWard v2024.1
.8		 侦查守卫(ObserverWard)指纹识别工具Community web fing
erprint identification tool		 2024-01-08 14:39:09
14Finger V1.1 功能齐全的Web指纹识别和分享平台,基于vue3+django前后
端分离的web架构,并集成了长亭出品的rad爬虫的功能,内置
了一万多条互联网开源的指纹信息。		 2022-07-17 02:08:28
Finger 一款红队在大量的资产中存活探测与重点攻击系统指纹探测
工具		 2023-03-12 07:30:18
EHole v3.1 EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具 2023-06-14 03:08:05
LazyDog 1.1 LazyDog是一款通过网络空间测绘引擎读取资产并进行指纹
识别的工具		 2023-03-20 09:17:48
Find-SomeThing 红队批量脆弱点搜集工具 2023-06-06 14:41:27
wappalyzergo v0.0.10
9		 A high performance go implementation of Wappalyzer T
echnology Detection Library		 2023-08-20 00:19:18
Glass Glass是一款针对资产列表的快速指纹识别工具,通过调用F
ofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别
重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指
纹识别。		 2022-01-26 10:10:32
TideFinger TideFinger——指纹识别小工具,汲取整合了多个web指纹
库,结合了多种指纹检测方法,让指纹检测更快捷、准确。		 2021-08-20 03:31:59
WhatWeb v0.5.5 Next generation web scanner 2022-02-05 15:10:40
whatweb-plus v0.5.5.
19.fix		 whatweb 增强版 8000+插件(提供windows可执行文件) 2023-05-25 11:44:40
FingerprintHub default 侦查守卫(ObserverWard)的指纹库 2023-12-17 03:44:11
rules 通用的指纹识别规则 2022-12-02 12:18:30

资产测绘采集

项目名称 版本 项目描述 最近提交时间
koko-moni v0.0.1 一个网络空间搜索引擎监控平台,可定时进行资产信息爬取
,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、
Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行
去重与清洗		 2023-04-19 13:35:30
InfoSearchAll 2023-06-20 09:06:26
Search_Viewer v3.0 集Fofa、Hunter鹰图、Shodan、360 quake、Zoomeye 钟馗
之眼、censys 为一体的空间测绘gui图形界面化工具,支持一
键采集爬取和导出fofa、shodan等数据,方便快捷查看		 2023-11-12 06:55:05
TKHunter TKHunte
r-v1.8		 一个基于JavaFX写的一个Hunter资产测绘平台的图形化工具 2022-11-09 07:02:05
fshzqSearch 2023-06-22 11:01:47
AsamF v0.2.5 AsamF是集成Fofa、Quake、Hunter、Shodan、Zoomeye、Chi
naz、0.zone及爱企查的一站式企业信息资产收集、网络资产
测绘工具。		 2023-08-24 15:08:14
0_zone_tool 零零信安api信息系统查询脚本 2023-09-22 06:48:26
ThunderSearch v2.5.1 【支持Fofa、Shodan、Hunter、Zoomeye、Quake网络空间搜
索引擎】闪电搜索器;GUI图形化(Mac/Windows)渗透测试信息
搜集工具;资产搜集引擎;hw红队工具hvv		 2023-12-04 15:39:00
ones v1.0.4 可用于多个网络资产测绘引擎 API 的命令行查询工具 2023-09-14 08:26:59

子域名收集

项目名称 版本 项目描述 最近提交时间
ksubdomain v1.9.5 Subdomain enumeration tool, asynchronous dns packets
, use pcap to scan 1600,000 subdomains in 1 second		 2022-06-15 09:27:52
LayerDomainFinder 3 Layer子域名挖掘机 2019-07-17 07:46:03
github-subdomains v1.2.2 Find subdomains on GitHub. 2023-03-28 15:47:04
ct v1.0.9 简单易用的域名爆破工具 2022-07-18 09:28:52
ksubdomain v0.7 无状态子域名爆破工具 2022-02-07 06:18:30
LangSrcCurise SRC子域名资产监控 2021-01-14 04:32:06
subDomainsBrute v1.4 A fast sub domain brute tool for pentesters 2022-09-15 17:02:36
subfinder v2.6.4 Fast passive subdomain enumeration tool. 2024-01-11 18:35:51
OneForAll v0.4.5 OneForAll是一款功能强大的子域收集工具 2023-04-17 01:34:19
dnsub v2.1 dnsub一款好用且强大的子域名扫描工具 2021-04-08 07:06:24

自动化信息收集

项目名称 版本 项目描述 最近提交时间
ShuiZe_0x727 v1.0 信息收集自动化工具 2022-08-31 09:01:58
AnScan AnScan是一款集合信息收集、分布式漏洞扫描、漏洞POC管
理等为一体的红队扫描工具		 2022-05-23 02:26:28
linglong 一款甲方资产巡航扫描系统。系统定位是发现资产,进行端
口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产
探测、端口爆破、定时任务、管理后台识别、报表展示		 2021-09-30 09:12:09
slime Slime是一个组合众多优秀安全工具的漏扫软件,它将目光
集中在安全工具的组合上,而不是自己实现漏扫的某一流程。		 2022-09-09 14:14:35
vulcat v2.0.0 vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发
现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模
式,可以持续利用漏洞		 2023-03-15 11:28:18
bayonet v1.1 bayonet是一款src资产管理系统,从子域名、端口服务、漏
洞、爬虫等一体化的资产管理系统		 2020-05-16 03:54:09
GoScan GoScan是采用Golang语言编写的一款分布式综合资产管理系
统,适合红队、SRC等使用		 2021-05-06 07:29:26
Watchdog Watchdog是bayonet修改版,重新优化了数据库及web及扫描
程序,加入多节点		 2020-05-31 06:25:18
MagiCude v2.1 分布式端口(漏洞)扫描、资产安全管理、实时威胁监控与
通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架		 2023-03-24 02:24:02
nemo_go v2.11.0 Nemo是用来进行自动化信息收集的一个简单平台,通过集成
常用的信息收集工具和技术,实现对内网及互联网资产信息的
自动收集,提高隐患排查和渗透测试的工作效率。		 2024-01-09 01:41:01
fuxi Penetration Testing Platform 2020-05-10 05:34:11
Sec-Tools 🍉一款基于Python-Django的多功能Web安全渗透测试工具,
包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,
域名扫描等功能。		 2023-08-07 03:52:52
AppInfoScanner V1.0.9_
Releases		 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(A
ndroid、iOS、WEB、H5、静态网站)信息收集扫描工具,可以
帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动
端或者静态WEB站点中关键的资产信息并提供基本的信息输出,
如:Title、Domain、CDN、指纹信息、状态信息等。		 2022-12-18 11:33:34
Komo 🚀Komo, a comprehensive asset collection and vulnera
bility scanning tool. Komo 一个综合资产收集和漏洞扫描
工具,集成了20余款工具,通过多种方式对子域进行获取,收
集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip
端口扫描,web服务链接爬取并发送给xray,对web服务进行P		 2023-11-30 12:31:13
mscan 方便快捷是这款扫描器的优点,能随意修改增加模块。目前
的版本功能如下:支持子域名收集、POC批量验证、目录扫描
、检测CDN、域名转IP、主机扫描、过滤重复、检测HTTP状态
、压缩程序、XRAY扫描。		 2022-08-12 10:53:02
H H是一款强大的资产收集管理平台 2022-12-28 03:15:13
sec-admin 分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描) 2020-10-17 03:14:58
linbing v3.0 本系统是对Web中间件和Web框架进行自动化渗透的一个系统
,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描
时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫
描.前端采用vue技术,后端采用python fastapi.		 2023-06-18 09:05:42
Tide 目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞
全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感
字检测、DNS监测、网站可用性监测、漏洞库管理、安全预警
等等~		 2020-06-22 05:22:45
ARL v2.6.1 ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统
旨在快速侦察与目标关联的互联网资产,构建基础资产信息库
。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产
,发现存在的薄弱点和攻击面。		 2023-12-28 12:03:22
DBJ 大宝剑-边界资产梳理工具(红队、蓝队、企业组织架构、
子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)		 2022-02-08 12:07:42
Vulcan VulCan资产管理系统 漏洞扫描
X-Marshal Marshal-EASM 攻击面管理系统 2024-01-04 10:43:46
WebScan 正在写的一个资产管理和扫描相结合的分布式扫描器 2019-10-17 09:42:49
Voyager 一个安全工具集合平台,用来提高乙方安全人员的工作效率
,请勿用于非法项目		 2020-02-02 01:10:42
rengine v2.0.2 reNgine is an automated reconnaissance framework for
web applications with a focus on highly configurable
streamlined recon process via Engines, recon data co
rrelation and organiza		 2024-01-05 18:46:03
heartsk_community LOWBUG@
Latest		 Hearts K-企业资产发现与脆弱性检查工具,自动化资产信
息收集与漏洞扫描		 2022-06-15 01:25:33
xunfeng v0.1.1 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统
 2021-03-16 14:07:11
Autoscanner v1.2.1 输入域名>爆破子域名>扫描子域名端口>发现扫描web服务>
集成报告的全流程全自动扫描器。集成oneforall、masscan、
nmap、dirsearch、crawlergo、xray等工具,另支持cdn识别
、网页截图、站点定位;动态识别域名并添加功能、工具超时
中断等		 2022-08-18 13:25:15

综合

项目名称 版本 项目描述 最近提交时间
TScan TScan 提供了CMS指纹识别、端口扫描、旁站信息、信息泄
漏等功能,期许在最短的时间辅助安全人员在渗透前做好充分
的信息搜集		 2019-08-28 09:18:42
AssetsHunter 资产狩猎框架-AssetsHunter,信息收集是一项艺术~ 2021-11-09 09:05:32
dismap v0.4 Asset discovery and identification tools 快速识别 We
b 指纹信息,定位资产类型。辅助红队快速定位目标资产信
息,辅助蓝队发现疑似脆弱点		 2023-08-14 09:19:15

云安全

K8S基线核查

项目名称 版本 项目描述 最近提交时间
kube-bench v0.7.0 Checks whether Kubernetes is deployed according to s
ecurity best practices as defined in the CIS Kubernet
es Benchmark		 2024-01-12 06:01:55

K8S漏洞扫描

项目名称 版本 项目描述 最近提交时间
kube-hunter v0.6.8 Hunt for security weaknesses in Kubernetes clusters 2022-09-04 06:39:33

容器安全检测工具

项目名称 版本 项目描述 最近提交时间
veinmind-tools v2.1.5 veinmind-tools 是由长亭科技自研,基于 veinmind-sdk
打造的容器安全工具集		 2024-01-10 09:08:30

容器安全扫描

项目名称 版本 项目描述 最近提交时间
trivy v0.48.3 Find vulnerabilities, misconfigurations, secrets, SB
OM in containers, Kubernetes, code repositories, clou
ds and more		 2024-01-12 04:36:55

容器镜像扫描

项目名称 版本 项目描述 最近提交时间
grype v0.74.0 A vulnerability scanner for container images and fil
esystems		 2024-01-09 21:20:55
syft v0.100.
0		 CLI tool and library for generating a Software Bill
of Materials from container images and filesystems		 2024-01-12 22:39:13

容器漏洞分析工具

项目名称 版本 项目描述 最近提交时间
clair v4.7.2 Vulnerability Static Analysis for Containers 2024-01-12 15:23:35

容器漏洞利用工具

项目名称 版本 项目描述 最近提交时间
CDK v1.5.2 📦 Make security testing of K8s, Docker, and Contain
erd easier.		 2023-03-12 16:40:00

容器逃逸检测工具

项目名称 版本 项目描述 最近提交时间
container-escape-
check		 v0.3 docker container escape check

云原生安全平台

项目名称 版本 项目描述 最近提交时间
neuvector v5.2.4 2024-01-12 10:54:02
ThunderCloud Cloud Exploit Framework 2022-05-11 14:49:31
containerd v1.6.27 An open and reliable container runtime 2024-01-12 22:18:33

云原生攻防靶场

项目名称 版本 项目描述 最近提交时间
metarget v0.9.1 Metarget is a framework providing automatic construc
tions of vulnerable infrastructures.		 2023-03-13 10:54:12

蓝队

安全检查

基线

项目名称 版本 项目描述 最近提交时间
Shell_Script v0.1 Linux系统的安全,通过脚本对Linux系统进行一键检测和一
键加固		 2022-08-08 01:19:36

安全建设

Web应用防火墙

项目名称 版本 项目描述 最近提交时间
safeline v4.1.1 一款足够简单、足够好用、足够强的免费 WAF。基于业界领
先的语义引擎检测技术,作为反向代理接入,保护你的网站不
受黑客攻击。		 2024-01-11 10:58:48
openstar lua waf,nginx+lua,openresty,luajit,waf+,cdn,nginx 2021-10-10 12:38:04

堡垒机

项目名称 版本 项目描述 最近提交时间
jumpserver v3.10.1 JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的
专业运维安全审计系统。		 2024-01-12 06:17:23

欺骗防御

项目名称 版本 项目描述 最近提交时间
mysql-fake-server 0.0.4 MySQL Fake Server (纯Java实现,支持GUI版和命令行版,
提供Dockerfile,支持多种常见JDBC利用)		 2023-09-18 15:12:06
MysqlT v1.0 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任
意文件反击攻击者		 2022-04-24 07:53:04
WhetherMysqlSham v1.0 检测目标Mysql数据库是不是蜜罐 2021-02-23 11:35:55
Juggler A system that may trick hackers. 针对黑客的拟态欺骗
系统。		 2020-11-29 08:30:49
DecoyMini v2.0.66
91		 🐝 A highly scalable, safe, free enterprise honeypot
s 一款高可扩展、安全、免费的企业级蜜罐系统		 2024-01-08 08:52:58
MySQL_Fake_Server MySQL Fake Server use to help MySQL Client File Read
ing and JDBC Client Java Deserialize		 2021-11-18 12:56:27
Ehoney v3.0.0 安全、快捷、高交互、企业级的蜜罐管理系统,护网;支持
多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly i
nteractive and enterprise level honeypot management s
ystem, supports multiple protocol honeypots, honeytok
ens, baits		 2022-11-17 14:10:40
MoAn_Honey_Pot_Ur
ls		 X安蜜罐用的一些存在JSonp劫持的API 2021-05-28 09:27:23
HFish 安全、可靠、简单、免费的企业级蜜罐 2023-12-28 03:45:12
conpot Release
_0.6.0		 ICS/SCADA honeypot 2023-07-24 13:59:19
CS_fakesubmit 一个可以伪装上线Cobaltstrike的脚本 2022-09-28 11:54:35
ide-honeypot 一款针对于IDE的反制蜜罐 IDE-honeypot 2022-07-12 01:24:08

威胁检测

项目名称 版本 项目描述 最近提交时间
RmEye v0.0.4 戎码之眼是一个window上的基于att&ck模型的威胁监控工具
.有效检测常见的未知威胁与已知威胁.防守方的利剑		 2023-10-25 07:55:45

主机入侵防御

项目名称 版本 项目描述 最近提交时间
iDefender 2.9.0 iDefender(冰盾 - 终端主动防御系统) 2023-12-29 14:52:04

主机入侵检测

项目名称 版本 项目描述 最近提交时间
Elkeid v1.9.0.
4_202401
12_elkei
d_ko		 Elkeid is an open source solution that can meet the
security requirements of various workloads such as ho
sts, containers and K8s, and serverless. It is derive
d from ByteDance's int		 2024-01-10 09:44:57
Hades Hades is an cross-platform HIDS with kernel-space da
ta collection.		 2023-05-29 00:29:07
cobaltstrike-suri
cata-rules		 17条检测cobaltstrike的suricata-ids规则 2022-06-20 09:36:14

取证

USB取证

键盘流量
项目名称 版本 项目描述 最近提交时间
UsbKbCracker CTF中常见键盘流量解密脚本 2023-07-17 10:32:48
UsbKeyboardDataHa
cker		 USB键盘流量包取证工具 , 用于恢复用户的击键信息 2022-09-29 09:14:56
鼠标流量
项目名称 版本 项目描述 最近提交时间
UsbMiceDataHacker USB鼠标流量包取证工具 , 主要用于绘制鼠标移动以及拖动
轨迹		 2020-10-09 06:47:37

内存取证

项目名称 版本 项目描述 最近提交时间
VolatilityPro 一款用于自动化处理内存取证的Python脚本,并提供GUI界
 2023-12-26 08:30:53
MemProcFS v5.8 MemProcFS 2023-12-20 18:10:16
volatility3 v2.5.0 Volatility 3.0 development 2024-01-02 19:08:03
LinuxVolProfiles 2.0 Volatility Linux Profiles 2014-08-01 22:16:57
community Volatility plugins developed and maintained by the c
ommunity		 2019-11-15 16:52:01
profiles Volatility profiles for Linux and Mac OS X 2019-10-08 16:11:39
community3 Volatility3 plugins developed and maintained by the
community		 2022-02-18 16:03:32

网络取证

Shiro流量取证
项目名称 版本 项目描述 最近提交时间
SerializationDump
er-Shiro		 基于SerializationDumper的Shiro Cookie序列化数据解密
小工具		 2020-08-15 09:55:44
冰蝎(Behinder)流量取证
项目名称 版本 项目描述 最近提交时间
DecodeSomeJSPWebs
hell		 v1.2 冰蝎、哥斯拉 jsp webshell通信流量解密器 2023-04-18 10:06:15
webshell_detect webshell_detect 2023-07-06 06:38:30
哥斯拉(Godzilla)流量取证
项目名称 版本 项目描述 最近提交时间
webshell_detect webshell_detect 2023-07-06 06:38:30

文件取证

图片
png

####### LSB隐写

项目名称 版本 项目描述 最近提交时间
steganography Simple C++ Image Steganography tool to encrypt and h
ide files insde images using Least-Significant-Bit en
coding.		 2022-10-29 20:06:41
stegpy Simple steganography program based on the LSB method
.		 2022-09-03 02:27:36
cloacked-pixel LSB steganography and detection 2017-06-01 18:15:20
####### png宽高修复
项目名称 版本 项目描述 最近提交时间
:---- :---- :---- :----
Deformed-Image-Re
storer		 V1.02 自动爆破PNG图片宽高并一键修复工具 2023-05-01 01:27:28
####### 截图漏洞
项目名称 版本 项目描述 最近提交时间
:---- :---- :---- :----
Acropalypse-Multi
-Tool		 v1.0.0 Easily detect and restore Acropalypse vulnerable PNG
and GIF files with simple Python GUI.		 2023-05-30 14:38:32
盲水印
项目名称 版本 项目描述 最近提交时间
BlindWaterMark 盲水印 by python 2022-11-04 09:26:31
blind_watermark 0.2.1 Blind&Invisible Watermark ,图片盲水印,提取水印无须
原图!		 2023-11-18 06:38:25
blind-watermark Watermark added to the frequency domain by Fourier t
ransform		 2018-04-24 14:43:57
BlindWatermark v0.0.3 Java 盲水印 2020-04-05 14:08:06
其他
项目名称 版本 项目描述 最近提交时间
ImageMagick 7.1.1-2
6		 🧙‍♂️ ImageMagick 7 2024-01-11 16:30:29
综合
项目名称 版本 项目描述 最近提交时间
stegsolve v1.4 2019-10-22 09:10:38
ImageStrike V0.2 ImageStrike是一款用于CTF中图片隐写的综合利用工具 2022-07-19 01:38:30
压缩包
CRC32碰撞
项目名称 版本 项目描述 最近提交时间
CRC32-Tools 2.2 Easy CRC32 Tools,so easy!!! 2023-02-01 01:39:12
ZIP伪加密
项目名称 版本 项目描述 最近提交时间
ZipCenOp ZipCenOp is a Java tool to play with Zip pseudo-encr
yption.		 2021-02-15 06:10:22
音频
项目名称 版本 项目描述 最近提交时间
audacity Audacit
y-3.4.2		 Audio Editor 2024-01-11 17:26:54
QSSTV Receive and transmit images over radio using analog
SSTV or digital DRM		 2023-07-15 10:35:38
dtmf-decoder Extract phone numbers from an audio recording of the
dial tones.		 2021-01-26 08:05:15

应用程序取证

QQ取证
项目名称 版本 项目描述 最近提交时间
qq_msg_decode 解码qq聊天数据库 2023-06-01 06:04:43
vmware vcenter
项目名称 版本 项目描述 最近提交时间
vhost_password_de
crypt		 vhost password decrypt 2022-10-25 10:40:23
vmx加密破解
项目名称 版本 项目描述 最近提交时间
pyvmx-cracker Simple tool to crack VMware VMX encryption passwords 2018-10-03 22:39:46
Wifi
项目名称 版本 项目描述 最近提交时间
WIFIpass decrypt all saved WIFI passwords on your PC 2016-09-14 16:39:24
浏览器取证
项目名称 版本 项目描述 最近提交时间
Browser-cookie-st
eal		 Python script for steal browser cookies 2020-05-27 03:13:53
SharpWeb v1.2 .NET 2.0 CLR project to retrieve saved browser crede
ntials from Google Chrome, Mozilla Firefox and Micros
oft Internet Explorer/Edge.		 2018-08-13 22:07:02
360SafeBrowserget
pass		 v0.1 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike
脚本以及解密小工具,用于节省红队工作量,通过下载浏览器
数据库、记录密钥来离线解密浏览器密码。		 2021-04-04 02:43:30
HackBrowserData v0.4.4 Decrypt passwords/cookies/history/bookmarks from the
browser. 一款可全平台运行的浏览器数据导出解密工具。		 2023-10-02 14:37:42
BrowserGhost 1 这是一个抓取浏览器密码的工具,后续会添加更多功能 2020-06-29 08:16:52
hindsight v2023.0
3		 Web browser forensics for Google Chrome/Chromium 2023-08-29 02:20:32
Catch-Browser This is a crawler password tool 2021-06-17 07:44:26
SharpChromium .NET 4.0 CLR Project to retrieve Chromium data, such
as cookies, history and saved logins.		 2020-10-23 22:28:05
browser-dumpwd Dump browser passwords(chrome, firefox) with sqlite3
lib.		 2016-05-30 09:40:06
Pillager AutoBui
ld		 Pillager是一个适用于后渗透期间的信息收集工具 2024-01-09 12:52:34
chrome_password_g
rabber		 Get unencrypted 'Saved Password' from Google Chrome 2021-01-04 13:30:57
SharpCookieMonste
r		 Extracts cookies from Chrome. 2023-03-15 09:51:02
微信取证
项目名称 版本 项目描述 最近提交时间
SharpWxDump 微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮
箱/数据库密钥(用来解密聊天记录));支持获取多用户信息,
不定期更新新版本偏移,目前支持所有新版本、正式版本		 2023-07-23 05:05:26
chatViewTool BEAT 基于Java实现的图形化微信聊天记录解密查看器 2022-06-16 08:47:41
Sharp-dumpkey 1 基于C#实现的获取微信数据库密钥的小工具 2022-07-19 07:16:16
GoWxDump v1.0.12 SharpWxDump的Go语言版。微信客户端取证,获取信息(微信
号、手机号、昵称),微信聊天记录分析(Top N聊天的人、统
计聊天最频繁的好友排行、关键词列表搜索等)		 2023-06-15 03:49:16
PyWxDump v2.4.16 获取微信账号信息(昵称/账号/手机/邮箱/数据库密钥/wxid
);PC微信数据库读取、解密脚本;聊天记录查看工具;聊天
记录导出为html(包含语音图片)。支持多账户信息获取,支持
所有微信版本。		 2024-01-13 10:10:42
WeChatUserDB GetWeChat DBPassword&&UserInfo(获取PC数据库密码以及
相关微信用户信息支持多系统数据库解密)		 2022-07-24 07:31:29
wechat-backup v1.0.0 微信聊天记录持久化备份本地硬盘,释放手机存储空间。 2023-06-22 13:34:20
WeChatMsg v1.0.3 提取微信聊天记录,将其导出成HTML、Word、CSV文档永久
保存,对聊天记录进行分析生成年度聊天报告		 2024-01-13 17:21:19
向日葵取证
项目名称 版本 项目描述 最近提交时间
Sunflower_get_Pas
sword		 一款针对向日葵的识别码和验证码提取工具 2021-11-01 13:35:40
邮件取证
项目名称 版本 项目描述 最近提交时间
GetMail 利用NTLM Hash读取Exchange邮件 2023-09-20 12:37:18
远程软件
项目名称 版本 项目描述 最近提交时间
Xdecrypt Xshell Xftp password decrypt 2022-04-14 10:46:50
SharpDPAPI SharpDPAPI is a C# port of some Mimikatz DPAPI funct
ionality.		 2023-04-21 18:58:40
SharpDecryptPwd Windows常用程序密码读取工具:SharpDecryptPwd 2019-10-12 11:48:39
SharpXDecrypt v0.1.4 Xshell全版本密码恢复工具 2023-06-08 09:27:22
SharpDBeaver DBeaver数据库密码解密工具 2023-07-11 09:46:13
FinalShell-Decode
r		 V1.0 FinallShell 密码解密GUI工具 2022-04-11 11:34:42
getIntrInfo 收集内部网信息。包括:浏览器书签、密码和浏览历史记录
、cookie。Wifi信息和密码。主机信息。		 2022-10-08 07:32:58
SharpDecryptPwd SharpDecryptPwd source, To Decrypt Navicat,Xmanager,
Filezilla,Foxmail,WinSCP,etc		 2022-03-04 02:49:31
SharpDecryptPwd 对密码已保存在 Windwos 系统上的部分程序进行解析,包括
:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产
品(Xshell,Xftp)。源码:https://github.com/RowTeam/Sha
rpDecryptPwd		 2022-03-16 05:47:14
TeamViewer TeamView Get PassWord 2021-10-16 07:35:53
FinalShellDecodeP
ass		 FinalShellDecodePass 加密解密 2021-12-01 20:22:05
how-does-SecureCR
T-encrypt-password		 Transferred from https://github.com/DoubleLabyrinth/
how-does-SecureCRT-encrypt-password		 2023-09-08 04:00:26
navicat_password_
decrypt		 v2.0 忘记navicat密码时,此工具可以帮您查看密码 2022-10-19 03:38:21
how-does-navicat-
encrypt-password		 Transferred from https://github.com/DoubleLabyrinth/
how-does-navicat-encrypt-password		 2022-10-12 03:30:12
MobaXterm-Decrypt
or		 MobaXterm Decryptor 2020-12-19 23:47:26
RDODecrypt Remote Desktop Organizer 密码破解 2020-05-15 05:25:19
how-does-MobaXter
m-encrypt-password		 This repo offers a tool to reveal password encrypted
by MobaXterm.		 2019-12-13 07:03:26
how-does-Xmanager
-encrypt-password		 This is a repo to tell you how Xmanager (XFtp, XShel
l) encrypt password. Transferred from https://github.
com/DoubleLabyrinth/how-does-Xmanager-encrypt-passwor
d		 2019-12-11 12:57:18
SessionGopher SessionGopher is a PowerShell tool that uses WMI to
extract saved session information for remote access t
ools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, an
d Microsoft Remote Des		 2018-11-29 16:25:43
winscppasswd 1.0 WinSCP Password Extractor/Decrypter/Revealer written
in go language		 2017-01-19 00:56:15
主机账号
项目名称 版本 项目描述 最近提交时间
fakelogonscreen 1.1 Fake Windows logon screen to steal passwords 2020-02-03 23:25:28
win-brute-logon Crack any Microsoft Windows users password without a
ny privilege (Guest account included)		 2022-12-27 12:06:40
mimikatz 2.2.0-2
0220919		 A little tool to play with Windows security 2022-09-19 21:24:53
goLazagne Go library for credentials recovery 2021-09-27 15:21:32
RdpThief_tools 窃取mstsc中的用户明文凭据 2021-04-23 06:25:35
LaZagne v2.4.5 Credentials recovery project 2023-11-13 16:46:59

