更新于 2024-01-14 08:39:41
近15天release更新记录
更新时间 | 项目名称 | 版本 | 更新内容 |
---|---|---|---|
2024-01-13 22:52:54 | ChatGPT-Shortcut | v3.1.6 | v3.1.6 Update - Feature: Customiz able username modification - Fix: Reso lve multiple issues with registration functionality and browser warnings - R efactor: Simplify API logic a |
2024-01-13 10:14:51 | PyWxDump | v2.4.16 | [Auto Release] Update PyWxDump to ref s/tags/v2.4.16 |
2024-01-12 19:04:35 | containerd | v1.6.27 | Welcome to the v1.6.27 release of con tainerd! The twenty-seventh patch rele ase for containerd 1.6 contains variou s fixes and updates. ### Notable Updat es * **Improve /etc/group han |
2024-01-12 14:25:11 | Elkeid | v1.9.0. 4_202401 12_elkei d_ko |
|
2024-01-11 19:00:24 | subfinder | v2.6.4 | ## What's Changed * Added pagination support to SecurityTrails source by @ dogancanbakir in https://github.com/pr ojectdiscovery/subfinder/pull/1105 * A dded extended limit for crtsh |
2024-01-11 11:34:28 | trivy | v0.48.3 | ## Changelog * eac751339 chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 (#5892) * d866b71dd ch ore(deps): bump google.golang.org/prot obuf from 1.31.0 to 1.32.0 (# |
2024-01-11 11:28:44 | safeline | v4.1.1 | ### 修复 - 修复 IP 组在线订阅失败时会 保存错误内容的问题 |
2024-01-11 02:59:12 | autoDecoder | 0.37-be ta1 |
## 2024.1.11 更新0.37-beta1 1. 修复DE S解密出错问题 感谢微信群师傅@春至 @w 反馈 |
2024-01-10 22:58:29 | faker | v22.2.0 | See . |
2024-01-10 13:30:18 | WeChatMsg | v1.0.3 | # 新增功能 * 支持批量导出聊天记录 * 支持自定义选择导出时间 * exe程序支持显 示群聊 # 优化 * 加快启动速度 * 修复空 格导致的语音消息失效的问题 #281 #289 * 修复没有ContactLabel表导致的无法启动的 问题 #274 * 修复光标显示异常的问题 * 修 复exe程序图片显示导致的错误问题 # 1.1.x 更新预告 1. 个 |
2024-01-10 13:27:49 | nuclei | v3.1.5 | ## What's Changed ### Other Changes * Fixed a bug introduced in previous v ersion by @tarunKoyalwar in https://gi thub.com/projectdiscovery/nuclei/pull/ 4608 Full Changelog: http |
2024-01-09 14:52:33 | Pillager | AutoBui ld |
|
2024-01-09 06:44:58 | afrog | v2.9.9 | 【BUG】修复 proxy 命令中的 BUG,解决 在使用 HTTP 代理进行 HTTPS 请求时因 use r canceled 操作而导致 afrog 未能接收到 响应的问题。 Fix the BUG in the proxy c ommand, addressing the issue where afr og fails to receive a respon |
2024-01-08 19:16:52 | ImageMagick | 7.1.1-2 6 |
## What's Changed * fix error: 'libra w_data_t' has no member named 'rawpara ms' by @remicollet in https://github.c om/ImageMagick/ImageMagick/pull/6989 * Make Magick++-config work fr |
2024-01-08 14:34:59 | ObserverWard | v2024.1 .8 |
|
2024-01-07 20:45:56 | dbeaver | 23.3.2 | - Metadata editor: - New database ob jects wizard was redesigned - Primary/ unique key can be created automaticall y along with new columns - SQL Editor: - Outline viewer of SQL quer |
2024-01-07 04:24:29 | PEASS-ng | 2024010 7-6fec90 a8 |
|
2024-01-06 04:21:30 | grype | v0.74.0 | ### Added Features - Vulnerabilities marked as fixed in distro packages sho uld be reported as fixed for all conta ined packages too @luhring] ### Bug Fixes - Parameter quiet is ig |
2024-01-05 21:41:12 | syft | v0.100. 0 |
### Added Features - Add more functio nality to the ErLang parser @LaurentG oderre] - Added OpenSSL binary matcher @LaurentGoderre] - Add ability to ex tend the binaries cataloguers |
2024-01-05 02:10:15 | BlueTeamTools | BlueTea mToolsV0 .92版本 |
2024.01.05 修正"反序列化数据包分析"功 能的变量未初始化导致解析错误。 2024.01. 03 修正"查询ip对应物理地址"功能,直接 输入ip列表也可以查询物理地址。 |
2024-01-04 21:28:56 | ImHex | v1.32.2 | ## Additions - Fixed the M1 build c ompletely - I went out and bought a MacBook Air just for this, I hope you' re happy - Completely overhauled the external plugin system - I |
2024-01-04 07:34:37 | Sign-Sacker | 代码微 调,项目 停更 |
微调代码,设置仅支持exe,dll文件 rele ase下载地址:https://langsasec.lanzout .com/iBjmL1jzwojg 解压密码:langsasec 到此,该项目不再更新 |
2024-01-04 05:03:48 | captcha-killer-mo dified |
0.24.4 | 【2024-1-4】 0.24.4 - 服务端识别代码 增加算术接口,可以进行算术验证码的识别 |
2024-01-03 22:20:06 | sqlmap | 1.8 | Stable version 1.8 () |
2024-01-03 11:29:33 | locust | 2.20.1 | ## What's Changed * Add charset_norma lizer dependency by @KellyP5 in https: //github.com/locustio/locust/pull/2506 * Bump Requests to 2.26.0, remove exp licit dependency on charset_n |
2024-01-03 03:35:21 | nemo_go | v2.11.0 | ### Update - worker支持socks5代理扫描 ; - 在web中可查看和管理worker的启动参 数及运行负载情况; - 优化指纹获取方式; 指纹获取不再调用observe_ward,通过httpx 保存的reseponse信息被动匹配fingerprinth ub的指纹; - 增加fingerprintx作为httpx 的补充,用于获取非HTTP端口 |
2024-01-02 14:06:57 | arthas | arthas- all-3.7. 2 |
Issues: https://github.com/alibaba/ar thas/milestone/50?closed=1 * arthas-sp ring-boot-starter support spring boot3 . #2524 * upgrade spring-boot 2 to 2.7 .15, spring boot 3 to 3.1.7 * |
近15天commit提交记录
提交时间 | 项目名称 | 更新内容 |
---|---|---|
2024-01-14 00:31:16 | PoC-in-GitHub | Auto Update 2024/01/14 00:31:16 |
2024-01-14 00:00:03 | free | updated_at 01-14 08:00 |
2024-01-13 21:59:00 | ChatGPT-Shortcut | chore(deps): bump follow-redirects from 1.15.2 to 1 .15.5 (#45) Bumps from 1.15.2 to 1.15.5. - - --- updated-dependencies: - dependency-name: follow-redi rects dependency-type: in |
2024-01-13 21:35:10 | PocOrExp_in_Githu b |
update 2024-01-14 05:35:10 |
2024-01-13 18:32:50 | anti-AD | Auto renew the anti-AD list. |
2024-01-13 17:45:53 | john | Armory format: Switch from scatter to gather on MIC |
2024-01-13 17:21:19 | WeChatMsg | 修改HTML默认聊天数据 |
2024-01-13 15:36:49 | PEASS-ng | Merge pull request #405 from d4t4s3c/patch-1 useful for when on the victim host we have access to the i nternet but… |
2024-01-13 15:05:32 | DIE-engine | Update module: Detect-It-Easy 2024-01-13 |
2024-01-13 12:34:25 | v2rayfree | update |
2024-01-13 10:10:42 | PyWxDump | fix |
2024-01-13 08:44:31 | logging-log4j2 | Move OSGi caches to target directory |
2024-01-13 08:28:18 | PST-Bucket | pixpin: Update to version 1.5.0.0 |
2024-01-13 02:09:28 | SmsForwarder | 优化:自动任务的触发条件充电状态中充电器增加不限选 项 #I8VOE3 |
2024-01-12 23:34:13 | ImHex | impr: Make plugin features and subcommands work in statically linked builds |
2024-01-12 22:39:13 | syft | Replace core SBOM-creation API with builder pattern (#1383) * remove existing cataloging API Signed-off -by: Alex Goodman * add file cataloging config Sign ed-off-by: Alex Goodman |
2024-01-12 22:18:33 | containerd | Merge pull request #8355 from Jenkins-J/move-Defaul tSnapshotter Move DefaultSnapshotter constants |
2024-01-12 21:54:52 | nuclei | fix panic in interactsh process interaction ( nil c heck on compiled operators) (#4511) * nil check * mi sc updates --------- Co-authored-by: Tarun Koyalwar |
2024-01-12 21:47:37 | dbeaver | CB-4309 add keep alive interval for data source (#2 2316) * CB-4309 add keep alive interval for data sou rce * CB-4463 do not run datasource monitor job in c b --------- Co-authored-b |
2024-01-12 15:23:35 | clair | build(deps): bump golang.org/x/net from 0.19.0 to 0 .20.0 Bumps from 0.19.0 to 0.20.0. - --- updated-d ependencies: - dependency-name: golang.org/x/net dep endency-type: direct:prod |
2024-01-12 15:04:09 | metasploit-framew ork |
Land #18682, Add tests for Msf::Exploit::Local expl oit_type and sysinfo methods |
2024-01-12 13:08:57 | gshark | Merge pull request #195 from madneal/dependabot/npm _and_yarn/web/follow-redirects-1.15.4 Bump follow-re directs from 1.15.3 to 1.15.4 in /web |
2024-01-12 10:54:02 | neuvector | Merge pull request #1167 from jeffhuang4704/NVSHAS- 7720-Enhance_UI_Performance_adjust_quick_filter_beha vior NVSHAS-7720-Enhance_UI_Performance, adjust quic k filter behavior |
2024-01-12 10:30:57 | suo5 | Merge pull request #47 from dust-life/main add Suo5 VirtualPath memshell |
2024-01-12 06:17:23 | jumpserver | feat: 同步ldap用户消息通知 |
2024-01-12 06:01:55 | kube-bench | build(deps): bump alpine from 3.18.3 to 3.19.0 (#15 35) Bumps alpine from 3.18.3 to 3.19.0. --- updated- dependencies: - dependency-name: alpine dependency-t ype: direct:production up |
2024-01-12 05:59:24 | fofaEX | fofaHack 界面可排序 Signed-off-by: 10cks |
2024-01-12 04:36:55 | trivy | docs(misconf): multiple ignores in comment (#5926) |
2024-01-12 03:49:01 | murphysec | chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 Bumps from 1.3.6 to 1.3.7. - - --- updated-dependencies: - dependency-name: github.com /cloudflare/circl depende |
2024-01-12 03:28:02 | appshark | Merge remote-tracking branch 'origin/main' |
2024-01-12 00:59:48 | afrog | poc update |
2024-01-11 20:46:39 | impacket | ntlmrelayx.py: Make SOCKS5 address and port configu rable (#1636) * ntlmrelayx.py: Make SOCKS5 address a nd port configurable * Fix API port |
2024-01-11 20:21:44 | locust | Remove orphaned dist js file |
2024-01-11 18:35:51 | subfinder | version update |
2024-01-11 18:28:08 | sliver | Merge pull request #1551 from BishopFox/v1.6.0/daem on-tailscale-flag Add support for tailscale to daemo n mode |
2024-01-11 17:26:54 | audacity | Merge pull request #5856 from saintmatthieu/5795-te mpo-detection-benchmarking-improvement 5795 tempo de tection benchmarking improvement |
2024-01-11 16:30:29 | ImageMagick | export an exception when functions do not include a n enclosing parenthesis (https://github.com/ImageMag ick/ImageMagick/discussions/4533) |
2024-01-11 15:11:40 | sqlmap | Implementing #5506 |
2024-01-11 15:00:40 | FreeRDP | [uwac] output: take a max scale into scaling code F ix for a hybrid multimonitor configurations: Previou s code was working for me because the display with s cale=2 was last on the wa |
2024-01-11 13:10:49 | Qianji | Update README.md 停止维护啦哈哈 江湖再见 下棋去了 |
2024-01-11 10:58:48 | safeline | feat: release v4.1.1 |
2024-01-11 08:59:32 | vulnerability | CVE-2024-0300 |
2024-01-11 06:47:53 | rustdesk | tcp rendezvous works now |
2024-01-11 06:36:51 | Mobile-Security-F ramework-MobSF |
Update SECURITY.md (#2323) updated security policy |
2024-01-11 05:24:54 | autoDecoder | Update FAQ.md |
2024-01-10 22:57:56 | faker | Bump version: 22.1.0 → 22.2.0 |
2024-01-10 09:44:57 | Elkeid | Merge pull request #570 from bytedance/fix-procfs f ix procfs compile error |
2024-01-10 09:08:30 | veinmind-tools | docs: update qr_code (#271) |
2024-01-09 21:20:55 | grype | chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1651) Bumps from 1.3.3 to 1.3.7. - - --- updated-dependencies: - dependency-name: gi thub.com/cloudflare/circl |
2024-01-09 14:10:16 | WebGoat | chore: bump io.github.bonigarcia:webdrivermanager f rom 5.3.3 to 5.6.3 (#1716) Bumps from 5.3.3 to 5.6. 3. - - - --- updated-dependencies: - dependency-n ame: io.github.bonigarcia |
2024-01-09 12:52:34 | Pillager | Update Chrome.cs |
2024-01-09 10:50:50 | frp | Fix missing prefix for transport.tls.force in the e xample (#3921) |
2024-01-09 01:41:01 | nemo_go | Update: remove observe_ward binary in package |
2024-01-08 17:07:29 | ctf-archives | Shaastra chals |
2024-01-08 14:39:09 | ObserverWard | 删除nuclei调试代码 |
2024-01-08 08:52:58 | DecoyMini | Update README.md |
2024-01-08 03:15:25 | captcha-killer-mo dified |
Update FAQ.md |
2024-01-08 02:47:29 | 404StarLink | weekly update at 2024-01-08 |
2024-01-07 22:42:41 | CTFd | File upload improvements (#2451) * Calculate a file s sha1sum on upload for future local change detectio n purposes * Allow clients to control the location o f an uploaded file * Adds |
2024-01-07 06:19:58 | dperf | Merge pull request #399 from pengjianzhang/main sug gestions for handling init errors |
2024-01-07 03:01:42 | Umi-OCR | 优化文件表格的状态文本 |
2024-01-07 01:33:31 | beef | Merge branch 'dependabot/bundler/net-smtp-0.4.0.1' |
2024-01-06 10:51:22 | GZCTF | feat: use css with console log |
2024-01-05 23:32:09 | dirsearch | Merge pull request #1355 from maurosoria/shelld3v-p atch-5 Bug fix |
2024-01-05 18:46:03 | rengine | Merge pull request #1153 from jxdv/update-license c hore: update LICENSE |
2024-01-05 14:23:59 | codeql-cli-binari es |
Add change note re Java 21 support in 2.15.4 |
2024-01-05 10:31:56 | domain_hunter_pro | clearComments |
2024-01-05 03:31:11 | Awesome-Redteam | update ransomware decryption |
2024-01-05 02:10:41 | BlueTeamTools | Update README.md |
2024-01-04 11:56:25 | ghauri | updated readme with installation guideline by @Born unique911, fixed #119 |
2024-01-04 10:43:46 | X-Marshal | Update README.md |
2024-01-04 09:26:20 | FrameVul | Update and rename readme to readme.md |
2024-01-04 07:39:09 | Sign-Sacker | 项目停更 项目停更 |
2024-01-04 03:13:18 | Vulhub-Reproduce | update apache ofbiz & activemq |
2024-01-04 03:12:12 | Vulnerability-Wik i |
update apache ofbiz & activemq |
2024-01-02 19:08:03 | volatility3 | Merge pull request #1075 from gcmoreira/linux_kmsg_ older_kernels_support Linux: Add support for kernels earlier than version 3.11 in linux.kmsg.Kmsg plugin |
2024-01-02 10:23:59 | HackerPermKeeper | upload |
2024-01-02 07:54:00 | arthas | upgrade spring-boot 2 to 2.7.15, spring boot 3 to 3 .1.7 |
2024-01-02 03:07:36 | RsaCtfTool | Update Dockerfile |
2024-01-01 05:37:50 | dalfox | Merge pull request #516 from hahwul/add-dependabot. yml Update dependabot.yml |
2023-12-31 13:07:11 | ThinkAdmin | 去非必需的文件 |
2023-12-31 05:25:42 | all-in-one-v2 | add mantle to zerius refuel |
2023-12-31 03:08:26 | Viper | Update Jetbrains Logo |
2023-12-30 18:04:55 | vulhub | update environments.toml |
安全
CTF
AWD
靶场
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
wordpress | AWD靶机 | 2018-12-11 07:45:27 | |
AWDDocker | 标准化AWD靶场Docker | 2021-05-15 17:04:47 | |
20190511_awd_dock er |
2019 年 5 月 11 日防灾科技学院 “应急挑战杯” 大学生 网络安全邀请赛 AWD 靶机题目。 |
2019-05-14 23:45:01 | |
AWD_CTF_Platform | 一个简单的AWD训练平台 | 2020-01-04 14:18:23 | |
Liaoning-provinci al-competition-tar get-1 |
第三届辽宁省ctf线下awd靶机1web | 2020-11-01 13:12:58 | |
awd-platform | platform for awd | 2018-09-11 05:59:33 |
防护
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
AoiAWD | AoiAWD-专为比赛设计,便携性好,低权限运行的EDR系统。 | 2020-10-18 03:24:49 | |
k4l0ng_WAF | A broute detect WAF by PHP using to AWD | 2018-06-28 12:12:25 | |
CTF-WAF | 针对CTF线下赛的通用WAF,日志审计功能。 | 2022-11-27 12:14:05 |
脚本
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Prepare-for-AWD | AWD攻防赛脚本集合 | 2019-10-17 01:09:44 | |
AWD-Predator-Fram ework |
AWD攻防赛webshell批量利用框架 | 2019-06-19 13:29:22 | |
awd_attack_framew ork |
awd攻防常用脚本+不死马+crontab+防御方法 | 2019-06-07 09:24:55 |
开源平台
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JJUCTF_V2.0 | JJU网络安全靶场实训平台 | 2021-05-01 10:38:51 | |
H1ve | 1.1.3 | An Easy / Quick / Cheap Integrated Platform | 2020-11-25 14:01:11 |
Cardinal | v0.7.3 | CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD pla tform - 欢迎 Star~ ✨ |
2021-11-12 18:17:48 |
CTF_AWD_Platform | CTF 攻防对抗平台 | 2019-09-16 08:11:50 | |
GZCTF | v0.17.7 | The GZ::CTF project, an open source CTF platform. | 2024-01-06 10:51:22 |
MarsCTF | V1.2.1 | Vue+Springboot开发的CTF学习平台,提供动态靶机、学习 模块、writeup模块等等CTF平台的核心功能。提供docker版本 |
2022-08-09 12:20:31 |
Crypto
古典密码
autokey
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
breakautokey | breakautokey | 2020-06-15 01:27:06 |
现代密码
RSA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CTF-RSA-tool | a little tool help CTFer solve RSA problem | 2018-08-26 09:17:20 | |
RSA | 2022-08-22 15:31:16 | ||
rsa-wiener-attack | A Python implementation of the Wiener attack on RSA public-key encryption scheme. |
2017-02-25 17:52:55 | |
RsaCtfTool | RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data |
2024-01-02 03:07:36 |
国密
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
gmhelper | 基于BC库:国密SM2/SM3/SM4算法简单封装;实现SM2 X509v 3证书的签发;实现SM2 pfx证书的签发 |
2023-11-12 03:07:34 | |
sm-crypto | 国密算法js版 | 2023-11-07 12:40:00 |
Misc
16进制编辑
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ImHex | v1.32.2 | 🔍 A Hex Editor for Reverse Engineers, Programmers a nd people who value their retinas when working at 3 A M. |
2024-01-12 23:34:13 |
编码解码
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CTFCrackTools | 4.0.7 | China's first CTFTools framework.中国国内首个CTF工具 框架,旨在帮助CTFer快速攻克难关 |
2022-11-16 22:23:09 |
Ciphey | 5.14.0 | ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashe s ⚡ |
2023-10-12 07:20:40 |
CyberChef | v10.5.2 | The Cyber Swiss Army Knife - a web app for encryptio n, encoding, compression and data analysis |
2023-07-14 18:01:41 |
TomatoTools | v1.0.2 | TomatoTools 一款CTF杂项利器,支持36种常见编码和密码 算法的加密和解密,31种密文的分析和识别,支持自动提取fl ag,自定义插件等。 |
2022-12-02 06:41:15 |
二维码批量识别
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
QrScan | v2.9.0 | 离线批量检测图片是否包含二维码以及识别二维码 | 2023-09-22 05:46:17 |
自动拼图
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
PuzzleSolver | v1.0.1- beta |
一款专门为CTF比赛设计的拼图工具 | 2021-04-27 10:49:31 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CTF_Hacker-Tools | |||
qsnctf-python | 0.0.8.1 0 |
青少年CTF的Python包,方便大家调用一些CTF常用功能。 | 2023-08-26 02:35:55 |
CTF-Tools | v1.3.7 | 一款Python+Pyqt写的CTF编码、解码、加密、解密工具。 | 2022-07-21 08:40:01 |
Pwn
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Reverse
Java反编译
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JavaDecompileTool -GUI |
V1.2 | Java Decompile Tool GUI-JAVA反编译工具(界面版) | 2021-04-12 21:56:10 |
CodeReviewTools | v1.31 | 通过正则搜索、批量反编译特定Jar包中的class名称 | 2021-12-06 16:48:04 |
pyc逆向
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
stegosaurus | 1.0 | A steganography tool for embedding payloads within P ython bytecode. |
2019-10-07 13:15:43 |
python-uncompyle6 | 3.9.0 | A cross-version Python bytecode decompiler | 2023-12-17 15:52:32 |
pyinstxtractor | 2023.12 | PyInstaller Extractor | 2023-12-03 18:19:07 |
查壳
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
DIE-engine | 3.09 | DIE engine | 2024-01-13 15:05:32 |
Web
定向目录扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ctf-wscan | 在kingkaki的项目上进行了修改,改为单线程,可以在任意 目录下执行,对重复的请求进行了过滤 |
2020-11-07 06:57:22 |
相关资源
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
http://www.ctftools.com/ | |||
apachecn-ctf-wiki | 2022-04-26 07:03:04 | ||
CTFd | 3.6.1 | CTFs as you need them | 2024-01-07 22:42:41 |
ctf-tools | CTF 工具集合 | 2022-08-10 11:25:15 | |
BerylEnigma | 1.15.0 | ffffffff0x team toolset for penetration testing, cry ptography research, CTF and daily use. |
ffffffff0x 团队工具集,用来进行渗透测试,密码学研究,CTF和日常使 用。 |
CTFd_chinese_CN | v1.2.0 | 对CTFd平台各版本的汉化记录。key:中文、汉化、翻译、ch inese、CN、CTFd |
2023-09-16 07:11:09 |
CTF-Note | CTF笔记:该项目主要记录CTF知识、刷题记录、工具等。 | 2022-08-17 09:28:58 | |
ctf_ics_traffic | 工控CTF比赛工具,各种网络数据包处理脚本 | 2018-08-09 02:48:04 | |
CTF-QuickStart | 源仓库存档 | 2023-11-05 08:22:46 | |
CTFtools-wiki | 【Hello CTF】录常用 / 优秀 的CTF工具项目及其文档,一 个对各阶段CTFer都很友好的工具仓库,让所有的工具都发挥作 用! |
2023-07-07 13:19:18 | |
SecToolKit | Cybersecurity tool repository / Wiki 收录常用 / 前沿 的CTF和渗透工具以及其 官方/使用 文档,致力于让每个工 具都能发挥作用ww,不管你是萌新还是领域从业者希望你都能 在这里找到适合你的工具或者获得一定的启发。 |
2023-09-02 12:11:27 | |
CTF-Tools | 渊龙Sec安全团队CTF&AWD工具箱 | 2023-01-26 05:21:12 | |
ctf-archives | CTF Archives: Collection of CTF Challenges. | 2024-01-08 17:07:29 |
红队
Web安全
漏洞发现库
安卓漏洞扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
appshark | v0.1.2 | Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. |
2024-01-12 03:28:02 |
安卓抓包辅助
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
r0capture | 安卓应用层抓包通杀脚本 | 2023-10-20 11:59:50 |
半自动漏洞扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
myscan | myscan 被动扫描 | 2021-03-19 12:18:34 | |
DarkAngel/ | |||
xray | 1.9.11 | 一款完善的安全评估工具,支持常见 web 安全问题扫描和 自定义 poc |
使用之前务必先阅读文档 |
Fvuln | Fvuln-1 .4.9 |