信安

敏感词

项目名称 版本 项目描述 最近提交时间
DangerousSpamWord
s		 🎶超轻量的中文敏感字、敏感词库,字典词典,超低
误识别率,另提供API调用		 2019-04-26 12:16:20
anti-AD v4.3 致力于成为中文区命中率最高的广告过滤列表,实现精确的
广告屏蔽和隐私保护。anti-AD现已支持AdGuardHome,dnsmas
q, Surge,Pi-Hole,smartdns等网络组件。完全兼容常见
的广告过滤工具所支持的各种广告过滤列表格式		 2024-01-13 18:32:50
sensitive_words 敏感词库整理 2016-02-29 12:23:21

应急

Web层面

webshell后门
项目名称 版本 项目描述 最近提交时间
http://www.shelldetector.com/
Webshell_finder 网站木马检测 2014-11-12 13:59:25
BackdoorMan BackdoorMan is a toolkit that helps you find malicio
us, hidden and suspicious PHP scripts and shells in a
chosen destination.		 2016-12-09 15:41:13
findWebshell findWebshell是一款基于python开发的webshell检测工具。 2018-11-14 03:17:12
kunwu 0.1.0 kunwu是新一代webshell检测引擎,使用了内置了模糊规则
、污点分析模拟执行、机器学习三种高效的检测策略		 2023-05-30 03:10:23
webshell-find-too
ls		 分析web访问日志以及web目录文件属性,用于根据查找可疑
后门文件的相关脚本。		 2013-03-08 16:54:26
as_scanwebshell An AntSword's plugin to scan webshell 2019-09-02 01:10:53
https://www.shellpub.com/
java-memshell-sca
nner		 通过jsp脚本扫描java web Filter/Servlet型内存马 2021-11-29 14:41:17
内存马查杀
项目名称 版本 项目描述 最近提交时间
shell-analyzer 0.1 Java内存马查杀GUI工具,实时动态分析,支持本地和远程
查杀		 2023-06-03 16:53:13
arthas arthas-
all-3.7.
2		 Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断
利器Arthas		 2024-01-02 07:54:00
DuckMemoryScan 检测绝大部分所谓的内存免杀马 2022-09-15 06:43:55
copagent java memory web shell extracting tool 2021-05-17 02:17:34
aLIEz 杀内存马的工具,欢迎code review,提出更好的意见 2021-03-30 07:51:28
ASP.NET-Memshell-
Scanner		 asp.net内存马检测工具 2023-08-22 08:10:22

网络层面

IP信息
项目名称 版本 项目描述 最近提交时间
china-operator-ip 中国运营商IPv4/IPv6地址库-每日更新 2023-04-26 10:25:27
GeoIP2-CN 小巧精悍、准确、实用 GeoIP2 数据库 2022-04-06 09:37:15

威胁情报

IP分析
项目名称 版本 项目描述 最近提交时间
ARTIF 1.0 An advanced real time threat intelligence framework
to identify threats and malicious web traffic on the
basis of IP reputation and historical data.		 2022-06-10 13:23:52
tig v0.5.4 Threat Intelligence Gathering 威胁情报收集,旨在提高
蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。		 2022-07-05 12:33:45
暗网监测
项目名称 版本 项目描述 最近提交时间
DarkNet_ChineseTr
ading		 🚇暗网中文网监控爬虫(DEEPMIX) 2022-10-11 02:18:16
钓鱼监测
项目名称 版本 项目描述 最近提交时间
phishing_catcher Phishing catcher using Certstream 2020-12-08 10:11:30

系统层面

DLL劫持
项目名称 版本 项目描述 最近提交时间
DLLSpy V1 DLL Hijacking Detection Tool 2019-03-14 14:58:36
Linux应急工具
项目名称 版本 项目描述 最近提交时间
LinuxCheck V2.3 Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网
络流量/任务计划/环境变量/用户信息/Services/bash/恶意文
件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/
服务器风险等13类70+项检查		 2023-02-16 14:15:27
malwoverview v5.4.2 Malwoverview is a first response tool used for threa
t hunting and offers intel information from Virus Tot
al, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Al
ien Vault, Malpedia, M		 2023-10-29 18:49:03
uroboros A GNU/Linux monitoring and profiling tool focused on
single processes.		 2021-11-14 17:42:51
GScan 本程序旨在为安全应急响应人员对Linux主机排查时提供便
利,实现主机侧Checklist的自动全面化检测,根据检测结果
自动数据聚合,进行黑客攻击路径溯源。		 2019-12-30 10:42:24
whohk
Emergency/blob/ma
ster/linux.sh
yingji 应急相关内容积累 2023-10-13 08:04:07
https://rkhunter.sourceforge.net/
Windows应急工具
windows日志分析
项目名称 版本 项目描述 最近提交时间
APT-Hunter V3.0 APT-Hunter is Threat Hunting tool for windows event
logs which made by purple team mindset to provide det
ect APT movements hidden in the sea of windows event
logs to decrease the t		 2023-05-07 14:26:57
windodws-logs-ana
lysis		 windows日志一键分析小工具 2020-12-02 02:11:58
WELA v1.0.0 WELA (Windows Event Log Analyzer): The Swiss Army kn
ife for Windows Event Logs! ゑ羅(ウェラ)		 2023-02-03 23:43:57
https://www.microsoft.com/en-us/download/details.aspx?id=24659
https://www.nirsoft.net/utils/full_event_log_view.html
进程监控
项目名称 版本 项目描述 最近提交时间
https://processhacker.sourceforge.io/
内核小工具
项目名称 版本 项目描述 最近提交时间
YDArk X64内核小工具 2023-01-10 09:45:53
其他
项目名称 版本 项目描述 最近提交时间
https://docs.microsoft.com/zh-cn/sysinternals/downloads/
信息采集
项目名称 版本 项目描述 最近提交时间
FireKylin v1.4.0 🔥火麒麟-网络安全应急响应工具(系统痕迹采集)Cybersecu
rity emergency response tool.👍👍👍		 2021-12-19 17:28:06
sysmon-config Sysmon configuration file template with default high
-quality event tracing		 2021-10-17 01:19:08
dfirtriage Digital forensic acquisition tool for Windows based
incident response.		 2021-10-29 17:21:14
winlog 一款基于go的windows信息收集工具,主要收集目标机器rdp
端口、mstsc远程连接记录、mstsc密码和安全事件中4624、46
25登录事件记录		 2022-07-18 15:27:06
异常检测
项目名称 版本 项目描述 最近提交时间
RmTools 蓝队应急工具 2023-12-25 11:08:51
综合
项目名称 版本 项目描述 最近提交时间
d-eyes v1.1.0 D-Eyes为M-SEC社区一款检测与响应工具 2023-11-08 08:09:48
勒索软件
解密工具
项目名称 版本 项目描述 最近提交时间
Decryption-Tools Decryption-Tools 2019-06-17 16:08:05

相关资源

项目名称 版本 项目描述 最近提交时间
Emergency-Respons
e-Notes		 应急响应实战笔记,一个安全工程师的自我修养。 2021-09-02 01:16:35

综合

分析辅助
项目名称 版本 项目描述 最近提交时间
BlueTeamTools BlueTea
mToolsV0
.92版本		 蓝队分析研判工具箱,功能包括内存马反编译分析、各种代
码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解
密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端
口连接分析、各种编码/解码功能、蓝队分析常用网址、java
反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索
等。		 2024-01-05 02:10:41

开发

Go

其他

项目名称 版本 项目描述 最近提交时间
go-pinyin v0.20.0 汉字转拼音 2023-05-14 12:01:59

Python

其他

项目名称 版本 项目描述 最近提交时间
python-pinyin v0.49.0 汉字转拼音(pypinyin) 2023-09-09 03:46:39
python-small-exam
ples		 告别枯燥,致力于打造 Python 实用小例子,更多Python良
心教程见 Python中文网 http://www.zglg.work		 2023-09-03 23:57:38

正则

项目名称 版本 项目描述 最近提交时间
common-regex 🎃 常用正则表达式 - 收集一些在平时项目
开发中经常用到的正则表达式。		 2019-03-04 04:15:20

未分类

项目名称 版本 项目描述 最近提交时间
pulumi v3.94.1 Pulumi - Infrastructure as Code in any programming l
anguage. Build infrastructure intuitively on any clou
d using familiar languages 🚀		 2023-11-16 22:33:26
trufflehog v3.62.1 Find and verify credentials 2023-11-16 21:59:53
dnSpy v6.4.1 Unofficial revival of the well known .NET debugger a
nd assembly editor, dnSpy		 2023-11-16 21:31:26
druid 1.2.20 阿里云计算平台DataWorks(https://help.aliyun.com/docu
ment_detail/137663.html) 团队出品,为监控而生的数据库
连接池		 2023-11-16 20:20:37
console v0.41.0 Simple UI for MinIO Object Storage 🧮 2023-11-16 19:34:04
notify v0.41.0 A dead simple Go library for sending notifications t
o various messaging services.		 2023-11-16 19:32:15
code-server v4.18.0 VS Code in the browser 2023-11-16 19:10:36
delve v1.21.2 Delve is a debugger for the Go programming language. 2023-11-16 18:43:23
protections-artif
acts		 Elastic Security detection content for Endpoint 2023-11-16 18:17:07
ruby v3_2_2 The Ruby Programming Language 2023-11-16 18:00:08
jadx v1.4.7 Dex to Java decompiler 2023-11-16 17:48:08
glpi 10.0.10 GLPI is a Free Asset and IT Management Software pack
age, Data center management, ITIL Service Desk, licen
ses tracking and software auditing.		 2023-11-16 16:24:02
gotestwaf An open-source project in Golang to asess different
API Security tools and WAF for detection logic and by
passes		 2023-11-16 16:02:21
yara v4.3.2 The pattern matching swiss knife 2023-11-16 15:57:54
gin v1.9.1 Gin is a HTTP web framework written in Go (Golang).
It features a Martini-like API with much better perfo
rmance -- up to 40 times faster. If you need smashing
performance, get your		 2023-11-16 15:46:43
etcd v3.5.10 Distributed reliable key-value store for the most cr
itical data of a distributed system		 2023-11-16 15:44:47
spring-framework v6.1.0 Spring Framework 2023-11-16 14:33:01
wekan v7.18 The Open Source kanban (built with Meteor). Keep var
iable/table/field names camelCase. For translations,
only add Pull Request changes to wekan/i18n/en.i18n.j
son , other translatio		 2023-11-16 13:59:01
StratosphereLinux
IPS		 v1.0.8 Slips, a free software behavioral Python intrusion p
revention system (IDS/IPS) that uses machine learning
to detect malicious behaviors in the network traffic
. Stratosphere Laborat		 2023-11-16 12:28:29
nuclei-templates v9.6.9 Community curated list of templates for the nuclei e
ngine to find security vulnerabilities.		 2023-11-16 12:05:59
pdns PowerDNS Authoritative, PowerDNS Recursor, dnsdist 2023-11-16 11:26:51
compose v2.23.1 Define and run multi-container applications with Doc
ker		 2023-11-16 11:25:13
AdGuardHome v0.107.
41		 Network-wide ads & trackers blocking DNS server 2023-11-16 11:14:40
tabby v1.0.20
4		 A terminal for a more modern age 2023-11-16 11:00:51
harbor v2.9.1 An open source trusted cloud native registry project
that stores, signs, and scans content.		 2023-11-16 08:51:00
HikariCP 光 HikariCP・A solid, high-performance, JDBC connect
ion pool at last.		 2023-11-16 08:44:25
scrapy 2.11.0 Scrapy, a fast high-level web crawling & scraping fr
amework for Python.		 2023-11-16 08:35:43
falco 0.36.2 Cloud Native Runtime Security 2023-11-16 08:26:19
suricata suricat
a-7.0.2		 Suricata is a network Intrusion Detection System, In
trusion Prevention System and Network Security Monito
ring engine developed by the OISF and the Suricata co
mmunity.		 2023-11-16 08:13:50
yakit v1.2.7-
sp4		 Cyber Security ALL-IN-ONE Platform 2023-11-16 07:55:32
pwndbg 2023.07
.17		 Exploit Development and Reverse Engineering with GDB
Made Easy		 2023-11-16 07:40:32
aliyun-cli v3.0.18
8		 Alibaba Cloud CLI 2023-11-16 07:09:36
Microsoft-Activat
ion-Scripts		 2.5 A Windows and Office activator using HWID / Ohook /
KMS38 / Online KMS activation methods, with a focus o
n open-source code and fewer antivirus detections.		 2023-11-16 07:04:37
commix v3.8 Automated All-in-One OS Command Injection Exploitati
on Tool.		 2023-11-16 06:40:58
sharry v1.12.1 Sharry is a self-hosted file sharing web application
.		 2023-11-16 06:14:02
APT_REPORT Interesting APT Report Collection And Some Special I
OC		 2023-11-16 06:04:55
monkey v2.3.0 Infection Monkey - An open-source adversary emulatio
n platform		 2023-11-16 05:29:30
zmap v3.0.0 ZMap is a fast single packet network scanner designe
d for Internet-wide network surveys.		 2023-11-16 04:24:04
Nuitka Nuitka is a Python compiler written in Python. It's
fully compatible with Python 2.6, 2.7, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 3.10, and 3.11. You feed it your Pyth
on app, it does a lot		 2023-11-16 03:41:37
masscan 1.3.2 TCP port scanner, spews SYN packets asynchronously,
scanning entire Internet in under 5 minutes.		 2023-11-16 03:33:40
dfimage Reverse-engineer a Dockerfile from a Docker image. 2023-11-16 01:46:00
theHarvester 4.4.4 E-mails, subdomains and names Harvester - OSINT 2023-11-16 01:14:25
alt-tab-macos v6.64.0 Windows alt-tab on macOS 2023-11-15 23:44:37
phpmyadmin RELEASE
_5_2_1		 A web interface for MySQL and MariaDB 2023-11-15 22:51:22
sdk-api Public contributions for win32 API documentation 2023-11-15 22:21:07
static-analysis ⚙️ A curated list of static analysis (SAST) tools
and linters for all programming languages, config fil
es, build tools, and more. The focus is on tools whic
h improve code quality.		 2023-11-15 21:58:37
terraform v1.6.4 Terraform enables you to safely and predictably crea
te, change, and improve infrastructure. It is a sourc
e-available tool that codifies APIs into declarative
configuration files th		 2023-11-15 21:19:59
sslh Applicative Protocol Multiplexer (e.g. share SSH and
HTTPS on the same port)		 2023-11-15 21:02:21
btop v1.2.13 A monitor of resources 2023-11-15 20:43:18
qrazybox QR Code Analysis and Recovery Toolkit 2023-11-15 20:03:14
fish-shell 3.6.1 The user-friendly command line shell. 2023-11-15 16:58:42
rich v13.7.0 Rich is a Python library for rich text and beautiful
formatting in the terminal.		 2023-11-15 16:31:56
rundeck v4.17.3 Enable Self-Service Operations: Give specific users
access to your existing tools, services, and scripts		 2023-11-15 15:55:28
pyscript 2023.11
.1		 Home Page: https://pyscript.net Examples: https://py
script.net/examples		 2023-11-15 15:00:09
LogonTracer v1.6.1 Investigate malicious Windows logon by visualizing a
nd analyzing Windows event log		 2023-11-15 13:07:29
QEMU Official QEMU mirror. Please see https://www.qemu.or
g/contribute/ for how to submit changes to QEMU. Pull
Requests are ignored. Please only use release tarbal
ls from the QEMU websi		 2023-11-15 13:05:25
CotEditor 4.6.5 Lightweight Plain-Text Editor for macOS 2023-11-15 12:57:46
cas v6.6.13 Apereo CAS - Identity & Single Sign On for all earth
lings and beyond.		 2023-11-15 12:50:44
krbrelayx Kerberos unconstrained delegation abuse toolkit 2023-11-15 12:49:20
aria2 release
-1.37.0		 aria2 is a lightweight multi-protocol & multi-source
, cross platform download utility operated in command
-line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent
and Metalink.		 2023-11-15 12:09:36
upx v4.2.1 UPX - the Ultimate Packer for eXecutables 2023-11-15 12:06:29
CycleTLS Spoof TLS/JA3 fingerprints in GO and Javascript 2023-11-15 11:30:39
PostgresApp v2.6.8a The easiest way to get started with PostgreSQL on th
e Mac		 2023-11-15 08:52:12
nacos 2.2.3 an easy-to-use dynamic service discovery, configurat
ion and service management platform for building clou
d native applications.		 2023-11-15 08:21:51
photon 5.0-GA Minimal Linux container host 2023-11-15 06:57:51
DongTai v1.16.0 Dongtai IAST is an open-source Interactive Applicati
on Security Testing (IAST) tool that enables real-tim
e detection of common vulnerabilities in Java applica
tions and third-party		 2023-11-15 06:17:52
pwcrack-framework 1.21.0 Password Crack Framework 2023-11-15 04:50:30
wabt 1.0.34 The WebAssembly Binary Toolkit 2023-11-15 01:25:41
garble v0.10.1 Obfuscate Go builds 2023-11-15 00:28:56
onedrive_user_enu
m		 onedrive user enumeration - pentest tool to enumerat
e valid o365 users		 2023-11-14 23:35:15
tmux 3.3a tmux source code 2023-11-14 22:01:09
sslscan 2.1.2 sslscan tests SSL/TLS enabled services to discover s
upported cipher suites		 2023-11-14 21:33:19
nmap Nmap - the Network Mapper. Github mirror of official
SVN repository.		 2023-11-14 19:04:27
CSS-Exchange v23.11.
14.1759		 Exchange Server support tools and scripts 2023-11-14 17:53:42
TREVORspray TREVORspray is a modular password sprayer with threa
ding, clever proxying, loot modules, and more!		 2023-11-14 16:30:50
broot v1.28.1 A new way to see and navigate directory trees : http
s://dystroy.org/broot		 2023-11-14 15:52:22
dnscrypt-proxy-co
nfig		 2023-11-14 15:00:17
mitmproxy 10.1.5 An interactive TLS-capable intercepting HTTP proxy f
or penetration testers and software developers.		 2023-11-14 12:54:48
goreleaser v1.22.1 Deliver Go binaries as fast and easily as possible 2023-11-14 10:15:57
f8x 1.6.2 红/蓝队环境自动化部署工具 Red/Blue team environmen
t automation deployment tool
signature-base v2.0 YARA signature and IOC database for my scanners and
tools		 2023-11-14 09:08:23
usql v0.16.0 Universal command-line interface for SQL databases 2023-11-14 09:03:06
csprecon v0.0.8 Discover new target domains using Content Security P
olicy		 2023-11-14 08:11:20
yq v4.35.2 yq is a portable command-line YAML, JSON, XML, CSV,
TOML and properties processor		 2023-11-14 03:39:37
gmssl v3.2.2 a python crypto for sm2/sm3/sm4 2023-11-14 02:32:43
python-codext Python codecs extension featuring CLI tools for enco
ding/decoding anything		 2023-11-13 23:14:41
mapcidr v1.1.15 Utility program to perform multiple operations for a
given subnet/CIDR ranges.		 2023-11-13 22:10:11
miniforge 23.3.1-
1		 A conda-forge distribution. 2023-11-13 21:58:48
celery v5.3.5 Distributed Task Queue (development branch) 2023-11-13 19:36:52
Mythic v3.1.0 A collaborative, multi-platform, red teaming framewo
rk		 2023-11-13 15:57:18
MQTTX v1.9.6 A Powerful and All-in-One MQTT 5.0 client toolbox fo
r Desktop, CLI and WebSocket.		 2023-11-13 09:10:52
httpx v1.3.7 httpx is a fast and multi-purpose HTTP toolkit that
allows running multiple probes using the retryablehtt
p library.		 2023-11-13 07:19:42
coreruleset v3.3.5 OWASP ModSecurity Core Rule Set (Official Repository
)		 2023-11-12 19:40:03
MoreFind v1.5.5 一款用于快速导出URL、Domain和IP的小工具 2023-11-12 18:20:49
easy-rsa v3.1.7 easy-rsa - Simple shell based CA utility 2023-11-12 18:20:43
PayloadsAllTheThi
ngs		 3.0 A list of useful payloads and bypass for Web Applica
tion Security and Pentest/CTF		 2023-11-12 17:21:16
ezXSS 4.1 ezXSS is an easy way for penetration testers and bug
bounty hunters to test (blind) Cross Site Scripting.		 2023-11-12 14:56:06
fzf 0.44.0 🌸 A command-line fuzzy finder 2023-11-12 13:08:08
DSInternals v4.12 Directory Services Internals (DSInternals) PowerShe
ll Module and Framework		 2023-11-12 08:32:49
gmpy gmpy2-2
.1.5		 General Multi-Precision arithmetic for Python 2.6+/3
+ (GMP, MPIR, MPFR, MPC)		 2023-11-12 05:03:47
gopsutil v3.23.1
0		 psutil for golang 2023-11-12 01:37:03
ttyd 1.7.4 Share your terminal over the web 2023-11-12 00:23:53
dnsx v1.1.6 dnsx is a fast and multi-purpose DNS toolkit allow t
o run multiple DNS queries of your choice with a list
of user-supplied resolvers.		 2023-11-11 17:05:27
werkzeug 3.0.1 The comprehensive WSGI web application library. 2023-11-11 16:37:37
glances v3.4.0.
2		 Glances an Eye on your system. A top/htop alternativ
e for GNU/Linux, BSD, Mac OS and Windows operating sy
stems.		 2023-11-11 09:21:47
openrasp v1.3.7 🔥Open source RASP solution 2023-11-11 00:01:21
stratus-red-team v2.10.0 ☁️ ⚡ Granular, Actionable Adversary Emulati
on for the Cloud		 2023-11-10 21:51:13
jd v1.7.1 JSON diff and patch 2023-11-10 19:29:37
wesng Windows Exploit Suggester - Next Generation 2023-11-10 18:52:14
bandit 1.7.5 Bandit is a tool designed to find common security is
sues in Python code.		 2023-11-10 18:12:39
ProcDump-for-Linu
x		 2.2 A Linux version of the ProcDump Sysinternals tool 2023-11-10 16:54:32
ioc Threat Intel IoCs + bits and pieces of dark matter 2023-11-10 14:00:23
apollo v2.1.0 Apollo is a reliable configuration management system
suitable for microservice configuration management s
cenarios.		 2023-11-10 13:14:27
bat v0.24.0 A cat(1) clone with wings. 2023-11-10 08:00:28
trash-cli Command line interface to the freedesktop.org trashc
an.		 2023-11-10 07:15:04
psutil Cross-platform lib for process and system monitoring
in Python		 2023-11-09 22:34:11
croc v9.6.6 Easily and securely send things from one computer to
another 🐊 📦		 2023-11-09 14:56:42
asnmap v1.0.6 Go CLI and Library for quickly mapping organization
network ranges using ASN information.		 2023-11-09 14:06:58
FiraCode 6.2 Free monospaced font with programming ligatures 2023-11-09 13:41:46
list The Public Suffix List 2023-11-09 00:09:38
alive-progress A new kind of Progress Bar, with real-time throughpu
t, ETA, and very cool animations!		 2023-11-08 23:23:17
shellcheck v0.9.0 ShellCheck, a static analysis tool for shell scripts 2023-11-08 21:06:26
fyne v2.4.1 Cross platform GUI toolkit in Go inspired by Materia
l Design		 2023-11-08 17:44:21
filebrowser v2.26.0 📂 Web File Browser 2023-11-08 16:59:46
Damn-Vulnerable-G
raphQL-Application		 2.1.2 Damn Vulnerable GraphQL Application is an intentiona
lly vulnerable implementation of Facebook's GraphQL t
echnology, to learn and practice GraphQL Security.		 2023-11-08 16:57:20
git-lfs v3.4.0 Git extension for versioning large files 2023-11-08 13:37:49
openvpn-install OpenVPN road warrior installer for Ubuntu, Debian, A
lmaLinux, Rocky Linux, CentOS and Fedora		 2023-11-08 11:40:11
naxsi 1.3 NAXSI is an open-source, high performance, low rules
maintenance WAF for NGINX		 2023-11-08 09:27:13
oss-browser v1.17.0 OSS Browser 提供类似windows资源管理器功能。用户可以
很方便的浏览文件,上传下载文件,支持断点续传等。		 2023-11-08 07:00:36
LOLBAS Living Off The Land Binaries And Scripts - (LOLBins
and LOLScripts)		 2023-11-08 01:55:24
fd v8.7.1 A simple, fast and user-friendly alternative to 'fin
d'		 2023-11-07 18:29:50
node-red 3.1.0 Low-code programming for event-driven applications 2023-11-07 17:46:33
soapui v5.7.2 SoapUI is a free and open source cross-platform func
tional testing solution for APIs and web services.		 2023-11-07 15:40:26
ModSecurity v3.0.10 ModSecurity is an open source, cross platform web ap
plication firewall (WAF) engine for Apache, IIS and N
ginx that is developed by Trustwave's SpiderLabs. It
has a robust event-bas		 2023-11-07 13:15:52
pdfparser v2.7.0 PdfParser, a standalone PHP library, provides variou
s tools to extract data from a PDF file.		 2023-11-07 07:03:52
ILSpy v8.2 .NET Decompiler with support for PDB generation, Rea
dyToRun, Metadata (&more) - cross-platform!		 2023-11-07 06:13:46
color v1.5.4 🎨 Terminal color rendering library, support 8/16 co
lors, 256 colors, RGB color rendering output, support
Print/Sprintf methods, compatible with Windows. GO C
LI 控制台颜色渲染工具库,支持16色,256		 2023-11-07 02:14:07
csvtk v0.28.0 A cross-platform, efficient and practical CSV/TSV to
olkit in Golang		 2023-11-06 22:27:01
interactsh v1.1.7 An OOB interaction gathering server and client libra
ry		 2023-11-06 17:34:10
fingerprintx v1.1.11 Standalone utility for service discovery on open por
ts!		 2023-11-06 16:26:44
emp3r0r v1.32.2 Linux/Windows post-exploitation framework made by li
nux user		 2023-11-06 09:36:07
color v1.16.0 Color package for Go (golang) 2023-11-06 08:25:55
merlin v2.0.0 Merlin is a cross-platform post-exploitation HTTP/2
Command & Control server and agent written in golang.		 2023-11-05 22:39:25
spiderfoot v4.0 SpiderFoot automates OSINT for threat intelligence a
nd mapping your attack surface.		 2023-11-05 18:36:23
lsassy v3.1.9 Extract credentials from lsass remotely 2023-11-05 17:10:09
weird_proxies Reverse proxies cheatsheet 2023-11-04 18:48:02
Windows11_Hardeni
ng		 a collection about Windows 11 2023-11-04 17:33:59
KaTeX v0.16.9 Fast math typesetting for the web. 2023-11-04 15:23:09
Rubeus 1.6.4 Trying to tame the three-headed dog. 2023-11-03 21:48:34
merlin-agent v2.0.0 Post-exploitation agent for Merlin 2023-11-03 12:45:07
telebot v3.1.0 Telebot is a Telegram bot framework in Go. 2023-11-02 23:26:19
gau v2.2.1 Fetch known URLs from AlienVault's Open Threat Excha
nge, the Wayback Machine, and Common Crawl.		 2023-11-02 13:09:27
dnstwist 2023091
8		 Domain name permutation engine for detecting homogra
ph phishing attacks, typo squatting, and brand impers
onation		 2023-11-01 20:24:15
smbmap v1.9.3.
1		 SMBMap is a handy SMB enumeration tool 2023-11-01 17:54:39
linux-kernel-expl
oitation		 A collection of links related to Linux kernel securi
ty and exploitation		 2023-11-01 15:39:59
ctf-wiki Come and join us, we need you! 2023-11-01 07:14:55
magic-wormhole get things from one computer to another, safely 2023-10-31 22:19:31
focalboard v7.11.3 Focalboard is an open source, self-hosted alternativ
e to Trello, Notion, and Asana.		 2023-10-31 13:53:44
PetitPotam PoC tool to coerce Windows hosts to authenticate to
other machines via MS-EFSRPC EfsRpcOpenFileRaw or oth
er functions.		 2023-10-31 12:00:54
shuji Reverse engineering JavaScript and CSS sources from
sourcemaps		 2023-10-31 07:32:16
firmadyne Platform for emulation and dynamic analysis of Linux
-based firmware		 2023-10-31 07:28:28
scan4all 2.8.7 Official repository vuls Scan: 15000+PoCs; 23 kinds
of application password crack; 7000+Web fingerprints;
146 protocols and 90000+ rules Port scanning; Fuzz,
HW, awesome BugBounty(		 2023-10-31 03:28:27
retoolkit 2023.10 Reverse Engineer's Toolkit 2023-10-31 03:08:12
slopShell the only php webshell you need. 2023-10-31 00:08:33
SCFProxy v0.2.1 A proxy tool based on cloud function. 2023-10-30 15:59:25
al-khaser Public malware techniques used in the wild: Virtual
Machine, Emulation, Debuggers, Sandbox detection.		 2023-10-30 09:35:17
aliyun-oss-python
-sdk		 2.18.3 Aliyun OSS SDK for Python 2023-10-30 06:18:02
Sentinel 1.8.6 A powerful flow control component enabling reliabili
ty, resilience and monitoring for microservices. (面
向云原生微服务的高可用流控防护组件)		 2023-10-30 04:07:33
fucking-algorithm plugin 刷算法全靠套路,认准 labuladong 就够了!English vers
ion supported! Crack LeetCode, not only how, but also
why.		 2023-10-30 02:44:26
ICS-Security-Tool
s		 Tools, tips, tricks, and more for exploring ICS Secu
rity.		 2023-10-29 16:21:52
Yara-rules Collection of private Yara rules. 2023-10-29 15:31:37
open-vm-tools stable-
12.3.5		 Official repository of VMware open-vm-tools project 2023-10-27 13:34:22
GmSSL v3.1.1-
pr1		 支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱 2023-10-27 08:24:29
lazydocker v0.23.1 The lazier way to manage everything docker 2023-10-27 04:41:39
pacu v1.4.2 The AWS exploitation framework, designed for testing
the security of Amazon Web Services environments.		 2023-10-26 22:02:58
scanning 2023-10-26 17:52:00
awesome-yara A curated list of awesome YARA rules, tools, and peo
ple.		 2023-10-26 12:57:01
dontgo403 0.9.4 Tool to bypass 40X response codes. 2023-10-26 11:04:06
showdoc v3.2.2 ShowDoc is a tool greatly applicable for an IT team
to share documents online一个非常适合IT团队的在线API
文档、技术文档工具		 2023-10-26 04:07:52
docker_practice v1.3.0 Learn and understand Docker&Container technologies,
with real DevOps practice!		 2023-10-25 21:40:38
PrivescCheck Privilege Escalation Enumeration Script for Windows 2023-10-24 20:25:39
HijackLibs Project for tracking publicly disclosed DLL Hijackin
g opportunities.		 2023-10-24 16:42:27
js-md5 A simple MD5 hash function for JavaScript supports U
TF-8 encoding.		 2023-10-24 12:14:56
server v0.14.1 Hashtopolis - A Hashcat wrapper for distributed pass
word recovery		 2023-10-23 16:26:36
hackerone-reports Top disclosed reports from HackerOne 2023-10-23 16:19:01
FirmAE v1.0 Towards Large-Scale Emulation of IoT Firmware for Dy
namic Analysis		 2023-10-22 12:24:47
websocat v1.12.0 Command-line client for WebSockets, like netcat (or
curl) for ws:// with advanced socat-like functions		 2023-10-22 01:13:02
ja3 JA3 is a standard for creating SSL client fingerprin
ts in an easy to produce and shareable way.		 2023-10-20 20:55:26
uncover v1.0.7 Quickly discover exposed hosts on the internet using
multiple search engines.		 2023-10-20 12:15:10
S3Scanner v3.0.4 Scan for misconfigured S3 buckets across S3-compatib
le APIs!		 2023-10-19 22:58:22
Nessus_Map Parse .nessus file(s) and shows output in interactiv
e UI		 2023-10-19 03:13:54
fail2ban 1.0.2 Daemon to ban hosts that cause multiple authenticati
on errors		 2023-10-18 14:06:56
SUDO_KILLER A tool designed to exploit a privilege escalation vu
lnerability in the sudo program on Unix-like systems.
It takes advantage of a specific misconfiguration or
flaw in sudo to gain		 2023-10-18 12:47:57
rdpwrap RDP Wrapper Library 2023-10-18 08:29:53
source-code-pro 2.042R-
u/1.062R
-i/1.026
R-vf		 Monospaced font family for user interface and coding
environments		 2023-10-18 07:15:40
cloudflair 🔎 Find origin servers of websites behind CloudFlare
by using Internet-wide scan data from Censys.		 2023-10-18 06:53:04
how-to-exit-vim Below are some simple methods for exiting vim. 2023-10-18 03:31:37
can-utils v2023.0
3		 Linux-CAN / SocketCAN user space applications 2023-10-17 08:13:34
Empire v5.7.3 Empire is a post-exploitation and adversary emulatio
n framework that is used to aid Red Teams and Penetra
tion Testers.		 2023-10-17 04:09:19
Starkiller v2.6.1 Starkiller is a Frontend for PowerShell Empire. 2023-10-17 02:45:51
CaptfEncoder 3.1.2 Captfencoder is opensource a rapid cross platform ne
twork security tool suite, providing network security
related code conversion, classical cryptography, cry
ptography, asymmetric		 2023-10-16 02:58:20
ip2region Ip2region (2.0 - xdb) is a offline IP address manage
r framework and locator, support billions of data seg
ments, ten microsecond searching performance. xdb eng
ine implementation for		 2023-10-13 03:07:45
Havoc The Havoc Framework. 2023-10-12 14:28:53
requests v1.1.19 用于快速请求HTTP或HTTPS,并支持修改ja3指纹 2023-10-12 09:07:09
singularity A DNS rebinding attack framework. 2023-10-11 23:40:53
gobuster v3.6.0 Directory/File, DNS and VHost busting tool written i
n Go		 2023-10-11 22:56:58
pics File formats explanations, logos redrawing... 2023-10-11 08:30:46
cuc-ns 网络安全课本 2023-10-11 03:06:30
danted Fast script for installing & configing Danted--Socks
5 Proxy Server.		 2023-10-09 14:32:55
yari YARI is an interactive debugger for YARA Language. 2023-10-09 08:47:12
patator Patator is a multi-purpose brute-forcer, with a modu
lar design and a flexible usage.		 2023-10-09 06:15:50
libesedb Library and tools to access the Extensible Storage E
ngine (ESE) Database File (EDB) format.		 2023-10-08 06:30:30
massdns v1.0.0 A high-performance DNS stub resolver for bulk lookup
s and reconnaissance (subdomain enumeration)		 2023-10-07 19:08:36
lynis 3.0.9 Lynis - Security auditing tool for Linux, macOS, and
UNIX-based systems. Assists with compliance testing
(HIPAA/ISO27001/PCI DSS) and system hardening. Agentl
ess, and installation		 2023-10-07 09:35:09
git-vuln-finder v1.4 Finding potential software vulnerabilities from git
commit messages		 2023-10-07 06:38:52
CMWTAT_Digital_Ed
ition		 2.7.1.0 CloudMoe Windows 10/11 Activation Toolkit get digita
l license, the best open source Win 10/11 activator i
n GitHub. GitHub 上最棒的开源 Win10/Win11 数字权利(
数字许可证)激活工具!		 2023-10-07 03:06:07
supervisor Supervisor process control system for Unix (supervis
ord)		 2023-10-06 16:36:49
HOUDINI v0.2.9 Hundreds of Offensive and Useful Docker Images for N
etwork Intrusion. The name says it all.		 2023-10-06 09:35:02
pypykatz 0.6.9 Mimikatz implementation in pure Python 2023-10-05 20:39:21
jdupes v1.27.3 A powerful duplicate file finder and an enhanced for
k of 'fdupes'.		 2023-10-05 17:21:42
HexRaysCodeXplore
r		 2.1 Hex-Rays Decompiler plugin for better code navigatio
n		 2023-10-04 01:13:16
nali v0.8.0 An offline tool for querying IP geographic informati
on and CDN provider. 一个查询IP地理信息和CDN服务提供
商的离线终端工具.		 2023-10-02 23:02:01
PPLGuard 2023-10-02 16:05:07
webapp-wordlists This repository contains wordlists for each versions
of common web applications and content management sy
stems (CMS). Each version contains a wordlist of all
the files directories		 2023-10-01 18:29:07
Beta Beta versions of my software 2023-10-01 15:03:46
dsq v0.23.0 Commandline tool for running SQL queries against JSO
N, CSV, Excel, Parquet, and more.		 2023-09-30 14:49:58
forbidden v10.2 Bypass 4xx HTTP response status codes and more. Base
d on PycURL and Python Requests.		 2023-09-28 21:21:22
all-about-apikey Detailed information about API key / OAuth token (De
scription, Request, Response, Regex, Example)		 2023-09-26 23:32:59
bkcrack v1.5.0 Crack legacy zip encryption with Biham and Kocher's
known plaintext attack.		 2023-09-25 18:30:31
bash-tutorial Bash 教程 2023-09-25 16:01:30
can-i-take-over-x
yz		 "Can I take over XYZ?" — a list of services and how
to claim (sub)domains with dangling DNS records.		 2023-09-25 15:23:39
wait-for v2.2.4 ./wait-for is a script to wait for another service t
o become available.		 2023-09-25 14:03:10
gjson Get JSON values quickly - JSON parser for Go 2023-09-22 17:13:56
duf v0.8.1 Disk Usage/Free Utility - a better 'df' alternative 2023-09-20 15:46:50