F-vuln(全称:Find-Vulnerability)是为了自己工作方便 专门编写的一款自动化工具,主要适用于日常安全服务、渗透 测试人员和RedTeam红队人员,它集合的功能包括:存活IP探 测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、s sh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大 量web漏洞检测模块。 |
2023-07-22 02:03:42 |
EasyPen | EasyPen is a GUI program which helps pentesters do t arget discovery, vulnerability scan and exploitation |
2022-10-19 08:46:57 | |
nuclei | v3.1.5 | Fast and customizable vulnerability scanner based on simple YAML based DSL. |
2024-01-12 21:54:52 |
QingTing | v0.3 | 蜻蜓安全一个安全工具编排平台,可以自由编排你的工具流, 集成108款工具,包括xray、nmap、awvs等;你可以将喜欢的工 具编排成一个场景,快速打造适合自己的安全工作台~ |
2023-03-21 08:07:56 |
NextScan | v1.2.0 | 飞刃是一套完整的企业级黑盒漏洞扫描系统,集成漏洞扫描 、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测 引擎和丰富的插件库,覆盖多种漏洞类型和应用程序框架。 |
2023-05-05 09:39:23 |
POC-bomber | POC-bom ber-for- Redteam- v3.0.0 |
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红 队快速打点 |
2023-06-09 13:20:09 |
w13scan | Passive Security Scanner (被动式安全扫描器) | 2022-07-06 09:24:36 | |
afrog | v2.9.9 | A Security Tool for Bug Bounty, Pentest and Red Team ing. |
2024-01-12 00:59:48 |
vulmap | v0.9 | Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能 |
2022-04-13 13:23:54 |
代码审计
java
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
code-inspector | 0.2-bet a |
JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分 析 |
2023-06-03 16:43:44 |
jar-analyzer-gui | 1.1 | 建议使用新版:https://github.com/jar-analyzer/jar-an alyzer |
2023-11-30 03:59:12 |
codeql-cli-binari es |
v2.15.5 | Binaries for the CodeQL CLI | 2024-01-05 14:23:59 |
CodeQLpy | CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具, 目前仅支持java语言。实现从源码反编译,数据库生成,脆弱 性发现的全过程,可以辅助代码审计人员快速定位源码可能存 在的漏洞。 |
2023-07-06 06:32:34 | |
JVWA | java 代码审计学习靶场 | 2023-05-28 11:11:53 |
other
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Kunlun-M | v2.6.5 | KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、J avaScript的语义扫描,基础安全、组件安全扫描,Chrome E xt\Solidity的基础扫描。 |
2023-10-25 03:49:28 |
murphysec | v3.1.1 | An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软 件成分分析(SCA)、漏洞检测、专业漏洞库。 |
2024-01-12 03:49:01 |
fortify | fortify内置规则加密破解 | 2020-07-10 03:38:21 |
python
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
python_code_audit | python 代码审计项目 | 2021-10-10 07:49:46 | |
python_sec | python安全和代码审计相关资料收集 resource collection of python security and code review |
2020-08-06 02:31:20 |
口令爆破
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
web-brutator | Fast Modular Web Interfaces Bruteforcer | 2021-11-16 14:29:28 | |
thc-hydra-windows | v9.1 | The great THC-HYDRA tool compiled for Windows | 2023-02-06 09:01:04 |
ssb | v0.1.1 | Secure Shell Bruteforcer — A faster & simpler way t o bruteforce SSH server |
2021-12-17 06:56:13 |
SNETCracker | 1.0.201 90715 |
超级弱口令检查工具是一款Windows平台的弱口令审计工具 ,支持批量多线程检查,可快速发现弱密码、弱口令账号,密 码支持和用户名结合进行检查,大大提高成功率,支持自定义 服务端口和字典。 |
2019-08-01 05:56:13 |
WebCrack | WebCrack是一款web后台弱口令/万能密码批量检测工具,在 工具中导入后台地址即可进行自动化检测。 |
2021-09-07 12:19:54 | |
john | John the Ripper jumbo - advanced offline password cr acker, which supports hundreds of hash and cipher typ es, and runs on many operating systems, CPUs, GPUs, a nd even some FPGAs |
2024-01-13 17:45:53 | |
thc-hydra | v9.5 | hydra | 2023-08-13 11:07:10 |
漏洞发现
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Ingram | v2.0.0 | 网络摄像头漏洞扫描工具 | Webcam vulnerability scanni ng tool |
Dude | 2023-05-11 16:05:14 |
漏洞扫描框架
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Godscan | Godscan | Godscan 是一款python编写的具有图形化界面的漏洞检测框 架,可以之定义漏洞检测 poc ,主要是帮助安全测试者,更 好的去记录和整理历史漏洞,以便更好的进行漏洞检测,提高 工作效率! |
2021-09-18 00:52:20 |
pocassist | 1.0.5 | 傻瓜式漏洞PoC测试框架 | 2022-06-21 03:43:47 |
pocsuite3 | v2.0.5 | pocsuite3 is an open-sourced remote vulnerability te sting framework developed by the Knownsec 404 Team. |
2023-07-26 21:18:59 |
Gr33k | 图形化漏洞利用集成工具 | 2021-09-15 08:10:11 | |
kunpeng | 2019052 7 |
kunpeng是一个Golang编写的开源POC框架/库,以动态链接 库的形式提供各种语言调用,通过此项目可快速开发漏洞检测 类的系统。 |
2020-11-20 07:23:06 |
FrameScan-GUI | v1.4.3 | FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面 的cms漏洞检测框架。 |
2023-04-24 07:24:25 |
微信小程序辅助
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
wxapkg | v1.5.0 | 微信小程序反编译工具,.wxapkg 文件扫描 + 解密 + 解包 工具 |
2023-08-03 12:33:41 |
信息泄露监控
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
code6 | 1.6.4 | 码小六 - GitHub 代码泄露监控系统 | 2023-04-27 08:45:04 |
gshark | v1.4.0 | Scan for sensitive information easily and effectivel y. |
2024-01-12 13:08:57 |
中间件&框架漏洞扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Jiraffe | v2.0.6 | One stop place for exploiting Jira instances in your proximity |
2021-05-08 12:37:38 |
WeblogicScan | Weblogic一键漏洞检测工具,V1.5,更新时间:20200730 | 2022-01-26 02:56:25 | |
Artillery | v1.0_20 220519 |
JAVA 插件化漏洞扫描器,Gui基于javafx。POC 目前集成 W eblogic、Tomcat、Shiro、Spring等。 |
2022-08-08 00:39:34 |
weblogic-infodete ctor |
0.2.4 | woodpecker框架weblogic信息探测插件 | 2022-03-23 08:33:43 |
漏洞利用库
OA产品漏洞
OA综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
MYExploit | V2.0.4 | OAExploit一款基于产品的一键扫描工具。 | 2022-09-20 14:50:31 |
OA-EXPTOOL | 0.83 | OA综合利用工具,集合将近20款OA漏洞批量扫描 | 2023-10-28 04:46:18 |
泛微OA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CNVD-2021-49104 | CNVD-2021-49104——泛微E-Office文件上传漏洞 | 2021-12-01 08:12:09 | |
DBconfigReader | 泛微ecology OA系统接口存在数据库配置信息泄露漏洞 | 2020-07-13 08:20:12 | |
Weaver-OA-E-colog y-Database-Leak |
泛微OA数据库配置泄漏检测脚本 | 2019-10-27 12:02:14 | |
e-cology-OA-SQL | 泛微 e-cology OA 前台SQL注入 | 2019-10-11 12:53:14 | |
e-cology | e-cology OA_Beanshell_RCE | 2019-09-29 04:36:36 |
蓝凌OA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Landray-OA-Treexm l-Rce |
蓝凌OA远程代码执行漏洞批量检查 | 2022-07-07 03:13:24 | |
LandrayDES | V1 | 蓝凌OA的前后台密码的加解密工具 | 2020-12-21 06:54:42 |
通达OA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
TongdaOATools | 2023-05-12 06:37:26 | ||
TDOA_RCE | v1.0 | 通达OA综合利用工具 | 2021-03-17 08:51:32 |
TongDaOA-Fake-Use r |
通达OA 任意用户登录漏洞 | 2020-08-27 11:38:27 | |
TongDa-OA | 通达OA一些漏洞点 | 2020-08-20 07:01:50 |
用友OA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
yonyou_exp_plus | 用友系列全漏洞检测工具 | 2023-04-10 00:55:59 | |
fupo_for_yonyou | 2.0RC1 | 用友漏洞检测,持续更新漏洞检测模块 | 2023-08-08 07:10:46 |
yonyou-nc-decrypt er |
0.1.0 | 用友 nc 系列密码解密 | 2023-04-07 07:32:55 |
NCTOOls | 一款针对用友NC综合漏洞利用工具 | 2023-11-27 06:09:58 | |
YongYouNcTool | 1.0 | 用友NC系列漏洞检测利用工具,支持一键检测、命令执行回 显、文件落地、一键打入内存马、文件读取等 |
2023-08-19 14:50:28 |
致远OA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SeeyonExploit-GUI | 致远OA综合利用工具V1.0 | 2021-07-07 15:01:16 | |
PassDecode-jar | v0.1 | 帆软/致远密码解密工具 | 2021-07-29 08:52:34 |
seeyon_exp | 致远OA综合利用工具 | 2021-06-03 08:03:40 | |
A8-OA-seeyon-RCE | A Zhiyuan OA Collaborative Office Remote Code Execut ion Vulnerability on Windows |
2019-06-27 13:53:06 |
半自动化漏洞利用
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Goby | Beta2.2 .0 |
Attack surface mapping | 2023-03-17 11:35:53 |
railgun | v1.5.5 | 2023-05-08 17:00:45 | |
zpscan | v1.8.39 | 一个有点好用的信息收集工具。A somewhat useful inform ation gathering tool. |
2023-09-06 04:26:00 |
编辑器漏洞
UEditor
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
UEditorGetShell | UEditor编辑器批量GetShell / Code By:Tas9er | 2022-07-10 06:52:19 |
产品or组件or框架漏洞
Apache Airflow
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CVE-2022-40127 | Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC |
2022-11-19 10:35:50 |
Apache Dubbo
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
dubbo-exp | dubbo学习demo,之前删了,重新上传。 | 2022-10-12 08:48:36 |
Apache Log4j
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
log4jscanner | v0.5.0 | A log4j vulnerability filesystem scanner and Go pack age for analyzing JAR files. |
2022-05-25 22:02:38 |
logging-log4j2 | rel/3.0 .0-beta1 |
Apache Log4j 2 is a versatile, feature-rich, efficie nt logging API and backend for Java. |
2024-01-13 08:44:31 |
Log4j2-CVE-2021-4 4228 |
Remote Code Injection In Log4j | 2022-01-18 12:01:52 | |
CVE-2021-44228-Po C-log4j-bypass-wor ds |
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks |
2022-01-15 16:18:44 |
Apache Shiro
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ShiroExploit-Depr ecated |
v2.51 | Shiro550/Shiro721 一键化利用工具,支持多种回显方式 | 2020-11-09 02:23:07 |
shiro_attack | 2.2 | shiro反序列化漏洞综合利用,包含(回显执行命令/注入内 存马) |
2021-06-22 01:51:08 |
ShiroAttack2 | 4.7.0 | shiro反序列化漏洞综合利用,包含(回显执行命令/注入内 存马)修复原版中NoCC的问题 https://github.com/j1anFen/ shiro_attack |
2023-07-28 07:09:56 |
shiro_rce_tool | shiro 反序列 命令执行辅助检测工具 | 2022-12-28 02:37:14 | |
SHIRO-550 | Shiro RememberMe 1.2.4 反序列化 漏洞 | 2019-10-25 09:51:01 | |
ShiroScan | Shiro<=1.2.4反序列化,一键检测工具 | 2021-03-04 04:23:43 | |
shiro-550-with-No CC |
V1.1 | Shiro-550 不依赖CC链利用工具 | 2022-07-18 06:22:34 |
shiro-cve-2020-17 523 |
shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套 的漏洞环境 |
2021-02-07 09:41:41 | |
shiro-exploit | Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key 爆破,配合ysoserial,生成回显Payload |
2021-05-28 03:39:57 |
Apache Solr
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
solr_exploit | Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit | 2020-07-08 06:51:47 | |
CVE-2019-0193 | Apache Solr DataImport Handler RCE | 2019-08-12 02:23:38 | |
Apache-Solr-RCE | Apache Solr Exploits 🌟 | 2020-10-13 11:45:16 | |
solr-injection | Apache Solr Injection Research | 2020-01-28 17:20:28 | |
CVE-2019-12409 | Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true") | 2019-11-19 09:17:59 | |
solr_rce | Apache Solr RCE via Velocity template | 2019-11-13 06:22:58 | |
Solr-SSRF | Apache Solr SSRF(CVE-2021-27905) | 2021-04-21 10:00:59 | |
CVE-2019-17558_So lr_Vul_Tool |
1.0 | CVE-2019-17558 Solr模板注入漏洞图形化一键检测工具。C VE-2019-17558 Solr Velocity Template Vul POC Tool. |
2020-01-10 10:58:43 |
CVE-2019-0192 | RCE on Apache Solr using deserialization of untruste d data via jmx.serviceUrl |
2019-03-10 18:33:42 |
Apache Struts2
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Struts2-Scan | Struts2全漏洞扫描利用工具 | 2020-12-23 09:04:37 | |
STS2G | 1.0 | Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang |
2022-01-10 14:04:39 |
struts-pwn_CVE-20 18-11776 |
An exploit for Apache Struts CVE-2018-11776 | 2018-08-26 02:31:30 | |
S2-053-CVE-2017-1 2611 |
A simple script for exploit RCE for Struts 2 S2-053( CVE-2017-12611) |
2017-09-08 11:59:19 | |
struts-pwn | An exploit for Apache Struts CVE-2017-5638 | 2018-05-21 18:32:57 | |
struts-pwn_CVE-20 17-9805 |
An exploit for Apache Struts CVE-2017-9805 | 2017-10-17 14:55:58 | |
CVE-2019-0230 | CVE-2019-0230 & s2-059 poc. | 2020-08-21 12:41:13 | |
struts-scan | Python2编写的struts2漏洞全版本检测和利用工具 | 2019-05-07 02:12:16 | |
S2-061 | some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cau se ONGL expression execute |
2020-12-14 15:54:05 | |
Struts2Environmen t |
Struts2 历史版本的漏洞环境 | 2017-01-20 05:59:05 | |
Struts2VulsTools | 2.3.201 90927 |
Struts2系列漏洞检查工具 | 2019-09-24 17:17:50 |
Struts-S2-xxx | 整理收集Struts2漏洞环境 | 2018-01-09 09:42:13 | |
s2-016-exp | S2-016 Exploit && Scanner | 2015-03-15 04:39:24 |
Apache Tomcat
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
AttackTomcat | V1 | Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上 传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆 破、CVE-2020-1938 Tomcat AJP文件读取/包含 |
2022-11-15 09:05:50 |
Tomcat_PUT_GUI_EX P |
1.4 | Tomcat PUT方法任意文件写入(CVE-2017-12615)exp | 2023-03-14 07:39:41 |
CVE-2017-12617 | Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution |
2017-10-11 07:43:49 | |
CVE-2019-0232 | Apache Tomcat Remote Code Execution on Windows | 2019-11-27 07:39:39 | |
CVE-2019-0232 | Apache Tomcat Remote Code Execution on Windows - CGI -BIN |
2019-04-17 02:42:02 | |
CVE-2017-12615 | POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 P UT JSP vulnerability. |
2019-12-20 07:22:16 | |
CVE-2020-9484 | 用Kali 2.0复现Apache Tomcat Session反序列化代码执行 漏洞 |
2020-05-21 15:13:11 |
Fastjson
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
FastjsonScan | v1.1 | Fastjson扫描器,可识别版本、依赖库、autoType状态等。 A tool to distinguish fastjson ,version and dependenc y |
2022-10-07 18:08:32 |
FastjsonExploit | Fastjson vulnerability quickly exploits the framewor k(fastjson漏洞快速利用框架) |
2020-03-06 07:48:16 | |
FastjsonVulns | [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload |
2022-09-02 11:00:22 | |
fastjson-autotype -bypass-dem |
|||
fastjson_rec_expl oit |
fastjson一键命令执行 | 2020-07-21 13:50:22 | |
Fastjson | Fastjson姿势技巧集合 | 2023-10-20 02:50:54 | |
fastjson | 1.2.83 | FASTJSON 2.0.x has been released, faster and more se cure, recommend you upgrade. |
2023-05-12 06:16:03 |
fastjsonVul | fastjson 80 远程代码执行漏洞复现 | 2022-09-07 06:18:46 | |
fastjson-check | beta | fastjson 被动扫描、不出网payload生成 | 2021-11-19 04:46:45 |
Grafana
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
grafanaExp | V1.1 | A exploit tool for Grafana Unauthorized arbitrary fi le reading vulnerability (CVE-2021-43798), it can bur st plugins / extract secret_key / decrypt data_source info automatic. |
2023-11-07 02:48:45 |
Hikvision
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
HikvisionDecode | 2023-07-04 10:25:23 |
IIS
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
IIS_shortname_Sca nner |
an IIS shortname Scanner | 2022-12-08 10:54:13 |
JBoss
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
jexboss | JexBoss: Jboss (and Java Deserialization Vulnerabili ties) verify and EXploitation Tool |
2017-03-28 01:34:04 | |
jboss-_CVE-2017-1 2149 |
CVE-2017-12149 jboss反序列化 可回显 | 2019-03-13 08:56:59 |
log4j
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
log4j-shell-poc | A Proof-Of-Concept for the CVE-2021-44228 vulnerabil ity. |
2023-02-08 23:30:22 |
Nacos
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
HKEcho_Nacos | 2023-12-07 14:13:43 |
SmartBI
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SmartBIAttackTool | v1.0 | SmartBI 登录代码逻辑漏洞导致的远程代码执行利用工具 | 2023-07-16 13:16:27 |
Spring Boot
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SpringBootExploit | 1.3 | 项目是根据LandGrey/SpringBootVulExploit清单编写,目 的hvv期间快速利用漏洞、降低漏洞利用门槛。 |
2022-11-07 02:30:45 |
SpringBoot-Scan-G UI |
v1.2.2 | 2023-02-15 02:40:09 | |
SpringExploit | 0.1.9 | 🚀 一款为了学习go而诞生的漏洞利用工具 | 2022-06-14 12:28:15 |
Spring_All_Reacha ble |
v2.1 | Spring漏洞综合利用工具 | 2023-07-05 09:49:55 |
ThinkCMF
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ThinkCMF_getshell | ThinkCMF 框架上的任意内容包含漏洞 | 2019-10-28 05:48:18 |
Thinkphp
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
thinkphp_gui_tool s |
v2.4.2 | ThinkPHP漏洞综合利用工具, 图形化界面, 命令执行, 一键 getshell, 批量检测, 日志遍历, session包含,宝塔绕过 |
2022-07-02 09:01:52 |
VulnerabilityTool s |
[CVE_2023_28432漏洞 、CVE_2023_32315漏洞、 ThinkPHP 2.x 任意代码执行漏洞 、ThinkPHP5 5.0.22/5.1.29 远程代 码执行漏洞、 ThinkPHP5 5.0.23 远程代码执行漏洞 ThinkPH P 多语言本地文件包含漏洞] |
2023-08-31 06:46:17 | |
ThinkphpGUI | 1.3 | Thinkphp(GUI)漏洞利用工具,支持各版本TP漏洞检测,命 令执行,getshell。 |
2022-06-01 18:48:29 |
Aazhen-RexHa | 自研JavaFX图形化漏洞扫描工具,支持扫描的漏洞分别是: ThinkPHP-2.x-RCE, ThinkPHP-5.0.23-RCE, ThinkPHP5.0 .x-5.0.23通杀RCE, ThinkPHP5-SQL注入&敏感信息泄露, T hinkPHP 3.x 日志泄露NO.1, ThinkPHP 3.x 日志泄露NO.2 , ThinkPHP 5.x 数 |
2023-03-27 07:38:18 | |
ThinkphpRCE | Thinkphp rce扫描脚本,附带日志扫描 | 2020-06-19 05:18:13 | |
thinkphp-RCE-POC- Collection |
thinkphp v5.x 远程代码执行漏洞-POC集合 | 2019-01-15 07:04:12 | |
tphack | Thinkphp3/5 Log文件泄漏利用工具 | 2018-02-04 18:13:19 | |
tp5-getshell | thinkphp5 rce getshell | 2018-12-14 03:20:50 | |
ThinkPHP-Vuln | 关于ThinkPHP框架的历史漏洞分析集合 | 2020-01-18 16:11:00 | |
fastadmin | 基于 ThinkPHP5 和 Bootstrap 的极速后台开发框架,一键 生成 CRUD,自动生成控制器、模型、视图、JS、语言包、菜 单、回收站。 |
2022-05-30 06:51:49 | |
ThinkAdmin | 基于 ThinkPHP6 的极简后台管理系统,内置注解权限、异 步多任务、应用插件生态等,支持类 PaaS 更新公共模块和应 用插件,插件可本地化定制开发。 |
2023-12-31 13:07:11 | |
TPscan | 一键ThinkPHP漏洞检测 | 2022-09-28 09:27:15 |
vmware
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Vm4J | A tool for detect&exploit vmware product log4j(cve-2 021-44228) vulnerability.Support VMware HCX/vCenter/N SX/Horizon/vRealize Operations Manager |
2022-01-07 01:01:13 | |
VcenterKiller | v1.3.6 | 一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2 021-21972、CVE-2021-21985以及CVE-2021-22005、One Acce ss的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提 供一键上传webshell,命令执行或者上传公钥使用SSH免密连 接 |
2022-12-15 04:07:21 |
Weblogic
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CVE-2023-21839 | 2023-04-23 17:54:49 | ||
weblogic-framewor k |
v0.2.3 | weblogic-framework is the best tool for detecting we blogic vulnerabilities. |
2022-01-25 07:51:44 |
WeblogicTool | v1.3 | WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执 行、内存马注入、密码解密等(深信服深蓝实验室天威战队强 力驱动) |
2023-07-06 16:05:15 |
Decrypt_Weblogic_ Password |
搜集了市面上绝大部分weblogic解密方式,整理了7种解密w eblogic的方法及响应工具。 |
2019-11-29 15:39:17 | |
weblogicScanner | weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力 :CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-201 7-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628 、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-201 8 |
2022-07-17 12:41:40 | |
CVE-2017-10271 | CVE-2017-10271 WEBLOGIC RCE (TESTED) | 2017-12-23 13:10:09 | |
Weblogic | Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执 行 |
2019-07-15 06:02:30 | |
WebLogicPasswordD ecryptorUi |
v2.0 | 解密weblogic AES或DES加密方法 | 2020-12-03 04:29:33 |
WeblogicScan | 增强版WeblogicScan、检测结果更精确、插件化、添加CVE- 2019-2618,CVE-2019-2729检测,Python3支持 |
2019-06-24 06:06:26 | |
CVE-2020-2551 | how detect CVE-2020-2551 poc exploit python Weblogic RCE with IIOP |
2023-03-05 12:40:58 | |
CNVD-C-2019-48814 | WebLogic wls9-async反序列化远程命令执行漏洞 | 2019-05-26 13:36:18 | |
cve-2019-2618 | Weblogic Upload Vuln(Need username password)-CVE-201 9-2618 |
2019-04-17 15:05:08 | |
CVE-2019-2890 | CVE-2019-2890 WebLogic 反序列化RCE漏洞 | 2019-12-08 05:50:42 | |
CVE-2020-2551 | Weblogic RCE with IIOP | 2020-01-18 07:14:33 | |
CVE-2018-2894 | CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script |
2018-07-20 12:46:37 | |
WeblogicEnvironme nt |
Weblogic环境搭建工具 | 2020-04-23 07:36:47 | |
WeblogicScanLot | WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2 | 2020-08-01 02:45:01 | |
CVE-2020-14645 | Weblogic CVE-2020-14645 UniversalExtractor JNDI inje ction getDatabaseMetaData() |
2020-07-20 03:51:05 | |
CVE-2020-14756 | WebLogic T3/IIOP RCE ExternalizableHelper.class of c oherence.jar |
2021-01-27 01:40:55 | |
CVE-2020-2551 | Weblogic IIOP CVE-2020-2551 | 2020-04-07 03:32:23 | |
CVE-2020-2555 | Weblogic com.tangosol.util.extractor.ReflectionExtra ctor RCE |
2022-12-15 00:36:55 | |
CVE-2020-2883 | Weblogic coherence.jar RCE | 2020-05-10 09:29:35 |
常规web漏洞
CLRF
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CRLFsuite |
CORS
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CORScanner | 1.0.1 | 🎯 Fast CORS misconfiguration vulnerabilities scanne r |
2021-11-25 07:25:11 |
DOS
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
slowhttptest | v1.9.0 | Application Layer DoS attack simulator | 2023-09-11 17:57:32 |
JWT
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JWT_GUI | replace _brute_e rror |
基于pyqt5和pyjwt实现的jwt加解密爆破一体化工具(ps:其 实是水的python课设) |
2023-07-24 12:26:10 |
JWTPyCrack | JWT 弱口令 Key 爆破以及生成 NONE 加密的无 Key 的 JWT String |
2021-09-22 05:49:33 | |
jwt-hack | v1.1.2 | 🔩 jwt-hack is tool for hacking / security testing t o JWT. Supported for En/decoding JWT, Generate payloa d for JWT attack and very fast cracking(dict/brutefoc e) |
2023-05-06 07:33:26 |
jwt_tool | v2.2.6 | 🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens |
2022-09-09 11:00:11 |
RS256-2-HS256 | JWT Attack to change the algorithm RS256 to HS256 | 2023-05-08 13:07:03 | |
c-jwt-cracker | JWT brute force cracker written in C | 2021-01-12 17:34:41 | |
jwt-fuzzer | JWT fuzzer | 2018-07-24 15:22:26 | |
JWT4B | 2.3 | JWT Support for Burp | 2023-04-21 09:25:29 |
SQL注入
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ghauri | 1.3 | An advanced cross-platform tool that automates the p rocess of detecting and exploiting SQL injection secu rity flaws |
2024-01-04 11:56:25 |
sqlmap | 1.8 | Automatic SQL injection and database takeover tool | 2024-01-11 15:11:40 |
MSSQL_SQL_BYPASS_ WIKI |
MSSQL注入提权,bypass的一些总结 | 2023-02-16 16:25:30 | |
MYSQL_SQL_BYPASS_ WIKI |
mysql注入,bypass的一些心得 | 2023-02-16 16:24:50 | |
sql-injection-pay load-list |
🎯 SQL Injection Payload List | 2021-06-09 17:45:57 |
SSRF
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SSRFmap | Automatic SSRF fuzzer and exploitation tool | 2023-05-27 19:30:08 | |
ssrf-sheriff | A simple SSRF-testing sheriff written in Go | 2019-10-14 16:55:34 |
SSTI
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
tplmap | v0.5 | Server-Side Template Injection and Code Injection De tection and Exploitation Tool |
2022-02-06 15:13:15 |
SSTImap | v1.1 | Automatic SSTI detection tool with interactive inter face |
2023-06-01 22:42:34 |
ssti-payload | SSTI Payload Generator | 2019-07-03 15:41:35 |
XSS
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
beef | v0.5.4. 0 |
The Browser Exploitation Framework Project | 2024-01-07 01:33:31 |
xsscrapy | XSS spider - 66/66 wavsep XSS detected | 2022-04-25 16:15:45 | |
findom-xss | A fast DOM based XSS vulnerability scanner with simp licity. |
2022-03-02 15:50:42 | |
dalfox | v2.9.1 | 🌙🦊 Dalfox is a powerful open-source XSS scanner an d utility focused on automation. |
2024-01-01 05:37:50 |
Chromium-based-XS S-Taint-Tracking |
v0.3 | Cyclops 是一款具有 XSS 检测功能的浏览器 | 2022-06-05 23:43:51 |
XXE
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
oxml_xxe | A tool for embedding XXE/XML exploits into different filetypes |
2023-05-05 11:11:20 | |
docem | 1.3 | Uility to embed XXE and XSS payloads in docx,odt,pp tx,etc (OXML_XEE on steroids) |
2020-07-28 10:30:41 |
解析漏洞
####### Nginx
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
nginxpwner | Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. |
2022-10-27 07:15:00 |
文件包含
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
liffy | Local file inclusion exploitation tool | 2022-09-30 18:35:20 |
漏洞检测利用仓库
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
PocList | Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021- 25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic -CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-Ultr aVires/Redis-Unauthori |
2023-05-11 14:36:58 | |
Some-PoC-oR-ExP | 各种漏洞poc、Exp的收集或编写 | 2023-08-23 07:23:32 | |
POChouse | POC&EXP仓库、hvv弹药库、Nday、1day | 2022-11-11 08:02:58 | |
0day | 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新 |
2023-09-12 00:57:05 | |
vulnerability | 收集、整理、修改互联网上公开的漏洞POC | 2024-01-11 08:59:32 | |
Awesome-Exploit | 一个漏洞利用工具仓库 | 2023-07-05 01:49:54 | |
CVE-Master | v1.0.1 | 收集本人自接触渗透测试用于漏洞验证的所有热门CVE、POC 、CNVD攻击有效载荷+测试工具+FUZZ,一个仓库满足许多攻击 测试场景,开箱即用. |
2022-09-18 14:43:11 |
poc-hub | 2023-04-04 03:20:05 | ||
PocOrExp_in_Githu b |
聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Au to Collect Poc Or Exp from Github by CVE ID. |
2024-01-13 21:35:10 | |
exphub | Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat 、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CV E-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-202 0-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555 、C |
2021-04-04 09:13:57 |
漏洞利用辅助
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JNDIExploit | 1.1 | 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JND I项目的代码,支持直接植入内存shell,并集成了常见的byp ass 高版本JDK的方式,适用于与自动化工具配合使用。 |
2022-08-30 12:47:34 |
cola_dnslog | v1.3.2 | Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探 测辅助平台 完全开源 dnslog httplog ldaplog rmilog 支持 dns http ldap rmi等协议 提供API调用方式便于与其他工具 结合 支持钉钉机器人、Bark等提醒 支持docker一键部署 后 端完全使用python实现 前端基于vue-elemen |
2023-02-06 04:48:56 |
godnslog | v0.7.0 | An exquisite dns&http log server for verify SSRF/XXE /RFI/RCE vulnerability |
2022-03-14 07:39:00 |
Exp-Tools | v1.2.3 | 一款集成高危漏洞exp的实用性工具 | 2023-10-15 07:28:21 |
ysoserial | v0.0.6 | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
2022-07-16 19:09:00 |
DNSlog-GO | master | DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具 ,自带WEB界面 / DNSLog-GO is a monitoring tool written in Golang that monitors DNS resolution records. It c omes with a web interface. |
2023-10-08 02:32:31 |
revsuit | v0.7.1 | RevSuit is a flexible and powerful reverse connectio n platform designed for receiving connection from tar get host in penetration. |
2023-06-01 16:36:44 |
JNDIExploit-1 | v1.2 | 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见 的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 (from https://github.com/feihong-cs/JNDIExploit) |
2021-12-15 12:09:05 |
JNDIExploit | 2023-07-11 08:58:52 | ||
ddddocr | 带带弟弟 通用验证码识别OCR pypi版 | 2023-08-30 13:24:01 | |
ysoserial | 2023-04-19 12:00:21 | ||
Gopherus | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |
2022-07-11 12:11:56 | |
ysomap | v0.1.5 | A helpful Java Deserialization exploit framework. | 2023-12-20 07:41:33 |
JNDIExploit | v1.4 | 对原版https://github.com/feihong-cs/JNDIExploit 进行 了实用化修改 |
2022-10-16 17:13:30 |
Antenna | v1.3.5 | Antenna是58同城安全团队打造的一款辅助安全从业人员验 证网络中多种漏洞是否存在以及可利用性的工具。其基于带外 应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能 力通过插件的形式进行集合,通过与目标进行out-bind的数据 通信方式进行辅助检测。 |
2023-06-06 10:04:37 |
jndi_tool | JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存she ll,高版本JDK场景下利用等,fastjson rce命令执行,log4 j rce命令执行 漏洞检测辅助工具 |
2022-08-17 09:34:47 | |
DNSLog | DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具 。 |
2018-11-14 09:07:48 | |
Alphalog | 1.0.0.R elease |
DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全 匿名 产品(fuzz.red),Alphalog与传统DNSLog不同,更快、 更安全。 |
2023-04-07 05:29:54 |
DNSLog-Platform-G olang |
v0.3 | DNSLOG平台 golang | 2021-12-30 03:29:29 |
JNDI-Exploit-Kit | JNDI-Exploitation-Kit(A modified version of the gre at JNDI-Injection-Exploit created by @welk1n. This to ol can be used to start an HTTP Server, RMI Server an d LDAP Server to exploi |
2022-01-11 06:21:45 | |
JNDI-Injection-Ex ploit |
v1.0 | JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection v ulnerability,like Jackson,Fastjson,etc) |
2020-01-19 03:49:07 |
JNDIMonitor | 一个LDAP请求监听器,摆脱dnslog平台 | 2023-04-07 10:19:37 |
漏洞利用框架
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
woodpecker-framew ork-release |
1.3.5 | 高危漏洞精准检测与深度利用框架 | 2023-01-08 09:11:17 |
漏洞文库
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
VulWiki | VulWiki | 2021-03-09 08:16:32 | |
FrameVul | POC集合,框架nday漏洞利用 | 2024-01-04 09:26:20 | |
bylibrary | 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开 项目 |
2022-08-15 14:27:05 | |
vulbase | 各大漏洞文库合集 | 2021-10-05 01:04:37 | |
PoC-ExP | 【漏洞Poc知识库】一个网络安全爱好者对网络上一些已知 漏洞payload的收录,持续更新。并编写了利用脚本,可用于 日常学习或批量的src漏洞挖掘 |
2022-09-23 05:22:17 | |
Report_Public | DVPNET 公开漏洞知识库 | 2021-06-10 06:26:03 | |
yougar0.github.io | 漏洞知识库 | 2021-03-31 10:57:28 | |
BUG-Pocket | 小型漏洞库,提供FOFA语法及批量脚本,具体利用法请参考 别的漏洞库,共4种类型47项 |
2021-07-31 02:01:39 | |
PeiQi-WIKI-Book | 面向网络安全从业者的知识文库🍃 | 2023-11-08 06:09:01 | |
WiKi | 稻草人安全团队漏洞库 | 2021-07-24 07:10:31 | |
Awesome-POC | 一个漏洞POC知识库 | 2023-11-30 09:43:04 | |
Vulhub-Reproduce | 一个Vulhub漏洞复现知识库 | 2024-01-04 03:13:18 | |
Vulnerability-Wik i |
v1.0 | 基于 docsify 部署,目前漏洞数量 1000+ | 2024-01-04 03:12:12 |
PoC-in-GitHub | 📡 PoC auto collect from GitHub. ware. |
2024-01-14 00:31:16 |
信息泄露漏洞
.DS_Store泄露
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ds_store_exp | A .DS_Store file disclosure exploit. It parses .DS_S tore file and downloads files recursively. |
2022-06-16 02:22:00 |
.git泄露
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
git-dumper | A tool to dump a git repository from a website | 2022-05-07 04:39:31 | |
GitHack | .git 泄漏利用工具,可还原历史版本 | 2020-02-25 10:15:10 | |
scrabble | Simple tool to recover .git folder from remote serve r |
2014-10-09 17:36:37 | |
GitHack | A .git folder disclosure exploit | 2022-05-09 13:16:57 | |
GitDorker | A Python program to scrape secrets from GitHub throu gh usage of a large repository of dorks. |
2021-05-07 06:11:57 | |
Git_Extract | 提取远程 git 泄露或本地 git 的工具 | 2020-11-14 14:48:56 |
.svn泄露
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
svnExploit | SvnExploit支持SVN源代码泄露全版本Dump源码 | 2022-12-20 09:22:50 |
heapdump泄露
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JDumpSpider | dev-202 30406T03 1230 |
HeapDump敏感信息提取工具 | 2023-04-06 03:11:35 |
heapdump_tool | heapdump敏感信息查询工具,例如查找 spring heapdump中 的密码明文,AK,SK等 |
2023-11-07 10:53:08 |
idea
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
idea_exploit | Gather sensitive information from (.idea) folder for pentesters |
2022-08-05 11:20:35 |
key泄露
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
cloudTools | main | 云资产管理工具 目前工具定位是云安全相关工具,目前是 两个模块 云存储工具、云服务工具, 云存储工具主要是针对 oss存储、查看、删除、上传、下载、预览等等 云服务工具 主要是针对rds、服务器的管理,查看、执行命令、接管等等 |
2023-10-14 08:49:08 |
AliyunAccessKeyTo ols |
1.0 | 阿里云AccessKey泄漏利用工具 | 2021-07-16 00:52:34 |
API-T00L | v1.2 | 互联网厂商API利用工具。 | 2023-09-14 10:11:38 |
cf | 2023-07-05 00:29:39 | ||
Cloud-Bucket-Leak -Detection-Tools |
v0.4.0 | 六大云存储,泄露利用检测工具 | 2022-08-25 09:31:28 |
aksk_tool | AK资源管理工具,阿里云/腾讯云/华为云/AWS/UCLOUD/京东 云/百度云/七牛云存储 AccessKey AccessKeySecret,利用AK 获取资源信息和操作资源,ECS/CVM/E2/UHOST/ECI/BCC执行命 令,OSS/COS/S3/BOS管理,RDS/DB管理,域名管理,添加RAM/ CAM/IAM账号等 |
2023-04-24 09:21:41 |
swagger接口
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
swagger-hack | 自动化爬取并自动测试所有swagger接口 | 2021-08-02 05:39:49 | |
swagger-exp | A Swagger API Exploit | 2023-04-21 06:44:01 |
Webpack接口
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Packer-Fuzzer | v1.4 | Packer Fuzzer is a fast and efficient scanner for se curity detection of websites constructed by javascrip t module bundler such as Webpack. |
2023-01-17 09:41:54 |
代码泄露综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
dvcs-ripper | Rip web accessible (distributed) version control sys tems: SVN/GIT/HG... |
2020-08-17 16:38:26 | |
dumpall | v0.4.0 | 一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏 和目录列出 |
2022-07-05 05:30:40 |
敏感数据泄露
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JSFScan.sh | Automation for javascript recon in bug bounty. | 2022-11-04 03:20:29 | |
SecretFinder | SecretFinder - A python script for find sensitive da ta (apikeys, accesstoken,jwt,..) and search anything on javascript files |
2021-06-26 07:43:14 | |
Mantra | v.1.1 | 「🔑」A tool used to hunt down API key leaks in JS f iles and pages |
2023-07-08 18:59:06 |
重点CMS利用
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
wprecon | |||
wpreconx | 2.4.5 | WPRecon, is a tool for the recognition of vulnerabil ities and blackbox information for wordpress. |
2022-10-22 19:35:25 |
CMSmap | CMSmap is a python open source CMS scanner that auto mates the process of detecting security flaws of the most popular CMSs. |
2018-10-26 18:45:03 | |
QVD-2023-13065 | Nacos JRaft Hessian 反序列化 RCE EXP | 2023-06-13 09:56:04 | |
wordpress-exploit -framework |
v2.0.1 | A Ruby framework designed to aid in the penetration testing of WordPress systems. |
2019-11-24 19:04:43 |
CVE-2023-33246 | Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exp loit |
2023-06-01 05:54:25 | |
EgGateWayGetShell | Code By:Tas9er | 2021-01-14 01:05:29 | |
Apt_t00ls | v0.7 | 高危漏洞利用工具 | 2023-08-13 12:33:36 |
wpscan | v3.8.25 | WPScan WordPress security scanner. Written for secur ity professionals and blog maintainers to test the se curity of their WordPress websites. Contact us via co [email protected] |
2023-12-01 17:44:24 |
LandrayExploit | 2021-07-27 08:20:41 | ||
weaver_exp | 泛微OA漏洞综合利用脚本 | 2021-06-28 19:02:37 | |
2021hvv_vul | 2021hvv漏洞汇总 | 2021-04-24 04:17:06 | |
CMS-Exploit-Frame work |
CMS Exploit Framework | 2014-11-30 05:17:43 | |
CMS-Hunter | CMS漏洞测试用例集合 | 2018-12-20 06:44:32 |
子域接管
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SubOver | v1.2 | A Powerful Subdomain Takeover Tool | 2018-08-30 00:38:45 |
端口服务安全
服务漏洞
JDWP
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
jdwp-shellifier | 2017-01-14 00:36:18 | ||
jdwp-shellifier | 修改利用方式为通过对Sleeping的线程发送单步执行事件, 达成断点,从而可以直接获取上下文、执行命令,而不用等待 断点被击中。 |
2020-02-27 12:27:27 | |
jdwp-codeifier | 基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本(动态执 行Java/Js代码并获得回显) |
2023-12-06 07:45:48 |
rdp
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CVE-2019-0708 | 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rd pscan Bluekeep Check) |
2019-06-13 13:07:02 | |
CVE-2019-0708 | CVE-2019-0708 (BlueKeep) | 2020-07-07 15:27:55 |
RMI
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
attackRmi | v2.0 | 2021-12-30 08:06:46 | |
rmiscout | v1.4 | RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI paramete r unmarshalling vulnerabilities |
2020-12-08 12:51:04 |
BaRMIe | v1.01 | Java RMI enumeration and attack tool. | 2017-09-28 22:37:50 |
attackRmi | v0.1 | attackRmi | 2020-10-14 08:07:36 |
数据库利用
mssql
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
mssqlproxy | 0.1 | mssqlproxy is a toolkit aimed to perform lateral mov ement in restricted environments through a compromise d Microsoft SQL Server via socket reuse |
2020-08-13 11:53:38 |
SharpSQLTools | 41 | SharpSQLTools 和@Rcoil一起写的小工具,可上传下载文件 ,xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集 执行相应操作。 |
2021-08-05 12:39:51 |
SqlKnife_0x727 | 1.2 | 适合在命令行中使用的轻巧的SQL Server数据库安全检测工 具 |
2021-10-22 06:18:03 |
PySQLTools | Mssql利用工具 | 2023-08-07 05:03:28 |
Oracle
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
odat | 5.1.1 | ODAT: Oracle Database Attacking Tool | 2022-06-20 08:09:48 |
oracleShell | oracle 数据库命令执行 | 2020-11-06 02:20:25 |
postgresql
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
postgresql_udf_he lp |
PostgreSQL 提权辅助脚本 | 2021-08-23 08:25:06 |
redis
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
RabR | 0.6.2 | Redis-Attack By Replication (通过主从复制攻击Redis) | 2022-11-25 06:43:58 |
redis-rogue-serve r |
Redis 4.x/5.x RCE | 2020-12-06 07:02:12 | |
redis-rogue-serve r |
Redis(<=5.0.5) RCE | 2022-10-13 03:29:51 | |
redis-rce | Redis 4.x/5.x RCE | 2021-11-30 14:55:59 | |
RedisEXP | 0.0.3 | Redis 漏洞利用工具 | 2023-08-02 16:59:50 |
redis_rce | v0.1.0 | Redis primary/secondary replication RCE | 2022-04-18 02:32:09 |
RedisModules-Exec uteCommand-for-Win dows |
可在Windows下执行系统命令的Redis模块,可用于Redis主 从复制攻击。 |
2022-11-25 06:46:12 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
RequestTemplate | 2023-04-07 07:26:03 | ||
Databasetools | 1.2 | 一款用Go语言编写的数据库自动化提权工具,支持Mysql、M SSQL、Postgresql、Oracle、Redis数据库提权、命令执行、 爆破以及ssh连接 |
2023-02-19 10:42:49 |
MDUT | v2.1.1 | MDUT - Multiple Database Utilization Tools | 2022-10-13 05:34:29 |
PentestDB | 各种数据库的利用姿势 | 2023-03-28 05:09:44 | |
Sylas | beta | 数据库综合利用工具 | 2022-02-16 14:41:49 |
后渗透
代理转发
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
http://rootkiter.com/Termite/ | |||
dns2tcp | v0.5.2 | 2017-11-23 14:59:37 | |
nps | v0.26.1 0 |
一款轻量级、高性能、功能强大的内网穿透代理服务器。支 持tcp、udp、socks5、http等几乎所有流量转发,可用来访问 内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns 解析、内网socks5代理等等……,并带有功能强大的web管理 端。a lightweight, high-performance, powerful intranet penet |
2021-10-09 07:18:41 |
pingtunnel | 2.8 | Pingtunnel is a tool that send TCP/UDP traffic over ICMP |
2023-11-29 03:52:29 |
frp | v0.53.2 | A fast reverse proxy to help you expose a local serv er behind a NAT or firewall to the internet. |
2024-01-09 10:50:50 |
pystinger | v1.6 | Bypass firewall for traffic forwarding using webshel l 一款使用webshell进行流量转发的出网工具 |
2021-09-29 13:13:36 |
Erfrp | v0.1 | Erfrp-frp二开-免杀与隐藏 | 2022-12-04 10:46:57 |
dnscat2 | 2022-01-03 20:48:20 | ||
ngrok | Introspected tunnels to localhost | 2016-05-31 00:10:41 | |
icmpsh | |||
PortForward | 0.5.0 | The port forwarding tool developed by Golang solves the problem that the internal and external networks c annot communicate in certain scenarios |
2021-04-23 16:40:39 |
Neo-reGeorg | v5.1.0 | Neo-reGeorg is a project that seeks to aggressively refactor reGeorg |
2023-07-09 09:31:18 |
rakshasa | v0.2.3 | 基于go编写的跨平台、稳定、隐秘的多级代理内网穿透工具 | 2023-04-23 06:50:02 |
frp_cmd | v0.38.0 _modify |
frp修改版,增加socks、pf命令,便捷启用socks5代理、端 口转发,且去除流量特征,增加loadini命令,支持命令行参 数导入base64编码的配置文件 |
2021-12-05 14:25:30 |
Stowaway | v2.1 | 👻Stowaway -- Multi-hop Proxy Tool for pentesters | 2023-10-28 04:17:23 |
slcx | v1.0.2 | 端口转发工具,绕过流量安全检测。 | 2023-08-05 07:52:12 |
reGeorg | The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn. |
2017-02-16 11:39:15 | |
goproxy | v14.1 | 🔥 Proxy is a high performance HTTP(S) proxies, SOCK S5 proxies,WEBSOCKET, TCP, UDP proxy server implement ed by golang. Now, it supports chain-style proxies,na t forwarding in differe |
2023-10-24 04:45:51 |
suo5 | v1.0.0 | 一款高性能 HTTP 代理隧道工具 | A high-performance ht tp proxy tunneling tool |
https://www.proxifier.com/ |
后渗透框架
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
metasploit-framew ork |
Metasploit Framework | 2024-01-12 15:04:09 |
内网横向工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Intranet-Movement -Kit |
V1.0 | 内网横向移动工具箱 | 2023-08-28 07:22:55 |
OLa | OLa__20 220724 |
2022-08-15 06:37:48 | |
impacket | impacke t_0_11_0 |
Impacket is a collection of Python classes for worki ng with network protocols. |
2024-01-11 20:46:39 |
VMInjector | DLL Injection tool to unlock guest VMs | 2012-11-14 15:08:04 | |
Intranet-tools | 2023-09-15 04:31:07 | ||
sharpwmi | v2 | sharpwmi是一个基于rpc的横向移动工具,具有上传文件和 执行命令功能。 |
2021-01-11 07:10:53 |
WMIHACKER | A Bypass Anti-virus Software Lateral Movement Comman d Execution Tool |
2023-01-30 13:17:30 | |
java-impacket-gui | java-impacket-gui | 2023-09-07 12:55:07 | |
Impacket_For_Web | 2023-09-06 05:26:46 | ||
wmiexec-Pro | v0.2.6 | New generation of wmiexec.py | 2023-07-31 03:58:14 |
impacket-gui | impacket-gui | 2023-09-04 08:25:09 | |
https://xz.aliyun.com/t/9382 |
内网漏洞发现
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Template | v1.2.5 | Next generation RedTeam heuristic intranet scanning |
下一代RedTeam启发式内网扫描 |
ServerScan | v1.0.2 | ServerScan一款使用Golang开发的高并发网络扫描、服务探 测工具。 |
2021-02-23 05:57:32 |
ADCSKiller | An ADCS Exploitation Automation Tool Weaponizing Cer tipy and Coercer |
2023-05-19 14:43:36 | |
Gscan | v1.0 | Gscan is a high concurrency scanner based on golang | 2020-01-12 01:25:03 |
goon | v3.5 | goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具 。功能包含:ip探活、port扫描、web指纹扫描、title扫描、 压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgre s、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如ne tbios探测等功能。 |
2022-08-23 16:20:26 |
InScan | 边界打点后的自动化渗透工具 | 2021-07-19 09:34:40 | |