Diamorphine LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x
(x86/x86_64 and ARM64)		 2023-09-20 10:56:06
RedGuard 23.08.2
1		 RedGuard is a C2 front flow control tool,Can avoid B
lue Teams,AVs,EDRs check.		 2023-09-19 11:06:40
webshell v-2021-
01-05		 This is a webshell open source project 2023-09-19 06:44:03
pingcastle 3.1.0.1 PingCastle - Get Active Directory Security at 80% in
20% of the time		 2023-09-18 17:29:47
curl-impersonate v0.6.0-
alpha.1		 curl-impersonate: A special build of curl that can i
mpersonate Chrome & Firefox		 2023-09-18 10:03:54
Halfrost-Field ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地 2023-09-17 02:59:00
awesome-incident-
response		 A curated list of tools for incident response 2023-09-15 17:05:39
gophish v0.12.1 Open-Source Phishing Toolkit 2023-09-15 14:45:30
api-firewall v0.6.13 Fast and light-weight API proxy firewall for request
and response validation by OpenAPI specs.		 2023-09-15 11:36:18
katana v1.0.4 A next-generation crawling and spidering framework. 2023-09-14 17:20:42
SavvyCAN V213 QT based cross platform canbus tool 2023-09-14 00:55:19
Administrative-di
visions-of-China		 2.7.0 中华人民共和国行政区划:省级(省份)、 地级(城市)
、 县级(区县)、 乡级(乡镇街道)、 村级(村委会居委
会) ,中国省市区镇村二级三级四级五级联动地址数据。		 2023-09-13 01:32:27
yongyou_nc_poc 2023-09-13 00:51:30
DVSA a Damn Vulnerable Serverless Application 2023-09-12 11:04:54
Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with
built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authenticatio
n server supporting NTLMv1/NTLMv2/LMv2, Extended Secu
rity NTLMSSP and Basic		 2023-09-11 10:12:28
WinPmem v4.0.rc
1		 The multi-platform memory acquisition tool. 2023-09-10 14:13:36
shodan v1.0.7 yet another Shodan.io client 2023-09-07 22:30:39
nodejsscan v4.8 nodejsscan is a static security code scanner for Nod
e.js applications.		 2023-09-07 16:03:22
exa v0.10.1 A modern replacement for ‘ls’. 2023-09-05 23:14:36
Archive2 1.3.4 2023-09-05 08:27:13
iprange v1.0.2 计算ip范围,支持 cidr,ip-range 格式的输入 2023-09-05 08:19:16
awesome-adb ADB Usage Complete / ADB 用法大全 2023-09-04 02:23:55
IIS-ShortName-Sca
nner		 latest version of scanners for IIS short filename (8
.3) disclosure vulnerability		 2023-09-03 17:49:43
CrackMapExec v5.4.0 A swiss army knife for pentesting networks 2023-09-03 17:16:55
sast-scan v2.1.1 Scan is a free & Open Source DevSecOps tool for perf
orming static analysis based security testing of your
applications and its dependencies. CI and Git friend
ly.		 2023-09-01 12:48:14
JsRpc v1.02 远程调用(rpc)浏览器方法,免去抠代码补环境 2023-08-30 03:41:34
crc32 v0.1 CRC32 tools: reverse, undo/rewind, and calculate has
hes		 2023-08-29 00:01:20
fav-up v0.2 IP lookup by favicon using Shodan 2023-08-28 09:11:31
SigFlip SigFlip is a tool for patching authenticode signed P
E files (exe, dll, sys ..etc) without invalidating or
breaking the existing signature.		 2023-08-27 18:27:50
spectre-meltdown-
checker		 v0.46 Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Fores
hadow, Spectre, Meltdown vulnerability/mitigation che
cker for Linux & BSD		 2023-08-25 16:50:53
KCon KCon is a famous Hacker Con powered by Knownsec Team
.		 2023-08-23 07:19:16
Tentacle Tentacle is a POC vulnerability verification and exp
loit framework. It supports free extension of exploit
s and uses POC scripts. It supports calls to zoomeye,
fofa, shodan and othe		 2023-08-22 03:37:35
dwarf2json convert ELF/DWARF symbol and type information into v
ol3's intermediate JSON		 2023-08-21 17:02:12
awesome-honeypots an awesome list of honeypot resources 2023-08-21 14:07:56
jaeles beta-v0
.17.1		 The Swiss Army knife for automated Web Application T
esting		 2023-08-21 06:43:36
btrace v2.2.4 BTrace - a safe, dynamic tracing tool for the Java p
latform		 2023-08-20 18:19:03
Freeze v1.3 Freeze is a payload toolkit for bypassing EDRs using
suspended processes, direct syscalls, and alternativ
e execution methods		 2023-08-18 17:25:06
poc Proof of Concepts 2023-08-17 18:48:20
one_gadget v1.8.1 The best tool for finding one gadget RCE in libc.so.
6		 2023-08-16 15:02:26
tabby v1.2.0-
3		 A CAT called tabby ( Code Analysis Tool ) 2023-08-16 14:28:56
deepce Docker Enumeration, Escalation of Privileges and Con
tainer Escapes (DEEPCE)		 2023-08-16 13:39:33
SecLists 2023.2 SecLists is the security tester's companion. It's a
collection of multiple types of lists used during sec
urity assessments, collected in one place. List types
include usernames, pa		 2023-08-15 21:48:36
dirhunt v0.9.0 Find web directories without bruteforce 2023-08-14 15:52:22
proxify v0.0.12 A versatile and portable proxy for capturing, manipu
lating, and replaying HTTP/HTTPS traffic on the go.		 2023-08-12 20:23:29
RustScan 2.1.1 🤖 The Modern Port Scanner 🤖 2023-08-12 07:30:30
merlin Cross-platform post-exploitation HTTP Command & Cont
rol agent written in golang		 2023-08-11 14:58:39
tqdm v4.66.1 ⚡ A Fast, Extensible Progress Bar for Python and
CLI		 2023-08-10 10:52:15
teler v2.0.0-
dev.3		 Real-time HTTP Intrusion Detection 2023-08-09 23:02:55
OpenRedireX A fuzzer for detecting open redirect vulnerabilities 2023-08-09 09:00:53
CrossC2 v3.2 generate CobaltStrike's cross-platform payload 2023-08-08 19:56:08
qiling 1.4.6 A True Instrumentable Binary Emulation Framework 2023-08-04 02:53:21
msdat MSDAT: Microsoft SQL Database Attacking Tool 2023-08-01 10:53:53
Windows-AD-enviro
nment-related		 This Repository contains the stuff related to window
s Active directory environment exploitation		 2023-07-31 14:15:28
fierce A DNS reconnaissance tool for locating non-contiguou
s IP space.		 2023-07-31 13:50:46
awesome-vehicle-s
ecurity		 🚗 A curated list of resources for learning about ve
hicle security and car hacking.		 2023-07-30 05:05:39
vlmcsd svn1113 KMS Emulator in C (currently runs on Linux including
Android, FreeBSD, Solaris, Minix, Mac OS, iOS, Windo
ws with or without Cygwin)		 2023-07-28 09:56:01
BountyHunterInChi
na		 重生之我是赏金猎人系列,分享自己和团队在SRC、项目实
战漏洞测试过程中的有趣案例		 2023-07-27 02:19:54
simplehttpserver v0.0.6 Go alternative of python SimpleHTTPServer 2023-07-26 00:22:35
bettercap v2.32.0 The Swiss Army knife for 802.11, BLE, IPv4 and IPv6
networks reconnaissance and MITM attacks.		 2023-07-25 12:35:25
awesome-oscp A curated list of awesome OSCP resources 2023-07-24 20:25:36
sourcemapper Extract JavaScript source trees from Sourcemap files 2023-07-24 04:11:34
s3tk A security toolkit for Amazon S3 2023-07-24 03:13:02
CVE-2020-1472 Test tool for CVE-2020-1472 2023-07-20 10:51:11
mquery v1.4.0 YARA malware query accelerator (web frontend) 2023-07-17 12:09:43
knock 5.4.0 Knock Subdomain Scan 2023-07-17 10:11:06
zsteg detect stegano-hidden data in PNG & BMP 2023-07-16 12:28:20
PSGumshoe v2.0 2023-07-14 15:19:01
PRET Printer Exploitation Toolkit - The tool that made du
mpster diving obsolete.		 2023-07-13 09:51:16
dive v0.11.0 A tool for exploring each layer in a docker image 2023-07-10 20:44:51
clairvoyance v2.5.3 Obtain GraphQL API schema even if the introspection
is disabled		 2023-07-10 18:38:47
Linux_LPE_eBPF_CV
E-2021-3490		 2023-07-10 16:41:49
SIGRed_RCE_PoC 2023-07-10 16:18:54
MX1014 v2.4.0 MX1014 is a flexible, lightweight and fast port scan
ner.		 2023-07-09 09:52:40
cloud-service-enu
m		 2023-07-07 09:00:10
cve-2020-0688 cve-2020-0688 2023-07-04 05:16:00
stegoVeritas Yet another Stego Tool 2023-07-03 23:13:42
thc-ipv6 v3.8 IPv6 attack toolkit 2023-07-02 10:53:17
Penetration-Testi
ng-Tools		 A collection of more than 170+ tools, scripts, cheat
sheets and other loots that I've developed over years
for Red Teaming/Pentesting/IT Security audits purpos
es.		 2023-06-27 19:16:45
wisper A micro library providing Ruby objects with Publish-
Subscribe capabilities		 2023-06-27 09:11:59
PowerUpSQL PowerUpSQL: A PowerShell Toolkit for Attacking SQL S
erver		 2023-06-27 02:42:35
ctf-tools Some setup scripts for security research tools. 2023-06-25 08:18:33
basecrack v4.0 Decode All Bases - Base Scheme Decoder 2023-06-21 08:52:12
Violation_Pnetest 渗透红线Checklist 2023-06-20 11:20:12
weevely3 v4.0.1 Weaponized web shell 2023-06-18 07:48:20
awesome-industria
l-control-system-s
ecurity		 A curated list of resources related to Industrial Co
ntrol System (ICS) security.		 2023-06-13 11:11:02
windows_exploit_d
owser		 A simple tool which could be useful to identify the
exploits afflicting a Windows OS		 2023-06-10 17:59:45
jenv 0.5.6 Manage your Java environment 2023-06-09 16:15:39
etl2pcapng v1.11.0 Utility that converts an .etl file containing a Wind
ows network packet capture into .pcapng format.		 2023-06-08 23:53:46
CVE-2021-21972 CVE-2021-21972 Exploit 2023-06-08 04:01:32
kernel-exploit-fa
ctory		 Linux kernel CVE exploit analysis report and relativ
e debug environment. You don't need to compile Linux
kernel and configure your environment anymore.		 2023-06-08 00:45:52
Motrix v1.8.19 A full-featured download manager. 2023-06-07 11:19:59
java-sec-code v2.0.0 Java web common vulnerabilities and security code wh
ich is base on springboot and spring security		 2023-06-07 02:13:58
DS_Store_crawler_
parser		 a parser + crawler for .DS_Store files exposed publi
cally		 2023-06-06 18:09:05
wafw00f v2.2.0 WAFW00F allows one to identify and fingerprint Web A
pplication Firewall (WAF) products protecting a websi
te.		 2023-06-04 13:46:55
shc 4.0.3 Shell script compiler 2023-06-02 08:41:25
safety 2.3.5 Safety checks Python dependencies for known security
vulnerabilities and suggests the proper remediations
for vulnerabilities detected.		 2023-05-29 16:30:35
hassh HASSH is a network fingerprinting standard which can
be used to identify specific Client and Server SSH i
mplementations. The fingerprints can be easily stored
, searched and shared		 2023-05-25 19:10:33
ntlmv1-multi NTLMv1 Multitool 2023-05-25 16:48:31
poc-graphql 1.0.0 Research on GraphQL from an AppSec point of view. 2023-05-24 00:09:39
OffensiveNotion v1.5.0 Notion as a platform for offensive operations 2023-05-21 13:23:44
proxychains-ng v4.16 proxychains ng (new generation) - a preloader which
hooks calls to sockets in dynamically linked programs
and redirects it through one or more socks/http prox
ies. continuation of t		 2023-05-20 15:27:22
dnsFookup DNS rebinding toolkit 2023-05-19 09:27:46
APIKit v1.5.1 APIKit:Discovery, Scan and Audit APIs Toolkit All I
n One.		 2023-05-19 03:55:41
shadow-tls v0.2.23 A proxy to expose real tls handshake to the firewall 2023-05-18 12:55:36
javaboy-code-samp
les		 公众号【江南一点雨】文章案例汇总,技术文章请戳这里--
--->		 2023-05-14 14:01:53
espanso v2.1.8 Cross-platform Text Expander written in Rust 2023-05-09 18:53:48
chainoffools A PoC for CVE-2020-0601 2023-05-09 14:27:30
xortool A tool to analyze multi-byte xor cipher 2023-05-09 12:44:51
theZoo v0.60 A repository of LIVE malwares for your own joy and p
leasure. theZoo is a project created to make the poss
ibility of malware analysis open and available to the
public.		 2023-05-06 13:34:51
s3reverse v1.0.1 The format of various s3 buckets is convert in one f
ormat. for bugbounty and security testing.		 2023-05-06 07:37:24
gitls v1.0.4 🖇 Enumerate git repository URL from list of URL / U
ser / Org. Friendly to pipeline		 2023-05-06 07:34:44
the-craft-of-self
teaching		 One has no future if one couldn't teach themself. 2023-05-03 13:55:59
hello-world 2023-05-02 20:01:18
CVEs The following is a list of my collected CVE's 2023-05-01 07:48:24
ssti-payloads 🎯 Server Side Template Injection Payloads 2023-04-28 20:48:39
yaml-payload-for-
ruoyi		 A memory shell for ruoyi 2023-04-28 06:23:16
humre A human-readable regular expression module for Pytho
n.		 2023-04-26 22:04:13
bypass-403 A simple script just made for self use for bypassing
403		 2023-04-26 15:57:51
jsrsasign 10.8.5 The 'jsrsasign' (RSA-Sign JavaScript Library) is an
opensource free cryptography library supporting RSA/R
SAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8
private/public key, X		 2023-04-26 14:07:32
cloudscraper 1.2.68 A Python module to bypass Cloudflare's anti-bot page
.		 2023-04-25 23:19:48
ccat v1.01 Cisco Config Analysis Tool 2023-04-23 13:08:09
KodExplorer 4.51.03 A web based file manager,web IDE / browser based cod
e editor		 2023-04-23 10:03:11
Pinyin2Hanzi 拼音转汉字, 拼音输入法引擎, pin yin -> 拼音 2023-04-18 01:33:43
cheetah a very fast brute force webshell password tool 2023-04-17 01:33:52
Girsh v0.41 Automatically spawn a reverse shell fully interactiv
e for Linux or Windows victim		 2023-04-15 14:50:20
htmlq v0.4.0 Like jq, but for HTML. 2023-04-15 10:54:19
sttr v0.2.18 cross-platform, cli app to perform various operation
s on string		 2023-04-13 13:07:21
SeeYouCM-Thief 2023-04-12 14:53:09
Powershellery This repo contains Powershell scripts used for gener
al hackery.		 2023-04-11 00:42:08
proxypool v0.3.1 Automatically crawls proxy nodes on the public inter
net, de-duplicates and tests for usability and then p
rovides a list of nodes		 2023-04-10 16:05:05
Homework-of-Pytho
n		 Python codes of my blog. 2023-03-31 03:02:43
jo 1.9 JSON output from a shell 2023-03-29 20:02:54
top25-parameter v1.0.7 For basic researches, top 25 vulnerability parameter
s that can be used in automation tools or manual reco
n. 🛡️⚔️🧙		 2023-03-29 18:40:10
s3-buckets-finder v1.2.0 Find AWS S3 buckets and test their permissions. 2023-03-28 15:47:31
Realtek_switch_ha
cking		 折腾交换机 2023-03-26 06:39:45
HostCollision HostCol
lision-2
.2.8		 用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts
才能访问的主机或内部系统		 2023-03-24 15:48:45
Azure-Red-Team Azure Security Resources and Notes 2023-03-21 18:38:40
autotimeliner Automagically extract forensic timeline from volatil
e memory dump		 2023-03-17 07:29:33
APT_CyberCriminal
_Campagin_Collecti
ons		 APT & CyberCriminal Campaign Collection 2023-03-16 08:22:40
nginx-ssl-ja3 v0.0.2 nginx module for SSL/TLS ja3 fingerprint. 2023-03-15 17:20:30
GraphQLmap GraphQLmap is a scripting engine to interact with a
graphql endpoint for pentesting purposes. - Do not us
e for illegal testing ;)		 2023-03-11 22:34:56
donut v1.0 Generates x86, x64, or AMD64+x86 position-independen
t shellcode that loads .NET Assemblies, PE files, and
other Windows payloads from memory and runs them wit
h parameters		 2023-03-10 19:27:30
Red-Team-Infrastr
ucture-Wiki		 Wiki to collect Red Team infrastructure hardening re
sources		 2023-03-09 20:53:32
pwn_jenkins Notes about attacking Jenkins servers 2023-03-09 09:16:14
byp4xx 40X/HTTP bypasser in Go. Features: Verb tampering, h
eaders, #bugbountytips, User-Agents, extensions, defa
ult credentials...		 2023-03-08 10:43:22
exrex Irregular methods on regular expressions 2023-03-07 23:03:57
CVE-2022-2588 exploit for CVE-2022-2588 2023-03-04 05:52:28
javascript-malwar
e-collection		 Collection of almost 40.000 javascript malware sampl
es		 2023-03-03 16:09:14
alicloud-tools v1.0.5 阿里云ECS、策略组辅助小工具 2023-03-02 07:00:17
ebpfkit-monitor ebpfkit-monitor is a tool that detects and protects
against eBPF powered rootkits		 2023-02-28 16:16:20
jsencrypt A zero-dependency Javascript library to perform Open
SSL RSA Encryption, Decryption, and Key Generation.		 2023-02-27 13:24:14
CVE-2020-0796-PoC PoC for triggering buffer overflow via CVE-2020-0796 2023-02-26 07:01:03
bopscrk v2.4.5 Generate smart and powerful wordlists 2023-02-24 10:43:57
geckodriver v0.33.0 WebDriver for Firefox 2023-02-21 17:00:51
CVE-2018-10933 Spawn to shell without any credentials by using CVE-
2018-10933 (LibSSH)		 2023-02-20 02:06:14
druid_sessions 1.2 获取 alibaba druid 一些 sessions , sql , urls 2023-02-19 14:37:57
cloud-native-secu
rity-book		 《云原生安全:攻防实践与体系构建》资料仓库 2023-02-19 14:16:00
onesixtyone v0.3.4 Fast SNMP Scanner 2023-02-16 04:56:38
WaterDragon WaterDragon:用GithubAction实现代理功能。红队,cve,代
理池,隐匿,攻防,对抗,hackone,src,proxy,CVE-2020,CVE-20
21,CVE-2022		 2023-02-14 14:02:26
SMx 国家商用加密算法 SMx(SM2,SM3,SM4) 2023-02-11 14:24:19
shhgit Ah shhgit! Find secrets in your code. Secrets detect
ion for your GitHub, GitLab and Bitbucket repositorie
s.		 2023-02-10 22:52:42
apkleaks v2.6.1 Scanning APK file for URIs, endpoints & secrets. 2023-02-10 12:54:03
tsh-go Tiny SHell Go - An open-source backdoor written in G
o		 2023-02-10 03:01:40
github-search v2.0.1 A collection of tools to perform searches on GitHub. 2023-02-09 14:17:04
CobaltStrikeParse
r		 2023-02-06 11:44:53
binwalk v2.3.4 Firmware Analysis Tool 2023-02-01 16:15:53
jira_scan v0.0.6 A simple remote scanner for Atlassian Jira 2023-01-30 15:28:47
OddProxyDemo 2023-01-30 13:08:58
anchore-engine A service that analyzes docker images and scans for
vulnerabilities		 2023-01-26 23:58:10
EVTX-ATTACK-SAMPL
ES		 Windows Events Attack Samples 2023-01-24 12:02:50
PHP_INCLUDE_TO_SH
ELL_CHAR_DICT		 2023-01-24 05:09:04
reverse-shell Reverse Shell as a Service 2023-01-22 12:19:34
fapro v0.65 Fake Protocol Server 2023-01-20 02:59:57
cs2modrewrite Convert Cobalt Strike profiles to modrewrite scripts 2023-01-19 16:09:38
pspy v1.2.1 Monitor linux processes without root permissions 2023-01-17 20:48:02
wenyan v0.3.4 文言文編程語言 A programming language for the ancien
t Chinese.		 2023-01-17 00:00:53
slipstream NAT Slipstreaming allows an attacker to remotely acc
ess any TCP/UDP services bound to a victim machine, b
ypassing the victim’s NAT/firewall, just by anyone o
n the victim's network		 2023-01-14 21:39:03
TLS-poison 2023-01-12 23:41:20
flask-session-coo
kie-manager		 v1.2.1.
1		 🍪 Flask Session Cookie Decoder/Encoder 2023-01-11 21:49:36
security-bucket-b
rigade		 2023-01-11 20:30:02
hashcrack Guesses hash types, picks some sensible dictionaries
and rules for hashcat		 2023-01-03 14:11:00
CVE-2021-27850_PO
C		 A Proof of concept for CVE-2021-27850 affecting Apac
he Tapestry and leading to unauthencticated remote co
de execution.		 2023-01-03 13:46:34
exploits 2023-01-02 20:21:58
kerberoast 2022-12-31 17:17:28
fi6s IPv6 network scanner designed to be fast 2022-12-30 21:27:04
exploit-CVE-2017-
7494		 SambaCry exploit and vulnerable container (CVE-2017-
7494)		 2022-12-27 20:25:09
Arjun 2.2.1 HTTP parameter discovery suite. 2022-12-23 06:14:37
usbrply Replay USB messages from Wireshark (.cap) files 2022-12-22 08:27:58
javaweb-vuln RASP测试靶场 2022-12-22 05:21:00
Pentest101 一些关于渗透测试的Tips 2022-12-19 07:03:19
jasypt-spring-boo
t		 jasypt-
spring-b
oot-pare
nt-3.0.5		 Jasypt integration for Spring boot 2022-12-15 17:29:04
CC-attack v3.7.1 Using Socks4/5 or http proxies to make a multithread
ing Http-flood/Https-flood (cc) attack.		 2022-12-12 13:49:54
marshalsec 2022-12-11 17:30:28
base58 Base58 and Base58Check implementation compatible wit
h what is used by the bitcoin network.		 2022-12-11 10:26:58
LiME v1.9.1 LiME (formerly DMD) is a Loadable Kernel Module (LKM
), which allows the acquisition of volatile memory fr
om Linux and Linux-based devices, such as those power
ed by Android. The too		 2022-12-09 21:45:29
git-tips :trollface:Git的奇技淫巧 2022-12-08 03:13:00
CVE-2017-1000486 Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Exe
cution Exploit		 2022-12-04 19:32:52
sec-dog v1.0.4 2022-12-01 01:44:33
MSOLSpray A password spraying tool for Microsoft Online accoun
ts (Azure/O365). The script logs if a user cred is va
lid, if MFA is enabled on the account, if a tenant do
esn't exist, if a user		 2022-11-30 17:54:53
TerraformGoat 0.0.7 TerraformGoat is HXSecurity research lab's "Vulnerab
le by Design" multi cloud deployment tool.		 2022-11-30 08:16:23
Chinese-Names-Cor
pus		 v2.2 中文人名语料库。人名生成器。中文姓名,姓氏,名字,称呼,
日本人名,翻译人名,英文人名。可用于中文分词、人名实体识
别。		 2022-11-30 04:09:39
toppwdhash 常见密码哈希离线查询工具 , 包含算法类型'md5', 'md5x2
', 'md5x3','sha1', 'ntlm', 'mysql', 'mysql5','md5_sha
1', 'sha1_sha1', 'sha1_md5', 'md5_base64','md5_middle
','base64_md5', 'md5_sha256', 'sha256','		 2022-11-29 06:58:44
UsnJrnl2Csv v1.0.0.
24		 Parser for $UsnJrnl on NTFS 2022-11-27 13:32:11
sliver-gui v0.0.9 A Sliver GUI Client 2022-11-22 06:24:18
HTTP-Smuggling-La
b		 Use HTTP Smuggling Lab to learn HTTP Smuggling. 2022-11-20 16:16:02
ProxyNotShell-PoC 2022-11-18 07:30:30
as_bypass_php_dis
able_functions		 antsword bypass PHP disable_functions 2022-11-18 03:01:00
wix3 wix3112
rtm		 WiX Toolset v3.x 2022-11-16 01:53:10
exploitdb-bin-spl
oits		 The legacy Exploit Database repository - New repo lo
cated at https://gitlab.com/exploit-database/exploitd
b-bin-sploits		 2022-11-10 20:52:36
SSRF-Testing SSRF (Server Side Request Forgery) testing resources 2022-11-09 16:14:06
tools Security and Hacking Tools, Exploits, Proof of Conce
pts, Shellcodes, Scripts.		 2022-11-03 10:05:04
csdroid cs手机版的源码,此处不放源jar包,自行添加编译 2022-11-03 08:49:21
CVE-2022-3602 2022-11-01 19:56:11
anti-portscan 使用 iptables 防止端口扫描 2022-10-31 09:12:54
Extracted_WD_VDM Windows Defender VDM lua collections 2022-10-30 04:35:32
firmware-mod-kit Automatically exported from code.google.com/p/firmwa
re-mod-kit		 2022-10-29 14:54:07
siphon v0.0.2 ⚗️ Intercept stdin/stdout/stderr for any proc
ess		 2022-10-27 08:18:20
NGLite V1.0.01 A major platform RAT Tool based by Blockchain/P2P.No
w support Windows/Linux/MacOS		 2022-10-26 03:37:35
katoolin Automatically install all Kali linux tools 2022-10-23 09:21:55
xerosploit v1.0 Efficient and advanced man in the middle framework 2022-10-23 09:17:51
ProxyVulns [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed R
awIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195
& CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-202
1-34473 & CVE-2021-345		 2022-10-21 08:59:16
Exchange2domain CVE-2018-8581 2022-10-21 08:28:51
MailSniper MailSniper is a penetration testing tool for searchi
ng through email in a Microsoft Exchange environment
for specific terms (passwords, insider intel, network
architecture informat		 2022-10-20 08:13:33
qqwry2mmdb 2023041
9		 为 Wireshark 能使用纯真网络 IP 数据库(QQwry)而提供的
格式转换工具		 2022-10-20 07:05:45
telegram-bot-api v5.5.1 Golang bindings for the Telegram Bot API 2022-10-20 00:35:52
SysmonEnte 2022-10-18 08:55:29
HandleKatz PIC lsass dumper using cloned handles 2022-10-18 08:55:13
Zoinks Manage Engine Decrypter 2022-10-17 15:45:01
jwtcat A CPU-based JSON Web Token (JWT) cracker and - to so
me extent - scanner.		 2022-10-15 23:00:43
IFaultrepElevated
DataCollectionUAC		 2022-10-14 21:55:17
Veil 3.1.14 Veil 3.1.X (Check version info in Veil at runtime) 2022-10-14 19:01:44
CVE-2022-40684 A proof of concept exploit for CVE-2022-40684 affect
ing Fortinet FortiOS, FortiProxy, and FortiSwitchMana
ger		 2022-10-13 15:23:42
bash-insulter Insults the user when typing wrong command 2022-10-10 03:05:22
Digital-Privacy Information Protection & OSINT resources 一个关于
数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(
OSINT)对抗
CVE-2022-2992 Authenticated Remote Command Execution in Gitlab via
GitHub import		 2022-10-09 03:54:53
Pentest-Windows Windows internals and exploitation tricks 2022-10-08 19:58:19
mimipenguin 2.0-rel
ease		 A tool to dump the login password from the current l
inux user		 2022-10-08 07:10:03
hackergame2021-wr
iteups		 中国科学技术大学第八届信息安全大赛的官方与非官方题解 2022-10-06 15:01:40
Socks5 Socks5代理服务器搭建脚本/Socks5 shortcut creation sc
ript		 2022-10-06 11:49:51
poodle-PoC 🐩 Poodle (Padding Oracle On Downgraded Legacy
Encryption) attack CVE-2014-3566 🐩		 2022-10-05 07:29:14
monomorph v1.0 MD5-Monomorphic Shellcode Packer - all payloads have
the same MD5 hash		 2022-09-30 22:11:15
ipv6toolkit SI6 Networks' IPv6 Toolkit 2022-09-30 08:36:12
TaskSchedulerMisc Misc TaskScheduler Plays 2022-09-27 22:06:36
poc_and_exp 搜集的或者自己写的poc或者exp 2022-09-27 01:00:54
CVE-2022-39197-pa
tch		 patch-0
.2		 CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerabilit
y Patch.		 2022-09-26 13:20:27
Security-PPT Security-related Slide Presentation & Security Resea
rch Report(大安全各领域各公司各会议分享的PPT以及各类
安全研究报告)		 2022-09-26 07:24:00
network-fingerpri
nt		 v0.0.1 A fingerprint generation helper for nuclei network t
emplates		 2022-09-24 00:07:01
powerline-shell A beautiful and useful prompt for your shell 2022-09-22 18:12:11
gokart v0.5.1 A static analysis tool for securing Go code 2022-09-22 16:13:48
crlfuzz v1.4.1 A fast tool to scan CRLF vulnerability written in Go 2022-09-22 15:33:19
choose v1.3.4 A human-friendly and fast alternative to cut and (so
metimes) awk		 2022-09-16 20:11:10
go-dork v1.0.2 The fastest dork scanner written in Go. 2022-09-16 12:11:46
CVE-2022-34918 CVE-2022-34918 netfilter nf_tables 本地提权 POC 2022-09-15 03:19:28
go-mimikatz A wrapper around a pre-compiled version of the Mimik
atz executable for the purpose of anti-virus evasion.		 2022-09-08 18:14:14
imcat Show any image in a terminal window. 2022-09-08 01:20:03
CVE-2022-36804 A real exploit for BitBucket RCE CVE-2022-36804 2022-09-07 12:09:19
See-SURF v2.0 Python based scanner to find potential SSRF paramete
rs		 2022-09-06 18:44:31
CVE-2022-34918-LP
E-PoC		 2022-09-06 14:05:22
fireprox AWS API Gateway management tool for creating on the
fly HTTP pass-through proxies for unique IP rotation		 2022-09-06 13:42:42
iscsicpl_bypassUA
C		 v1.0 UAC bypass for x64 Windows 7 - 11(无弹窗版) 2022-09-05 03:30:34
package-manager-p
roxy-settings		 记录各个包管理器代理设置坑点。 2022-09-04 13:32:56
taskcafe 0.3.2 An open source project management tool with Kanban b
oards		 2022-09-02 17:05:43
Suborner 1.0.1 2022-09-02 09:04:46
gmapsapiscanner 2022-08-29 19:10:51
LOG-HUB 日志分析库,nuclei 的另一种用法 2022-08-28 09:06:05
Jira-Lens v1.0.2 Fast and customizable vulnerability scanner For JIRA
written in Python		 2022-08-23 09:57:51
nps-auth-bypass nps认证绕过利用工具,CVE-2022-40494,使用此工具可在
浏览器访问web控制端后台页面,或者批量获取socks5和http