kscan | v1.85 | Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协 议检测、指纹识别,暴力破解等功能。支持协议1200+,协议 指纹10000+,应用指纹20000+,暴力破解协议10余种。 |
2023-08-22 10:45:48 |
fscan | 1.8.3 | 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描 。 |
2023-12-25 09:57:28 |
内网信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ATAttack | 敌后侦察 | 2020-04-05 14:06:02 | |
netspy | v0.0.5 | netspy是一款快速探测内网可达网段工具(深信服深蓝实验 室天威战队强力驱动) |
2022-05-12 06:38:37 |
SharpHostInfo | v0.0.1 | SharpHostInfo是一款快速探测内网主机信息工具(深信服 深蓝实验室天威战队强力驱动) |
2022-12-15 12:49:17 |
HostInfoScan | 红队小工具 | 利用DCERPC协议,无需认证获取Windows机器 主机信息和多网卡信息 |
|
netdiscover | netdiscover | 2022-10-12 12:28:44 | |
Adinfo | v0.3 | 域信息收集工具 | 2022-09-16 07:49:23 |
ClipboardHistoryT hief |
POC tool to extract all persistent clipboard history data from clipboard service process memory |
2023-04-15 07:09:20 | |
TakeMyRDP | A keystroke logger targeting the Remote Desktop Prot ocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystroke s in certain contexts |
2023-08-02 02:23:28 |
权限提升
linux提权
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
PEASS-ng | 2024010 7-6fec90 a8 |
PEASS - Privilege Escalation Awesome Scripts SUITE ( with colors) |
2024-01-13 15:36:49 |
dirtycow | Dirty Cow exploit - CVE-2016-5195 | 2021-04-08 11:35:12 | |
traitor | v0.0.14 | ⬆️ ☠️ 🔥 Automatic L inux privesc via exploitation of low-hanging fruit e. g. gtfobins, pwnkit, dirty pipe, +w docker.sock |
2023-03-07 22:06:41 |
LinEnum | Scripted Local Linux Enumeration & Privilege Escalat ion Checks |
2020-01-07 09:20:33 | |
https://i.hacking8.com/tiquan/ |
windows提权
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BadPotato | Windows 权限提升 BadPotato | 2020-05-10 15:42:20 | |
Windows-exploits | Windows Exploits Collecti ons |
Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用 工具。 A large collection of rights raising vulnerabil ities on the windows platform, which collects various rights raising vulnerability utilization tool |
2023-01-04 11:10:42 |
CoercedPotato | Windows potato to privesc | 2023-11-03 20:58:16 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Kernelhub | v1.1 | 🌴Linux、macOS、Windows Kernel privilege es calation vulnerability collection, with compilation e nvironment, demo GIF map, vulnerability details, exec utable file (提权漏洞合集) |
2023-02-15 06:44:08 |
权限维持
Shell管理
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
antSword | 2.1.15 | 中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit. |
2022-08-18 01:49:03 |
Godzilla | v4.0.1- godzilla |
哥斯拉 | 2023-03-07 07:33:10 |
WebshellManager | w8ay 一句话WEB端管理工具 | 2017-02-01 05:18:26 | |
Cknife | Cknife | 2016-08-03 08:24:36 | |
Webshell_Generate | v1.2.3 | 用于生成各类免杀webshell | 2023-06-19 03:21:09 |
java-memshell-gen erator-release |
v1.0.7. beta3 |
一款支持高度自定义的 Java 内存马生成工具 | 2023-11-01 04:18:55 |
Behinder | Behinde r_v4.0.6 |
“冰蝎”动态二进制加密网站管理客户端 | 2022-08-23 02:50:39 |
Platypus | v1.5.0 | 🔨 A modern multiple reverse shell sessions ma nager written in go |
2023-08-16 02:43:03 |
As-Exploits | 中国蚁剑后渗透框架 | 2021-08-09 12:58:00 |
webshell
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
webshell | 这是一些常用的webshell | 2017-08-10 05:55:01 | |
AwesomeScript | AntSword Shell 脚本分享/示例 | 2021-05-23 06:02:50 | |
AntSword-Loader | 4.0.3 | AntSword 加载器 | 2019-06-17 02:57:28 |
AwesomeEncoder | AntSword 自定义编(解)码器分享 | 2021-03-05 14:46:57 | |
vagent | v1.0.0 | 多功能 java agent 内存马 | 2023-10-08 05:21:38 |
后门
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CloneX_0x727 | 1.0 | 进行克隆用户、添加用户等账户防护安全检测的轻巧工具 | 2021-09-03 09:08:01 |
SchTask_0x727 | v1.0 | 创建隐藏计划任务,权限维持,Bypass AV | 2021-09-01 01:34:51 |
HackerPermKeeper | 6.0 | 2024-01-02 10:23:59 | |
CreateHiddenAccou nt |
0.2 | A tool for creating hidden accounts using the regist ry |
|
ShadowUser | 影子用户 克隆 | 2021-12-30 03:19:17 |
免杀
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
AV_Evasion_Tool | 2023082 3 |
掩日 - 免杀执行器生成工具 | 2023-08-23 06:25:21 |
killEscaper | Shellcode 免杀生成器 绕过火绒、360(Windows版本) | 2023-06-15 01:17:47 | |
ShellCode_Loader | v0.0.1 | ShellCode_Loader - Msf&CobaltStrike免杀ShellCode加载 器、Shellcode_encryption - 免杀Shellcode加密生成工具, 目前测试免杀360&火绒&电脑管家&Windows Defender(其他杀 软未测试)。 |
2022-09-20 07:24:25 |
encdecshellcode | Shellcode Encrypter & Decrypter via XOR Cipher | 2019-08-29 11:19:16 | |
SysWhispers2 | AV/EDR evasion via direct system calls. | 2022-09-03 07:31:06 | |
shellcodeloader | v1.1 | shellcodeloader | 2020-12-02 05:51:58 |
GobypassAV-shellc ode |
shellcode免杀加载器,使用go实现,免杀bypass火绒、360 、核晶、def等主流杀软 |
2023-08-03 04:37:38 | |
Qianji | Qianji_ BypassAV -sandbox -2023111 5 |
千机-红队免杀木马自动生成器 Bypass defender、火绒、3 60等国内主流杀软 随机加密混淆shellcode快速生成免杀马 |
2024-01-11 13:10:49 |
bypassAV | 免杀shellcode加载器 | 2021-05-18 05:03:03 | |
BypassAntiVirus | 远控免杀系列文章及配套工具,汇总测试了互联网上的几十 种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干 免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀 和杀软对抗免杀提供参考。 |
2022-08-23 08:00:46 | |
GoBypassAV | 整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测 试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一 些资料和工具。 |
2022-08-23 08:03:28 | |
SharpShellcodeLoa der_Rc4Aes |
用于解密并加载shellcode,支持RC4和AES两种解密方法, 并使用DInvoke来动态调用WinAPI函数,从而尝试绕过某些安 全解决方案 |
2023-10-07 07:22:24 | |
noterce | 1.3 | 一种另辟蹊径的免杀执行系统命令的木马 | 2023-05-10 10:30:39 |
ZheTian | v3 | ::ZheTian / 强大的免杀生成工具,Bypass All. | 2022-12-05 09:55:50 |
go-shellcode | Load shellcode into a new process | 2021-06-02 12:52:36 | |
0xUBypass | 1.0.0 | AntiAV shellcode loader | 2023-11-21 01:27:44 |
免杀相关
痕迹隐藏
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
go-strip | v3.0 | 清除Go编译时自带的信息 | 2022-07-20 05:56:33 |
签名伪造
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Sign-Sacker | 代码微 调,项目 停更 |
Sign-Sacker(签名掠夺者):一款数字签名复制器,可将其 他官方exe中数字签名,图标,详细信息复制到没有签名的exe 中,作为免杀,权限维持,伪装的一种小手段。 |
2024-01-04 07:39:09 |
SigThief | Stealing Signatures and Making One Invalid Signature at a Time |
2021-08-11 19:34:42 |
图标提取
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BeCyIconGrabberPo rtable |
BeCyIconGrabber allows you to extract icons from alm ost any file! |
2019-06-30 08:30:25 |
文件时间修改
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ChTimeStamp | Changing the Creation time and the Last Written time of a dropped file by the timestamp of other one , li ke the "kernel32.dll" timestamp |
2022-10-01 17:03:03 | |
ChangeTimestamp | 一键修改exe、dll的编译时间、创建时间、修改时间和访问 时间 |
2023-04-16 03:10:07 |
远控
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
trojan_simple_dem o |
简单的用python写的远控demo 执行命令 只一个心跳完成所 有操作 |
2022-10-07 12:51:43 | |
Supershell | v2.0.0 | Supershell C2 远控平台,基于反向SSH隧道获取完全交互 式Shell |
2023-09-26 13:49:47 |
SimpleRemoter | v1.0.0. 5 |
基于gh0st的远程控制器:实现了终端管理、进程管理、窗 口管理、远程桌面、文件管理、语音管理、视频管理、服务管 理、注册表管理等功能,优化全部代码及整理排版,修复内存 泄漏缺陷,程序运行稳定。项目代码仅限于学习和交流用途。 |
2021-03-14 12:55:22 |
sliver | v1.5.41 | Adversary Emulation Framework | 2024-01-11 18:28:08 |
域渗透工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ShuiYing_0x727 | V1.0 | 检测域环境内,域机器的本地管理组成员是否存在弱口令和 通用口令,对域用户的权限分配以及域内委派查询 |
2021-08-10 07:27:37 |
BloodHound | v4.3.1 | Six Degrees of Domain Admin | 2023-08-08 21:48:35 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Viper | 2023-12 -03-13-4 4-27 |
Redteam operation platform with webui 图形化红队行动 辅助平台 |
2023-12-31 03:08:26 |
Ladon | v12.2 | Ladon大型内网渗透工具,可PowerShell模块化、可CS插件 化、可内存加载,无文件扫描。含端口扫描、服务识别、网络 资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以 及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支 持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能, 网络资产探测模块32个通过多种协议(ICMP\N |
2023-12-19 15:05:38 |
客户端漏洞
向日葵
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
sunlogin_rce | new | 向日葵 RCE | 2022-02-16 16:11:42 |
社工
钓鱼辅助
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
EmailSender | 钓鱼邮件便捷发送工具(GUI) | 2023-06-12 06:26:00 | |
goblin | v0.4.6 | 一款适用于红蓝对抗中的仿真钓鱼系统 | 2023-05-30 17:34:53 |
相关资源
代理池
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
rotateproxy | v0.7.2 | 利用fofa搜索socks5开放代理进行代理池轮切的工具 | 2023-02-13 06:04:33 |
ProxyPoolxSocks | v1.2 | ☁️Socks代理池服务端自动化搭建工具☁️ | 2023-06-07 23:53:40 |
Gofreeproxy | v0.1 | 自用的动态代理小工具 | 2023-01-06 03:43:37 |
proxy_pool | 2.4.1 | Python ProxyPool for web spider | 2023-06-07 06:23:01 |
mubeng | v0.14.1 | An incredibly fast proxy checker & IP rotator with e ase. |
2023-08-29 15:14:11 |
go_proxy_pool | 2022.11 .22 |
无环境依赖开箱即用的代理IP池 | 2023-05-03 03:33:23 |
proxyServer | v1.0 | 本项目其实就是个简单的代理服务器,把代理池集成进来来 了。 |
2020-10-30 03:21:30 |
Venom-Transponder | 毒液流量转发器:自动化捡洞/打点/跳板必备神器,支持联 动URL爬虫、各种被动扫描器。 |
2023-08-17 12:40:16 | |
Auto_proxy | 利用IP地址池进行自动切换Http代理,防止IP封禁。 | 2022-11-15 08:42:22 |
工具集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
K8tools | K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描 工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payl oad/priviledge/BypassUAC/OverFlow/WebShell/PenTest) W eb GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Ap a |
2023-12-16 17:23:36 |
工具集成环境
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ApoalypseSecTools | ApoalypseSecTool更新地址 | 2023-04-26 02:03:35 | |
Pentest-Windows | v2.2 | Windows11 Penetration Suite Toolkit 一个开箱即用的wi ndows渗透测试环境 |
2023-10-31 01:56:54 |
PST-Bucket | Scoop-Buket for Penetration Suite Toolkit | 2024-01-13 08:28:18 | |
PenKitGui | 渗透测试武器库 | 2022-10-29 10:29:09 | |
GUI_Tools | V1.1 | 一个由各种图形化渗透工具组成的工具集 | 2023-04-03 02:20:44 |
commando-vm | Complete Mandiant Offensive VM (Commando VM), a full y customizable Windows-based pentesting virtual machi ne distribution. [email protected] |
2023-10-03 19:02:49 | |
okfafu-pentestVM- public |
okfafu渗透虚拟机公开版 | 2023-10-15 02:45:18 | |
Taie-RedTeam-OS | 泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作 系统 |
2021-06-03 03:00:20 | |
FreeGui | v2.5 | freeGui:基于ttkbootstrap开发的一款用来管理自己的渗 透测试工具的一个小工具,并提供一些实用小功能,例如打开 目录,运行工具,工具备忘命令。 |
2023-01-13 14:46:36 |
Online_tools | 0.5.0 | 该工具是一个集成了非常多渗透测试工具,类似软件商城的 工具可以进行工具下载,工具的更新,工具编写了自动化的安 装脚本,不用担心工具跑不起来。 |
2023-12-09 15:00:53 |
工具周边
arl
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ARL-Finger-ADD | 灯塔(最新版)指纹添加脚本! | 2021-08-12 09:28:15 |
Burpsuite
绕过指纹检测
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
burp-awesome-tls | v1.1.0 | Fixes Burp Suite's poor TLS stack. Bypass WAF, spoof any browser. |
2023-06-22 21:36:19 |
漏洞扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BurpCRLFScan | 1.4 | 使用java编写的CRLF-Injection-burp被动扫描插件 | 2022-12-20 08:16:10 |
JsonDetect | v1.0 | A burp Extender to detect json, include fastjson,jac kson,gson |
2022-09-22 03:09:07 |
Log4j-check | log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和b urp内置DNS、可配合JNDIExploit生成payload |
2021-12-13 09:18:19 | |
GadgetProbe | v1.0 | Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths. |
2021-02-19 18:47:05 |
BpScan | 1.0.0 | 一款用于辅助渗透测试工程师日常渗透测试的Burp被动漏扫 插件 |
2022-11-25 11:42:34 |
log4j2burpscanner | 0.25.0 | CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ce ye.io api or other apis,including internal networks |
2023-06-13 09:17:54 |
RouteVulScan | RouteVu lScan1.5 .1 |
Burpsuite - Route Vulnerable Scanning 递归式被动检测 脆弱路径的burp插件 |
2023-12-25 08:40:10 |
semgrepper | v1.3 | An extension to use Semgrep inside Burp Suite. | 2023-08-28 09:28:41 |
BurpBountyPlus | 3 | BurpBounty 魔改版本 | 2022-03-21 07:38:34 |
FastjsonScan | 1.0 | 一个简单的Fastjson反序列化检测burp插件 | 2021-06-18 15:09:22 |
SpringScan | V1.7 | SpringScan 漏洞检测 Burp插件 | 2022-06-22 05:17:06 |
PowerScanner | 1.1.3 | 面向HW的红队半自动扫描器 | 2021-12-16 07:53:45 |
BurpFastJsonScan | BurpFas tJsonSca n-2.2.2 |
一款基于BurpSuite的被动式FastJson检测插件 | 2022-06-26 17:02:17 |
BurpShiroPassiveS can |
BurpShi roPassiv eScan-2. 0.0 |
一款基于BurpSuite的被动式shiro检测插件 | 2022-06-30 02:35:20 |
burp-text4shell | v0.1 | Text4Shell scanner for Burp Suite | 2022-10-27 10:47:36 |
信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Sylas | 1.1.1 | 新一代子域名主/被动收集工具 - Subdomain automatic/pa ssive collection tool |
2022-10-09 11:06:28 |
domain_hunter | v1.5 | A Burp Suite Extension that try to find all sub-doma in, similar-domain and related-domain of an organizat ion automatically! 基于流量自动收集整个企业或组织的子 域名、相似域名、相关域名的burp插件 |
2022-01-16 07:42:41 |
domain_hunter_pro | v1.9 | domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动 化资产收集;快速Title获取;外部工具联动;等等 |
2024-01-05 10:31:56 |
BurpJSLinkFinder | Burp Extension for a passive scanning JS files for e ndpoint links. |
2022-10-17 09:27:42 | |
BurpExtractor | v1.3.4 | A Burp extension for generic extraction and reuse of data within HTTP requests and responses. |
2022-02-01 22:50:06 |
漏洞利用
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
shiro-check | shiroch ek3.0 |
Shiro反序列化回显利用、内存shell、检查 Burp插件 | 2021-03-15 07:59:36 |
fastjson-exp |
其他
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
burp-api-drops | burp插件开发指南 | 2021-08-08 15:52:46 |
功能拓展
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
knife | v2.2 | A burp extension that add some useful function to Co ntext Menu 添加一些右键菜单让burp用起来更顺畅 |
2023-09-10 08:12:57 |
reCAPTCHA | v1.0 | reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件 |
2023-11-23 07:25:00 |
captcha-killer | 0.1.2 | burp验证码识别接口调用插件 | 2020-09-28 06:38:53 |
chunked-coding-co nverter |
0.4.0 | Burp suite 分块传输辅助插件 | 2021-11-13 08:17:25 |
passive-scan-clie nt |
0.3.1 | Burp被动扫描流量转发插件 | 2023-02-03 10:10:16 |
sqlmap4burp-plus- plus |
0.2 | sqlmap4burp++是一款兼容Windows,mac,linux多个系统平 台的Burp与sqlmap联动插件 |
2019-11-07 05:50:04 |
JC-AntiToken | burp插件:python版,token防重放绕过 | 2021-01-16 07:58:37 | |
HackBar | 2.0 | HackBar plugin for Burpsuite | 2021-04-15 11:26:55 |
burp-cph | 3.0 | Custom Parameter Handler extension for Burp Suite. | 2019-08-17 16:22:26 |
autoDecoder | 0.37-be ta1 |
Burp插件,根据自定义来达到对数据包的处理(适用于加解 密、爆破等),类似mitmproxy,不同点在于经过了burp中转 ,在自动加解密的基础上,不影响APP、网站加解密正常逻辑 等。 |
2024-01-11 05:24:54 |
captcha-killer-mo dified |
0.24.4 | captcha-killer的修改版,支持关键词识别base64编码的图 片,添加免费ocr库,用于验证码爆破,适配新版Burpsuite |
2024-01-08 03:15:25 |
HaE | 2.4.6 | HaE - Highlighter and Extractor, 赋能白帽 高效作战 | 2023-02-22 09:36:50 |
base64encode | 1.0 | burpsuite POST数据包base64编码插件 | 2021-07-02 08:35:12 |
Burp_AES_Plugin | Burpsuite Plugin For AES Crack | 2020-06-17 17:15:45 | |
OutLook | |||
AutoRepeater | Automated HTTP Request Repeating With Burp Suite | 2020-10-08 21:22:46 | |
BurpSuiteHTTPSmug gler |
v0.1 | A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of te chniques |
2019-05-04 06:15:41 |
http-request-smug gler |
2023-01-10 10:59:45 | ||
burp-requests | v0.2.4 | Copy as requests plugin for Burp Suite | 2020-02-06 13:39:42 |
NEW_xp_CAPTCHA | 4.2 | xp_CAPTCHA(瞎跑 白嫖版) burp 验证码 识别 burp插件 | 2022-10-27 08:04:03 |
xia_Liao | 1.6 | xia Liao(瞎料)burp插件 用于Windows在线进程/杀软识 别 与 web渗透注册时,快速生成需要的资料用来填写,资料 包含:姓名、手机号、身份证、统一社会信用代码、组织机构 代码、银行卡,以及各类web语言的hello world输出和生成弱 口令字典等。 |
2022-12-01 01:47:51 |
BurpSuite_403Bypa sser |
Burpsuite Extension to bypass 403 restricted directo ry |
2021-08-21 21:14:57 | |
LoggerPlusPlus | v3.20.0 | Advanced Burp Suite Logging Extension | 2023-06-05 15:36:27 |
插件仓库
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BurpSuite-collect ions |
有关burpsuite的插件(非商店),文章以及使用技巧的收集( 此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net 下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack versi on file |
2023-08-04 13:50:07 |
未分类
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
JustC2file | v1.0.2 | Burp插件,Malleable C2 Profiles生成器;可以通过Burp 代理选中请求,生成Cobalt Strike的profile文件(CSprofile ) |
2022-01-15 11:47:46 |
Burp-Non-HTTP-Ext ension |
2023-10-04 07:41:43 | ||
HopLa | 1.2 | HopLa Burp Suite Extender plugin - Adds autocomplet ion support and useful payloads in Burp Suite |
2021-05-12 16:21:29 |
burpFakeIP | 1.1 | 服务端配置错误情况下用于伪造ip地址进行测试的Burp Sui te插件 |
2022-09-29 09:12:23 |
burpJsEncrypter | 0.1 | More Easier Burp Extension To Solve Javascript Front End Encryption,一款更易使用的解决前端加密问题的Burp 插件。 |
2020-04-15 07:01:16 |
SpringVulScan | SpringV ulScan-1 .1 |
burpsuite 的Spring漏洞扫描插件。SpringVulScan:支持 检测:路由泄露 |
CVE-2022-22965 |
TsojanScan | v1.4.4 | 一个集成的BurpSuite漏洞探测插件 | 2023-03-09 12:56:21 |
BurpSuite-Extende r-fastjson |
Reference:https://www.w2n1ck.com/article/44/ | 2020-03-07 13:23:21 | |
OneScan | v1.4.0 | OneScan是递归目录扫描的BurpSuite插件 | 2023-11-07 16:04:17 |
HackTools | 1.5 | 提高渗透测试效率。#Burp插件##渗透测试##小工具# | 2023-06-07 02:55:02 |
BurpSuite-Xkeys | A Burp Suite Extension to extract interesting string s (key, secret, token, or etc.) from a webpage. |
2020-06-19 15:46:17 | |
npscrack | npscrac k-1.0 |
蓝队利器、溯源反制、NPS 漏洞利用、NPS exp、NPS poc、 Burp插件、一键利用 |
2023-03-14 09:43:45 |
HostHeaderAttack | 0.1.1 | 检测host头攻击的Burpsuite被动扫描插件,Burpsuite pas sive scanning plugin responsible for detecting host h eader attack |
2023-04-28 15:04:16 |
BurpCrypto | BurpCrypto is a collection of burpsuite encryption p lug-ins, support AES/RSA/DES/ExecJs(execute JS encryp tion code in burpsuite). 支持多种加密算法或直接执行JS 代码的用于爆破前端加密的BurpSuite插件 |
2023-08-04 02:53:50 | |
Log4j2Scan | dev-202 30804T02 5448 |
Log4j2 RCE Passive Scanner plugin for BurpSuite | 2023-08-04 02:54:16 |
passive-scan-clie nt-plus |
v0.4.12 .0 |
burpsuite passive-scan-client 插件维护分支 | 2023-02-06 03:07:24 |
sweetPotato | version 1.6 |
基于burpsuite的资产分析工具 | 2023-04-29 20:11:02 |
fastjsonScan | fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog ,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检 测和TomcatEcho,SpringEcho回显方案。 |
2021-05-14 09:18:12 | |
CORSScanner | CORS 跨域漏洞 burp 插件 | 2021-11-24 09:23:41 | |
Fastjson-Scanner | a burp extension to find where use fastjson | 2020-03-29 00:57:58 | |
taborator | A Burp extension to show the Collaborator client in a tab |
2022-12-23 13:54:44 | |
collaborator-ever ywhere |
A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed t o reveal backend systems by causing pingbacks to Burp Collaborator |
2023-01-09 14:43:32 | |
awesome-burp-exte nsions |
A curated list of amazingly awesome Burp Extensions | 2023-09-06 22:17:52 | |
BurpCollaboratorD NSTunnel |
A DNS tunnel utilizing the Burp Collaborator | 2019-10-08 21:34:51 | |
awesome-burp-suit e |
Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos. |
2020-02-20 02:06:32 | |
blackboxprotobuf | Blackbox protobuf is a Burp Suite extension for deco ding and modifying arbitrary protobuf messages withou t the protobuf type definition. |
2023-10-16 05:23:46 | |
BurpBounty | BurpBou nty_v4.0 |
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick a nd simple way, to improve the active and passive scan ner by means of person |
2023-03-27 06:42:05 |
burp-bounty | Burp Bounty profiles | 2022-01-02 19:16:13 | |
burp-wildcard | 1.08 | Burp extension intended to compact Burp extension ta bs by hijacking them to own tab. |
2020-12-28 18:33:35 |
AES-Killer | v4.0 | Burp Plugin to decrypt AES encrypted traffic on the fly |
2021-05-06 14:54:20 |
BurpSuite-Asset_D iscover |
Burp Suite extension to discover assets from HTTP re sponse. |
2020-07-13 04:54:04 | |
burp-UnicodeAutoD ecode |
Burpsuite插件,Unicode自动转码为中文,提高测试效率。 | 2021-08-23 16:15:13 | |
CaA | 0.5 | CaA - BurpSuite Collector and Analyzer | 2022-09-30 09:17:43 |
checkburp | Detect burp | 2021-06-07 04:13:11 | |
generator-burp-ex tension |
Everything you need about Burp Extension Generation | 2020-08-19 12:42:15 | |