代理		 2022-08-19 09:04:09
Invoke-x64dbg-loa
ddll		 调用x64dbg中的loadll.exe白加黑示例代码 2022-08-18 13:07:04
Lsass-Shtinkering 2022-08-14 13:53:44
phantom-attack POC for Phantom Attack 2022-08-10 21:53:18
ini v1.67.0 Package ini provides INI file read and write functio
nality in Go		 2022-08-08 11:35:30
WTSRM WTSRM 2022-08-07 18:46:18
Loki-bot 多功能Windows机器运维管理工具 2022-08-04 09:52:19
ctop v0.7.7 Top-like interface for container metrics 2022-08-01 11:32:57
7z2hashcat 1.9 extract information from password-protected .7z arch
ives (and .sfx files) such that you can crack these "
hashes" with hashcat		 2022-07-30 10:04:17
LinuxEelvation Linux Eelvation(持续更新) 2022-07-29 09:34:03
get_AV Windows杀软在线对比辅助 2022-07-26 08:58:33
PPLdump Dump the memory of a PPL with a userland exploit 2022-07-24 14:03:10
DahuaConsole Dahua Console, access internal debug console and/or
other researched functions in Dahua devices. Feel fre
e to contribute in this project.		 2022-07-23 17:42:41
unfurl v0.4.3 Pull out bits of URLs provided on stdin 2022-07-19 14:36:05
tomorrow-theme Tomorrow Theme 2022-07-09 10:34:23
jarm_randomizer This tool was open sourced as part of JARM Randomize
r: Evading JARM Fingerprinting for HiTB Amsterdam 202
1.		 2022-07-08 15:08:16
XORpass Encoder to bypass WAF filters using XOR operations. 2022-07-07 14:00:04
jira-mobile-ssrf-
exploit		 Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2
022-26135)		 2022-07-05 21:13:41
csp_security_mist
akes		 This repo has been replaced by https://www.cloudvuln
db.org		 2022-06-29 16:29:31
KillDefender A small (Edited) POC to make defender useless by rem
oving its token privileges and lowering the token int
egrity		 2022-06-28 15:53:57
writeups 2022-06-26 15:01:41
qsreplace v0.0.3 Accept URLs on stdin, replace all query string value
s with a user-supplied value		 2022-06-23 20:13:39
DFSCoerce 2022-06-23 15:48:05
ExtractedDefender 2022-06-23 14:12:39
ADFSRelay v1.0 Proof of Concept Utilities Developed to Research NTL
M Relaying Attacks Targeting ADFS		 2022-06-22 03:00:15
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Lo
cal Privilege Escalation		 2022-06-21 14:52:05
APTSimulator v0.9.4 A toolset to make a system look as if it was the vic
tim of an APT attack		 2022-06-20 08:54:37
CTF_web a project aim to collect CTF web practices . 2022-06-19 16:05:25
blueming 2022080
20633		 备份文件扫描,并自动进行下载 2022-06-18 14:23:03
cobalt-arsenal My collection of battle-tested Aggressor Scripts for
Cobalt Strike 4.0+		 2022-06-17 18:06:30
DirtyPipe-Android 1.0.3 Dirty Pipe root exploit for Android (Pixel 6) 2022-06-16 13:56:34
hikvision-decrypt
er		 v1.0 A simple cross platform program written in C++ used
for decrypting the configuration files created by Hik
vision Security Cameras. Successor to my hikvision-xo
r-decrypter		 2022-06-15 03:27:54
PostConfluence v1.0 哥斯拉Confluence后渗透插件 MakeToken SearchPage List
AllUser AddAdminUser ListAllPage ........		 2022-06-14 18:20:29
face_recognition v1.2.2 The world's simplest facial recognition api for Pyth
on and the command line		 2022-06-10 09:12:18
httprobe v0.2 Take a list of domains and probe for working HTTP an
d HTTPS servers		 2022-06-09 16:23:42
test ysoseri
al-0.0.6
-SNAPSHO
T		 just test 2022-06-09 01:08:48
client-side-proto
type-pollution		 Prototype Pollution and useful Script Gadgets 2022-06-08 05:41:00
fastjson-blacklis
t		 2022-06-07 15:54:35
dirble v1.4.2 Fast directory scanning and scraping tool 2022-06-06 21:16:18
PoC-CVE-2022-3019
0		 POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt
follina		 2022-06-05 21:06:11
knm 鼠标键盘流量包取证 2022-05-31 12:21:32
spring-boot-start
er-swagger		 2.0.2.R
ELEASE		 自制spring boot starter for swagger 2.x,来试试吧,
很好用哦~		 2022-05-31 10:02:11
msdt-follina Codebase to generate an msdt-follina payload 2022-05-30 17:25:09
CVE-2022-22972 2022-05-26 16:07:18
CVE-2022-0540-RCE Atlassian Jira Seraph Authentication Bypass RCE(CVE
-2022-0540)		 2022-05-25 13:43:09
CVE-2022-0185 CVE-2022-0185 POC and Docker and Analysis write up 2022-05-24 11:17:17
BlueLotus_XSSRece
iver		 2022-05-23 16:13:20
ModSecurity-nginx v1.0.3 ModSecurity v3 Nginx Connector 2022-05-20 20:41:39
fuzzdb Automatically exported from code.google.com/p/fuzzdb 2022-05-20 05:02:43
ip2domain ip2doma
in_v0.2		 批量查询ip对应域名及百度权重、备案信息;ip反查域名;
ip查备案信息;资产归属查询;百度权重查询		 2022-05-19 02:14:51
SharPyShell v1.3.0 SharPyShell - tiny and obfuscated ASP.NET webshell f
or C# web applications		 2022-05-18 05:10:45
CVE-2021-22555-Pi
peVersion		 CVE-2021-22555 exploit rewritten with pipe primitive 2022-05-18 03:10:10
WerTrigger Weaponizing for privileged file writes bugs with win
dows problem reporting		 2022-05-10 17:36:49
Bug-Report 2022-04-27 06:39:59
swagger2markup v1.3.4 A Swagger to AsciiDoc or Markdown converter to simpl
ify the generation of an up-to-date RESTful API docum
entation by combining documentation that’s been hand
-written with auto-gene		 2022-04-26 06:34:27
check-virtual-mac
hine		 2022-04-26 04:04:18
satellite v0.0.4 easy-to-use payload hosting 2022-04-22 21:07:16
AllatoriCrack 7.6.2 破解 Java 混淆工具 Allatori 2022-04-19 03:56:36
BaoTa 宝塔Linux面板 - 简单好用的服务器运维面板 2022-04-18 07:35:41
zscan v2.0.1 Zscan a scan blasting tool set 2022-04-18 02:47:59
sec-interview 信息安全面试题汇总 2022-04-15 02:25:08
gron v0.7.1 Make JSON greppable! 2022-04-13 14:23:37
rules Repository of yara rules 2022-04-12 17:53:58
CobaltNotion A spin-off research project. Cobalt Strike x Notion
collab 2022		 2022-04-08 18:29:23
aliyun-accesskey-
Tools		 v1.3 阿里云accesskey利用工具 2022-04-08 08:17:32
zipcreater v0.0.2 ZipCreater主要应用于跨目录的文件上传漏洞的利用,它能
够快速进行压缩包生成。		 2022-04-06 08:04:31
Spring4Shell-POC Dockerized Spring4Shell (CVE-2022-22965) PoC applica
tion and exploit		 2022-04-05 16:02:33
waybackurls v0.1.0 Fetch all the URLs that the Wayback Machine knows ab
out for a domain		 2022-04-05 10:20:15
CVE-2022-25636-Pi
peVersion		 CVE-2022-25636 exploit rewritten with pipe primitive 2022-04-05 08:56:33
CVE-2022-0185-Pip
eVersion		 CVE-2022-0185 exploit rewritten with pipe primitive 2022-04-05 08:56:26
SpringShell Spring4Shell - Spring Core RCE - CVE-2022-22965 2022-04-04 14:09:11
VindicateTool LLMNR/NBNS/mDNS Spoofing Detection Toolkit 2022-04-03 14:34:47
Spring4Shell-POC This is a dockerized application that is vulnerable
to the Spring4Shell vulnerability (CVE-2022-22965).		 2022-04-01 23:01:49
pydictor v2.0.5 A powerful and useful hacker dictionary builder for
a brute-force attack		 2022-04-01 10:15:24
kernel-exploits My proof-of-concept exploits for the Linux kernel 2022-03-31 18:22:23
hetty v0.7.0 An HTTP toolkit for security research. 2022-03-31 13:23:56
AttackDetection Attack Detection 2022-03-30 19:46:24
CVE-2022-0778 Proof of concept for CVE-2022-0778, which triggers a
n infinite loop in parsing X.509 certificates due to
a bug in BN_mod_sqrt		 2022-03-29 10:08:00
writeups 2022-03-28 19:01:31
CVE-2022-27666 Exploit for CVE-2022-27666 2022-03-28 18:21:00
rsatool rsatool can be used to calculate RSA and RSA-CRT par
ameters		 2022-03-22 22:32:55
vulnerability-lis
t		 在渗透测试中快速检测常见中间件、组件的高危漏洞。 2022-03-21 06:26:57
XSStrike 3.1.5 Most advanced XSS scanner. 2022-03-20 10:19:57
GBByPass 冰蝎 哥斯拉 WebShell bypass 2022-03-18 12:47:01
anew v0.1.1 A tool for adding new lines to files, skipping dupli
cates		 2022-03-15 22:38:57
Karta v2.1.0 Karta - source code assisted fast binary matching pl
ugin for IDA		 2022-03-15 12:44:31
dompdf-rce RCE exploit for dompdf 2022-03-15 10:55:55
big_screen 数据大屏可视化 2022-03-12 16:32:06
vcenter_saml_logi
n		 A tool to extract the IdP cert from vCenter backups
and log in as Administrator		 2022-03-09 14:12:24
Markdown-XSS-Payl
oads		 XSS payloads for exploiting Markdown syntax 2022-03-09 14:07:11
CVE-2022-0847-Dir
tyPipe-Exploit		 A root exploit for CVE-2022-0847 (Dirty Pipe) 2022-03-08 06:20:05
AWSBucketDump Security Tool to Look For Interesting Files in S3 Bu
ckets		 2022-03-07 21:07:58
CVE-2022-25636 CVE-2022-25636 2022-03-07 17:18:19
3vilGu4rd 3vilGu4
rd-V0.2		 This is a daemon process which make a programe runin
g all time.		 2022-03-06 13:00:59
Spring-Cloud-Gate
way-CVE-2022-22947		 CVE-2022-22947 2022-03-03 14:03:29
cidr-merger v1.1.3 A simple command line tool to merge ip/ip cidr/ip ra
nge, supports IPv4/IPv6		 2022-03-03 08:52:55
proxylogscan v0.0.2 A fast tool to mass scan for a vulnerability on Micr
osoft Exchange Server that allows an attacker bypassi
ng the authentication and impersonating as the admin
(CVE-2021-26855).		 2022-03-02 15:41:22
MQTT-Explorer v0.3.5 An all-round MQTT client that provides a structured
topic overview		 2022-02-27 22:03:15
cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp 2022-02-24 15:02:12
jQuery-with-XSS jQuery with XSS, Testing and Secure Version 2022-02-24 03:06:34
CNVD-2022-10270-L
PE		 2022-02
-24		 基于向日葵RCE的本地权限提升,无需指定端口 2022-02-24 02:37:25
mitm6 v0.3.0 pwning IPv4 via IPv6 2022-02-22 18:49:07
WindowsElevation Windows Elevation(持续更新) 2022-02-19 06:33:03
My-Shodan-Scripts Collection of Scripts for shodan searching stuff. 2022-02-14 21:58:36
KillDefender A small POC to make defender useless by removing its
token privileges and lowering the token integrity		 2022-02-14 09:24:15
403-fuzz 针对 403 页面的 fuzz 脚本 2022-02-14 04:29:01
CollaboratorPlusP
lus		 v1.0.2 2022-02-11 16:42:50
ripple20 A Zeek package for the passive detection of "Ripple2
0" vulnerabilities in the Treck TCP/IP stack.		 2022-02-11 01:35:08
CVE-2019-11539 Exploit for the Post-Auth RCE vulnerability in Pulse
Secure Connect		 2022-02-11 00:00:44
patching v0.1.2 An Interactive Binary Patching Plugin for IDA Pro 2022-02-10 09:16:09
CVE-2021-4034-NoG
CC		 v4.0 CVE-2021-4034简单优化,以应对没有安装gcc和make的目标
环境		 2022-02-09 09:58:59
BeRoot 1.0.1 Privilege Escalation Project - Windows / Linux / Mac 2022-02-08 10:30:38
Cloud-Pentesting This repository is in progress, it will keep updatin
g as I come across to new learning materials. Feel fr
ee to contribute.		 2022-02-06 06:43:13
trevorc2 TrevorC2 is a legitimate website (browsable) that tu
nnels client/server communications for covert command
execution.		 2022-01-31 20:16:24
netview latest Netview enumerates systems using WinAPI calls 2022-01-30 21:59:32
CVE-2021-4034 CVE-2021-4034 1day 2022-01-30 14:21:40
CVE-2021-4034 polkit pkexec Local Privilege Vulnerability to Add c
ustom commands		 2022-01-27 06:23:02
CVE-2022-21882 win32k LPE 2022-01-27 04:18:18
ja3box extract ja3(s) when sniffing or from a pcap. 2022-01-26 09:06:31
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulnerabi
lity in polkit’s pkexec (CVE-2021-4034)		 2022-01-26 07:38:31
Libra Libra [ 天秤座 ] 网站篡改、暗链、死链监测平台
social-engineer-t
oolkit		 The Social-Engineer Toolkit (SET) repository from Tr
ustedSec - All new versions of SET will be deployed h
ere.		 2022-01-26 01:58:47
SuperMem A python script developed to process Windows memory
images based on triage type.		 2022-01-20 16:37:37
exploits Pwn stuff. 2022-01-20 01:23:18
JSP-Webshells Collect JSP webshell of various implementation metho
ds. 收集JSP Webshell的各种姿势		 2022-01-18 04:00:06
CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool 2022-01-16 15:54:07
CVE-2021-21985_Po
C		 2022-01-16 04:17:08
ShadowSteal Pure Nim implementation for exploiting CVE-2021-3693
4, the SeriousSAM local privilege escalation		 2022-01-16 02:09:36
gmsm v1.4.1 GM SM2/3/4 library based on Golang (基于Go语言的国密
SM2/SM3/SM4算法库)		 2022-01-14 09:07:16
SMTP-NC v0.1.1 SMTP Netcat , test SMTP protocol 2022-01-14 04:05:46
domain_screen 站点批量截图 2022-01-13 02:45:09
go-shodan v2.0.4 Shodan API client 2022-01-12 22:51:00
linux-exploit-sug
gester-2		 Next-Generation Linux Kernel Exploit Suggester 2022-01-12 17:31:20
MyTools 2022-01-10 09:28:53
Blind-SSRF Nuclei Templates to reproduce Cracking the lens's Re
search		 2022-01-08 01:31:18
shiftleft-go-demo 2022-01-07 17:47:13
CVE-2019-5736-PoC PoC for CVE-2019-5736 2022-01-05 04:09:42
Spring-Boot-Vulne
rability		 2022-01-05 03:18:27
blind-ssrf-chains An exhaustive list of all the possible ways you can
chain your Blind SSRF vulnerability		 2021-12-31 00:08:33
ShadowCoerce MS-FSRVP coercion abuse PoC 2021-12-30 17:43:18
SimpleDnsCrypt 0.7.1 A simple management tool for dnscrypt-proxy 2021-12-30 09:11:09
rdesktop v1.9.0 🚨 rdesktop is in need of a new maintainter. Please
see the home page for more details. 🚨		 2021-12-30 08:23:18
ZhouYu (周瑜)Java - SpringBoot 持久化 WebShell 学习demo(
不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)		 2021-12-29 06:12:29
-Baseline-check windows和linux基线检查,配套自动化检查脚本。纯手打。 2021-12-29 03:26:24
Tencent_Yun_tools 2021-12-26 08:44:50
CVE-2020-0683 CVE-2020-0683 - Windows MSI “Installer service” El
evation of Privilege		 2021-12-23 16:28:28
cve-2021-22005-ex
p		 2021-12-22 10:32:37
Logout4Shell Use Log4Shell vulnerability to vaccinate a victim se
rver against Log4Shell		 2021-12-22 02:02:51
Duckyspark Translator from USB-Rubber-Ducky payloads to a Digis
park code.		 2021-12-22 01:41:35
SIET Smart Install Exploitation Tool 2021-12-21 15:05:52
distorm 3.5.2b Powerful Disassembler Library For x86/AMD64 2021-12-18 15:51:48
shakeitoff AKB-Rel
ease		 Windows MSI Installer LPE (CVE-2021-43883) 2021-12-17 12:53:51
learn-java-bug 2021-12-17 12:10:09
4-ZERO-3 403/401 Bypass Methods + Bash Automation + Your Supp
ort ;)		 2021-12-15 17:44:36
kekeo 2.2.0-2
0211214		 A little toolbox to play with Microsoft Kerberos in
C		 2021-12-14 10:51:40
noPac CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. 2021-12-12 10:50:53
Log4jAttackSurfac
e		 2021-12-11 11:15:25
neofetch 7.1.0 🖼️ A command-line system information tool written
in bash 3.2+		 2021-12-10 06:41:55
FourEye 1.8 AV Evasion Tool For Red Team Ops 2021-12-08 11:55:14
SSRFire An automated SSRF finder. Just give the domain name
and your server and chill! ;) Also has options to fin
d XSS and open redirects		 2021-12-08 04:22:11
gobfuscate Obfuscate Go binaries and packages 2021-12-07 22:27:25
subjs v1.0.1 Fetches javascript file from a list of URLS or subdo
mains.		 2021-12-05 18:19:46
lolcat Rainbows and unicorns! 2021-12-03 11:34:06
StandIn v1.3 StandIn is a small .NET35/45 AD post-exploitation to
olkit		 2021-12-02 14:26:57
VMware_vCenter VMware vCenter 7.0.2.00100 unauth Arbitrary File Rea
d + SSRF + Reflected XSS		 2021-12-01 08:02:39
3gstudent 2021-11-23 10:15:28
CVE-2021-42321 Microsoft Exchange Server Poc 2021-11-23 02:33:47
k8s-CVE-2021-4355
7-poc		 PoC for CVE-2021-43557 2021-11-22 20:24:22
CVE-2021-41277 Metabase任意文件读取漏洞批量扫描工具 2021-11-22 11:42:18
aem-hacker 2021-11-21 18:28:46
Corsy 1.0-rc CORS Misconfiguration Scanner 2021-11-20 05:05:49
YarnRpcRCE 0.0.1 2021-11-20 04:56:10
bitcracker BitCracker is the first open source password crackin
g tool for memory units encrypted with BitLocker		 2021-11-19 16:40:02
CVE-2021-37580 CVE-2021-37580 2021-11-19 09:03:13
SharpMapExec 2021-11-17 17:53:02
fmem Linux Kernel Module designed to help analyze volatil
e memory in the linux kernel		 2021-11-17 13:37:05
F5-steganography F5 steganography 2021-11-16 12:13:07
tyton v1.2 Kernel-Mode Rootkit Hunter 2021-11-13 21:54:29
JavaCodeAudit Getting started with java code auditing 代码审计入门
的小项目		 2021-11-13 07:32:35
SharpSphere 2.1 .NET Project for Attacking vCenter 2021-11-11 09:39:10
crawlergo_x_XRAY 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的
被动扫描功能		 2021-11-10 05:44:48
pafish v0.6 Pafish is a testing tool that uses different techniq
ues to detect virtual machines and malware analysis e
nvironments in the same way that malware families do		 2021-11-09 16:17:18
geye 1.2.0 🚀Faster Github Monitor🚀 2021-11-06 06:51:45
aSiagaming My Chrome and Safari exploit code + write-up repo 2021-11-05 08:12:50
CVE-2021-36260-me
tasploit		 the metasploit script(POC) about CVE-2021-36260 2021-11-03 08:26:24
HikPwn HikPwn, a simple scanner for Hikvision devices with
basic vulnerability scanning capabilities written in
Python 3.8.		 2021-11-02 19:04:36
Gitlab-CVE-2021-2
2205		 2021-11-02 14:44:28
BruteShark v1.2.5 Network Analysis Tool 2021-10-30 11:25:25
pkcrack pkcrack with modern building tools 2021-10-30 10:53:11
CVE-2020-9484 2021-10-28 02:31:04
avList avList - 杀软进程对应杀软名称 2021-10-21 04:09:20
impacket-ghostpot
ato		 impacket-ghostpotato Fork from https://shenanigansla
bs.io/2019/11/12/Ghost-Potato.html		 2021-10-18 11:15:12
nosferatu Windows NTLM Authentication Backdoor 2021-10-17 01:14:27
Finger A tool for recognizing function symbol 2021-10-14 07:52:35
CVE-2020-5902 CVE-2020-5902 BIG-IP 2021-10-13 07:53:46
jarm 2021-10-12 19:01:22
Exchange_SSRF Some Attacks of Exchange SSRF ProxyLogon&ProxyShell 2021-10-12 02:17:09
PortBrute 一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MS
SQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compac
t port blasting tool that supports blasting FTP/SSH/S
MB/MSSQL/MYSQL/POSTGRESQL/MONGOD		 2021-10-09 02:50:37
NetLoader Loads any C# binary in mem, patching AMSI + ETW. 2021-10-03 16:41:03
KMS_VL_ALL 44 🔑KMS_VL_ALL - Smart Activation Script 2021-10-03 03:54:27
NetUser 2.0 使用windows api添加用户,可用于net无法使用时.分为nim
版,c++版本,RDI版,BOF版。		 2021-09-29 14:22:09
CVE-2021-22005 2021-09-28 21:08:20
henggeFish 自动化批量发送钓鱼邮件(横戈安全团队出品) 2021-09-28 12:18:26
CVE-2021-3493 Ubuntu OverlayFS Local Privesc 2021-09-28 04:08:43
coremail-address-
book		 0.0.2 📧Coremail邮件系统组织通讯录导出脚本 2021-09-28 00:28:22
JavaScript-MD5 JavaScript MD5 implementation. Compatible with serve
r-side environments like node.js, module loaders like
RequireJS and all web browsers.		 2021-09-25 14:48:43
wmi 1.1.0 WMI for Go 2021-09-17 17:28:27
evilzip 1.1 evilzip lets you create a zip file(with password) th
at contains files with directory traversal characters
in their embedded path.		 2021-09-16 08:49:01
PrintNightmare 2021-09-13 08:45:19
Tools GitHub repository for sysadmin related tools 2021-09-12 07:51:22
CVE-2021-40444 CVE-2021-40444 PoC 2021-09-11 09:50:26
altdns Generates permutations, alterations and mutations of
subdomains and then resolves them		 2021-09-09 23:36:19
CS_mock 模拟cobalt strike beacon上线包. Simulation cobalt st
rike beacon connection packet.		 2021-09-09 08:32:16
htpwdScan HTTP weak pass scanner 2021-09-07 02:52:33
BeaconEye Hunts out CobaltStrike beacons and logs operator com
mand output		 2021-09-06 19:52:36
outguess 0.4 Universal steganographic tool 2021-09-03 01:09:10
pupy Pupy is an opensource, cross-platform (Windows, Linu
x, OSX, Android) C2 and post-exploitation framework w
ritten in python and C		 2021-09-01 17:25:47
CVE-2021-1675_RDL
_LPE		 PrintNightMare LPE提权漏洞的CS 反射加载插件。开箱即
用、通过内存加载、混淆加载的驱动名称来ByPass Defender/
EDR。		 2021-09-01 11:25:19
CVE-2021-26084_Po
C		 2021-09-01 01:01:06
sensinfor 1.6 A chrome extension use to find leak file and backup
file.		 2021-08-31 11:40:57
coremail-exp 2021-08-31 02:55:04
tongda-exp 1.0.1 python编写的多个通达常见漏洞exp 2021-08-26 08:02:25
proxyshell-for-ex
change_workload		 2021-08-25 06:30:55
CORS_vulnerable_L
ab-Without_Databas
e		 2021-08-25 03:01:03
cve-2021-3449 CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻
‍💻		 2021-08-25 01:00:49
31-days-of-API-Se
curity-Tips		 This challenge is Inon Shkedy's 31 days API Security
Tips.		 2021-08-24 16:14:34
jobber v1.4.4 An alternative to cron, with sophisticated status-re
porting and error-handling		 2021-08-22 02:30:15
Invoke-BuildAnony
mousSMBServer		 Use to build an anonymous SMB file server. 2021-08-20 14:52:10
textfilter 敏感词过滤的几种实现+某1w词敏感词库 2021-08-20 05:11:01
proxyshell-poc 2021-08-19 18:05:50
RGPerson RGPerson - Randomly generate identity information 2021-08-19 10:49:13
PadBuster Automated script for performing Padding Oracle attac
ks		 2021-08-18 17:51:52
redis-rogue-serve
r-win		 Redis 4.x & 5.x RCE 2021-08-18 06:52:30
vulnerability 2021-08-16 09:16:46
proxyshell_payloa
d		 proxyshell payload generate 2021-08-14 17:20:00
ProxyShell ProxyShell POC Exploit : Exchange Server RCE (ACL By
pass + EoP + Arbitrary File Write)		 2021-08-13 09:54:50
ADCSPwn ADCSPwn A tool to escalate privileges in an active directory
network by coercing authenticate from machine accoun
ts and relaying to the certificate service.		 2021-08-11 14:51:53
experiments Expriments 2021-08-11 14:17:52
CS-Loader CS免杀 2021-08-11 06:43:52
OSCP_note 2021-08-10 07:37:48
CVE-Exploits PoC exploits for software vulnerabilities 2021-08-10 00:24:18
xcdn Try to find out the real ip behind cdn 2021-08-08 05:26:37
PySharpSphere Yet another SharpSphere 2021-08-01 03:25:35
IOCs-IDPS This repository will hold PCAP IOC data related with
known malware samples (owner: Bryant Smith)		 2021-07-29 15:55:31
SecurityBaselineC
heck		 2021-07-29 13:08:55
surferFTP SSRF to TCP Port Scanning, Banner and Private IP Dis
closure by abusing the FTP protocol/clients		 2021-07-29 06:56:39
HiveNightmare 0.6 Exploit allowing you to read registry hives as non-a
dmin on Windows 10 and 11		 2021-07-26 14:16:19
CobaltStrikeDetec
ted		 40行代码检测到大部分CobaltStrike的shellcode 2021-07-25 14:37:11
CVE-2021-3156 Sudo Baron Samedit Exploit 2021-07-23 15:46:37
CVE-2021-33909 Sequoia exploit (7/20/21) 2021-07-20 23:04:13
TongdaOA-exp TongdaOA 11.7 ~11.8 通达OA,任意用户登录+后台getshel
l		 2021-07-16 13:18:03
cve-2021-34558 2021-07-13 06:15:46
CVE-2018-3245 CVE-2018-3245-PoC 2021-07-13 02:29:19
CVE-2021-21974 POC for CVE-2021-21974 VMWare ESXi RCE Exploit 2021-07-09 19:38:41
CVE-2021-1675 C# and Impacket implementation of PrintNightmare CVE
-2021-1675/CVE-2021-34527		 2021-07-08 11:10:36
CVE-2020-11651 CVE-2020-11651: Proof of Concept 2021-07-07 21:17:00
speedtest-cli v2.1.3 Command line interface for testing internet bandwidt
h using speedtest.net		 2021-07-07 19:50:15
CVE-2021-1675-LPE Local Privilege Escalation Edition for CVE-2021-1675
/CVE-2021-34527		 2021-07-05 06:46:12
xxl-job 1.0 xxl-job RESTful API RCE 2021-07-01 08:26:31
Limelighter A tool for generating fake code signing certificates
or signing real ones		 2021-06-28 21:35:56
chacal Golang anti-vm framework for Red Team and Pentesters 2021-06-26 16:13:02
yaml-payload-for-
Win		 用于windows反弹shell的yaml-payload 2021-06-26 16:10:51
ssh-auditor v0.18 The best way to scan for weak ssh passwords on your
network		 2021-06-24 00:39:29
emby_ssrf 2021-06-16 22:03:46
windows-kernel-ex
ploits		 windows-kernel-exploits Windows平台提权漏洞集合 2021-06-11 23:29:15
fuzzdb v0.3 Dictionary of attack patterns and primitives for bla
ck-box application fault injection and resource disco
very.		 2021-06-06 05:21:50
Teemo A Domain Name & Email Address Collection Tool 2021-05-25 10:33:03
luaforwindows v5.1.5-
52		 Lua for Windows is a 'batteries included environment
' for the Lua scripting language on Windows. NOTICE:
Looking for maintainer.		 2021-05-24 19:58:19
corsair_scan v0.2.0 Corsair_scan is a security tool to test Cross-Origin
Resource Sharing (CORS).		 2021-05-24 11:16:14
cronsun v0.3.5 A Distributed, Fault-Tolerant Cron-Style Job System. 2021-05-23 11:29:47
blog-hugo 基于Hugo的静态博客 2021-05-22 08:59:29
CVE-2021-31166 v1 Proof of concept for CVE-2021-31166, a remote HTTP.s
ys use-after-free triggered remotely.		 2021-05-21 23:58:22
OscpStudyGroup Oscp study group 2021-05-19 05:19:33
nmap-bootstrap-xs
l		 A Nmap XSL implementation with Bootstrap. 2021-05-18 07:11:46
AntSword-Labs Awesome environment for antsword tests 2021-05-17 03:35:09
iconhash v0.4.3 fofa shodan favicon.ico hash icon ico 计算器 2021-05-13 06:57:27
TLS-poison 2021-05-10 13:47:31
CTF-Mind-maps 整合入门到中高级题目的思路,for new CTFers ! 2021-05-04 13:07:28
endlessh 1.0 SSH tarpit that slowly sends an endless banner 2021-04-30 14:00:40
smuggler Smuggler - An HTTP Request Smuggling / Desync testin
g tool written in Python 3		 2021-04-28 22:24:28
cuckoo 2.0.6 Cuckoo Sandbox is an automated dynamic malware analy
sis system		 2021-04-26 15:48:32
RCE-Exploit-in-BI
G-IP		 2021-04-26 07:38:18
payloads Git All the Payloads! A collection of web attack pay
loads.		 2021-04-22 12:11:05
morty Privacy aware web content sanitizer proxy as a servi
ce		 2021-04-22 10:38:34
SimpleShellcodeIn
jector		 SimpleShellcodeInjector receives as an argument a sh
ellcode in hex and executes it. It DOES NOT inject th
e shellcode in a third party application.		 2021-04-19 08:48:53
big-list-of-naugh
ty-strings		 The Big List of Naughty Strings is a list of strings
which have a high probability of causing issues when
used as user-input data.		 2021-04-17 19:05:45
msbuild-inline-ta
sk		 2021-04-17 01:42:18
List-RDP-Connecti
ons-History		 Use powershell to list the RDP Connections History o
f logged-in users or all users		 2021-04-17 01:38:16
Eventlogedit-evt-
-General		 Remove individual lines from Windows Event Viewer Lo
g (EVT) files		 2021-04-17 01:36:42
From-System-autho
rity-to-Medium-aut
hority		 Penetration test 2021-04-17 01:32:01
Eventlogedit-evtx
--Evolution		 v1.1.0 Remove individual lines from Windows XML Event Log (
EVTX) files		 2021-04-17 01:28:00
CVE-2021-24086 Proof of concept for CVE-2021-24086, a NULL derefere
nce in tcpip.sys triggered remotely.		 2021-04-15 12:46:33
RedGhost Linux post exploitation framework written in bash de
signed to assist red teams in persistence, reconnaiss
ance, privilege escalation and leaving no trace.		 2021-04-14 06:30:09
CoreMailUploadRce Coremail任意文件上传漏洞POC 2021-04-11 05:31:00
Syborg Recursive DNS Subdomain Enumerator with dead-end avo
idance system (BETA)		 2021-04-09 13:46:36
x-crack 1.0.1 x-crack - Weak password scanner, Support: FTP/SSH/SN
MP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB		 2021-04-09 13:23:39
suricata-rules Suricata IDS rules 用来检测红队渗透/恶意行为等,支持
检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/
挖矿/反弹shell/ICMP隧道等		 2021-04-08 10:49:03
REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-219
83, CVE-0DAY-?????)		 2021-04-07 03:10:07
CVE-2021-22986 CVE-2021-22986 & F5 BIG-IP RCE 2021-04-03 12:56:37
geacon 修改自geacon的多功能linux运维管理工具 2021-04-02 03:00:47
SharpProxyLogon C# POC for CVE-2021-26855 aka ProxyLogon, supports t
he classically semi-interactive web shell as well as
shellcode injection		 2021-03-31 11:57:26
Python-dsstore A library for parsing .DS_Store files and extracting
file names		 2021-03-28 17:47:40
Evaluation_tools 测评工具 2021-03-25 01:51:21
sasquatch 2021-03-25 00:21:17
hey v0.1.4 HTTP load generator, ApacheBench (ab) replacement 2021-03-23 23:39:03
Luyten v0.5.4_
Rebuilt_
with_Lat
est_depe
nencies		 An Open Source Java Decompiler Gui for Procyon 2021-03-17 20:09:12
ProxyLogon 2021-03-17 15:28:18
ProxyLogon ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange S
erver RCE(SSRF->GetWebShell)		 2021-03-17 05:06:18
security-research
-pocs		 Proof-of-concept codes created as part of security r
esearch done by Google Security Team.		 2021-03-12 15:00:01
Proxylogon-exploi
t		 proxylogon exploit - CVE-2021-26857 2021-03-11 17:34:15
CVE-2017-7494 Remote root exploit for the SAMBA CVE-2017-7494 vuln
erability		 2021-03-09 09:12:55
CVE-2021-21972 CVE-2021-21972 Unauthorized RCE in VMware vCenter me
tasploit exploit script		 2021-03-07 17:12:01
Vulmap Vulmap Online Local Vulnerability Scanners Project 2021-03-06 15:11:40
CVE-2021-1732-Exp
loit		 CVE-2021-1732 Exploit 2021-03-05 03:10:26
Malbox 恶意软件容器靶机 2021-03-04 09:30:01
CVE-2021-23132 com_media allowed paths that are not intended for im
age uploads to RCE		 2021-03-03 03:52:10
DotNetToJScriptMi
ni		 A simplified version of DotNetToJScript to create a
JScript file which loads a .NET v2 assembly from memo
ry.		 2021-03-01 12:08:23
exploits Some of my exploits. 2021-02-25 19:50:10
CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972 2021-02-25 16:04:58
CANToolz v3.7.0 CANToolz - Black-box CAN network analysis framework 2021-02-24 07:26:06
Inspur Inspur vul repo 2021-02-23 00:56:19
WebAliveScan 对目标域名进行快速的存活扫描、简单的指纹识别、目录扫
 2021-02-22 08:36:06
linuxprivchecker linuxprivchecker.py -- a Linux Privilege Escalation
Check Script		 2021-02-20 23:36:02
awesome-iocs A collection of sources of indicators of compromise. 2021-02-19 23:21:08
ruler 2.4.1 A tool to abuse Exchange services 2021-02-19 09:07:52
SpringBootLearnin
g		 Spring Boot learning process 2021-02-18 07:59:42
Mod_Rewrite_Autom
ation		 Scripts to automate standing up apache2 with mod_rew
rite in front of C2 servers.		 2021-02-17 17:44:23
CVE-2021-3156-plu
s		 CVE-2021-3156非交互式执行命令 2021-02-09 19:31:00
Jumpserver-EXP JumpServer远程代码执行漏洞检测利用脚本 2021-02-09 04:52:18
CVE-2021-3156 PoC for CVE-2021-3156 (sudo heap overflow) 2021-02-08 03:42:50
wrk Modern HTTP benchmarking tool 2021-02-07 07:13:05
docker-oracle-xe-
11g		 Dockerfile of Oracle Database Express Edition 11g Re
lease 2		 2021-02-06 13:59:13
CVE-2019-1040 CVE-2019-1040 with Exchange 2021-02-02 12:25:47
CVE-2021-3156 2021-02-01 09:10:11
CVE-2021-3156 CVE-2021-3156 2021-01-31 04:56:56
laravel-exploits Exploit for CVE-2021-3129 2021-01-29 13:59:00
ListRDPConnection
s		 0.0.3 C# 读取本机对外RDP连接记录和其他主机对该主机的连接记
录,从而在内网渗透中获取更多可通内网网段信息以及定位运
维管理人员主机		 2021-01-28 08:01:12
webuploader 0.1.5 It's a new file uploader solution! 2021-01-27 12:18:48
BT_Panel_Privileg
e_Escalation		 宝塔面板Windows版提权方法 2021-01-26 17:46:03
suricata-rules Suricata rules for the new critical vulnerabilities 2021-01-26 15:50:13
AheadLib-x86-x64 1.2 hijack dll Source Code Generator. support x86/x64 2021-01-25 06:45:58
EgGateWayGetShell
_py		 EgGateWayGetShell py脚本 2021-01-24 01:25:55
skyscorpion 1.0.rel
ease.202
10322		 新版将不再对外公开发布。天蝎权限管理工具采用Java平台
的JavaFX技术开发的桌面客户端,支持跨平台运行,目前基于
JDK1.8开发,运行必须安装JDK或JRE 1.8,注意不能是open
jdk,只能是oracle的jdk。 天蝎权限管理工具基于冰蝎加密
流量进行WebShell通信管理的原理,目前实现了jsp、aspx、p
hp、asp端的常用操作功能,在原		 2021-01-20 14:12:33
passToJs 爆破js加密的后台登陆;JS加密;爆破密码;PyExecJS 2021-01-20 07:45:21
SAP_EEM_CVE-2020-
6207		 PoC for CVE-2020-6207 (Missing Authentication Check
in SAP Solution Manager)		 2021-01-15 16:25:18
bugbounty-cheatsh
eet		 A list of interesting payloads, tips and tricks for
bug bounty hunters.		 2021-01-15 14:36:29
LuWu 红队基础设施自动化部署工具 2021-01-12 08:41:56
CVE-2020-36179 CVE-2020-36179~82 Jackson-databind SSRF&RCE 2021-01-10 06:48:52
SharpRDPLog 0.1 Windows rdp相关的登录记录导出工具,可用于后渗透中Win
dows服务器的信息收集阶段。输出内容包括:本地rdp端口、
mstsc缓存、cmdkey缓存、登录成功、失败日志事件。		 2021-01-09 13:00:49
Drupalgeddon2 Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE
-2018-7600 / SA-CORE-2018-002)		 2021-01-08 10:31:20
CVE-2020-17518 2021-01-06 13:41:03
windows_protocol 2021-01-06 10:28:00
fuxploider v1.0 File upload vulnerability scanner and exploitation t
ool.		 2021-01-04 10:35:01
dcpwn an impacket-dependent script exploiting CVE-2019-104
0		 2021-01-01 06:10:57
CVE-2020-35728 CVE-2020-35728 & Jackson-databind RCE 2020-12-31 01:56:17
CVE-2020-6308-PoC PoC CVE-2020-6308 2020-12-29 10:49:49
open-source-badge
s		 :octocat: Open Source & Licence Badges 2020-12-27 18:48:52
CVE-2020-17144-EX
P		 Exchange2010 authorized RCE 2020-12-24 08:11:51
LsassSilentProces
sExit		 Command line interface to dump LSASS memory to disk
via SilentProcessExit		 2020-12-23 11:51:21
UnblockNeteaseMus
ic		 v0.25.3 Revive unavailable songs for Netease Cloud Music 2020-12-22 13:39:09
xpinyin Translate Chinese hanzi to pinyin (拼音) by Python,
汉字转拼音		 2020-12-21 07:58:11
AngelSword Python3编写的CMS漏洞检测框架 2020-12-21 07:26:48
web-cve-tests A simple framework for sending test payloads for kno
wn web CVEs.		 2020-12-16 14:02:31
rsdl Subdomain Scan With Ping Method. 2020-12-12 17:25:57
volatility An advanced memory forensics framework 2020-12-11 14:52:02
CVE-2020-17144 weaponized tool for CVE-2020-17144 2020-12-09 20:56:53
dnSpy v6.1.8 .NET debugger and assembly editor 2020-12-07 21:07:17
Kali-TX Customized Kali Linux - Ansible playbook 2020-12-07 03:16:03
kalitools Kali Linux工具清单 2020-12-07 02:48:41
ActuatorExploit SpringBoot Actuator未授权自动化利用,支持信息泄漏/RC
E		 2020-12-05 13:57:34
web-log-parser An open source analysis web log tool 2020-12-02 10:57:07
Apache-NiFi-Api-R
CE		 2020-12-01 05:39:38
wfuzz v3.1.0 Web application fuzzer 2020-11-28 19:59:28
peerflix Streaming torrent client for node.js 2020-11-27 08:14:37
HackMySQL Using To MySQL Elevate Privileges. 2020-11-24 09:39:30
CVE-2020-14882 CVE-2020–14882、CVE-2020–14883 2020-11-16 04:23:09
webshell-detect-b
ypass		 绕过专业工具检测的Webshell研究文章和免杀的Webshell 2020-11-15 11:40:17
hackergame2018-wr
iteups		 Write-ups for hackergame 2018 2020-11-14 10:46:28
Malleable-C2-Prof
iles		 Malleable C2 is a domain specific language to redefi
ne indicators in Beacon's communication. This reposit
ory is a collection of Malleable C2 profiles that you
may use. These profil		 2020-11-13 00:59:31
subjack 2.1 Subdomain Takeover tool written in Go 2020-11-12 04:11:12
CVE-2020-1472 Exploit Code for CVE-2020-1472 aka Zerologon 2020-11-05 16:37:19
bigdata_practice 大数据分析可视化实践 2020-11-04 03:18:44
beanstack v0.6.1 X41 BeanStack - Stack Trace Fingerprinting BETA 2020-11-03 16:06:45
CVE-2020-13935 Exploit for WebSocket Vulnerability in Apache Tomcat 2020-11-02 14:50:37
XxlJob-Hessian-RC
E		 XxlJob<=2.1.2配置不当情况下反序列化RCE 2020-11-02 05:43:56
java-file-ftp POC for leaking java version through file and ftp pr
otocols		 2020-11-01 10:09:29
ja3transport Impersonating JA3 signatures 2020-10-31 20:49:32
Impulse 💣 Impulse Denial-of-service ToolKit 2020-10-29 17:57:15
js-port-knocking Web 端口敲门的奇思妙想 2020-10-22 01:37:07
pure-bash-bible 📖 A collection of pure bash alternatives to externa
l processes.		 2020-10-21 15:39:38
rekall v1.7.1 Rekall Memory Forensic Framework 2020-10-17 22:34:30
tlslite-ng New home of the TLS implementation in pure python 2020-10-16 03:40:05
springfox 3.0.0 Automated JSON API documentation for API's built wit
h Spring		 2020-10-14 01:49:23
HERCULES HERCULES is a special payload generator that can byp
ass antivirus softwares.		 2020-10-04 12:47:26
Quickdraw-Snort Digital Bond's IDS/IPS rules for ICS and ICS protoco
ls.		 2020-10-02 18:15:13
geacon Practice Go programming and implement CobaltStrike's
Beacon in Go		 2020-10-02 10:34:29
SAP_RECON PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vuln
erability)		 2020-09-29 17:20:11
GitGot Semi-automated, feedback-driven tool to rapidly sear
ch through troves of public data on GitHub for sensit
ive secrets.		 2020-09-28 18:42:57
Print-My-Shell Python script wrote to automate the process of gener
ating various reverse shells.		 2020-09-27 12:23:31
firmwalker Script for searching the extracted firmware file sys
tem for goodies!		 2020-09-26 17:11:01
CVE-2020-1472 PoC for Zerologon - all research credits go to Tom T
ervoort of Secura		 2020-09-24 19:59:53
tget tget is wget for torrents 2020-09-23 00:48:25
pentest-wiki PENTEST-WIKI is a free online security knowledge lib
rary for pentesters / researchers. If you have a good
idea, please share it with others.		 2020-09-22 00:22:31
synner A TCP SYN flood client written in Rust, powered by l
ibpnet		 2020-09-21 12:19:29
CVE-2020-15148-by
passes		 几条关于CVE-2020-15148(yii2反序列化)的绕过 2020-09-21 04:04:31
cve-2020-14386 2020-09-18 00:00:53
memshell mxd_reb
ehinder_
v3_0_5		 Tomcat 冰蝎内存马。 2020-09-14 01:51:49
xvwa XVWA is a badly coded web application written in PHP
/MySQL that helps security enthusiasts to learn appli
cation security.		 2020-09-12 17:26:23
cupp Common User Passwords Profiler (CUPP) 2020-09-12 09:48:23
AhMyth-Android-RA
T		 Android Remote Administration Tool 2020-09-11 14:42:21
CVE-2020-0787-EXP
-ALL-WINDOWS-VERSI
ON		 1 Support ALL Windows Version 2020-09-11 07:38:14
POC-T 2.0.5 渗透测试插件化并发框架 / Open-sourced remote vulnera
bility PoC/EXP framework		 2020-09-07 01:54:32
ysoserial-mangguo
gan		 2020-09-06 15:11:21
ICS-Protocol-iden
tify		 Using nmap NSE scripts for identifying common ICS pr
otocols[使用nmap的nse脚本对常见工控协议进行识别,附对
应nse脚本,并记录pcap流量]		 2020-09-03 06:38:24
snmpwn An SNMPv3 User Enumerator and Attack tool 2020-08-23 10:41:36
wait-for-it Pure bash script to test and wait on the availabilit
y of a TCP host and port		 2020-08-22 23:18:37
Bad-Pdf v1.1 Steal Net-NTLM Hash using Bad-PDF 2020-08-19 06:54:50
PowerSploit v3.0.0 PowerSploit - A PowerShell Post-Exploitation Framewo
rk		 2020-08-17 23:13:56
jmet 0.1.0 Java Message Exploitation Tool 2020-08-17 12:32:46
CS-checklist v1.0 PC客户端(C-S架构)渗透测试checklist / Client side(C
-S) penetration checklist		 2020-08-09 09:45:11
Nmap-Tools SpiderLabs shared Nmap Tools 2020-08-07 12:41:45
mole v0.1 Mole is a framework for identifying and exploiting o
ut-of-band application vulnerabilities.		 2020-08-06 15:14:46
shiroPoc 0.0.05 2020-08-06 04:57:17
MSSQL_BackDoor 2020-08-04 11:08:52
OSCP OSCP 2020-08-03 15:33:17
Exploit-Framework 🔥 An Exploit framework for Web Vulnerabilities
written in Python		 2020-08-01 08:56:33
google_dork_list Google Dorks Google helps you to find Vulnerable W
ebsites that Indexed in Google Search Results. Here i
s the latest collection of Google Dorks. A collection
of 13.760 Dorks. Auth
CAS_EXP 0.0.1 CAS 硬编码 远程代码执行漏洞 2020-07-31 06:51:11
Serverless-Top-10
-Project		 1.0 OWASP Serverless Top 10 2020-07-27 06:33:20
kostebek v1.2.0 2020-07-26 20:19:15
Intensio-Obfuscat
or		 Obfuscate a python code 2.x and 3.x 2020-07-25 10:23:56
CVE-2020-8559 This is a PoC exploit for CVE-2020-8559 Kubernetes V
ulnerability		 2020-07-23 12:55:26
PE2HTML Injects HTML/PHP/ASP to the PE 2020-07-23 10:39:37
CVE-2020-6287-exp
loit		 PoC for CVE-2020-6287 The PoC in python for add user
only, no administrator permission set. Inspired by @
zeroSteiner from metasploit. Original Metasploit PR m
odule: https://github.		 2020-07-21 18:50:06
smogcloud Find cloud assets that no one wants exposed 🔎 ☁️ 2020-07-20 20:26:15
memtriage v0.3.2-
alpha		 Allows you to quickly query a Windows machine for RA
M artifacts		 2020-07-17 21:45:45
CVE-2020-1350-DoS A denial-of-service proof-of-concept for CVE-2020-13
50		 2020-07-17 13:07:28
Exploits Exploits for various CVEs 2020-07-14 15:41:00
crowbar v4.2 Crowbar is brute forcing tool that can be used durin
g penetration tests. It is developed to support proto
cols that are not currently supported by thc-hydra an
d other popular brute		 2020-07-13 11:41:43
f5-bigip-rce-cve-
2020-5902		 F5 BIG-IP RCE CVE-2020-5902 automatic check tool 2020-07-12 10:36:19
CVE-2020-11651-po
c		 PoC exploit of CVE-2020-11651 and CVE-2020-11652 2020-07-10 09:30:09
cobalt_strike_bot 2020-07-05 15:12:56
SMBGhost_RCE_PoC 2020-07-02 18:49:21
PocCollect Poc Collected for study and develop 2020-07-02 08:28:30
ripple20-poc Treck Network Stack Discovery Tool by JSOF 2020-06-30 21:54:41
LeakLooker Find open databases - Powered by Binaryedge.io 2020-06-28 08:43:21
Reptile 2.0 LKM Linux rootkit 2020-06-27 16:24:35
tomcat_nofile_web
shell		 Tomcat基于动态注册Filter的无文件Webshell 2020-06-20 19:00:06
cve-2020-1054 LPE for CVE-2020-1054 targeting Windows 7 x64 2020-06-17 18:10:15
CVE-2020-1066-EXP exp CVE-2020-1066-EXP支持Windows 7和Windows Server 2008
R2操作系统		 2020-06-17 00:55:57
Spring-Boot-Actua
tor-Exploit		 Spring Boot Actuator (jolokia) XXE/RCE 2020-06-16 21:24:05
XssPy XssPy - Web Application XSS Scanner 2020-06-13 23:13:14
LSB-Steganography Python program to steganography files into images us
ing the Least Significant Bit.		 2020-06-12 17:03:02
CallStranger Vulnerability checker for Callstranger (CVE-2020-126
95)		 2020-06-12 09:45:36
BadDNS v1.0.1 2020-06-12 07:40:43
ICSim Instrument Cluster Simulator 2020-06-12 05:38:00
Vulnerability-goa
pp		 Web application build Golang with Vulnerability 2020-06-08 17:37:00
VpsEnvInstall 一键部署渗透VPS 2020-06-06 06:25:21
factordb-python 1.3.0 FactorDB client library with Python 2020-06-05 14:14:20
RedisWriteFile 通过 Redis 主从写出无损文件 2020-05-25 14:39:46
CVE-2020-3153 Cisco AnyConnect < 4.8.02042 privilege escalation th
rough path traversal		 2020-05-25 08:33:24
Pentest_Interview 个人准备渗透测试和安全面试的经验之谈,和去部分厂商的
面试题,干货真的满满~		 2020-05-25 03:58:04
redis-ssrf redis ssrf gopher generater & redis ssrf to rce by m
aster-slave-sync		 2020-05-24 14:16:47
SB-Actuator Spring Boot Actuator未授权访问【XXE、RCE】单/多目标
检测		 2020-05-21 02:28:36
flashsploit Exploitation Framework for ATtiny85 Based HID Attack
s		 2020-05-20 07:42:52
tomcat-cluster-se
ssion-sync-exp		 tomcat使用了自带session同步功能时,不安全的配置(没
有使用EncryptInterceptor)导致存在的反序列化漏洞,通过
精心构造的数据包, 可以对使用了tomcat自带session同步功
能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484是se
ssion持久化的洞,这个是session集群同步的洞!		 2020-05-19 05:11:55
CVE-2020-10199 CVE-2020-10199 回显版本 2020-05-15 06:18:17
CAAC-CTF-2018-Pri
mary		 2018年民航网络安全职业技能竞赛-初赛 2020-05-15 02:26:16
writeups 昔書いたctfライトアップなど 2020-05-11 00:54:10
mssqli-duet SQL injection script for MSSQL that extracts domain
users from an Active Directory environment based on R
ID bruteforcing		 2020-05-10 19:29:48
cve-2020-11651-ex
p-plus		 2020-05-09 07:30:04
isf v0.1.0 ISF(Industrial Control System Exploitation Framework
),a exploitation framework based on Python		 2020-05-08 03:23:55
static-binaries Various *nix tools built as statically-linked binari
es		 2020-04-26 20:49:10
asset NMAP扫描网络资产自动导入到Elasticstack进行展示 2020-04-25 02:22:48
MassBleed MassBleed SSL Vulnerability Scanner 2020-04-18 22:40:20
awesome-shodan-qu
eries		 🔍 A collection of interesting, funny, and depressin
g search queries to plug into shodan.io 👩‍💻		 2020-04-18 15:18:05
vmware_vcenter_cv
e_2020_3952		 Exploit for CVE-2020-3952 in vCenter 6.7 2020-04-16 08:38:42
android-malware Collection of android malware samples 2020-04-15 22:22:00
assetfinder Find domains and subdomains related to a given domai
n		 2020-04-15 10:38:43
redis-rce Redis RCE 的几种方法 2020-04-14 10:24:36
Xray_and_crwlergo
_in_server		 雇一位免费的360工程师和一位长亭工程师为你挖洞,还有
听话的server酱给你汇报		 2020-04-12 15:40:36
CVE-2020-0796 v1.0 CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost 2020-04-08 19:27:06
nyancat 1.2.1 Nyancat in your terminal, rendered through ANSI esca
pe sequences. This is the source for the Debian packa
ge nyancat.		 2020-03-30 10:10:13
linux-kernel-expl
oits		 linux-kernel-exploits Linux平台提权漏洞集合 2020-03-30 07:25:49
o365enum Enumerate valid usernames from Office 365 using Acti
veSync, Autodiscover v1, or office.com login page.		 2020-03-24 08:38:06
CrackSleeve 破解CS4.0 2020-03-24 01:27:45
cve-2019-1040-sca
nner		 2020-03-23 11:22:53
CVE-2020-0688 Exploit and detect tools for CVE-2020-0688 2020-03-21 05:44:15
CVE-2019-1040-dcp
wn		 CVE-2019-1040 with Kerberos delegation 2020-03-20 13:24:42
OA-tongda-RCE Office Anywhere网络智能办公系统 2020-03-20 08:26:06
IoT_Sec_Tutorial IoT安全教程 2020-03-19 13:18:17
CVE-2019-1388 guest→system(UAC手动提权) 2020-03-18 06:21:12
motd My funny motd config. Just for fun! 2020-03-17 12:40:52
emergency-respons
e-checklist		 1.0 应急响应指南 / emergency response checklist 2020-03-13 05:22:16
hack_postgres 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于
数据库管理员知道postgres密码却不知道ssh或RDP密码的时候
在服务器执行系统命令。		 2020-03-10 14:50:40
CVE-2020-9548 CVE-2020-9548:FasterXML/jackson-databind 远程代码执
行漏洞		 2020-03-02 14:18:38
CVE-2020-9547 CVE-2020-9547:FasterXML/jackson-databind 远程代码执
行漏洞		 2020-03-02 14:18:14
leaky-repo 1.1.2 Benchmarking repo for secrets scanning 2020-03-01 02:36:02
cve-2020-0688 cve-2020-0688 2020-02-26 00:58:38
javasec_study java代码审计学习笔记 2020-02-24 16:36:56
Spray-AD A Cobalt Strike tool to audit Active Directory user
accounts for weak, well known or easy guessable passw
ords.		 2020-02-23 13:16:00
CVE-2020-8813 The official exploit for Cacti v1.2.8 Remote Code Ex
ecution CVE-2020-8813		 2020-02-22 16:33:31
CNVD-2020-10487-T
omcat-Ajp-lfi		 Tomcat-Ajp协议文件读取漏洞 2020-02-20 15:39:27
CVE-2020-0668 Use CVE-2020-0668 to perform an arbitrary privileged
file move operation.		 2020-02-20 11:03:17
updog 1.4 Updog is a replacement for Python's SimpleHTTPServer
. It allows uploading and downloading via HTTP/S, can
set ad hoc SSL certificates and use http basic auth.		 2020-02-19 03:26:57
SiteCopy sitecopy is a tool that facilitates personal website
backup and network data collection		 2020-02-17 11:16:19
jieba v0.42.1 结巴中文分词 2020-02-15 08:33:35
Bashfuscator A fully configurable and extendable Bash obfuscation
framework. This tool is intended to help both red te
am and blue team.		 2020-02-14 22:25:01
SharpToolsAggress
or		 内网渗透中常用的c#程序整合成cs脚本,直接内存加载。持
续更新~		 2020-02-13 06:36:06
WDExtract Extract Windows Defender database from vdm files and
unpack it		 2020-02-10 06:53:35
bucket-stream Find interesting Amazon S3 Buckets by watching certi
ficate transparency logs.		 2020-02-03 22:59:08
CVE-2019-8449 CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4 2020-02-03 15:11:25
ffuf-scripts Scripts to help with different ffuf tasks and workfl
ows		 2020-02-02 15:00:08
lmg Script for automating Linux memory capture and analy
sis		 2020-02-01 14:00:13
CVE-2018-0296 Script to test for Cisco ASA path traversal vulnerab
ility (CVE-2018-0296) and extract system information.		 2020-01-30 12:52:42
spring-boot-actua
tor-h2-rce		 Sample Spring Boot App Demonstrating RCE via Exposed
env Actuator and H2 Database		 2020-01-26 08:06:45
PrivExchange Exchange your privileges for Domain Admin privs by a
busing Exchange		 2020-01-23 19:48:39
cve-2019-19781 This is a tool published for the Citrix ADC (NetScal
er) vulnerability. We are only disclosing this due to
others publishing the exploit code first.		 2020-01-22 20:23:36
at-ps Adversary Tactics - PowerShell Training 2020-01-22 18:47:55
CVE-2019-0708-EXP
-Windows		 1.0 CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在
当前控制台反弹System权限Shell		 2020-01-21 02:36:38
SharpNetCheck 2020-01-15 15:05:04
docker_mirror v1.0 查找最快的docker镜像 2020-01-13 06:15:21
Xiaomi_Mi_WiFi_R3
G_Vulnerability_PO
C		 A login bypass(CVE-2019-18371) and a command injecti
on vulnerability(CVE-2019-18370) in Xiaomi Router R3G
up to version 2.28.23.		 2020-01-12 02:34:44
CVE-2019-19781 Citrix ADC Remote Code Execution 2020-01-11 14:03:51
LLC Linux Log Cleaner (utmp, wtmp, btmp, lastlog) 2020-01-10 11:45:14
CVE-2019-1215 2020-01-07 14:29:44
hsd-cipher-sm 国产密码算法SM2,SM3,SM4 2020-01-07 02:11:41
ICS-pcap A collection of ICS/SCADA PCAPs 2020-01-03 20:07:54
Vxscan python3写的综合扫描工具,主要用来存活验证,敏感文件
探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,
端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注
入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授
权测试,请勿用来搞破坏。		 2020-01-02 02:59:44
CVE-2019-9810 1 Exploit for CVE-2019-9810 Firefox on Windows 64-bit. 2019-12-28 18:24:48
jd-gui v1.6.6 A standalone Java Decompiler GUI 2019-12-25 14:42:26
AssetScan 资产探测工具,检测存活,检测风险端口,常规端口,全端
口探测等等,对探测的端口的脆弱面进行安全分析进行		 2019-12-20 03:50:54
ClashA 0.0.3.9 A Android GUI for Clash 2019-12-20 01:14:04
wordpress-dos-poc WordPress <= 5.3.? DoS 2019-12-17 16:21:48
Probable-Wordlist
s		 v2.0 Version 2 is live! Wordlists sorted by probability o
riginally created for password generation and testing
- make sure your passwords aren't popular!		 2019-12-04 22:50:46
linux-hardening-c
hecklist		 Simple checklist to help you deploying the most impo
rtant areas of the GNU/Linux production systems - wor
k in progress.		 2019-12-02 21:30:56
gogsownz Gogs CVEs 2019-11-30 10:34:27
idcardgenerator win_v1.
3		 身份证图片生成工具 generate an id card picture 2019-11-25 08:28:47
ThreatHound ThreatHound is a threat intelligence query tool use
for detecting potentially malicious IP or domains. It
combines the MISP open source threat intelligence sh
aring platform as its		 2019-11-25 05:37:33
EBurst 这个脚本主要提供对Exchange邮件服务器的账户爆破功能,
集成了现有主流接口的爆破方式。		 2019-11-21 07:52:45
Cisco-UCM-SQLi-sc
ripts		 Scripts that can be used to exploit CVE-2019-15972 w
hich was an Authenticated SQLi issue in Cisco Unified
Call Manager (UCM).		 2019-11-20 15:05:54
genpAss 2019-11-20 04:58:52
massh-enum OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE
-2018-15473).		 2019-11-15 08:11:17
SHIRO-721 RememberMe Padding Oracle Vulnerability RCE 2019-11-14 04:15:14
RdpThief Extracting Clear Text Passwords from mstsc.exe using
API Hooking.		 2019-11-13 14:13:52
Diggy Extract endpoints from apk files. 2019-11-13 14:05:34
phuip-fpizdam Exploit for CVE-2019-11043 2019-11-12 18:52:37
CVE-2017-1000353 1.1 jenkins CVE-2017-1000353 POC 2019-11-12 07:14:25
webmin_cve-2019-1
2840_poc		 A standalone POC for CVE-2019-12840 2019-11-10 13:26:40
aws_public_ips 1.0.7 Fetch all public IP addresses tied to your AWS accou
nt. Works with IPv4/IPv6, Classic/VPC networking, and
across all AWS services		 2019-11-07 20:02:42
RoarCTF-Writeup-s
ome-Source-Code		 没有怎么整理,大家将就看吧,有问题发一个issue给我 2019-11-05 16:11:34
CVE-2017-3506 CVE-2017-3506 2019-11-05 14:12:11
CVE-2017-17562 Standalone Python 3 exploit for CVE-2017-17562 2019-11-02 16:16:56
CVE-2019-3396 Confluence 未授权 RCE (CVE-2019-3396) 漏洞 2019-11-01 14:33:21
apache- apache权限维持后门 2019-10-31 07:37:45
patoolkit v1.0 PA Toolkit is a collection of traffic analysis plugi
ns focused on security		 2019-10-29 06:13:04
snmp_fuzzer snmp_fuzzer 2019-10-25 08:14:39
CloudUnflare Reconnaissance Real IP address for Cloudflare Bypass 2019-10-24 19:49:54
CVE-2019-7609 exploit CVE-2019-7609(kibana RCE) on right way by py
thon2 scripts		 2019-10-23 07:10:34
Firewall 美国国家安全局NSA下属方程式黑客组织(Equation Group
)被The Shadow Brokers(影子经纪人)hack出来的并免费分
享的源码		 2019-10-22 03:22:12
RoarCTF-Writeup-2
019		 https://github.com/berTrAM888/RoarCTF-Writeup-some-S
ource-Code.git		 2019-10-21 04:08:55
cve-2017-18635 PoC for CVE-2017-18635 2019-10-19 18:36:43
Venom v1.1.0 Venom - A Multi-hop Proxy for Penetration Testers 2019-10-14 15:45:40
sec-chart 安全思维导图集合 2019-10-13 14:20:08
struts2-057-exp s2-057 最新漏洞分析和EXP脚本 2019-10-10 07:14:53
batch_ping support multi ping 2019-10-10 03:47:43
PortTran PortTran (.NET端口转发工具,支持任意权限) 2019-10-10 03:29:07
cve-2019-0708 Metasploit module for massive Denial of Service usin
g #Bluekeep vector.		 2019-10-01 15:31:25
ispy ispy V1.0 - Eternalblue(ms17-010)/Bluekeep(CVE-2019-
0708) Scanner and exploit ( Metasploit automation )		 2019-10-01 10:33:39
loginlog_windows 读取登录过本机的登录失败或登录成功的所有计算机信息,
在内网渗透中快速定位运维管理人员。		 2019-09-30 04:11:59
CVE-2019-8451 Jira未授权SSRF漏洞 2019-09-30 01:45:49
Vegile This tool will setting up your backdoor/rootkits whe
n backdoor already setup it will be hidden your spesi
sifc process,unlimited your session in metasploit and
transparent. Even whe		 2019-09-27 19:01:38
rtcp v0.1.0 利用 Python 的 Socket 端口转发,用于远程维护 2019-09-27 13:58:40
CVE-2019-10392 CVE-2019-10392 RCE Jackson with Git Client Plugin 2.
8.2 (Authenticated)		 2019-09-26 05:49:20
APTnotes Various public documents, whitepapers and articles a
bout APT campaigns		 2019-09-18 04:11:33
as_webshell_venom 免杀webshell无限生成工具蚁剑版 2019-09-16 15:41:35
CVE-2019-1579 2019-09-10 15:56:48
ACLight A script for advanced discovery of Privileged Accoun
ts - includes Shadow Admins		 2019-09-09 06:48:44
CVE-2019-1132 EoP POC for CVE-2019-1132 2019-09-08 07:58:11
secscan-authcheck v0.1 越权检测工具 2019-09-04 12:24:58
BlueKeep Proof of concept for CVE-2019-0708 2019-09-03 20:50:27
RSA-In-CTF 2019-09-03 08:48:44
CVE-2019-11510 Exploit for Arbitrary File Read on Pulse Secure SSL
VPN (CVE-2019-11510)		 2019-09-02 16:36:30
fastjson_gadgets_
scanner		 2019-09-01 14:19:39
CVE-2019-15642 Webmin Remote Code Execution (authenticated) 2019-09-01 11:35:42
staffdb 2019-08-29 10:31:46
AggressorScript-C
reateCloneHiddenAc
count		 创建一个克隆隐藏的管理员账号/Create a Clone Hidden A
dministrator Account		 2019-08-28 13:00:18