upload-scanner | HTTP file upload scanner for Burp Proxy | 2022-02-25 16:00:54 | |
inql | v5.0.2 | InQL is a robust, open-source Burp Suite extension f or advanced GraphQL testing, offering intuitive vulne rability detection, customizable scans, and seamless Burp integration. |
2023-07-24 08:19:08 |
J2EEScan | v2.0.0 | J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applicatio ns. |
2021-06-17 06:38:27 |
Jsdir | Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further re ading. |
2020-09-12 21:35:09 | |
JSONP-Hunter | JSONP Hunter in burpsuite. | 2020-04-01 06:39:01 | |
Burp2Malleable | Quick python utility I wrote to turn HTTP requests f rom burp suite into Cobalt Strike Malleable C2 profil es |
2023-04-06 15:23:19 | |
SQL-Injection-Pay loads |
SQL Injection Payloads for Burp Suite, OWASP Zed Att ack Proxy,... |
2019-12-23 13:26:08 | |
ssrf-king | v1.12 | SSRF plugin for burp Automates SSRF Detection in all of the Request |
2021-01-20 04:53:04 |
Brida | v0.6pre | The new bridge between Burp Suite and Frida! | 2023-07-28 15:29:31 |
turbo-intruder | 1.0.19 | Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the res ults. |
2023-10-20 12:58:44 |
Wsdler | 2.0.12 | WSDL Parser extension for Burp | 2018-06-25 21:25:35 |
xia_sql | 3.3 | xia SQL (瞎注) burp 插件 ,在每个参数后面填加一个单 引号,两个单引号,一个简单的判断注入小插件。 |
2023-05-18 11:41:41 |
wooyun-payload | 1.0 | 从wooyun中提取的payload,以及burp插件 | 2020-09-02 03:58:58 |
BurpCollect | 基于BurpCollector的二次开发, 记录Burpsuite Site Map 记录的里的数据包中的目录路径参数名信息,并存入Sqlite, 并可导出txt文件。 |
2019-05-08 07:02:42 | |
Caidao-AES-Versio n |
一个Burp插件,实现用AES算法透明加密原版菜刀Caidao.ex e与服务器端交互的http数据流 |
2019-01-19 04:36:46 | |
jsEncrypter | 0.3.2 | 一个用于前端加密Fuzz的Burp Suite插件 | 2020-03-06 08:35:33 |
HTTPHeadModifer | v0.1 | 一款快速修改HTTP数据包头的Burp Suite插件 | 2018-10-10 15:34:48 |
cobaltstrike
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SharkExec | 内网渗透 | 红队工具 | |
geacon_pro | |||
LSTAR | v2.1 | LSTAR - CobaltStrike 综合后渗透插件 | 2022-01-30 14:39:17 |
taowu-cobalt-stri ke |
2022-06-13 08:56:55 | ||
Registry-Recon | Cobalt Strike Aggressor Script that Performs System/ AV/EDR Recon |
2022-06-06 14:39:11 | |
RedWarden | Cobalt Strike C2 Reverse proxy that fends off Blue T eams, AVs, EDRs, scanners through packet inspection a nd malleable profile correlation |
2022-10-07 14:00:31 | |
malleable-c2 | Cobalt Strike Malleable C2 Design and Reference Guid e |
2023-11-08 17:57:11 | |
csbruter | Cobalt Strike team server password brute force tool | 2018-01-30 18:57:32 | |
EventLogMaster | Cobalt Strike插件 - RDP日志取证&清除 | 2019-12-23 10:30:44 | |
Cobalt_Strike_wik i |
Cobalt Strike系列 | 2023-02-16 16:24:12 | |
CVE-2022-39197 | CobaltStrike <= 4.7.1 RCE | 2022-10-25 05:32:54 | |
Erebus | V1.3.6 | CobaltStrike后渗透测试插件 | 2021-10-28 06:19:18 |
fofa
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
fofa_GUI | v1.0.0 | 2022-01-28 08:39:54 | |
fofa_viewer | 1.1.13 | A simple FOFA client written in JavaFX. Made by WgpS ec, Maintained by f1ashine. |
2023-06-27 13:38:48 |
fofax | v0.1.44 | fofax is a command line query tool based on the API of https://fofa.info/, simple is the best! |
2023-06-20 01:26:33 |
fofaEX | java8_v 2.2 |
FOFA EX 是一款基于fofa api实现的红队综合利用工具,可 基于模板进行插件加载,目前集成了httpX可进行fofa搜索结 果一键探活,插件已支持nuclei,可进行一键扫描。集成了 f ofa 官方的四十个 api 接口,增加搜索数量调整、翻页、ic onHash生成、搜索耗时统计、当前用户个人账户信息查询等 功能,查询结果可实施编辑与表内搜索,可进行导出 |
2024-01-12 05:59:24 |
frida
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
frida-skeleton | v2.0.0 | 基于frida的安卓hook框架,提供了很多frida自身不支持的 功能,将hook安卓变成简单便捷,人人都会的事情 |
2022-12-10 08:09:05 |
frp
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
frpCracker | v0.1 | 一款golang编写的,批量检测frp server未授权访问、弱to ken的工具 |
2023-05-01 06:41:05 |
goby
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Library-POC | 基于Pocsuite3、goby编写的漏洞poc&exp存档 | 2023-12-19 05:53:39 |
IDA
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
mipsAudit | IDA MIPS静态扫描脚本,汇编审计辅助脚本 | 2020-12-18 10:34:44 | |
IDA-Pro-tips | IDA Pro每周小技巧 | 2022-11-11 12:36:13 | |
AlphaGolang | IDApython Scripts for Analyzing Golang Binaries | 2023-07-18 20:59:31 | |
ida_python_extrac tCode |
ida提取特征码脚本 | 2019-11-30 14:29:18 |
nessus
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
NessusReportInChi nese |
半自动化将 Nessus 英文报告(csv格式)生成中文 excel ,中文漏洞库已有700多条常见漏洞,后续再进一步加上新漏 洞自动翻译,实现全自动化 |
2018-11-04 05:35:36 | |
NessusToReport | v1.2 | Nessus扫描报告自动化生成工具 | 2023-05-30 06:51:06 |
CN_Nessus_Plugins _Interface |
1 | nessus插件中文查询接口 | 2023-03-05 02:02:20 |
nessus_api | Nessus REST API 封装 | 2022-02-18 06:34:57 | |
docker_nessus_unl imited |
docker build nessus with unlimited ip | 2021-08-23 03:18:51 |
nuclei
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
NucleiTP | 2023-08-03 22:30:16 | ||
nucleix | 整合nuclei与xray(社区版、自带高级版),实现被动扫描+p oc扫描自动化渗透流程 |
2022-04-08 07:39:05 | |
nuclei-plus | v7.0.0 | Functional enhancement based on nuclei | 2023-02-24 08:06:16 |
pocassist
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
pocassistdb | 1.0.2 | database of pocassist(漏洞库) | 2021-07-09 10:11:13 |
pocsuite3
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ExpToPocsuite3 | v1.0 | goby exp批量转换为pocsuite3 exp脚本 | 2023-01-09 07:27:17 |
some_pocsuite | 用于漏洞排查的pocsuite3验证POC代码 | 2022-08-07 01:30:07 |
rsas
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
RSAS-Data-Export | 2022-9- 9 |
绿盟极光远程安全评估系统(RSAS)-RSAS漏洞数据导出工具 | 2022-10-27 01:52:53 |
RSAS-Task-Release | v1.0 | 绿盟极光远程安全评估系统(RSAS)-RSAS批量下任务工具 | 2022-08-25 05:16:56 |
nsfocus-rsas-know ledge-base |
绿盟科技漏洞扫描器(RSAS)漏洞库 | 2019-05-30 06:58:39 |
volatility
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
tool-for-CTF | Virtual machine configuration for CTF | 2021-03-28 01:16:58 |
xray
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
super-xray | 1.7 | Web漏洞扫描工具XRAY的GUI启动器 | 2023-05-19 11:02:17 |
Xray_Cracked | v1.9.11 | Update Xray1.9.11 Cracked for Windows,Linux and Mac OS. |
2023-04-24 06:48:58 |
xray-poc-generati on |
🧬 辅助生成 XRay YAML POC | 2019-08-23 08:21:38 | |
yarx | v0.2.0 | An awesome reverse engine for xray poc. | 一个自动化 根据 xray poc 生成对应靶站的工具 |
ZoomEye
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ZoomEye-go | v1.5 | The Golang SDK and CLI of ZoomEye@Knownsec by gyyyy. | 2021-03-31 08:51:25 |
Kunyu | v1.7.2 | Kunyu, more efficient corporate asset collection | 2022-04-21 02:15:13 |
ZoomEye-python | v2.2.0 | ZoomEye-python: The official Python library and CLI by Knownsec 404 Team. |
2023-09-25 02:51:15 |
浏览器扩展
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
anti-honeypot | 一款可以检测WEB蜜罐并阻断请求的Chrome插件 | 2020-10-30 02:59:02 | |
superSearchPlus | 谷歌插件版本- superSearchPlus是聚合型信息收集插件, 支持综合查询,资产测绘查询,信息收集 敏感信息提取 js资 源扫描 目录扫描 vue组件扫描 整合了目前常见的资产测绘平 台 同时支持数据导出 |
2023-08-20 05:06:09 | |
SwitchyOmega | v2.5.20 | Manage and switch between multiple proxies quickly & easily. |
2023-03-30 08:39:34 |
untrusted-types | 1.1.1 | 2021-10-12 17:37:56 | |
fofa_view | v0.0.5 | FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目 前兼容 Chrome、Firefox、Opera。 |
2022-02-16 17:26:12 |
Heimdallr | 2023-01-19 08:59:39 | ||
Zoomeye-Tools | Zoomeye Tools是配合Zoomeye使用的Chrome插件 | 2021-12-14 08:38:45 | |
Hack-Tools | 0.5.0 | The all-in-one Red Team extension for Web Pentester 🛠 |
2023-03-14 21:39:08 |
mitaka | v1.4.1 | A browser extension for OSINT search | 2023-12-08 10:58:41 |
antiHoneypot | 0.7.2 | 一个拦截 XSSI & 识别Web蜜罐的Chrome扩展 | 2023-02-02 10:44:55 |
渗透工具集合(虚拟机)
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
penetration-suite -toolkit |
v4.0 | 本项目制作的初衷是帮助渗透新手快速搭建工作环境,工欲 善其事,必先利其器。 |
2022-12-11 11:22:06 |
TranSec | transec os1.0 |
Internet of Vehicles Penetration testing OS.车联网渗 透测试系统,开箱即用的测试环境,包含上百个常见用于车联 网渗透测试的工具集。覆盖逆向、CAN、车载以太网、WiFi、 蓝牙、云平台等安全测试 |
2023-12-08 01:55:29 |
优秀项目集合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
RedTeamTools | 分享红队常用的工具 | 2021-06-10 08:39:46 | |
All-Defense-Tool | 本项目集成了全网优秀的攻防武器工具项目,包含自动化利 用,子域名、目录扫描、端口扫描等信息收集工具,各大中间 件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓 鱼以及应急响应等资料。 |
2023-12-14 07:29:24 | |
404StarLink | 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全 开源项目 |
2024-01-08 02:47:29 | |
About-Attack | 一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资 源进行分类收集,降低红队技术门槛的手册【持续更新】 |
2023-04-12 07:14:03 | |
Scanners-Box | A powerful and open-source toolkit for hackers and s ecurity automation - 安全行业从业者自研开源扫描器合辑 |
2023-12-07 02:33:06 |
知识库
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Threathunting-boo k |
|||
PenetrationTestti ps |
渗透测试Tips - Version1.3 | 2021-10-15 02:33:11 | |
1earn | 暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包 括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署 、后渗透、Linux安全、各类靶机writup |
|
Pentools-wiki | 先是渗透工具合集,其次是wiki,做点不一样的x | 2023-06-24 18:33:52 | |
Intranet_Penetrat ion_Tips |
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整 理出来希望跟小伙伴们一起更新维护~ |
2023-02-24 06:58:54 | |
Awesome-Redteam | v1.0 | 一个攻防知识仓库 | 2024-01-05 03:31:11 |
Vuln-List | (持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行 整理,主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等 ,并且会持续更新。 |
2023-11-02 19:35:52 | |
SecurityInterview Guide |
网络信息安全从业者面试指南 | 2023-11-01 04:16:51 |
字典
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
PasswordDic | 2011-2019年Top100弱口令密码字典 Top1000密码字典 服务 器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域 名字典 |
2020-11-02 13:22:34 | |
Dictionary-Of-Pen testing |
Dictionary collection project such as Pentesing, Fuz zing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘 、爆破、Fuzzing等字典收集项目。 |
2022-12-07 09:17:15 | |
Dirpath_List | Dirpath_List 目录扫描字典 | 2017-11-07 12:35:47 | |
AboutSecurity | v2 | Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典. |
JavaFileDict | Java应用的一些配置文件字典,来源于公开的字典与平时收 集 |
2022-04-26 15:18:29 | |
fuzzDicts | Web Pentesting Fuzz 字典,一个就够了。 | 2023-11-13 03:48:29 | |
wpa-dictionary | WPA/WPA2 密码字典,用于 wifi 密码暴力破解 | 2021-07-21 02:11:05 | |
Blasting_dictiona ry |
爆破字典 | 2022-03-21 12:11:18 | |
bottleneckOsmosis | 瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf | 2022-07-20 01:49:00 | |
SaiDict | 弱口令,敏感目录,敏感文件等渗透测试常用攻击字典 | 2021-12-16 13:41:07 | |
BurpCollector | 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破 来发现隐藏资产。 |
2019-03-19 12:09:51 | |
name-fuzz | 针对目标已知信息的字典生成工具 | 2022-09-21 11:11:36 | |
gendict | v1.0.5 | 字典生成工具 | 2023-09-20 01:52:09 |
信息收集
apk
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Mobile-Security-F ramework-MobSF |
v3.7.6 | Mobile Security Framework (MobSF) is an automated, a ll-in-one mobile application (Android/iOS/Windows) pe n-testing, malware analysis and security assessment f ramework capable of pe |
2024-01-11 06:36:51 |
ApkAnalyser | 一键提取安卓应用中可能存在的敏感信息。 | 2021-10-21 02:33:58 |
C段信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
IPSearch | v0.1 | 离线IP Whois查询工具。可根据IP查询所属IP段信息、根据 关键词查询IP段信息 |
2023-03-25 04:02:31 |
IP反查域名
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
iplookup | v1.1 | IP反查域名 | 2021-08-06 16:11:39 |
reverseip_py | Domain Parser for IPAddress.com Reverse IP Lookup | 2023-01-02 13:05:33 |
WAF识别
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
identYwaf | Blind WAF identification tool | 2022-01-13 21:41:53 |
端口扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
portscan | 2023-04-08 05:12:18 | ||
TXPortMap | v1.1.2 | Port Scanner & Banner Identify From TianXiang | 2021-12-10 11:35:55 |
yujianportscan | 一个基于VB.NET + IOCP模型开发的高效端口扫描工具,支 持IP区间合并,端口区间合并,端口指纹深度探测 |
2020-02-11 18:14:16 | |
webfinder-next | 对小米范webfinder http://www.cnblogs.com/SEC-fsq/p/5 610981.html 进行了小修改 |
2022-04-24 03:33:57 | |
naabu | v2.2.0 | A fast port scanner written in go with a focus on re liability and simplicity. Designed to be used in comb ination with other tools for attack surface discovery in bug bounties and p |
2023-12-22 07:14:43 |
scaninfo | v1.1.0 | fast scan for redtools | 2022-03-23 12:57:09 |
反查域名
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ipInfoSearch | ip域名反查、权重查询以及ICP备案查询。便于提交SRC时资 产过滤。 |
2023-03-30 05:33:29 |
目录扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
rad | 1.0 | 2021-04-30 12:14:50 | |
Dirscan | v.1.5.2 | Dirscan是一款由go编写的高性能、高并发的目录扫描器, 现在已经支持GET、HEAD、递归扫描、代理、爬虫等功能功能, 后续努力实现更多功能。 |
2023-08-13 00:50:23 |
cansina | 1.0.0 | Web Content Discovery Tool | 2022-10-04 09:10:02 |
feroxbuster | v2.10.1 | A fast, simple, recursive content discovery tool wri tten in Rust. |
2023-11-25 14:51:50 |
ffuf | v2.1.0 | Fast web fuzzer written in Go | 2023-10-22 14:34:24 |
yjdirscan | yjdirsc an |
御剑目录扫描专业版,简单实用的命令行网站目录扫描工具 ,支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404 自动过滤、扫描控速等功能。 |
2020-10-25 03:14:19 |
dirmap | An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cans ina, and Yu Jian.一个高级web目录、文件扫描工具,功能 将会强于DirBuster、Dirsearch、cansina、御剑。 |
2022-06-01 08:21:11 | |
yuhScan | v1.0 | web目录快速扫描工具 | 2021-07-19 06:45:00 |
gospider | v1.1.6 | Gospider - Fast web spider written in Go | 2023-01-17 05:49:54 |
dirsearch_bypass4 03 |
v0.2 | 目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别 | 2023-09-07 09:08:29 |
BBScan | v1.5 | A fast vulnerability scanner | 2023-02-13 11:22:44 |
dirsearch | v0.4.3 | Web path scanner | 2024-01-05 23:32:09 |
URLFinder | 2023.9. 9 |
一款快速、全面、易用的页面信息提取工具,可快速发现和 提取页面中的JS、URL和敏感信息。 |
2023-09-09 14:01:45 |
urlbrute | v1.0.2 | Directory/Subdomain scanner developed in GoLang. | 2020-12-05 15:54:27 |
SWebScan | 5.0.201 8.08.21 |
SWebScan是一款基于C#的Web目录扫描器。 | 2019-09-24 17:19:34 |
JSFinder | JSFinder is a tool for quickly extracting URLs and s ubdomains from JS files on a website. |
2020-12-10 18:25:03 | |
ihoneyBakFileScan _Modify |
批量网站备份文件扫描器,增加文件规则,优化内存占用 | 2023-11-08 03:15:06 |
企业信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
IEyes | v0.1.2 | icp备案查询 | 2022-08-18 08:50:42 |
ENScan_GO | 0.0.15 | 一款基于各大企业信息API的工具,解决在遇到的各种针对 国内企业信息收集难题。一键收集控股公司ICP备案、APP、小 程序、微信公众号等信息聚合导出。 |
2023-08-16 02:07:01 |
小程序信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
wxapkgUnpack | 1.0 | wxapkg解密解包工具,提供C#和wxappUnpacker两个版本的 解包,并提取JS中的URL和IP。 |
2023-02-19 18:06:05 |
邮箱信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
EmailAll | EmailAll is a powerful Email Collect tool — 一款强 大的邮箱收集工具 |
2022-02-24 09:03:00 |
域名信息查询
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
QueryTools | IP/域名资产验证神器(补天 | 权重、CNVD |
指纹识别
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ObserverWard | v2024.1 .8 |
侦查守卫(ObserverWard)指纹识别工具Community web fing erprint identification tool |
2024-01-08 14:39:09 |
14Finger | V1.1 | 功能齐全的Web指纹识别和分享平台,基于vue3+django前后 端分离的web架构,并集成了长亭出品的rad爬虫的功能,内置 了一万多条互联网开源的指纹信息。 |
2022-07-17 02:08:28 |
Finger | 一款红队在大量的资产中存活探测与重点攻击系统指纹探测 工具 |
2023-03-12 07:30:18 | |
EHole | v3.1 | EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具 | 2023-06-14 03:08:05 |
LazyDog | 1.1 | LazyDog是一款通过网络空间测绘引擎读取资产并进行指纹 识别的工具 |
2023-03-20 09:17:48 |
Find-SomeThing | 红队批量脆弱点搜集工具 | 2023-06-06 14:41:27 | |
wappalyzergo | v0.0.10 9 |
A high performance go implementation of Wappalyzer T echnology Detection Library |
2023-08-20 00:19:18 |
Glass | Glass是一款针对资产列表的快速指纹识别工具,通过调用F ofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别 重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指 纹识别。 |
2022-01-26 10:10:32 | |
TideFinger | TideFinger——指纹识别小工具,汲取整合了多个web指纹 库,结合了多种指纹检测方法,让指纹检测更快捷、准确。 |
2021-08-20 03:31:59 | |
WhatWeb | v0.5.5 | Next generation web scanner | 2022-02-05 15:10:40 |
whatweb-plus | v0.5.5. 19.fix |
whatweb 增强版 8000+插件(提供windows可执行文件) | 2023-05-25 11:44:40 |
FingerprintHub | default | 侦查守卫(ObserverWard)的指纹库 | 2023-12-17 03:44:11 |
rules | 通用的指纹识别规则 | 2022-12-02 12:18:30 |
资产测绘采集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
koko-moni | v0.0.1 | 一个网络空间搜索引擎监控平台,可定时进行资产信息爬取 ,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、 Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行 去重与清洗 |
2023-04-19 13:35:30 |
InfoSearchAll | 2023-06-20 09:06:26 | ||
Search_Viewer | v3.0 | 集Fofa、Hunter鹰图、Shodan、360 quake、Zoomeye 钟馗 之眼、censys 为一体的空间测绘gui图形界面化工具,支持一 键采集爬取和导出fofa、shodan等数据,方便快捷查看 |
2023-11-12 06:55:05 |
TKHunter | TKHunte r-v1.8 |
一个基于JavaFX写的一个Hunter资产测绘平台的图形化工具 | 2022-11-09 07:02:05 |
fshzqSearch | 2023-06-22 11:01:47 | ||
AsamF | v0.2.5 | AsamF是集成Fofa、Quake、Hunter、Shodan、Zoomeye、Chi naz、0.zone及爱企查的一站式企业信息资产收集、网络资产 测绘工具。 |
2023-08-24 15:08:14 |
0_zone_tool | 零零信安api信息系统查询脚本 | 2023-09-22 06:48:26 | |
ThunderSearch | v2.5.1 | 【支持Fofa、Shodan、Hunter、Zoomeye、Quake网络空间搜 索引擎】闪电搜索器;GUI图形化(Mac/Windows)渗透测试信息 搜集工具;资产搜集引擎;hw红队工具hvv |
2023-12-04 15:39:00 |
ones | v1.0.4 | 可用于多个网络资产测绘引擎 API 的命令行查询工具 | 2023-09-14 08:26:59 |
子域名收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ksubdomain | v1.9.5 | Subdomain enumeration tool, asynchronous dns packets , use pcap to scan 1600,000 subdomains in 1 second |
2022-06-15 09:27:52 |
LayerDomainFinder | 3 | Layer子域名挖掘机 | 2019-07-17 07:46:03 |
github-subdomains | v1.2.2 | Find subdomains on GitHub. | 2023-03-28 15:47:04 |
ct | v1.0.9 | 简单易用的域名爆破工具 | 2022-07-18 09:28:52 |
ksubdomain | v0.7 | 无状态子域名爆破工具 | 2022-02-07 06:18:30 |
LangSrcCurise | SRC子域名资产监控 | 2021-01-14 04:32:06 | |
subDomainsBrute | v1.4 | A fast sub domain brute tool for pentesters | 2022-09-15 17:02:36 |
subfinder | v2.6.4 | Fast passive subdomain enumeration tool. | 2024-01-11 18:35:51 |
OneForAll | v0.4.5 | OneForAll是一款功能强大的子域收集工具 | 2023-04-17 01:34:19 |
dnsub | v2.1 | dnsub一款好用且强大的子域名扫描工具 | 2021-04-08 07:06:24 |
自动化信息收集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ShuiZe_0x727 | v1.0 | 信息收集自动化工具 | 2022-08-31 09:01:58 |
AnScan | AnScan是一款集合信息收集、分布式漏洞扫描、漏洞POC管 理等为一体的红队扫描工具 |
2022-05-23 02:26:28 | |
linglong | 一款甲方资产巡航扫描系统。系统定位是发现资产,进行端 口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产 探测、端口爆破、定时任务、管理后台识别、报表展示 |
2021-09-30 09:12:09 | |
slime | Slime是一个组合众多优秀安全工具的漏扫软件,它将目光 集中在安全工具的组合上,而不是自己实现漏扫的某一流程。 |
2022-09-09 14:14:35 | |
vulcat | v2.0.0 | vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发 现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模 式,可以持续利用漏洞 |
2023-03-15 11:28:18 |
bayonet | v1.1 | bayonet是一款src资产管理系统,从子域名、端口服务、漏 洞、爬虫等一体化的资产管理系统 |
2020-05-16 03:54:09 |
GoScan | GoScan是采用Golang语言编写的一款分布式综合资产管理系 统,适合红队、SRC等使用 |
2021-05-06 07:29:26 | |
Watchdog | Watchdog是bayonet修改版,重新优化了数据库及web及扫描 程序,加入多节点 |
2020-05-31 06:25:18 | |
MagiCude | v2.1 | 分布式端口(漏洞)扫描、资产安全管理、实时威胁监控与 通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架 |
2023-03-24 02:24:02 |
nemo_go | v2.11.0 | Nemo是用来进行自动化信息收集的一个简单平台,通过集成 常用的信息收集工具和技术,实现对内网及互联网资产信息的 自动收集,提高隐患排查和渗透测试的工作效率。 |
2024-01-09 01:41:01 |
fuxi | Penetration Testing Platform | 2020-05-10 05:34:11 | |
Sec-Tools | 🍉一款基于Python-Django的多功能Web安全渗透测试工具, 包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描, 域名扫描等功能。 |
2023-08-07 03:52:52 | |
AppInfoScanner | V1.0.9_ Releases |
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(A ndroid、iOS、WEB、H5、静态网站)信息收集扫描工具,可以 帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动 端或者静态WEB站点中关键的资产信息并提供基本的信息输出, 如:Title、Domain、CDN、指纹信息、状态信息等。 |
2022-12-18 11:33:34 |
Komo | 🚀Komo, a comprehensive asset collection and vulnera bility scanning tool. Komo 一个综合资产收集和漏洞扫描 工具,集成了20余款工具,通过多种方式对子域进行获取,收 集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip 端口扫描,web服务链接爬取并发送给xray,对web服务进行P |
2023-11-30 12:31:13 | |
mscan | 方便快捷是这款扫描器的优点,能随意修改增加模块。目前 的版本功能如下:支持子域名收集、POC批量验证、目录扫描 、检测CDN、域名转IP、主机扫描、过滤重复、检测HTTP状态 、压缩程序、XRAY扫描。 |
2022-08-12 10:53:02 | |
H | H是一款强大的资产收集管理平台 | 2022-12-28 03:15:13 | |
sec-admin | 分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描) | 2020-10-17 03:14:58 | |
linbing | v3.0 | 本系统是对Web中间件和Web框架进行自动化渗透的一个系统 ,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描 时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫 描.前端采用vue技术,后端采用python fastapi. |
2023-06-18 09:05:42 |
Tide | 目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞 全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感 字检测、DNS监测、网站可用性监测、漏洞库管理、安全预警 等等~ |
2020-06-22 05:22:45 | |
ARL | v2.6.1 | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统 旨在快速侦察与目标关联的互联网资产,构建基础资产信息库 。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产 ,发现存在的薄弱点和攻击面。 |
2023-12-28 12:03:22 |
DBJ | 大宝剑-边界资产梳理工具(红队、蓝队、企业组织架构、 子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配) |
2022-02-08 12:07:42 | |
Vulcan | VulCan资产管理系统 | 漏洞扫描 | |
X-Marshal | Marshal-EASM 攻击面管理系统 | 2024-01-04 10:43:46 | |
WebScan | 正在写的一个资产管理和扫描相结合的分布式扫描器 | 2019-10-17 09:42:49 | |
Voyager | 一个安全工具集合平台,用来提高乙方安全人员的工作效率 ,请勿用于非法项目 |
2020-02-02 01:10:42 | |
rengine | v2.0.2 | reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data co rrelation and organiza |
2024-01-05 18:46:03 |
heartsk_community | LOWBUG@ Latest |
Hearts K-企业资产发现与脆弱性检查工具,自动化资产信 息收集与漏洞扫描 |
2022-06-15 01:25:33 |
xunfeng | v0.1.1 | 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统 。 |
2021-03-16 14:07:11 |
Autoscanner | v1.2.1 | 输入域名>爆破子域名>扫描子域名端口>发现扫描web服务> 集成报告的全流程全自动扫描器。集成oneforall、masscan、 nmap、dirsearch、crawlergo、xray等工具,另支持cdn识别 、网页截图、站点定位;动态识别域名并添加功能、工具超时 中断等 |
2022-08-18 13:25:15 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
TScan | TScan 提供了CMS指纹识别、端口扫描、旁站信息、信息泄 漏等功能,期许在最短的时间辅助安全人员在渗透前做好充分 的信息搜集 |
2019-08-28 09:18:42 | |
AssetsHunter | 资产狩猎框架-AssetsHunter,信息收集是一项艺术~ | 2021-11-09 09:05:32 | |
dismap | v0.4 | Asset discovery and identification tools 快速识别 We b 指纹信息,定位资产类型。辅助红队快速定位目标资产信 息,辅助蓝队发现疑似脆弱点 |
2023-08-14 09:19:15 |
云安全
K8S基线核查
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
kube-bench | v0.7.0 | Checks whether Kubernetes is deployed according to s ecurity best practices as defined in the CIS Kubernet es Benchmark |
2024-01-12 06:01:55 |
K8S漏洞扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
kube-hunter | v0.6.8 | Hunt for security weaknesses in Kubernetes clusters | 2022-09-04 06:39:33 |
容器安全检测工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
veinmind-tools | v2.1.5 | veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集 |
2024-01-10 09:08:30 |
容器安全扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
trivy | v0.48.3 | Find vulnerabilities, misconfigurations, secrets, SB OM in containers, Kubernetes, code repositories, clou ds and more |
2024-01-12 04:36:55 |
容器镜像扫描
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
grype | v0.74.0 | A vulnerability scanner for container images and fil esystems |
2024-01-09 21:20:55 |
syft | v0.100. 0 |
CLI tool and library for generating a Software Bill of Materials from container images and filesystems |
2024-01-12 22:39:13 |
容器漏洞分析工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
clair | v4.7.2 | Vulnerability Static Analysis for Containers | 2024-01-12 15:23:35 |
容器漏洞利用工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CDK | v1.5.2 | 📦 Make security testing of K8s, Docker, and Contain erd easier. |
2023-03-12 16:40:00 |
容器逃逸检测工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
container-escape- check |
v0.3 | docker container escape check |
云原生安全平台
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
neuvector | v5.2.4 | 2024-01-12 10:54:02 | |
ThunderCloud | Cloud Exploit Framework | 2022-05-11 14:49:31 | |
containerd | v1.6.27 | An open and reliable container runtime | 2024-01-12 22:18:33 |
云原生攻防靶场
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
metarget | v0.9.1 | Metarget is a framework providing automatic construc tions of vulnerable infrastructures. |
2023-03-13 10:54:12 |
蓝队
安全检查
基线
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Shell_Script | v0.1 | Linux系统的安全,通过脚本对Linux系统进行一键检测和一 键加固 |
2022-08-08 01:19:36 |
安全建设
Web应用防火墙
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
safeline | v4.1.1 | 一款足够简单、足够好用、足够强的免费 WAF。基于业界领 先的语义引擎检测技术,作为反向代理接入,保护你的网站不 受黑客攻击。 |
2024-01-11 10:58:48 |
openstar | lua waf,nginx+lua,openresty,luajit,waf+,cdn,nginx | 2021-10-10 12:38:04 |
堡垒机
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
jumpserver | v3.10.1 | JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的 专业运维安全审计系统。 |
2024-01-12 06:17:23 |
欺骗防御
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
mysql-fake-server | 0.0.4 | MySQL Fake Server (纯Java实现,支持GUI版和命令行版, 提供Dockerfile,支持多种常见JDBC利用) |
2023-09-18 15:12:06 |
MysqlT | v1.0 | 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任 意文件反击攻击者 |
2022-04-24 07:53:04 |
WhetherMysqlSham | v1.0 | 检测目标Mysql数据库是不是蜜罐 | 2021-02-23 11:35:55 |
Juggler | A system that may trick hackers. 针对黑客的拟态欺骗 系统。 |
2020-11-29 08:30:49 | |
DecoyMini | v2.0.66 91 |
🐝 A highly scalable, safe, free enterprise honeypot s 一款高可扩展、安全、免费的企业级蜜罐系统 |
2024-01-08 08:52:58 |
MySQL_Fake_Server | MySQL Fake Server use to help MySQL Client File Read ing and JDBC Client Java Deserialize |
2021-11-18 12:56:27 | |
Ehoney | v3.0.0 | 安全、快捷、高交互、企业级的蜜罐管理系统,护网;支持 多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly i nteractive and enterprise level honeypot management s ystem, supports multiple protocol honeypots, honeytok ens, baits |
2022-11-17 14:10:40 |
MoAn_Honey_Pot_Ur ls |
X安蜜罐用的一些存在JSonp劫持的API | 2021-05-28 09:27:23 | |
HFish | 安全、可靠、简单、免费的企业级蜜罐 | 2023-12-28 03:45:12 | |
conpot | Release _0.6.0 |
ICS/SCADA honeypot | 2023-07-24 13:59:19 |
CS_fakesubmit | 一个可以伪装上线Cobaltstrike的脚本 | 2022-09-28 11:54:35 | |
ide-honeypot | 一款针对于IDE的反制蜜罐 IDE-honeypot | 2022-07-12 01:24:08 |
威胁检测
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
RmEye | v0.0.4 | 戎码之眼是一个window上的基于att&ck模型的威胁监控工具 .有效检测常见的未知威胁与已知威胁.防守方的利剑 |
2023-10-25 07:55:45 |
主机入侵防御
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
iDefender | 2.9.0 | iDefender(冰盾 - 终端主动防御系统) | 2023-12-29 14:52:04 |
主机入侵检测
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Elkeid | v1.9.0. 4_202401 12_elkei d_ko |
Elkeid is an open source solution that can meet the security requirements of various workloads such as ho sts, containers and K8s, and serverless. It is derive d from ByteDance's int |
2024-01-10 09:44:57 |
Hades | Hades is an cross-platform HIDS with kernel-space da ta collection. |
2023-05-29 00:29:07 | |
cobaltstrike-suri cata-rules |
17条检测cobaltstrike的suricata-ids规则 | 2022-06-20 09:36:14 |
取证
USB取证
键盘流量
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
UsbKbCracker | CTF中常见键盘流量解密脚本 | 2023-07-17 10:32:48 | |
UsbKeyboardDataHa cker |
USB键盘流量包取证工具 , 用于恢复用户的击键信息 | 2022-09-29 09:14:56 |
鼠标流量
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
UsbMiceDataHacker | USB鼠标流量包取证工具 , 主要用于绘制鼠标移动以及拖动 轨迹 |
2020-10-09 06:47:37 |
内存取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
VolatilityPro | 一款用于自动化处理内存取证的Python脚本,并提供GUI界 面 |
2023-12-26 08:30:53 | |
MemProcFS | v5.8 | MemProcFS | 2023-12-20 18:10:16 |
volatility3 | v2.5.0 | Volatility 3.0 development | 2024-01-02 19:08:03 |
LinuxVolProfiles | 2.0 | Volatility Linux Profiles | 2014-08-01 22:16:57 |
community | Volatility plugins developed and maintained by the c ommunity |
2019-11-15 16:52:01 | |
profiles | Volatility profiles for Linux and Mac OS X | 2019-10-08 16:11:39 | |
community3 | Volatility3 plugins developed and maintained by the community |
2022-02-18 16:03:32 |
网络取证
Shiro流量取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SerializationDump er-Shiro |
基于SerializationDumper的Shiro Cookie序列化数据解密 小工具 |
2020-08-15 09:55:44 |
冰蝎(Behinder)流量取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
DecodeSomeJSPWebs hell |
v1.2 | 冰蝎、哥斯拉 jsp webshell通信流量解密器 | 2023-04-18 10:06:15 |
webshell_detect | webshell_detect | 2023-07-06 06:38:30 |
哥斯拉(Godzilla)流量取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
webshell_detect | webshell_detect | 2023-07-06 06:38:30 |
文件取证
图片
png
####### LSB隐写
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
steganography | Simple C++ Image Steganography tool to encrypt and h ide files insde images using Least-Significant-Bit en coding. |
2022-10-29 20:06:41 | |
stegpy | Simple steganography program based on the LSB method . |
2022-09-03 02:27:36 | |
cloacked-pixel | LSB steganography and detection | 2017-06-01 18:15:20 | |
####### png宽高修复 | |||
项目名称 | 版本 | 项目描述 | 最近提交时间 |
:---- | :---- | :---- | :---- |
Deformed-Image-Re storer |
V1.02 | 自动爆破PNG图片宽高并一键修复工具 | 2023-05-01 01:27:28 |
####### 截图漏洞 | |||
项目名称 | 版本 | 项目描述 | 最近提交时间 |
:---- | :---- | :---- | :---- |
Acropalypse-Multi -Tool |
v1.0.0 | Easily detect and restore Acropalypse vulnerable PNG and GIF files with simple Python GUI. |
2023-05-30 14:38:32 |
盲水印
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BlindWaterMark | 盲水印 by python | 2022-11-04 09:26:31 | |
blind_watermark | 0.2.1 | Blind&Invisible Watermark ,图片盲水印,提取水印无须 原图! |
2023-11-18 06:38:25 |
blind-watermark | Watermark added to the frequency domain by Fourier t ransform |
2018-04-24 14:43:57 | |
BlindWatermark | v0.0.3 | Java 盲水印 | 2020-04-05 14:08:06 |
其他
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ImageMagick | 7.1.1-2 6 |
🧙♂️ ImageMagick 7 | 2024-01-11 16:30:29 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
stegsolve | v1.4 | 2019-10-22 09:10:38 | |
ImageStrike | V0.2 | ImageStrike是一款用于CTF中图片隐写的综合利用工具 | 2022-07-19 01:38:30 |
压缩包
CRC32碰撞
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
CRC32-Tools | 2.2 | Easy CRC32 Tools,so easy!!! | 2023-02-01 01:39:12 |
ZIP伪加密
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ZipCenOp | ZipCenOp is a Java tool to play with Zip pseudo-encr yption. |
2021-02-15 06:10:22 |
音频
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
audacity | Audacit y-3.4.2 |
Audio Editor | 2024-01-11 17:26:54 |
QSSTV | Receive and transmit images over radio using analog SSTV or digital DRM |
2023-07-15 10:35:38 | |
dtmf-decoder | Extract phone numbers from an audio recording of the dial tones. |
2021-01-26 08:05:15 |
应用程序取证
QQ取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
qq_msg_decode | 解码qq聊天数据库 | 2023-06-01 06:04:43 |
vmware vcenter
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
vhost_password_de crypt |
vhost password decrypt | 2022-10-25 10:40:23 |
vmx加密破解
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
pyvmx-cracker | Simple tool to crack VMware VMX encryption passwords | 2018-10-03 22:39:46 |
Wifi
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
WIFIpass | decrypt all saved WIFI passwords on your PC | 2016-09-14 16:39:24 |
浏览器取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Browser-cookie-st eal |
Python script for steal browser cookies | 2020-05-27 03:13:53 | |
SharpWeb | v1.2 | .NET 2.0 CLR project to retrieve saved browser crede ntials from Google Chrome, Mozilla Firefox and Micros oft Internet Explorer/Edge. |
2018-08-13 22:07:02 |
360SafeBrowserget pass |
v0.1 | 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike 脚本以及解密小工具,用于节省红队工作量,通过下载浏览器 数据库、记录密钥来离线解密浏览器密码。 |
2021-04-04 02:43:30 |
HackBrowserData | v0.4.4 | Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。 |
2023-10-02 14:37:42 |
BrowserGhost | 1 | 这是一个抓取浏览器密码的工具,后续会添加更多功能 | 2020-06-29 08:16:52 |
hindsight | v2023.0 3 |
Web browser forensics for Google Chrome/Chromium | 2023-08-29 02:20:32 |
Catch-Browser | This is a crawler password tool | 2021-06-17 07:44:26 | |
SharpChromium | .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins. |
2020-10-23 22:28:05 | |
browser-dumpwd | Dump browser passwords(chrome, firefox) with sqlite3 lib. |
2016-05-30 09:40:06 | |
Pillager | AutoBui ld |
Pillager是一个适用于后渗透期间的信息收集工具 | 2024-01-09 12:52:34 |
chrome_password_g rabber |
Get unencrypted 'Saved Password' from Google Chrome | 2021-01-04 13:30:57 | |
SharpCookieMonste r |
Extracts cookies from Chrome. | 2023-03-15 09:51:02 |
微信取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SharpWxDump | 微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮 箱/数据库密钥(用来解密聊天记录));支持获取多用户信息, 不定期更新新版本偏移,目前支持所有新版本、正式版本 |
2023-07-23 05:05:26 | |
chatViewTool | BEAT | 基于Java实现的图形化微信聊天记录解密查看器 | 2022-06-16 08:47:41 |
Sharp-dumpkey | 1 | 基于C#实现的获取微信数据库密钥的小工具 | 2022-07-19 07:16:16 |
GoWxDump | v1.0.12 | SharpWxDump的Go语言版。微信客户端取证,获取信息(微信 号、手机号、昵称),微信聊天记录分析(Top N聊天的人、统 计聊天最频繁的好友排行、关键词列表搜索等) |
2023-06-15 03:49:16 |
PyWxDump | v2.4.16 | 获取微信账号信息(昵称/账号/手机/邮箱/数据库密钥/wxid );PC微信数据库读取、解密脚本;聊天记录查看工具;聊天 记录导出为html(包含语音图片)。支持多账户信息获取,支持 所有微信版本。 |
2024-01-13 10:10:42 |
WeChatUserDB | GetWeChat DBPassword&&UserInfo(获取PC数据库密码以及 相关微信用户信息支持多系统数据库解密) |
2022-07-24 07:31:29 | |
wechat-backup | v1.0.0 | 微信聊天记录持久化备份本地硬盘,释放手机存储空间。 | 2023-06-22 13:34:20 |
WeChatMsg | v1.0.3 | 提取微信聊天记录,将其导出成HTML、Word、CSV文档永久 保存,对聊天记录进行分析生成年度聊天报告 |
2024-01-13 17:21:19 |
向日葵取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Sunflower_get_Pas sword |
一款针对向日葵的识别码和验证码提取工具 | 2021-11-01 13:35:40 |
邮件取证
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
GetMail | 利用NTLM Hash读取Exchange邮件 | 2023-09-20 12:37:18 |
远程软件
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Xdecrypt | Xshell Xftp password decrypt | 2022-04-14 10:46:50 | |
SharpDPAPI | SharpDPAPI is a C# port of some Mimikatz DPAPI funct ionality. |
2023-04-21 18:58:40 | |
SharpDecryptPwd | Windows常用程序密码读取工具:SharpDecryptPwd | 2019-10-12 11:48:39 | |
SharpXDecrypt | v0.1.4 | Xshell全版本密码恢复工具 | 2023-06-08 09:27:22 |
SharpDBeaver | DBeaver数据库密码解密工具 | 2023-07-11 09:46:13 | |
FinalShell-Decode r |
V1.0 | FinallShell 密码解密GUI工具 | 2022-04-11 11:34:42 |
getIntrInfo | 收集内部网信息。包括:浏览器书签、密码和浏览历史记录 、cookie。Wifi信息和密码。主机信息。 |
2022-10-08 07:32:58 | |
SharpDecryptPwd | SharpDecryptPwd source, To Decrypt Navicat,Xmanager, Filezilla,Foxmail,WinSCP,etc |
2022-03-04 02:49:31 | |
SharpDecryptPwd | 对密码已保存在 Windwos 系统上的部分程序进行解析,包括 :Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产 品(Xshell,Xftp)。源码:https://github.com/RowTeam/Sha rpDecryptPwd |
2022-03-16 05:47:14 | |
TeamViewer | TeamView Get PassWord | 2021-10-16 07:35:53 | |
FinalShellDecodeP ass |
FinalShellDecodePass 加密解密 | 2021-12-01 20:22:05 | |
how-does-SecureCR T-encrypt-password |
Transferred from https://github.com/DoubleLabyrinth/ how-does-SecureCRT-encrypt-password |
2023-09-08 04:00:26 | |
navicat_password_ decrypt |
v2.0 | 忘记navicat密码时,此工具可以帮您查看密码 | 2022-10-19 03:38:21 |
how-does-navicat- encrypt-password |
Transferred from https://github.com/DoubleLabyrinth/ how-does-navicat-encrypt-password |
2022-10-12 03:30:12 | |
MobaXterm-Decrypt or |
MobaXterm Decryptor | 2020-12-19 23:47:26 | |
RDODecrypt | Remote Desktop Organizer 密码破解 | 2020-05-15 05:25:19 | |
how-does-MobaXter m-encrypt-password |
This repo offers a tool to reveal password encrypted by MobaXterm. |
2019-12-13 07:03:26 | |
how-does-Xmanager -encrypt-password |
This is a repo to tell you how Xmanager (XFtp, XShel l) encrypt password. Transferred from https://github. com/DoubleLabyrinth/how-does-Xmanager-encrypt-passwor d |
2019-12-11 12:57:18 | |
SessionGopher | SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access t ools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, an d Microsoft Remote Des |
2018-11-29 16:25:43 | |
winscppasswd | 1.0 | WinSCP Password Extractor/Decrypter/Revealer written in go language |
2017-01-19 00:56:15 |
主机账号
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
fakelogonscreen | 1.1 | Fake Windows logon screen to steal passwords | 2020-02-03 23:25:28 |
win-brute-logon | Crack any Microsoft Windows users password without a ny privilege (Guest account included) |
2022-12-27 12:06:40 | |
mimikatz | 2.2.0-2 0220919 |
A little tool to play with Windows security | 2022-09-19 21:24:53 |
goLazagne | Go library for credentials recovery | 2021-09-27 15:21:32 | |
RdpThief_tools | 窃取mstsc中的用户明文凭据 | 2021-04-23 06:25:35 | |
LaZagne | v2.4.5 | Credentials recovery project | 2023-11-13 16:46:59 |
信安
敏感词
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
DangerousSpamWord s |
🎶超轻量的中文敏感字、敏感词库,字典词典,超低 误识别率,另提供API调用 |
2019-04-26 12:16:20 | |
anti-AD | v4.3 | 致力于成为中文区命中率最高的广告过滤列表,实现精确的 广告屏蔽和隐私保护。anti-AD现已支持AdGuardHome,dnsmas q, Surge,Pi-Hole,smartdns等网络组件。完全兼容常见 的广告过滤工具所支持的各种广告过滤列表格式 |
2024-01-13 18:32:50 |
sensitive_words | 敏感词库整理 | 2016-02-29 12:23:21 |
应急
Web层面
webshell后门
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
http://www.shelldetector.com/ | |||
Webshell_finder | 网站木马检测 | 2014-11-12 13:59:25 | |
BackdoorMan | BackdoorMan is a toolkit that helps you find malicio us, hidden and suspicious PHP scripts and shells in a chosen destination. |
2016-12-09 15:41:13 | |
findWebshell | findWebshell是一款基于python开发的webshell检测工具。 | 2018-11-14 03:17:12 | |
kunwu | 0.1.0 | kunwu是新一代webshell检测引擎,使用了内置了模糊规则 、污点分析模拟执行、机器学习三种高效的检测策略 |
2023-05-30 03:10:23 |
webshell-find-too ls |
分析web访问日志以及web目录文件属性,用于根据查找可疑 后门文件的相关脚本。 |
2013-03-08 16:54:26 | |
as_scanwebshell | An AntSword's plugin to scan webshell | 2019-09-02 01:10:53 | |
https://www.shellpub.com/ | |||
java-memshell-sca nner |
通过jsp脚本扫描java web Filter/Servlet型内存马 | 2021-11-29 14:41:17 |
内存马查杀
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
shell-analyzer | 0.1 | Java内存马查杀GUI工具,实时动态分析,支持本地和远程 查杀 |
2023-06-03 16:53:13 |
arthas | arthas- all-3.7. 2 |
Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断 利器Arthas |
2024-01-02 07:54:00 |
DuckMemoryScan | 检测绝大部分所谓的内存免杀马 | 2022-09-15 06:43:55 | |
copagent | java memory web shell extracting tool | 2021-05-17 02:17:34 | |
aLIEz | 杀内存马的工具,欢迎code review,提出更好的意见 | 2021-03-30 07:51:28 | |
ASP.NET-Memshell- Scanner |
asp.net内存马检测工具 | 2023-08-22 08:10:22 |
网络层面
IP信息
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
china-operator-ip | 中国运营商IPv4/IPv6地址库-每日更新 | 2023-04-26 10:25:27 | |
GeoIP2-CN | 小巧精悍、准确、实用 GeoIP2 数据库 | 2022-04-06 09:37:15 |
威胁情报
IP分析
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
ARTIF | 1.0 | An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data. |
2022-06-10 13:23:52 |
tig | v0.5.4 | Threat Intelligence Gathering 威胁情报收集,旨在提高 蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。 |
2022-07-05 12:33:45 |
暗网监测
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
DarkNet_ChineseTr ading |
🚇暗网中文网监控爬虫(DEEPMIX) | 2022-10-11 02:18:16 |
钓鱼监测
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
phishing_catcher | Phishing catcher using Certstream | 2020-12-08 10:11:30 |
系统层面
DLL劫持
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
DLLSpy | V1 | DLL Hijacking Detection Tool | 2019-03-14 14:58:36 |
Linux应急工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
LinuxCheck | V2.3 | Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网 络流量/任务计划/环境变量/用户信息/Services/bash/恶意文 件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/ 服务器风险等13类70+项检查 |
2023-02-16 14:15:27 |
malwoverview | v5.4.2 | Malwoverview is a first response tool used for threa t hunting and offers intel information from Virus Tot al, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Al ien Vault, Malpedia, M |