GoogleHacking-Pag
e		 This is a summary of my study and use of Google hack
ing. I hope I can share it with you. If you like, ple
ase give me a star or fork it, thank you.		 2019-08-27 16:13:02
30min_guides 覃健祥的学习笔记,各种几十分钟入门的文档 2019-08-23 04:25:59
RedTeam-BCS BCS(北京网络安全大会)2019 红队行动会议重点内容 2019-08-22 23:55:03
CVE-2017-12149 Jboss Java Deserialization RCE (CVE-2017-12149) 2019-08-22 21:08:14
Subdomain-Takeove
r		 一个子域名接管检测工具 2019-08-21 17:24:01
CVE-2019-7238 Nexus Repository Manager 3 Remote Code Execution wit
hout authentication < 3.15.0		 2019-08-19 17:33:55
RSA-ATTACK RSA加密应用常见缺陷的原理与实践 2019-08-18 07:36:18
CVE-2018-13379 CVE-2018-13379 2019-08-14 08:40:24
CVE-2018-13382 CVE-2018-13382 2019-08-13 15:06:19
Kayak untagge
d-359703
9ad20ce9
798a99		 Kayak is a CAN bus analysis tool based on SocketCAN 2019-08-09 14:48:44
CVE-2019-2725 CVE-2019-2725 命令回显 2019-08-08 09:48:20
halive A fast http and https prober, to check which URLs ar
e alive		 2019-08-05 16:11:45
sec_tools 2019-08-05 02:26:26
Jackson_RCE-CVE-2
019-12384		 CVE-2019-12384 漏洞测试环境 2019-08-01 05:37:03
Nmap_Bypass_IDS Nmap&Zmap特征识别,绕过IDS探测 2019-08-01 02:53:31
CVE-2019-13272 Linux 4.10 < 5.1.17 PTRACE_TRACEME local root 2019-07-31 08:05:52
BB-Tips Collection of Bug Bounty Tips 2019-07-29 14:32:10
InfinityHook Hook system calls, context switches, page faults and
more.		 2019-07-25 18:11:48
golang-developer-
roadmap-cn		 在 2019 成为一名 Go 开发者的路线图。为学习 Go 的人而
准备。		 2019-07-24 16:10:15
CVE-2019-12384 Jackson Rce For CVE-2019-12384 2019-07-24 07:31:24
BKScan BlueKeep scanner supporting NLA 2019-07-18 12:54:37
CVE-2019-11580 CVE-2019-11580 Atlassian Crowd and Crowd Data Center
RCE		 2019-07-18 10:03:26
discuz-ml-rce discuz ml rce 2019-07-16 12:52:02
Red-Baron Automate creating resilient, disposable, secure and
agile infrastructure for Red Teams.		 2019-07-11 01:15:33
LuCI_RCE_exp Exp of cve-2019-12272 2019-07-10 04:32:12
RedisModules-Exec
uteCommand		 Tools, utilities and scripts to help you write redis
modules!		 2019-07-09 09:31:56
redis-rogue-serve
r		 Redis 4.x & 5.x RCE 2019-07-09 07:31:07
zoom_vulnerabilit
y_poc		 2019-07-08 15:23:42
instantbox 📦 Get a clean, ready-to-go Linux box in seconds. 2019-07-03 09:20:55
CTF 保存有关自己做的 CTF 题目 2019-06-23 02:02:40
Cipher_Encryption
_Type_Identificati
on		 对密文的加密类型进行判断的命令行工具。 2019-06-21 04:50:52
dics 2019-06-19 02:54:24
security Some of my security stuff and vulnerabilities. Nothi
ng advanced. More to come.		 2019-06-11 16:18:12
jenkins-rce 😈 Jenkins RCE PoC. From unauthenticated
user to remote code execution, it's a hacker's dream!		 2019-06-10 06:57:57
rdpscan A quick scanner for the CVE-2019-0708 "BlueKeep" vul
nerability.		 2019-06-08 21:23:39
docker-vulnerabil
ity-environment		 Use the docker to build a vulnerability environment 2019-05-31 07:37:02
Nessus_to_report Nessus中文报告自动化脚本 2019-05-28 08:25:28
Serverless-Goat OWASP ServerlessGoat: a serverless application demon
strating common serverless security flaws		 2019-05-27 17:41:16
aquatone v1.7.0 A Tool for Domain Flyovers 2019-05-19 09:07:52
awesome-jenkins-r
ce-2019		 There is no pre-auth RCE in Jenkins since May 2017,
but this is the one!		 2019-05-17 13:05:21
CVE-2019-0803 Win32k Elevation of Privilege Poc 2019-05-17 10:53:20
CVE-2019-2615 2019-05-12 16:53:21
XAntiDebug VMProtect 3.x Anti-debug Method Improved 2019-05-11 07:58:40
WSPIH Website Sensitive Personal Information Hunter 网站个
人敏感信息文件扫描器		 2019-05-05 01:57:02
S9MF-php-webshell
-bypass		 为方便WAF入库的项目 分享PHP免杀大马
CapOS 等级保护测评windows工具源码 2019-05-04 05:07:50
yujianrdpcrack 御剑RDP爆破工具 2019-05-03 17:34:46
lor-axe 🪓 a multi-threaded, low-bandwidth HTTP DOS tool 2019-05-01 17:02:46
Hosts_scan 这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹
配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统
 2019-04-30 11:15:54
cve-2018-1273 Spring Data Commons RCE 远程命令执行漏洞 2019-04-29 04:25:35
CNVD-C-2019-48814
-COMMON		 CNVD-C-2019-48814 poc work on linux and windows 2019-04-29 04:04:02
Threat-Intelligen
ce-Analyst		 威胁情报,恶意样本分析,开源Malware代码收集 2019-04-27 12:16:57
BlueCommand Dashboarding and Tooling front-end for PowerShell Em
pire using PowerShell Universal Dashboard		 2019-04-19 03:19:25
CVE-2019-3396_EXP CVE-2019-3396 confluence SSTI RCE 2019-04-12 01:46:32
vlany Linux LD_PRELOAD rootkit (x86 and x86_64 architectur
es)		 2019-04-08 06:34:23
w8fuckcdn Get website IP address by scanning the entire net 通
过扫描全网绕过CDN获取网站IP地址		 2019-04-07 08:24:42
RW_Password 此项目用来提取收集以往泄露的密码中符合条件的强弱密码 2019-04-01 06:24:17
UPGDSED v1.1.2 Universal PatchGuard and Driver Signature Enforcemen
t Disable		 2019-03-29 10:32:56
SQLInjectionWiki 一个专注于聚合和记录各种SQL注入方法的wiki 2019-03-23 03:42:34
sas-top-10 Serverless Architectures Security Top 10 Guide 2019-03-20 11:26:26
phpinfo_scanner 一个抓取phpinfo重要信息的小工具 2019-03-05 02:05:13
Win-Logs-Parse-to
ol		 2019-03-04 06:03:28
BlockRDPBrute [HIPS]RDP(3389)爆破防护 2019-02-28 04:11:19
acefile POC of https://research.checkpoint.com/extracting-co
de-execution-from-winrar/		 2019-02-27 13:59:48
awesome-serverles
s-security		 A curated list of awesome serverless security resour
ces such as (e)books, articles, whitepapers, blogs an
d research papers.		 2019-02-26 14:05:42
CVE-2019-7238 🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manag
er 3 Remote Code Execution 🐱‍💻		 2019-02-25 07:37:06
CVE-2018-20250 exp for https://research.checkpoint.com/extracting-c
ode-execution-from-winrar		 2019-02-22 05:58:07
cve-2019-1003000-
jenkins-rce-poc		 Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-20
19-1003000 (Script Security), CVE-2019-1003001 (Pipel
ine: Groovy), CVE-2019-1003002 (Pipeline: Declarative
)		 2019-02-19 13:12:38
JavaID java source code static code analysis and danger fun
ction identify prog		 2019-02-18 08:16:01
ja3_4java Java library for SSL/TLS ja3 fingerprint 2019-02-13 20:17:16
SharpShooter Payload Generation Framework 2019-02-13 09:39:06
Kali-learning-not
es		 Write down some kali learning notes 2019-02-09 12:34:00
CiscoRV320Dump CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Ci
sco RV320 Configurations & Debugging Data AND Remote
Root Exploit!		 2019-02-08 12:38:05
SharpDump SharpDump is a C# port of PowerSploit's Out-Minidump
.ps1 functionality.		 2019-02-07 02:52:18
bugcrowd-levelup-
subdomain-enumerat
ion		 This repository contains all the material from the t
alk "Esoteric sub-domain enumeration techniques" give
n at Bugcrowd LevelUp 2017 virtual conference		 2019-02-05 07:34:59
Digispark-Duckdui
no		 Poor man's rubber ducky 2019-02-01 01:09:22
impacket-examples
-windows		 v0.9.17 The great impacket example scripts compiled for Wind
ows		 2019-01-31 22:34:52
mijisou Privacy-respecting metasearch engine 2019-01-26 10:11:11
bypass_disablefun
c_via_LD_PRELOAD		 bypass disable_functions via LD_PRELOA (no need /usr
/sbin/sendmail)		 2019-01-21 01:55:33
webshell 入侵分析时发现的Webshell后门 2019-01-17 02:58:28
icsmaster ICS/SCADA Security Resource(整合工控安全相关资源) 2019-01-04 02:00:25
Paper Web Security Technology & Vulnerability Analysis Whi
tepapers		 2019-01-01 10:36:33
CVE-2018-8581 CVE-2018-8581 Microsoft Exchange Server Elevation
of Privilege Vulnerability
rdpwrap v1.6.2 RDP Wrapper Library 2018-12-20 15:50:35
CTF-Training 收集各大比赛的题目和Writeup 2018-12-20 13:34:56
SharpPack An Insider Threat Toolkit 2018-12-17 11:54:45
cve-2018-1002105 Test utility for cve-2018-1002105 2018-12-13 16:56:27
poc_CVE-2018-1002
105		 PoC for CVE-2018-1002105. 2018-12-10 11:09:26
Invoke-TheHash PowerShell Pass The Hash Utils 2018-12-09 15:38:35
CVE-2018-0296 v0.0.4 Test CVE-2018-0296 and extract usernames 2018-12-09 11:57:14
CVE-2018-3252 CVE-2018-3252-PoC 2018-12-07 04:31:49
riscv-ida RISC-V ISA processor module for IDAPro 7.x 2018-11-27 13:04:06
NATBypass 一款lcx在golang下的实现, 可用于内网穿透, 建立TCP反弹
隧道用以绕过防火墙入站限制等, A tool for establish rev
erse tunnel for NAT network environment and proxy, su
pport all functions of lcx.exe		 2018-11-03 06:25:09
JQShell A weaponized version of CVE-2018-9206 2018-10-30 01:48:36
CVE-2017-7269-Ech
o-PoC		 CVE-2017-7269 回显PoC ,用于远程漏洞检测.. 2018-10-27 03:20:04
CVE-2018-2893 CVE-2018-2893-PoC 2018-10-27 01:42:20
XXEpayload 2018-10-25 03:03:02
CVE-2018-9206 A Python PoC for CVE-2018-9206 2018-10-22 16:48:59
SpoolerScanner Check if MS-RPRN is remotely available with powershe
ll/c#		 2018-10-21 17:11:38
modbus-cli Modbus command line utility 2018-10-16 05:57:43
base100 base💯 - Encode your data into emoji 2018-10-14 19:06:27
wavecrack v1.0 Wavestone's web interface for password cracking with
hashcat		 2018-10-12 08:26:24
luacheck 0.23.0 A tool for linting and static analysis of Lua code.
 2018-10-11 21:47:39
Internal-Monologu
e		 Internal Monologue Attack: Retrieving NTLM Hashes wi
thout Touching LSASS		 2018-10-11 12:12:46
me_cleaner v1.2 Tool for partial deblobbing of Intel ME/TXE firmware
images		 2018-10-07 08:24:52
SpoolSample PoC tool to coerce Windows hosts authenticate to oth
er machines via the MS-RPRN RPC interface. This is po
ssible via other protocols as well.		 2018-10-05 22:36:05
dictionary List of some dictionaries 2018-09-28 11:29:40
Win2016LPE Windows10 & Windows Server 2016 LPE Exploit (use sch
edsvc!SchRpcSetSecurity())		 2018-09-28 05:28:59
SM2Java 国密SM2,SM3 Java实现 2018-09-26 09:25:14
write-ups-2015 Wiki-like CTF write-ups repository, maintained by th
e community. 2015		 2018-09-19 10:37:33
CVE-2018-8420 原PoC甚至符号都打错了!太不走心了! 2018-09-18 05:47:26
CVE-2018-15473-Ex
ploit		 Exploit written in Python for CVE-2018-15473 with th
reading and export formats		 2018-09-13 15:09:33
butterfly A web terminal based on websocket and tornado 2018-09-12 08:23:06
ASWCrypter An Bash&Python Script For Generating Payloads that B
ypasses All Antivirus so far [FUD]		 2018-09-09 10:40:56
EventCleaner A tool mainly to erase specified records from Window
s event logs, with additional functionalities.		 2018-09-07 11:02:00
PHP_Code_Challeng
e		 总结一些php代码审计ctf练习题 2018-09-06 06:44:48
Pass-to-hash-EWS 2018-08-29 05:49:00
MITMf v0.9.8 Framework for Man-In-The-Middle attacks 2018-08-28 15:37:24
ueditor-getshell ueditor .net getshell 2018-08-27 15:44:35
mscache a tool to manipulate dcc(domain cached credentials)
in windows registry, based mainly on the work of mimi
katz and impacket		 2018-08-22 10:24:50
ExchangeRelayX An NTLM relay tool to the EWS endpoint for on-premis
e exchange servers. Provides an OWA for hackers.		 2018-08-17 00:46:06
DotNetToJScript v1.0.4 A tool to create a JScript file which loads a .NET v
2 assembly from memory.		 2018-08-13 18:08:54
CVE-2018-8120 CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7
 2018-08-08 05:48:23
CTF-RSA 总结一下各路大师傅的RSA脚本233 2018-07-27 15:49:44
OSCE Collection of things made during my preparation to t
ake on OSCE		 2018-07-23 02:02:03
CVE-2018-2628 CVE-2018-2628 & CVE-2018-2893 2018-07-20 01:24:35
OSCE Some exploits, which I’ve created during my OSCE pr
eparation.		 2018-07-07 23:56:54
redis_lua_exploit 2018-06-20 11:33:45
checkO365 checkO365 is a tool to check if a target domain is u
sing O365		 2018-06-11 19:20:15
CiscoSmartInstall
Exploit		 2018-06-10 16:05:41
Prowl 2018-06-08 10:02:15
poc-cve-2018-1273 POC for CVE-2018-1273 2018-06-05 15:07:17
Convert-Invoke-Ke
rberoast		 Converts the output from Invoke-Kerberoast into hash
cat format.		 2018-05-31 15:17:17
CVE-2018-8174_EXP CVE-2018-8174_python 2018-05-30 03:32:04
naive-hashcat Crack password hashes without the fuss 🐈 2018-05-23 21:39:15
CVE-2018-8174-msf CVE-2018-8174 - VBScript memory corruption exploit. 2018-05-23 20:43:57
java-deserializat
ion-exploits		 A collection of curated Java Deserialization Exploit
s		 2018-05-22 17:18:54
CVE-2018-1111 CVE-2018-1111 DynoRoot 2018-05-21 13:10:47
CVE-2018-1111 Environment for DynoRoot (CVE-2018-1111) 2018-05-17 10:03:06
GPON Exploit for Remote Code Execution on GPON home route
rs (CVE-2018-10562) written in Python. Initially disc
losed by VPNMentor (https://www.vpnmentor.com/blog/cr
itical-vulnerability-g		 2018-05-10 15:08:42
CVE-2018-9995_dvr
_credentials		 (CVE-2018-9995) Get DVR Credentials 2018-05-05 17:46:26
Mind-Map 各种安全相关思维导图整理收集 2018-04-29 18:06:13
cloud-torrent 0.8.25 ☁️ Cloud Torrent: a self-hosted remote torrent cli
ent		 2018-04-27 16:17:01
CVE-2018-7600 Exploit for Drupal 7 <= 7.57 CVE-2018-7600 2018-04-26 15:40:27
ProcessInjection Some ways to inject a DLL into a alive process 2018-04-26 02:22:58
scan-backup-langz
i-		 扫描备份文件和敏感信息泄漏的扫描器,速度快,器大活好 2018-04-01 14:19:50
CVE-2018-2380 PoC of Remote Command Execution via Log injection on
SAP NetWeaver AS JAVA CRM		 2018-03-14 12:13:43
BypassCaiDao 过WAF菜刀 2018-03-10 01:14:44
clairctl v1.2.8 Tracking container vulnerabilities with Clair Contro
l for CoreOS Clair		 2018-03-07 13:28:50
TextMining Python文本挖掘系统 Research of Text Mining System 2018-03-02 06:00:21
vncpwd v0.1 VNC Password Decrypter 2018-02-23 09:38:39
nextnet v0.0.2 nextnet is a pivot point discovery tool written in G
o.		 2018-02-23 08:11:40
CANoodler CANoolder: CAN to 3.3V logic level interface. Dumb.
Cheap. Simple. Pick 3.		 2018-02-14 03:22:39
inSp3ctor AWS S3 Bucket/Object Finder 2018-02-05 01:44:00
suricata-traffici
d		 Application and service identification rules for Sur
icata		 2018-01-17 12:42:08
NtlmRelayToEWS ntlm relay attack to Exchange Web Services 2018-01-15 12:47:56
spectre-attack Example of using revealed "Spectre" exploit (CVE-201
7-5753 and CVE-2017-5715)		 2018-01-10 01:14:43
cisco-snmp-rce Cisco IOS SNMP RCE PoC 2018-01-05 12:08:04
KPTI-PoC-Collecti
on		 Meltdown/Spectre PoC src collection. 2018-01-04 00:19:08
danderspritz-evtx v1.0 Parse evtx files and detect use of the DanderSpritz
eventlogedit module		 2017-12-15 14:10:01
rce-over-spark Remote Command Execution Over Spark 2017-12-15 08:03:06
Invoke-WCMDump PowerShell Script to Dump Windows Credentials from t
he Credential Manager		 2017-12-12 00:46:32
S2-055-PoC S2-055的环境,基于rest-show-case改造 2017-12-07 01:57:31
DigiKeyboard_DE angepasste Header-Dateien für Deutsches Tastatur Lay
out		 modfied headers for german keyboard layout
HugeDirtyCowPOC A POC for the Huge Dirty Cow vulnerability (CVE-2017
-1000405)		 2017-11-30 00:24:11
CVE-2017-11882 Proof-of-Concept exploits for CVE-2017-11882 2017-11-29 16:13:22
CVE-2017-11882 CVE-2017-11882 from https://github.com/embedi/CVE-20
17-11882		 2017-11-29 03:33:45
evolve v1.6 Web interface for the Volatility Memory Forensics Fr
amework		 2017-11-21 00:38:21
CVE-2017-0199 v4.0.1 Exploit toolkit CVE-2017-0199 - v4.0 is a handy pyth
on script which provides pentesters and security rese
archers a quick and effective way to test Microsoft O
ffice RCE. It could ge		 2017-11-19 11:01:15
CACTUSTORCH CACTUSTORCH: Payload Generation for Adversary Simula
tions		 2017-11-16 10:20:08
PTP-RAT Exfiltrate data over screen interfaces 2017-11-13 12:24:11
awvs_script_decod
e		 解密好的AWVS10.5 data/script/目录下的脚本 2017-11-11 13:31:08
CVE-2017-8759 CVE-2017-8759 2017-11-09 02:41:18
SAP-Pentest 2017-11-03 16:01:47
volatility-plugin
s		 Plugins I've written for Volatility 2017-10-23 15:38:26
Python-Brainfuck Just a small Brainfuck interpreter written in Python 2017-10-23 10:07:47
Sensitive-word 收集的一些敏感词汇,挺全的,还细分了暴恐词库、反动词
库、民生词库、色情词库、贪腐词库、其他词库等		 2017-09-28 02:11:48
MSSQL-Fileless-Ro
otkit-WarSQLKit		 Bildiğiniz üzere uzun zamandır MSSQL üzerine çalışma
lar yapmaktayım. Bu yazımda uzun zamandır uğraştığım
bir konuyu ele alacağım, MSSQL Rootkit. Bildiğiniz üz
ere şimdiye kadar MS-S		 2017-09-17 18:29:53
DigistumpArduino 1.6.7 Files to add Digistump support (Digispark, Pro, Digi
X) to Arduino 1.6.X (1.6.5+)		 2017-08-29 23:49:34
dnsAutoRebinding ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、
dnsPoisoning、Support ipv4/ipv6		 2017-08-17 05:16:11
outguess An unmaintained fork of the OutGuess steganographic
tool. Try https://github.com/resurrecting-open-source
-projects/outguess for possibly a better option.		 2017-08-14 02:11:00
joffrey Stupid MQTT Brute Forcer 2017-07-27 18:47:20
csrf-poc-generato
r		 this html file creates a csrf poc form to any http r
equest.		 2017-07-27 11:53:58
Struts2-048 CVE-2017-9791 2017-07-08 02:08:35
wydomain to discover subdomains of your target domain 2017-06-26 09:05:27
RiskySPN Detect and abuse risky SPNs 2017-06-15 07:41:17
wifi_keylogger DIY Arduino Wi-Fi Keylogger (Proof of Concept) 2017-06-14 18:09:57
Exploits Windows Exploits 2017-06-14 16:30:27
sandcastle 🏰 A Python script for AWS S3 bucket enumeration. 2017-06-12 21:25:27
PocCollect a plenty of poc based on python 2017-06-10 09:28:18
ffmpeg-avi-m3u-xb
in		 2017-05-22 23:34:25
WindowsExploits Windows exploits, mostly precompiled. Not being upda
ted. Check https://github.com/SecWiki/windows-kernel-
exploits instead.		 2017-05-21 17:21:47
Go-For-OSCP 2017-05-17 08:47:59
cve-2017-7269-too
l		 CVE-2017-7269 to webshell or shellcode loader 2017-05-16 18:47:07
vulnd_xxe A server vulnerable to XXE that can be used to test
payloads using the xxer tool.		 2017-05-13 17:29:21
aeskeyfind Fork of aeskeyfind that knows more formats of AES ke
y schedule		 2017-05-11 11:27:34
filterbypass Browser's XSS Filter Bypass Cheat Sheet 2017-05-06 13:53:03
kernel-exploits 2017-04-23 15:43:30
icmptunnel v1.0.0 Transparently tunnel your IP traffic through ICMP ec
ho and reply packets.		 2017-04-22 12:44:44
hotoloti documentation, scripts, tools related to Zena Forens
ics (http://blog.digital-forensics.it)		 2017-04-21 21:59:14
IllegalWordsDetec
tion		 提供高效率的较简单的Unity3d手游客户端的敏感词检测的
算法,能应付大部分敏感词过滤需求		 2017-04-20 09:00:16
cve-2017-7269 fixed msf module for cve-2017-7269 2017-03-30 22:19:57
ZeroNights-HackQu
est-2016		 2 web tasks from ZeroNights HackQuest 2016 2017-03-24 11:16:15
CVE-2016-5195 A CVE-2016-5195 exploit example. 2017-03-21 16:46:03
SensitiveWordFilt
er		 机器学习实现敏感词过滤 2017-03-09 07:58:22
duck2spark Converter for raw RubberDucky payloads to Digispark
Arduino IDE Sketch source.		 2017-03-06 16:40:56
dirtycow-vdso PoC for Dirty COW (CVE-2016-5195) 2017-02-27 18:55:55
MSSQL-SQLi-Labs 2017-02-27 14:23:42
Windows-Exploit-S
uggester		 This tool compares a targets patch levels against th
e Microsoft vulnerability database in order to detect
potential missing patches on the target. It also not
ifies the user if ther		 2017-02-17 14:01:56
docker-remote-api
-exp		 docker remote api未授权访问的利用代码 2017-02-14 09:34:45
ShellcodeWrapper Shellcode wrapper with encryption for multiple targe
t languages		 2017-01-23 11:09:08
VolUtility v1.2 Web App for Volatility framework 2017-01-20 09:34:55
public my public code 2017-01-11 08:52:03
luadec Lua Decompiler for lua 5.1 , 5.2 and 5.3 2017-01-06 12:43:51
ew 内网穿透(跨平台) 2016-12-31 06:11:18
xss php写的个人研究测试用的 xss cookie 攻击管理平台,开源
出来		 2016-12-30 03:58:46
weakfilescan 动态多线程敏感信息泄露检测工具 2016-12-17 14:27:18
peepdf Powerful Python tool to analyze PDF documents 2016-11-17 21:30:21
FingerPrint web应用指纹识别 2016-11-15 06:47:41
SCADAPASS 1.2 SCADA StrangeLove Default/Hardcoded Passwords List 2016-11-14 13:49:56
ssh-audit SSH server auditing (banner, key exchange, encryptio
n, mac, compression, compatibility, security, etc)		 2016-11-02 10:45:56
dirtycow-docker-v
dso		 2016-11-01 15:52:23
MySQL-Monitor MySQL服务器执行SQL记录实时监控(WEB版本) 2016-10-25 09:04:30
linux-inject Tool for injecting a shared object into a Linux proc
ess		 2016-09-06 21:09:20
sensitive-stop-wo
rds		 互联网常用敏感词、停止词词库 2016-08-30 01:47:33
Conveigh Conveigh is a Windows PowerShell LLMNR/NBNS spoofer
detection tool		 2016-08-28 19:55:34
armitage Automatically exported from code.google.com/p/armita
ge		 2016-07-08 22:05:20
DirBrute 多线程WEB目录爆破工具 [Multi-thread WEB directory bl
asting tool(with dics inside) ]		 2016-07-04 15:14:53
PoCs Proof of Concepts for CVE-2016–3714 2016-05-23 17:34:28
docker_api_vul docker 未授权访问漏洞利用脚本 2016-05-18 16:08:02
cub3 Proof of concept for LD_PRELOAD malware that uses ex
tended attributes to protect files.		 2016-05-18 03:48:15
ios-malware iOS malware samples 2016-05-13 09:52:30
foolav v1.0 Pentest tool for antivirus evasion and running arbit
rary payload on target Wintel host		 2016-05-06 19:59:29
vulnapp use docker to attack web as a demo 2016-03-24 15:16:32
ysoserial A proof-of-concept tool for generating payloads that
exploit unsafe Java object deserialization.		 2016-03-13 19:28:06
Redpoint Digital Bond's ICS Enumeration Tools 2016-03-08 17:24:55
windows-exploits Used for the osce exam preparation 2016-03-03 17:36:51
CVE-2015-7547 Proof of concept for CVE-2015-7547 2016-02-16 01:01:27
ntdsxtract Active Directory forensic framework 2016-02-13 06:07:04
getsystem-offline Small tool to get a SYSTEM shell 2016-02-07 23:52:20
Jenkins Jenkins漏洞探测、用户抓取爆破 2015-12-28 10:46:00
clusterd 0.5 application server attack toolkit 2015-11-19 07:34:44
FBI-WARNING-in-co
nsole		 FBI-WARNING-in-console 2015-11-02 11:09:01
PLCinject 2015-08-08 04:24:57
PixelJihad A JavaScript steganography tool 2015-03-29 22:43:41
PowerShell-AD-Rec
on		 PowerShell Scripts I find useful 2015-03-09 01:20:21
dnsenum 1.2.4.2 dnsenum is a perl script that enumerates DNS informa
tion		 2015-02-20 18:56:16
Unix-Privilege-Es
calation-Exploits-
Pack		 Exploits for getting local root on Linux, BSD, AIX,
HP-UX, Solaris, RHEL, SUSE etc.		 2014-12-24 22:03:07
rtsp_authgrinder A authentication brute forcing tool for the rtsp pro
tocol		 2014-12-02 11:56:12
winshock-test Bash script that tests if a system is Winshock (MS14
-066) vulnerable		 2014-11-15 09:57:54
UPnP-Pentest-Tool
kit		 UPnP Pentest Toolkit for Windows 2014-11-13 08:31:34
shellshock_scanne
r		 Python Scanner for "ShellShock" (CVE-2014-6271) 2014-09-29 23:22:12
kjackal Linux Rootkit Scanner 2014-06-16 14:05:21
Linux_Exploit_Sug
gester		 Linux Exploit Suggester; based on operating system r
elease number		 2014-05-18 23:18:10
shellcode_launche
r		 Shellcode launcher utility 2014-02-16 01:22:49
thc-pptp-bruter [Mirror] thc.org uses a CA that is not trusted on a
base Arch system so we are mirroring some source here
.		 2013-11-11 16:00:11
vipasswordict Vietnamese Password Dicts 2013-10-15 18:59:21
tsh Tiny SHell is an open-source UNIX backdoor. 2013-09-28 10:34:45
Rogue-MySql-Serve
r		 Rogue MySql Server 2013-09-15 09:52:34
ReflectiveDLLInje
ction		 Reflective DLL injection is a library injection tech
nique in which the concept of reflective programming
is employed to perform the loading of a library from
memory into a host pro		 2013-09-05 08:10:09
pwnginx Pwn nginx - a nginx backdoor provides shell access,
socks5 tunneling, http password sniffing.		 2013-09-04 06:51:04
BurpAuthzPlugin 2013-07-22 21:00:44
lib_mysqludf_sys A UDF library with functions to interact with the op
erating system. These functions allow you to interact
with the execution environment in which MySQL runs.		 2013-02-21 00:39:07
base92 Implementations of base92 in various languages (C, p
ython)		 2013-01-28 04:26:46
h3c-pt-tools Huawei/H3C/HP Penetration Testing Tools 2012-11-16 14:05:15
evilarc Create tar/zip archives that can exploit directory t
raversal vulnerabilities		 2011-02-27 23:07:47
crawlergo
CVE-2020-1938
Emergency
Cas_Exploit
Shiro-721
CTF-RSA-tool
security
sangfor-edr-explo
it
CTFCrackTools
PrintNightmare
VolDiff
graphql-voyager
OSCE-Exploit-Deve
lopment
searx
cobaltstrike-bof-
toolset
fuzz
company-crawler
metarget
WordPress_4
Hyuga
debugtron
fastjson-1
privilege-escalat
ion-awesome-script
s-suite
idea-project-fish
-exploit
code-server
CVE-2021-26855
pcap_dnsproxy
follina
cas4
odoh-server-go
nps
snort-rules
impacket
PatchAMSI
VirusTotalC2
names
IPList
nginxconfig
RouterScan-consol
e
dirtycow
HealthChecker
clash
testssl
RCE-0-day-for-Gho
stScript-9
spring-boot-start
er-swagger
wechat_info_colle
ct
Janus
phpvuln
findomain
IIS_exploit
shadowsocks
ecapture
JSPHorse
DVWA
aSYNcrone
capa
Fofa-collect
clash_for_windows
_pkg
bluescan
CVE-2018-14729
EyeWitness
RsaCtfTool
awvs-decode
Windows-Exploit-S
uggester
YourNextBugTip
pdf-export
hackingthe
USB-Rubber-Ducky
CobaltSpam
hackbar2
dc_find
masnmapscan-V1
nanodump
BaiLu-SED-Tool
Thanos
password_brute_di
ctionary
CVE-2017-12615
S2-045
S2-055
S2-056-XStream
xss-payload-list
httpie
WOTD
CVE-2020-8840
Grafana-VulnTips
ncDecode
webuploader-0
dnscrypt-proxy
jsonhero-web
bro-pdns
Axis-1
2020-Interview-ex
perience
CVE-2021-1727
InstallerFileTake
Over
ProfSvcLPE
LangNetworkTopolo
gy3
DFA
libssh-scanner
mscan
dedecmscan
ddos-tools
slowloris
iCULeak
cryptovenom
2017-Security-ppt
subzy
SharpCookieMonste
r
Middleware-Vulner
ability-detection
WXDBDecrypt
BurpSuiteSuite-co
llections
hackbar2
linux-exploit-sug
gester
idcard
EggShell
SeeyonEXP
PowerDNS-Admin
Cas_Exploit
1earn
AboutSecurity
CVE-2021-41653
CVE-2020-0601
SMBGhost
qqwry
chineseocr_lite
Amass
CVE-2022-21907-ht
tp
RDWArecon
Ruoyi-All
PeiQi-WIKI-POC
awesome-pentest-n
ote
conote-community
CVE-2021-21985
CVE-2021-22005
CVE-2021-29200
CVE-2021-30128
Benchmarks
Hacking-With-Gola
ng
joomscan
cs-ssl-gen
hideNsneak
oh-my-zsh
exp
hashtopolis
MITM-cheatsheet
impacket
DumpTheGit
jumpserver_rce
Fuzz_dic
wechat-export
2022-HW-POC
csirt
poshkatz
CVE-2019-2890
VPS-web-hacking-t
ools
suricata-rules
metinfo_sqlinject
ion
TPScan
microsoftSpider
Struts2_045-Poc
awvs13_batch_py3
blackeye
VTSCAN
prowler
Bug-Hunting-Domai
ns
CSAgent
repo-security-sca
nner
CVE-2018-8120
CVE-2022-2639-Pip
eVersion
CVE-2018-3191
wappalyzer
Kage
sam-the-admin
Whonix
woodpecker-framwo
rk-release
fastjson_rce_tool
shiro_rce
gojwtcrack
STS2G
chrome_password_g
rabber
wxappUnpacker
xxx
clashX
yougar0
seeyou_exp
CVE-2019-0708
SiteServer-CMS-Re
mote-download-Gets
hell
zhuqingcode
Joker
gitleaks
RSA