2023-10-29 18:49:03 |
uroboros | A GNU/Linux monitoring and profiling tool focused on single processes. |
2021-11-14 17:42:51 | |
GScan | 本程序旨在为安全应急响应人员对Linux主机排查时提供便 利,实现主机侧Checklist的自动全面化检测,根据检测结果 自动数据聚合,进行黑客攻击路径溯源。 |
2019-12-30 10:42:24 | |
whohk | |||
Emergency/blob/ma ster/linux.sh |
|||
yingji | 应急相关内容积累 | 2023-10-13 08:04:07 | |
https://rkhunter.sourceforge.net/ |
Windows应急工具
windows日志分析
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
APT-Hunter | V3.0 | APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide det ect APT movements hidden in the sea of windows event logs to decrease the t |
2023-05-07 14:26:57 |
windodws-logs-ana lysis |
windows日志一键分析小工具 | 2020-12-02 02:11:58 | |
WELA | v1.0.0 | WELA (Windows Event Log Analyzer): The Swiss Army kn ife for Windows Event Logs! ゑ羅(ウェラ) |
2023-02-03 23:43:57 |
https://www.microsoft.com/en-us/download/details.aspx?id=24659 | |||
https://www.nirsoft.net/utils/full_event_log_view.html |
进程监控
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
https://processhacker.sourceforge.io/ |
内核小工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
YDArk | X64内核小工具 | 2023-01-10 09:45:53 |
其他
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
https://docs.microsoft.com/zh-cn/sysinternals/downloads/ |
信息采集
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
FireKylin | v1.4.0 | 🔥火麒麟-网络安全应急响应工具(系统痕迹采集)Cybersecu rity emergency response tool.👍👍👍 |
2021-12-19 17:28:06 |
sysmon-config | Sysmon configuration file template with default high -quality event tracing |
2021-10-17 01:19:08 | |
dfirtriage | Digital forensic acquisition tool for Windows based incident response. |
2021-10-29 17:21:14 | |
winlog | 一款基于go的windows信息收集工具,主要收集目标机器rdp 端口、mstsc远程连接记录、mstsc密码和安全事件中4624、46 25登录事件记录 |
2022-07-18 15:27:06 |
异常检测
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
RmTools | 蓝队应急工具 | 2023-12-25 11:08:51 |
综合
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
d-eyes | v1.1.0 | D-Eyes为M-SEC社区一款检测与响应工具 | 2023-11-08 08:09:48 |
勒索软件
解密工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Decryption-Tools | Decryption-Tools | 2019-06-17 16:08:05 |
相关资源
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Emergency-Respons e-Notes |
应急响应实战笔记,一个安全工程师的自我修养。 | 2021-09-02 01:16:35 |
综合
分析辅助
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BlueTeamTools | BlueTea mToolsV0 .92版本 |
蓝队分析研判工具箱,功能包括内存马反编译分析、各种代 码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解 密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端 口连接分析、各种编码/解码功能、蓝队分析常用网址、java 反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索 等。 |
2024-01-05 02:10:41 |
开发
Go
其他
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
go-pinyin | v0.20.0 | 汉字转拼音 | 2023-05-14 12:01:59 |
Python
其他
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
python-pinyin | v0.49.0 | 汉字转拼音(pypinyin) | 2023-09-09 03:46:39 |
python-small-exam ples |
告别枯燥,致力于打造 Python 实用小例子,更多Python良 心教程见 Python中文网 http://www.zglg.work |
2023-09-03 23:57:38 |
正则
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
common-regex | 🎃 常用正则表达式 - 收集一些在平时项目 开发中经常用到的正则表达式。 |
2019-03-04 04:15:20 |
未分类
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
pulumi | v3.94.1 | Pulumi - Infrastructure as Code in any programming l anguage. Build infrastructure intuitively on any clou d using familiar languages 🚀 |
2023-11-16 22:33:26 |
trufflehog | v3.62.1 | Find and verify credentials | 2023-11-16 21:59:53 |
dnSpy | v6.4.1 | Unofficial revival of the well known .NET debugger a nd assembly editor, dnSpy |
2023-11-16 21:31:26 |
druid | 1.2.20 | 阿里云计算平台DataWorks(https://help.aliyun.com/docu ment_detail/137663.html) 团队出品,为监控而生的数据库 连接池 |
2023-11-16 20:20:37 |
console | v0.41.0 | Simple UI for MinIO Object Storage 🧮 | 2023-11-16 19:34:04 |
notify | v0.41.0 | A dead simple Go library for sending notifications t o various messaging services. |
2023-11-16 19:32:15 |
code-server | v4.18.0 | VS Code in the browser | 2023-11-16 19:10:36 |
delve | v1.21.2 | Delve is a debugger for the Go programming language. | 2023-11-16 18:43:23 |
protections-artif acts |
Elastic Security detection content for Endpoint | 2023-11-16 18:17:07 | |
ruby | v3_2_2 | The Ruby Programming Language | 2023-11-16 18:00:08 |
jadx | v1.4.7 | Dex to Java decompiler | 2023-11-16 17:48:08 |
glpi | 10.0.10 | GLPI is a Free Asset and IT Management Software pack age, Data center management, ITIL Service Desk, licen ses tracking and software auditing. |
2023-11-16 16:24:02 |
gotestwaf | An open-source project in Golang to asess different API Security tools and WAF for detection logic and by passes |
2023-11-16 16:02:21 | |
yara | v4.3.2 | The pattern matching swiss knife | 2023-11-16 15:57:54 |
gin | v1.9.1 | Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better perfo rmance -- up to 40 times faster. If you need smashing performance, get your |
2023-11-16 15:46:43 |
etcd | v3.5.10 | Distributed reliable key-value store for the most cr itical data of a distributed system |
2023-11-16 15:44:47 |
spring-framework | v6.1.0 | Spring Framework | 2023-11-16 14:33:01 |
wekan | v7.18 | The Open Source kanban (built with Meteor). Keep var iable/table/field names camelCase. For translations, only add Pull Request changes to wekan/i18n/en.i18n.j son , other translatio |
2023-11-16 13:59:01 |
StratosphereLinux IPS |
v1.0.8 | Slips, a free software behavioral Python intrusion p revention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic . Stratosphere Laborat |
2023-11-16 12:28:29 |
nuclei-templates | v9.6.9 | Community curated list of templates for the nuclei e ngine to find security vulnerabilities. |
2023-11-16 12:05:59 |
pdns | PowerDNS Authoritative, PowerDNS Recursor, dnsdist | 2023-11-16 11:26:51 | |
compose | v2.23.1 | Define and run multi-container applications with Doc ker |
2023-11-16 11:25:13 |
AdGuardHome | v0.107. 41 |
Network-wide ads & trackers blocking DNS server | 2023-11-16 11:14:40 |
tabby | v1.0.20 4 |
A terminal for a more modern age | 2023-11-16 11:00:51 |
harbor | v2.9.1 | An open source trusted cloud native registry project that stores, signs, and scans content. |
2023-11-16 08:51:00 |
HikariCP | 光 HikariCP・A solid, high-performance, JDBC connect ion pool at last. |
2023-11-16 08:44:25 | |
scrapy | 2.11.0 | Scrapy, a fast high-level web crawling & scraping fr amework for Python. |
2023-11-16 08:35:43 |
falco | 0.36.2 | Cloud Native Runtime Security | 2023-11-16 08:26:19 |
suricata | suricat a-7.0.2 |
Suricata is a network Intrusion Detection System, In trusion Prevention System and Network Security Monito ring engine developed by the OISF and the Suricata co mmunity. |
2023-11-16 08:13:50 |
yakit | v1.2.7- sp4 |
Cyber Security ALL-IN-ONE Platform | 2023-11-16 07:55:32 |
pwndbg | 2023.07 .17 |
Exploit Development and Reverse Engineering with GDB Made Easy |
2023-11-16 07:40:32 |
aliyun-cli | v3.0.18 8 |
Alibaba Cloud CLI | 2023-11-16 07:09:36 |
Microsoft-Activat ion-Scripts |
2.5 | A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus o n open-source code and fewer antivirus detections. |
2023-11-16 07:04:37 |
commix | v3.8 | Automated All-in-One OS Command Injection Exploitati on Tool. |
2023-11-16 06:40:58 |
sharry | v1.12.1 | Sharry is a self-hosted file sharing web application . |
2023-11-16 06:14:02 |
APT_REPORT | Interesting APT Report Collection And Some Special I OC |
2023-11-16 06:04:55 | |
monkey | v2.3.0 | Infection Monkey - An open-source adversary emulatio n platform |
2023-11-16 05:29:30 |
zmap | v3.0.0 | ZMap is a fast single packet network scanner designe d for Internet-wide network surveys. |
2023-11-16 04:24:04 |
Nuitka | Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, and 3.11. You feed it your Pyth on app, it does a lot |
2023-11-16 03:41:37 | |
masscan | 1.3.2 | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |
2023-11-16 03:33:40 |
dfimage | Reverse-engineer a Dockerfile from a Docker image. | 2023-11-16 01:46:00 | |
theHarvester | 4.4.4 | E-mails, subdomains and names Harvester - OSINT | 2023-11-16 01:14:25 |
alt-tab-macos | v6.64.0 | Windows alt-tab on macOS | 2023-11-15 23:44:37 |
phpmyadmin | RELEASE _5_2_1 |
A web interface for MySQL and MariaDB | 2023-11-15 22:51:22 |
sdk-api | Public contributions for win32 API documentation | 2023-11-15 22:21:07 | |
static-analysis | ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config fil es, build tools, and more. The focus is on tools whic h improve code quality. |
2023-11-15 21:58:37 | |
terraform | v1.6.4 | Terraform enables you to safely and predictably crea te, change, and improve infrastructure. It is a sourc e-available tool that codifies APIs into declarative configuration files th |
2023-11-15 21:19:59 |
sslh | Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) |
2023-11-15 21:02:21 | |
btop | v1.2.13 | A monitor of resources | 2023-11-15 20:43:18 |
qrazybox | QR Code Analysis and Recovery Toolkit | 2023-11-15 20:03:14 | |
fish-shell | 3.6.1 | The user-friendly command line shell. | 2023-11-15 16:58:42 |
rich | v13.7.0 | Rich is a Python library for rich text and beautiful formatting in the terminal. |
2023-11-15 16:31:56 |
rundeck | v4.17.3 | Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts |
2023-11-15 15:55:28 |
pyscript | 2023.11 .1 |
Home Page: https://pyscript.net Examples: https://py script.net/examples |
2023-11-15 15:00:09 |
LogonTracer | v1.6.1 | Investigate malicious Windows logon by visualizing a nd analyzing Windows event log |
2023-11-15 13:07:29 |
QEMU | Official QEMU mirror. Please see https://www.qemu.or g/contribute/ for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarbal ls from the QEMU websi |
2023-11-15 13:05:25 | |
CotEditor | 4.6.5 | Lightweight Plain-Text Editor for macOS | 2023-11-15 12:57:46 |
cas | v6.6.13 | Apereo CAS - Identity & Single Sign On for all earth lings and beyond. |
2023-11-15 12:50:44 |
krbrelayx | Kerberos unconstrained delegation abuse toolkit | 2023-11-15 12:49:20 | |
aria2 | release -1.37.0 |
aria2 is a lightweight multi-protocol & multi-source , cross platform download utility operated in command -line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. |
2023-11-15 12:09:36 |
upx | v4.2.1 | UPX - the Ultimate Packer for eXecutables | 2023-11-15 12:06:29 |
CycleTLS | Spoof TLS/JA3 fingerprints in GO and Javascript | 2023-11-15 11:30:39 | |
PostgresApp | v2.6.8a | The easiest way to get started with PostgreSQL on th e Mac |
2023-11-15 08:52:12 |
nacos | 2.2.3 | an easy-to-use dynamic service discovery, configurat ion and service management platform for building clou d native applications. |
2023-11-15 08:21:51 |
photon | 5.0-GA | Minimal Linux container host | 2023-11-15 06:57:51 |
DongTai | v1.16.0 | Dongtai IAST is an open-source Interactive Applicati on Security Testing (IAST) tool that enables real-tim e detection of common vulnerabilities in Java applica tions and third-party |
2023-11-15 06:17:52 |
pwcrack-framework | 1.21.0 | Password Crack Framework | 2023-11-15 04:50:30 |
wabt | 1.0.34 | The WebAssembly Binary Toolkit | 2023-11-15 01:25:41 |
garble | v0.10.1 | Obfuscate Go builds | 2023-11-15 00:28:56 |
onedrive_user_enu m |
onedrive user enumeration - pentest tool to enumerat e valid o365 users |
2023-11-14 23:35:15 | |
tmux | 3.3a | tmux source code | 2023-11-14 22:01:09 |
sslscan | 2.1.2 | sslscan tests SSL/TLS enabled services to discover s upported cipher suites |
2023-11-14 21:33:19 |
nmap | Nmap - the Network Mapper. Github mirror of official SVN repository. |
2023-11-14 19:04:27 | |
CSS-Exchange | v23.11. 14.1759 |
Exchange Server support tools and scripts | 2023-11-14 17:53:42 |
TREVORspray | TREVORspray is a modular password sprayer with threa ding, clever proxying, loot modules, and more! |
2023-11-14 16:30:50 | |
broot | v1.28.1 | A new way to see and navigate directory trees : http s://dystroy.org/broot |
2023-11-14 15:52:22 |
dnscrypt-proxy-co nfig |
2023-11-14 15:00:17 | ||
mitmproxy | 10.1.5 | An interactive TLS-capable intercepting HTTP proxy f or penetration testers and software developers. |
2023-11-14 12:54:48 |
goreleaser | v1.22.1 | Deliver Go binaries as fast and easily as possible | 2023-11-14 10:15:57 |
f8x | 1.6.2 | 红/蓝队环境自动化部署工具 | Red/Blue team environmen t automation deployment tool |
signature-base | v2.0 | YARA signature and IOC database for my scanners and tools |
2023-11-14 09:08:23 |
usql | v0.16.0 | Universal command-line interface for SQL databases | 2023-11-14 09:03:06 |
csprecon | v0.0.8 | Discover new target domains using Content Security P olicy |
2023-11-14 08:11:20 |
yq | v4.35.2 | yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor |
2023-11-14 03:39:37 |
gmssl | v3.2.2 | a python crypto for sm2/sm3/sm4 | 2023-11-14 02:32:43 |
python-codext | Python codecs extension featuring CLI tools for enco ding/decoding anything |
2023-11-13 23:14:41 | |
mapcidr | v1.1.15 | Utility program to perform multiple operations for a given subnet/CIDR ranges. |
2023-11-13 22:10:11 |
miniforge | 23.3.1- 1 |
A conda-forge distribution. | 2023-11-13 21:58:48 |
celery | v5.3.5 | Distributed Task Queue (development branch) | 2023-11-13 19:36:52 |
Mythic | v3.1.0 | A collaborative, multi-platform, red teaming framewo rk |
2023-11-13 15:57:18 |
MQTTX | v1.9.6 | A Powerful and All-in-One MQTT 5.0 client toolbox fo r Desktop, CLI and WebSocket. |
2023-11-13 09:10:52 |
httpx | v1.3.7 | httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehtt p library. |
2023-11-13 07:19:42 |
coreruleset | v3.3.5 | OWASP ModSecurity Core Rule Set (Official Repository ) |
2023-11-12 19:40:03 |
MoreFind | v1.5.5 | 一款用于快速导出URL、Domain和IP的小工具 | 2023-11-12 18:20:49 |
easy-rsa | v3.1.7 | easy-rsa - Simple shell based CA utility | 2023-11-12 18:20:43 |
PayloadsAllTheThi ngs |
3.0 | A list of useful payloads and bypass for Web Applica tion Security and Pentest/CTF |
2023-11-12 17:21:16 |
ezXSS | 4.1 | ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |
2023-11-12 14:56:06 |
fzf | 0.44.0 | 🌸 A command-line fuzzy finder | 2023-11-12 13:08:08 |
DSInternals | v4.12 | Directory Services Internals (DSInternals) PowerShe ll Module and Framework |
2023-11-12 08:32:49 |
gmpy | gmpy2-2 .1.5 |
General Multi-Precision arithmetic for Python 2.6+/3 + (GMP, MPIR, MPFR, MPC) |
2023-11-12 05:03:47 |
gopsutil | v3.23.1 0 |
psutil for golang | 2023-11-12 01:37:03 |
ttyd | 1.7.4 | Share your terminal over the web | 2023-11-12 00:23:53 |
dnsx | v1.1.6 | dnsx is a fast and multi-purpose DNS toolkit allow t o run multiple DNS queries of your choice with a list of user-supplied resolvers. |
2023-11-11 17:05:27 |
werkzeug | 3.0.1 | The comprehensive WSGI web application library. | 2023-11-11 16:37:37 |
glances | v3.4.0. 2 |
Glances an Eye on your system. A top/htop alternativ e for GNU/Linux, BSD, Mac OS and Windows operating sy stems. |
2023-11-11 09:21:47 |
openrasp | v1.3.7 | 🔥Open source RASP solution | 2023-11-11 00:01:21 |
stratus-red-team | v2.10.0 | ☁️ ⚡ Granular, Actionable Adversary Emulati on for the Cloud |
2023-11-10 21:51:13 |
jd | v1.7.1 | JSON diff and patch | 2023-11-10 19:29:37 |
wesng | Windows Exploit Suggester - Next Generation | 2023-11-10 18:52:14 | |
bandit | 1.7.5 | Bandit is a tool designed to find common security is sues in Python code. |
2023-11-10 18:12:39 |
ProcDump-for-Linu x |
2.2 | A Linux version of the ProcDump Sysinternals tool | 2023-11-10 16:54:32 |
ioc | Threat Intel IoCs + bits and pieces of dark matter | 2023-11-10 14:00:23 | |
apollo | v2.1.0 | Apollo is a reliable configuration management system suitable for microservice configuration management s cenarios. |
2023-11-10 13:14:27 |
bat | v0.24.0 | A cat(1) clone with wings. | 2023-11-10 08:00:28 |
trash-cli | Command line interface to the freedesktop.org trashc an. |
2023-11-10 07:15:04 | |
psutil | Cross-platform lib for process and system monitoring in Python |
2023-11-09 22:34:11 | |
croc | v9.6.6 | Easily and securely send things from one computer to another 🐊 📦 |
2023-11-09 14:56:42 |
asnmap | v1.0.6 | Go CLI and Library for quickly mapping organization network ranges using ASN information. |
2023-11-09 14:06:58 |
FiraCode | 6.2 | Free monospaced font with programming ligatures | 2023-11-09 13:41:46 |
list | The Public Suffix List | 2023-11-09 00:09:38 | |
alive-progress | A new kind of Progress Bar, with real-time throughpu t, ETA, and very cool animations! |
2023-11-08 23:23:17 | |
shellcheck | v0.9.0 | ShellCheck, a static analysis tool for shell scripts | 2023-11-08 21:06:26 |
fyne | v2.4.1 | Cross platform GUI toolkit in Go inspired by Materia l Design |
2023-11-08 17:44:21 |
filebrowser | v2.26.0 | 📂 Web File Browser | 2023-11-08 16:59:46 |
Damn-Vulnerable-G raphQL-Application |
2.1.2 | Damn Vulnerable GraphQL Application is an intentiona lly vulnerable implementation of Facebook's GraphQL t echnology, to learn and practice GraphQL Security. |
2023-11-08 16:57:20 |
git-lfs | v3.4.0 | Git extension for versioning large files | 2023-11-08 13:37:49 |
openvpn-install | OpenVPN road warrior installer for Ubuntu, Debian, A lmaLinux, Rocky Linux, CentOS and Fedora |
2023-11-08 11:40:11 | |
naxsi | 1.3 | NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX |
2023-11-08 09:27:13 |
oss-browser | v1.17.0 | OSS Browser 提供类似windows资源管理器功能。用户可以 很方便的浏览文件,上传下载文件,支持断点续传等。 |
2023-11-08 07:00:36 |
LOLBAS | Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts) |
2023-11-08 01:55:24 | |
fd | v8.7.1 | A simple, fast and user-friendly alternative to 'fin d' |
2023-11-07 18:29:50 |
node-red | 3.1.0 | Low-code programming for event-driven applications | 2023-11-07 17:46:33 |
soapui | v5.7.2 | SoapUI is a free and open source cross-platform func tional testing solution for APIs and web services. |
2023-11-07 15:40:26 |
ModSecurity | v3.0.10 | ModSecurity is an open source, cross platform web ap plication firewall (WAF) engine for Apache, IIS and N ginx that is developed by Trustwave's SpiderLabs. It has a robust event-bas |
2023-11-07 13:15:52 |
pdfparser | v2.7.0 | PdfParser, a standalone PHP library, provides variou s tools to extract data from a PDF file. |
2023-11-07 07:03:52 |
ILSpy | v8.2 | .NET Decompiler with support for PDB generation, Rea dyToRun, Metadata (&more) - cross-platform! |
2023-11-07 06:13:46 |
color | v1.5.4 | 🎨 Terminal color rendering library, support 8/16 co lors, 256 colors, RGB color rendering output, support Print/Sprintf methods, compatible with Windows. GO C LI 控制台颜色渲染工具库,支持16色,256 |
2023-11-07 02:14:07 |
csvtk | v0.28.0 | A cross-platform, efficient and practical CSV/TSV to olkit in Golang |
2023-11-06 22:27:01 |
interactsh | v1.1.7 | An OOB interaction gathering server and client libra ry |
2023-11-06 17:34:10 |
fingerprintx | v1.1.11 | Standalone utility for service discovery on open por ts! |
2023-11-06 16:26:44 |
emp3r0r | v1.32.2 | Linux/Windows post-exploitation framework made by li nux user |
2023-11-06 09:36:07 |
color | v1.16.0 | Color package for Go (golang) | 2023-11-06 08:25:55 |
merlin | v2.0.0 | Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. |
2023-11-05 22:39:25 |