杂七杂八

APP合规

项目名称 版本 项目描述 最近提交时间
camille 基于Frida的Android App隐私合规检测辅助工具 2023-05-06 06:17:39

chatgpt

项目名称 版本 项目描述 最近提交时间
Awesome-ChatGPT ChatGPT资料汇总学习,持续更新...... 2023-07-07 02:24:11
chatgpt ChatGPT网址导航,分享免费好用AI网站! 2023-07-01 15:12:07
ChatGPT-Shortcut v3.1.6 🚀💪Maximize your efficiency and productivity, suppo
rt for English,中文,Español,العربية. 让生产力加倍的AI
快捷指令。更有效地定制、保存和分享自己的提示词。在提示
词分享社区中,轻松找到适用于不同场景的指令。		 2024-01-13 21:59:00
chatgpt-mac v0.0.5 ChatGPT for Mac, living in your menubar. 2022-12-12 12:03:30
awesome-chatgpt-z
h		 ChatGPT 中文指南🔥,ChatGPT 中文调教指南,指令指南,
应用开发指南,精选资源清单,更好的使用 chatGPT 让你的
生产力 up up up! 🚀		 2023-12-18 13:02:48

github加速

项目名称 版本 项目描述 最近提交时间
FastGithub 2.1.4 github加速神器,解决github打不开、用户头像无法加载、
releases无法上传下载、git-clone、git-pull、git-push失
败等问题		 2022-12-07 00:24:48

MySQL实时监控工具

项目名称 版本 项目描述 最近提交时间
MySQLMonitor 1.0 MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具) 2022-03-09 03:08:09

pppoe拦截

项目名称 版本 项目描述 最近提交时间
pppoe-intercept v0.3 用来模拟中间人拦截 pppoe 拨号过程的账号密码 2019-06-12 14:03:18

python笔记

项目名称 版本 项目描述 最近提交时间
Python-100-Days Python - 100天从新手到大师 2023-02-05 16:59:39

web靶场

项目名称 版本 项目描述 最近提交时间
SSRF_Vulnerable_L
ab		 This Lab contain the sample codes which are vulnerab
le to Server-Side Request Forgery attack		 2023-08-21 17:02:38
https://dvwa.co.uk/
DoraBox DoraBox - Basic Web Vulnerability Training 2021-12-24 04:58:09
WackoPicko WackoPicko is a vulnerable web application used to t
est web application vulnerability scanners.		 2021-11-17 16:51:38
xssed A set of XSS vulnerable PHP scripts for testing 2013-02-10 02:53:13
sqli-labs SQLI labs to test error based, Blind boolean based,
Time based.		 2014-10-31 19:10:23
BWVS Web漏洞渗透测试靶场 2018-02-05 13:06:03
upload-labs 0.1 一个想帮你总结所有类型的上传漏洞的靶场 2020-01-15 14:38:33
vulstudy 使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个
靶场。		 2020-03-25 07:11:46
xxe-lab 一个包含php,java,python,C#等各种语言版本的XXE漏洞Dem
o		 2022-11-28 12:56:03
vulnerable-node A very vulnerable web site written in NodeJS with th
e purpose of have a project with identified vulnerabi
lities to test the quality of security analyzers tool
s tools		 2023-03-13 10:54:55
vulfocus v0.3.2.
11		 🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜
像,放入即可使用,开箱即用。		 2023-05-31 03:45:48
hackademic the main hackademic code repository 2017-02-24 16:48:07
Hello-Java-Sec 1.10 ☕️ Java Security,安全编码和代码审计 2023-01-03 08:25:42
SpringBootVulExpl
oit		 SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑
盒安全评估 check list		 2021-03-10 13:03:17
ElectricRat v1.3.0 电气鼠靶场系统是一种带有漏洞的Web应用程序,旨在为Web
安全渗透测试学习者提供学习和实践的机会。The Electrical
Mouse Target Range System is a web application with
vulnerabilities designed to provide learning and prac
tice opport		 2023-03-26 12:59:39
VulApps 快速搭建各种漏洞环境(Various vulnerability environme
nt)		 2020-04-15 09:23:17
bodgeit 1.4.0 The BodgeIt Store is a vulnerable web application wh
ich is currently aimed at people who are new to pen t
esting.		 2018-01-08 20:27:03
MCIR The Magical Code Injection Rainbow! MCIR is a framew
ork for building configurable vulnerability testbeds.
MCIR is also a collection of configurable vulnerabil
ity testbeds.		 2020-08-07 12:44:09
DSVW Damn Small Vulnerable Web 2021-07-22 16:02:49
SecExample JAVA 漏洞靶场 (Vulnerability Environment For Java) 2021-07-15 09:11:24
vulhub Pre-Built Vulnerable Environments Based on Docker-Co
mpose		 2023-12-30 18:04:55
webug4.0 webug4.0 2022-02-14 09:27:09
WebGoat v2023.8 WebGoat is a deliberately insecure application 2024-01-09 14:10:16
pikachu 一个好玩的Web安全-漏洞测试平台 2023-07-01 15:14:35
https://hackmyvm.eu/anon/
https://www.pentesterlab.com/exercises/web_for_pentester/course

安全思维脑图

项目名称 版本 项目描述 最近提交时间
HackerMind 各种安全相关思维导图整理收集。渗透步骤,web安全,CTF
,业务安全,人工智能,区块链安全,数据安全,安全开发,
无线安全,社会工程学,二进制安全,移动安全,红蓝对抗,
运维安全,风控安全,linux安全		 2023-12-04 07:10:47

按键精灵

项目名称 版本 项目描述 最近提交时间
KeymouseGo v5.1.1 类似按键精灵的鼠标键盘录制和自动化操作 模拟点击和键
 automate mouse clicks and keyboard input

报告模板

项目名称 版本 项目描述 最近提交时间
HackReport 渗透测试报告/资料文档/渗透经验文档/安全书籍 2023-08-20 06:06:08

动态口令

项目名称 版本 项目描述 最近提交时间
rotp v6.3.0 Ruby One Time Password library 2023-08-30 19:25:56

短信轰炸

项目名称 版本 项目描述 最近提交时间
SMSBoom main 短信轰炸/短信测压/ 一个健壮免费的python短信轰炸程
序,专门炸坏蛋蛋,百万接口,多线程全自动添加有效接口,
支持异步协程百万并发,全免费的短信轰炸工具!!hongkong
er开发全网首发!!

短信转发器

项目名称 版本 项目描述 最近提交时间
SmsForwarder v3.2.0 短信转发器——监控Android手机短信、来电、APP通知,并
根据指定规则转发到其他手机:钉钉群自定义机器人、钉钉企
业内机器人、企业微信群机器人、飞书机器人、企业微信应用
消息、邮箱、bark、webhook、Telegram机器人、Server酱、P
ushPlus、手机短信等。包括主动控制服务端与客户端,让你
轻松远程发短信、查短信、查通话、查话簿、查电量等。		 2024-01-13 02:09:28

恶意网络流量模拟

项目名称 版本 项目描述 最近提交时间
flightsim v2.5.0 A utility to safely generate malicious network traff
ic patterns and evaluate controls.		 2023-10-02 07:30:27

机器学习

项目名称 版本 项目描述 最近提交时间
Augmentor Image augmentation library in Python for machine lea
rning.		 2023-03-29 07:02:37
dddd_trainer ddddocr训练工具 2022-09-26 07:26:52

科学上网

项目名称 版本 项目描述 最近提交时间
trojan v2.15.3 trojan多用户管理部署程序, 支持web页面管理 2023-09-24 15:03:27
v2rayfree v2ray节点、免费节点、免费v2ray节点、最新公益免费v2ra
y节点订阅地址、免费v2ray节点每日更新、免费ss/v2ray/tr
ojan节点、freefq		 2024-01-13 12:34:25
free 翻墙、免费翻墙、免费科学上网、免费节点、免费梯子、免
费ss/v2ray/trojan节点、蓝灯、谷歌商店、翻墙梯子		 2024-01-14 00:00:03
v2rayA v2.2.4.
6		 A web GUI client of Project V which supports VMess,
VLESS, SS, SSR, Trojan, Tuic and Juicity protocols.
🚀		 2023-12-16 17:09:56

克隆声音

项目名称 版本 项目描述 最近提交时间
MockingBird v0.0.1 🚀AI拟声: 5秒内克隆您的声音并生成任意语音内容 Clone
a voice in 5 seconds to generate arbitrary speech in
real-time		 2023-09-05 15:15:04

区块链

项目名称 版本 项目描述 最近提交时间
zksync-auto some help for zksync incentive 2023-05-31 02:48:51
zksync 2023-08-14 14:33:28
all-in-one-v2 2023-12-31 05:25:42
zksync2-python v0.6.0 2023-08-18 13:06:29

软件及系统国内镜像

项目名称 版本 项目描述 最近提交时间
Thanks-Mirror 整理记录各个包管理器,系统镜像,以及常用软件的好用镜
像,Thanks Mirror。 走过路过,如觉不错,麻烦点个赞👆🌟		 2023-09-28 13:00:26

渗透测试报告辅助

项目名称 版本 项目描述 最近提交时间
BugRepoter_0x727 BugRepoter_0x727(自动化编写报告平台)根据安全团队定制
化协同管理项目安全,可快速查找历史漏洞,批量导出报告。		 2023-01-30 08:54:59
SAReport 渗透测试自动化报告平台 2019-04-05 11:08:19
APTRS Automated Penetration Testing Reporting System 2023-05-06 09:52:47
report v1.0.1 乙方渗透测试漏洞报告管理系统 2021-06-30 05:46:36
pentest_report v1.0.0 A pentest reporter generator 2023-04-10 09:58:30
WaterExp WaterExp:面向安服仔的 水报告模板和工具 2022-10-14 15:55:30
Savior new 渗透测试报告自动生成工具! 2022-05-09 08:03:18

生成虚假数据

项目名称 版本 项目描述 最近提交时间
faker v22.2.0 Faker is a Python package that generates fake data f
or you.		 2024-01-10 22:57:56

数据库管理软件

项目名称 版本 项目描述 最近提交时间
dbeaver 23.3.2 Free universal database tool and SQL client 2024-01-12 21:47:37

网站压测工具

项目名称 版本 项目描述 最近提交时间
dperf v1.6.0 dperf is a 100Gbps network load tester. 2024-01-07 06:19:58
WebBench Webbench是Radim Kolar在1997年写的一个在linux下使用的
非常简单的网站压测工具。它使用fork()模拟多个客户端同时
访问我们设定的URL,测试网站在压力下工作的性能,最多可
以模拟3万个并发连接去测试网站的负载能力。官网地址:http
://home.tiscali.cz/~cz210552/webbench.html		 2018-01-20 17:33:28
tcpburn 1.0.0 The most powerful tool for stress testing of Interne
t server applications		 2019-07-14 09:20:34

文字识别

项目名称 版本 项目描述 最近提交时间
Umi-OCR release
/2.0.1		 OCR software, free and offline. 开源、免费的离线OCR
软件。支持截屏/粘贴/批量导入图片,段落排版/排除水印,
扫描/生成二维码。内置多国语言库。		 2024-01-07 03:01:42

压测工具

项目名称 版本 项目描述 最近提交时间
locust 2.20.1 Write scalable load tests in plain Python 🚗💨 2024-01-11 20:21:44

验证码生成

项目名称 版本 项目描述 最近提交时间
Calculate_Captcha v1.1 计算验证码生成器,用于训练使用 2022-01-21 00:25:44

远程软件

项目名称 版本 项目描述 最近提交时间
FreeRDP 3.1.0 FreeRDP is a free remote desktop protocol library an
d clients		 2024-01-11 15:00:40
Quasar v1.4.1 Remote Administration Tool for Windows 2023-08-14 19:33:43
rustdesk 1.2.3 An open-source remote desktop, and alternative to Te
amViewer.		 2024-01-11 06:47:53

More Repositories

1

Goby

Python
568
star
2

nuclei-templates

nuclei-templates 4W+已校验
Python
128
star
3

pocsuite3

Python
104
star
4

muggle_ocr_flask

muggle_ocr示例
Python
9
star
5

pocsuite

Python
7
star
6

InfoSearch

域名历史解析,资产测绘,whois,ip信誉,网站权重,icp备案,ip反查域名,归属地,子域名
JavaScript
6
star
7

fofa_GUI

4
star
8

PentestReport

渗透测试报告
3
star
9

file

3
star
10

fofaspider

Python
1
star
11

behinder_decrypted

冰蝎流量解密套壳UI
1
star
12

portscan

用于进行端口扫描的工具。它能够根据输入的目标和端口范围,对目标主机的指定端口进行扫描,并输出扫描结果。同时,它还支持多线程扫描,以提高扫描效率。扫描结果可以保存在CSV文件中,方便后续分析和处理。
Python
1
star
13

traffic_extraction

基于tshark的流量提取,支持http流提取、tcp可见字符串提取
1
star
14

VerificationCode

1
star
15

nessus_html2csv

Python
1
star
16

CNVD_crawler

Python
1
star