spiderfoot | v4.0 | SpiderFoot automates OSINT for threat intelligence a nd mapping your attack surface. |
2023-11-05 18:36:23 |
lsassy | v3.1.9 | Extract credentials from lsass remotely | 2023-11-05 17:10:09 |
weird_proxies | Reverse proxies cheatsheet | 2023-11-04 18:48:02 | |
Windows11_Hardeni ng |
a collection about Windows 11 | 2023-11-04 17:33:59 | |
KaTeX | v0.16.9 | Fast math typesetting for the web. | 2023-11-04 15:23:09 |
Rubeus | 1.6.4 | Trying to tame the three-headed dog. | 2023-11-03 21:48:34 |
merlin-agent | v2.0.0 | Post-exploitation agent for Merlin | 2023-11-03 12:45:07 |
telebot | v3.1.0 | Telebot is a Telegram bot framework in Go. | 2023-11-02 23:26:19 |
gau | v2.2.1 | Fetch known URLs from AlienVault's Open Threat Excha nge, the Wayback Machine, and Common Crawl. |
2023-11-02 13:09:27 |
dnstwist | 2023091 8 |
Domain name permutation engine for detecting homogra ph phishing attacks, typo squatting, and brand impers onation |
2023-11-01 20:24:15 |
smbmap | v1.9.3. 1 |
SMBMap is a handy SMB enumeration tool | 2023-11-01 17:54:39 |
linux-kernel-expl oitation |
A collection of links related to Linux kernel securi ty and exploitation |
2023-11-01 15:39:59 | |
ctf-wiki | Come and join us, we need you! | 2023-11-01 07:14:55 | |
magic-wormhole | get things from one computer to another, safely | 2023-10-31 22:19:31 | |
focalboard | v7.11.3 | Focalboard is an open source, self-hosted alternativ e to Trello, Notion, and Asana. |
2023-10-31 13:53:44 |
PetitPotam | PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or oth er functions. |
2023-10-31 12:00:54 | |
shuji | Reverse engineering JavaScript and CSS sources from sourcemaps |
2023-10-31 07:32:16 | |
firmadyne | Platform for emulation and dynamic analysis of Linux -based firmware |
2023-10-31 07:28:28 | |
scan4all | 2.8.7 | Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( |
2023-10-31 03:28:27 |
retoolkit | 2023.10 | Reverse Engineer's Toolkit | 2023-10-31 03:08:12 |
slopShell | the only php webshell you need. | 2023-10-31 00:08:33 | |
SCFProxy | v0.2.1 | A proxy tool based on cloud function. | 2023-10-30 15:59:25 |
al-khaser | Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection. |
2023-10-30 09:35:17 | |
aliyun-oss-python -sdk |
2.18.3 | Aliyun OSS SDK for Python | 2023-10-30 06:18:02 |
Sentinel | 1.8.6 | A powerful flow control component enabling reliabili ty, resilience and monitoring for microservices. (面 向云原生微服务的高可用流控防护组件) |
2023-10-30 04:07:33 |
fucking-algorithm | plugin | 刷算法全靠套路,认准 labuladong 就够了!English vers ion supported! Crack LeetCode, not only how, but also why. |
2023-10-30 02:44:26 |
ICS-Security-Tool s |
Tools, tips, tricks, and more for exploring ICS Secu rity. |
2023-10-29 16:21:52 | |
Yara-rules | Collection of private Yara rules. | 2023-10-29 15:31:37 | |
open-vm-tools | stable- 12.3.5 |
Official repository of VMware open-vm-tools project | 2023-10-27 13:34:22 |
GmSSL | v3.1.1- pr1 |
支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱 | 2023-10-27 08:24:29 |
lazydocker | v0.23.1 | The lazier way to manage everything docker | 2023-10-27 04:41:39 |
pacu | v1.4.2 | The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. |
2023-10-26 22:02:58 |
scanning | 2023-10-26 17:52:00 | ||
awesome-yara | A curated list of awesome YARA rules, tools, and peo ple. |
2023-10-26 12:57:01 | |
dontgo403 | 0.9.4 | Tool to bypass 40X response codes. | 2023-10-26 11:04:06 |
showdoc | v3.2.2 | ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API 文档、技术文档工具 |
2023-10-26 04:07:52 |
docker_practice | v1.3.0 | Learn and understand Docker&Container technologies, with real DevOps practice! |
2023-10-25 21:40:38 |
PrivescCheck | Privilege Escalation Enumeration Script for Windows | 2023-10-24 20:25:39 | |
HijackLibs | Project for tracking publicly disclosed DLL Hijackin g opportunities. |
2023-10-24 16:42:27 | |
js-md5 | A simple MD5 hash function for JavaScript supports U TF-8 encoding. |
2023-10-24 12:14:56 | |
server | v0.14.1 | Hashtopolis - A Hashcat wrapper for distributed pass word recovery |
2023-10-23 16:26:36 |
hackerone-reports | Top disclosed reports from HackerOne | 2023-10-23 16:19:01 | |
FirmAE | v1.0 | Towards Large-Scale Emulation of IoT Firmware for Dy namic Analysis |
2023-10-22 12:24:47 |
websocat | v1.12.0 | Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions |
2023-10-22 01:13:02 |
ja3 | JA3 is a standard for creating SSL client fingerprin ts in an easy to produce and shareable way. |
2023-10-20 20:55:26 | |
uncover | v1.0.7 | Quickly discover exposed hosts on the internet using multiple search engines. |
2023-10-20 12:15:10 |
S3Scanner | v3.0.4 | Scan for misconfigured S3 buckets across S3-compatib le APIs! |
2023-10-19 22:58:22 |
Nessus_Map | Parse .nessus file(s) and shows output in interactiv e UI |
2023-10-19 03:13:54 | |
fail2ban | 1.0.2 | Daemon to ban hosts that cause multiple authenticati on errors |
2023-10-18 14:06:56 |
SUDO_KILLER | A tool designed to exploit a privilege escalation vu lnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain |
2023-10-18 12:47:57 | |
rdpwrap | RDP Wrapper Library | 2023-10-18 08:29:53 | |
source-code-pro | 2.042R- u/1.062R -i/1.026 R-vf |
Monospaced font family for user interface and coding environments |
2023-10-18 07:15:40 |
cloudflair | 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys. |
2023-10-18 06:53:04 | |
how-to-exit-vim | Below are some simple methods for exiting vim. | 2023-10-18 03:31:37 | |
can-utils | v2023.0 3 |
Linux-CAN / SocketCAN user space applications | 2023-10-17 08:13:34 |
Empire | v5.7.3 | Empire is a post-exploitation and adversary emulatio n framework that is used to aid Red Teams and Penetra tion Testers. |
2023-10-17 04:09:19 |
Starkiller | v2.6.1 | Starkiller is a Frontend for PowerShell Empire. | 2023-10-17 02:45:51 |
CaptfEncoder | 3.1.2 | Captfencoder is opensource a rapid cross platform ne twork security tool suite, providing network security related code conversion, classical cryptography, cry ptography, asymmetric |
2023-10-16 02:58:20 |
ip2region | Ip2region (2.0 - xdb) is a offline IP address manage r framework and locator, support billions of data seg ments, ten microsecond searching performance. xdb eng ine implementation for |
2023-10-13 03:07:45 | |
Havoc | The Havoc Framework. | 2023-10-12 14:28:53 | |
requests | v1.1.19 | 用于快速请求HTTP或HTTPS,并支持修改ja3指纹 | 2023-10-12 09:07:09 |
singularity | A DNS rebinding attack framework. | 2023-10-11 23:40:53 | |
gobuster | v3.6.0 | Directory/File, DNS and VHost busting tool written i n Go |
2023-10-11 22:56:58 |
pics | File formats explanations, logos redrawing... | 2023-10-11 08:30:46 | |
cuc-ns | 网络安全课本 | 2023-10-11 03:06:30 | |
danted | Fast script for installing & configing Danted--Socks 5 Proxy Server. |
2023-10-09 14:32:55 | |
yari | YARI is an interactive debugger for YARA Language. | 2023-10-09 08:47:12 | |
patator | Patator is a multi-purpose brute-forcer, with a modu lar design and a flexible usage. |
2023-10-09 06:15:50 | |
libesedb | Library and tools to access the Extensible Storage E ngine (ESE) Database File (EDB) format. |
2023-10-08 06:30:30 | |
massdns | v1.0.0 | A high-performance DNS stub resolver for bulk lookup s and reconnaissance (subdomain enumeration) |
2023-10-07 19:08:36 |
lynis | 3.0.9 | Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentl ess, and installation |
2023-10-07 09:35:09 |
git-vuln-finder | v1.4 | Finding potential software vulnerabilities from git commit messages |
2023-10-07 06:38:52 |
CMWTAT_Digital_Ed ition |
2.7.1.0 | CloudMoe Windows 10/11 Activation Toolkit get digita l license, the best open source Win 10/11 activator i n GitHub. GitHub 上最棒的开源 Win10/Win11 数字权利( 数字许可证)激活工具! |
2023-10-07 03:06:07 |
supervisor | Supervisor process control system for Unix (supervis ord) |
2023-10-06 16:36:49 | |
HOUDINI | v0.2.9 | Hundreds of Offensive and Useful Docker Images for N etwork Intrusion. The name says it all. |
2023-10-06 09:35:02 |
pypykatz | 0.6.9 | Mimikatz implementation in pure Python | 2023-10-05 20:39:21 |
jdupes | v1.27.3 | A powerful duplicate file finder and an enhanced for k of 'fdupes'. |
2023-10-05 17:21:42 |
HexRaysCodeXplore r |
2.1 | Hex-Rays Decompiler plugin for better code navigatio n |
2023-10-04 01:13:16 |
nali | v0.8.0 | An offline tool for querying IP geographic informati on and CDN provider. 一个查询IP地理信息和CDN服务提供 商的离线终端工具. |
2023-10-02 23:02:01 |
PPLGuard | 2023-10-02 16:05:07 | ||
webapp-wordlists | This repository contains wordlists for each versions of common web applications and content management sy stems (CMS). Each version contains a wordlist of all the files directories |
2023-10-01 18:29:07 | |
Beta | Beta versions of my software | 2023-10-01 15:03:46 | |
dsq | v0.23.0 | Commandline tool for running SQL queries against JSO N, CSV, Excel, Parquet, and more. |
2023-09-30 14:49:58 |
forbidden | v10.2 | Bypass 4xx HTTP response status codes and more. Base d on PycURL and Python Requests. |
2023-09-28 21:21:22 |
all-about-apikey | Detailed information about API key / OAuth token (De scription, Request, Response, Regex, Example) |
2023-09-26 23:32:59 | |
bkcrack | v1.5.0 | Crack legacy zip encryption with Biham and Kocher's known plaintext attack. |
2023-09-25 18:30:31 |
bash-tutorial | Bash 教程 | 2023-09-25 16:01:30 | |
can-i-take-over-x yz |
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records. |
2023-09-25 15:23:39 | |
wait-for | v2.2.4 | ./wait-for is a script to wait for another service t o become available. |
2023-09-25 14:03:10 |
gjson | Get JSON values quickly - JSON parser for Go | 2023-09-22 17:13:56 | |
duf | v0.8.1 | Disk Usage/Free Utility - a better 'df' alternative | 2023-09-20 15:46:50 |
Diamorphine | LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64) |
2023-09-20 10:56:06 | |
RedGuard | 23.08.2 1 |
RedGuard is a C2 front flow control tool,Can avoid B lue Teams,AVs,EDRs check. |
2023-09-19 11:06:40 |
webshell | v-2021- 01-05 |
This is a webshell open source project | 2023-09-19 06:44:03 |
pingcastle | 3.1.0.1 | PingCastle - Get Active Directory Security at 80% in 20% of the time |
2023-09-18 17:29:47 |
curl-impersonate | v0.6.0- alpha.1 |
curl-impersonate: A special build of curl that can i mpersonate Chrome & Firefox |
2023-09-18 10:03:54 |
Halfrost-Field | ✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地 | 2023-09-17 02:59:00 | |
awesome-incident- response |
A curated list of tools for incident response | 2023-09-15 17:05:39 | |
gophish | v0.12.1 | Open-Source Phishing Toolkit | 2023-09-15 14:45:30 |
api-firewall | v0.6.13 | Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs. |
2023-09-15 11:36:18 |
katana | v1.0.4 | A next-generation crawling and spidering framework. | 2023-09-14 17:20:42 |
SavvyCAN | V213 | QT based cross platform canbus tool | 2023-09-14 00:55:19 |
Administrative-di visions-of-China |
2.7.0 | 中华人民共和国行政区划:省级(省份)、 地级(城市) 、 县级(区县)、 乡级(乡镇街道)、 村级(村委会居委 会) ,中国省市区镇村二级三级四级五级联动地址数据。 |
2023-09-13 01:32:27 |
yongyou_nc_poc | 2023-09-13 00:51:30 | ||
DVSA | a Damn Vulnerable Serverless Application | 2023-09-12 11:04:54 | |
Responder | Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authenticatio n server supporting NTLMv1/NTLMv2/LMv2, Extended Secu rity NTLMSSP and Basic |
2023-09-11 10:12:28 | |
WinPmem | v4.0.rc 1 |
The multi-platform memory acquisition tool. | 2023-09-10 14:13:36 |
shodan | v1.0.7 | yet another Shodan.io client | 2023-09-07 22:30:39 |
nodejsscan | v4.8 | nodejsscan is a static security code scanner for Nod e.js applications. |
2023-09-07 16:03:22 |
exa | v0.10.1 | A modern replacement for ‘ls’. | 2023-09-05 23:14:36 |
Archive2 | 1.3.4 | 2023-09-05 08:27:13 | |
iprange | v1.0.2 | 计算ip范围,支持 cidr,ip-range 格式的输入 | 2023-09-05 08:19:16 |
awesome-adb | ADB Usage Complete / ADB 用法大全 | 2023-09-04 02:23:55 | |
IIS-ShortName-Sca nner |
latest version of scanners for IIS short filename (8 .3) disclosure vulnerability |
2023-09-03 17:49:43 | |
CrackMapExec | v5.4.0 | A swiss army knife for pentesting networks | 2023-09-03 17:16:55 |
sast-scan | v2.1.1 | Scan is a free & Open Source DevSecOps tool for perf orming static analysis based security testing of your applications and its dependencies. CI and Git friend ly. |
2023-09-01 12:48:14 |
JsRpc | v1.02 | 远程调用(rpc)浏览器方法,免去抠代码补环境 | 2023-08-30 03:41:34 |
crc32 | v0.1 | CRC32 tools: reverse, undo/rewind, and calculate has hes |
2023-08-29 00:01:20 |
fav-up | v0.2 | IP lookup by favicon using Shodan | 2023-08-28 09:11:31 |
SigFlip | SigFlip is a tool for patching authenticode signed P E files (exe, dll, sys ..etc) without invalidating or breaking the existing signature. |
2023-08-27 18:27:50 | |
spectre-meltdown- checker |
v0.46 | Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Fores hadow, Spectre, Meltdown vulnerability/mitigation che cker for Linux & BSD |
2023-08-25 16:50:53 |
KCon | KCon is a famous Hacker Con powered by Knownsec Team . |
2023-08-23 07:19:16 | |
Tentacle | Tentacle is a POC vulnerability verification and exp loit framework. It supports free extension of exploit s and uses POC scripts. It supports calls to zoomeye, fofa, shodan and othe |
2023-08-22 03:37:35 | |
dwarf2json | convert ELF/DWARF symbol and type information into v ol3's intermediate JSON |
2023-08-21 17:02:12 | |
awesome-honeypots | an awesome list of honeypot resources | 2023-08-21 14:07:56 | |
jaeles | beta-v0 .17.1 |
The Swiss Army knife for automated Web Application T esting |
2023-08-21 06:43:36 |
btrace | v2.2.4 | BTrace - a safe, dynamic tracing tool for the Java p latform |
2023-08-20 18:19:03 |
Freeze | v1.3 | Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternativ e execution methods |
2023-08-18 17:25:06 |
poc | Proof of Concepts | 2023-08-17 18:48:20 | |
one_gadget | v1.8.1 | The best tool for finding one gadget RCE in libc.so. 6 |
2023-08-16 15:02:26 |
tabby | v1.2.0- 3 |
A CAT called tabby ( Code Analysis Tool ) | 2023-08-16 14:28:56 |
deepce | Docker Enumeration, Escalation of Privileges and Con tainer Escapes (DEEPCE) |
2023-08-16 13:39:33 | |
SecLists | 2023.2 | SecLists is the security tester's companion. It's a collection of multiple types of lists used during sec urity assessments, collected in one place. List types include usernames, pa |
2023-08-15 21:48:36 |
dirhunt | v0.9.0 | Find web directories without bruteforce | 2023-08-14 15:52:22 |
proxify | v0.0.12 | A versatile and portable proxy for capturing, manipu lating, and replaying HTTP/HTTPS traffic on the go. |
2023-08-12 20:23:29 |
RustScan | 2.1.1 | 🤖 The Modern Port Scanner 🤖 | 2023-08-12 07:30:30 |
merlin | Cross-platform post-exploitation HTTP Command & Cont rol agent written in golang |
2023-08-11 14:58:39 | |
tqdm | v4.66.1 | ⚡ A Fast, Extensible Progress Bar for Python and CLI |
2023-08-10 10:52:15 |
teler | v2.0.0- dev.3 |
Real-time HTTP Intrusion Detection | 2023-08-09 23:02:55 |
OpenRedireX | A fuzzer for detecting open redirect vulnerabilities | 2023-08-09 09:00:53 | |
CrossC2 | v3.2 | generate CobaltStrike's cross-platform payload | 2023-08-08 19:56:08 |
qiling | 1.4.6 | A True Instrumentable Binary Emulation Framework | 2023-08-04 02:53:21 |
msdat | MSDAT: Microsoft SQL Database Attacking Tool | 2023-08-01 10:53:53 | |
Windows-AD-enviro nment-related |
This Repository contains the stuff related to window s Active directory environment exploitation |
2023-07-31 14:15:28 | |
fierce | A DNS reconnaissance tool for locating non-contiguou s IP space. |
2023-07-31 13:50:46 | |
awesome-vehicle-s ecurity |
🚗 A curated list of resources for learning about ve hicle security and car hacking. |
2023-07-30 05:05:39 | |
vlmcsd | svn1113 | KMS Emulator in C (currently runs on Linux including Android, FreeBSD, Solaris, Minix, Mac OS, iOS, Windo ws with or without Cygwin) |
2023-07-28 09:56:01 |
BountyHunterInChi na |
重生之我是赏金猎人系列,分享自己和团队在SRC、项目实 战漏洞测试过程中的有趣案例 |
2023-07-27 02:19:54 | |
simplehttpserver | v0.0.6 | Go alternative of python SimpleHTTPServer | 2023-07-26 00:22:35 |
bettercap | v2.32.0 | The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks. |
2023-07-25 12:35:25 |
awesome-oscp | A curated list of awesome OSCP resources | 2023-07-24 20:25:36 | |
sourcemapper | Extract JavaScript source trees from Sourcemap files | 2023-07-24 04:11:34 | |
s3tk | A security toolkit for Amazon S3 | 2023-07-24 03:13:02 | |
CVE-2020-1472 | Test tool for CVE-2020-1472 | 2023-07-20 10:51:11 | |
mquery | v1.4.0 | YARA malware query accelerator (web frontend) | 2023-07-17 12:09:43 |
knock | 5.4.0 | Knock Subdomain Scan | 2023-07-17 10:11:06 |
zsteg | detect stegano-hidden data in PNG & BMP | 2023-07-16 12:28:20 | |
PSGumshoe | v2.0 | 2023-07-14 15:19:01 | |
PRET | Printer Exploitation Toolkit - The tool that made du mpster diving obsolete. |
2023-07-13 09:51:16 | |
dive | v0.11.0 | A tool for exploring each layer in a docker image | 2023-07-10 20:44:51 |
clairvoyance | v2.5.3 | Obtain GraphQL API schema even if the introspection is disabled |
2023-07-10 18:38:47 |
Linux_LPE_eBPF_CV E-2021-3490 |
2023-07-10 16:41:49 | ||
SIGRed_RCE_PoC | 2023-07-10 16:18:54 | ||
MX1014 | v2.4.0 | MX1014 is a flexible, lightweight and fast port scan ner. |
2023-07-09 09:52:40 |
cloud-service-enu m |
2023-07-07 09:00:10 | ||
cve-2020-0688 | cve-2020-0688 | 2023-07-04 05:16:00 | |
stegoVeritas | Yet another Stego Tool | 2023-07-03 23:13:42 | |
thc-ipv6 | v3.8 | IPv6 attack toolkit | 2023-07-02 10:53:17 |
Penetration-Testi ng-Tools |
A collection of more than 170+ tools, scripts, cheat sheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purpos es. |
2023-06-27 19:16:45 | |
wisper | A micro library providing Ruby objects with Publish- Subscribe capabilities |
2023-06-27 09:11:59 | |
PowerUpSQL | PowerUpSQL: A PowerShell Toolkit for Attacking SQL S erver |
2023-06-27 02:42:35 | |
ctf-tools | Some setup scripts for security research tools. | 2023-06-25 08:18:33 | |
basecrack | v4.0 | Decode All Bases - Base Scheme Decoder | 2023-06-21 08:52:12 |
Violation_Pnetest | 渗透红线Checklist | 2023-06-20 11:20:12 | |
weevely3 | v4.0.1 | Weaponized web shell | 2023-06-18 07:48:20 |
awesome-industria l-control-system-s ecurity |
A curated list of resources related to Industrial Co ntrol System (ICS) security. |
2023-06-13 11:11:02 | |
windows_exploit_d owser |
A simple tool which could be useful to identify the exploits afflicting a Windows OS |
2023-06-10 17:59:45 | |
jenv | 0.5.6 | Manage your Java environment | 2023-06-09 16:15:39 |
etl2pcapng | v1.11.0 | Utility that converts an .etl file containing a Wind ows network packet capture into .pcapng format. |
2023-06-08 23:53:46 |
CVE-2021-21972 | CVE-2021-21972 Exploit | 2023-06-08 04:01:32 | |
kernel-exploit-fa ctory |
Linux kernel CVE exploit analysis report and relativ e debug environment. You don't need to compile Linux kernel and configure your environment anymore. |
2023-06-08 00:45:52 | |
Motrix | v1.8.19 | A full-featured download manager. | 2023-06-07 11:19:59 |
java-sec-code | v2.0.0 | Java web common vulnerabilities and security code wh ich is base on springboot and spring security |
2023-06-07 02:13:58 |
DS_Store_crawler_ parser |
a parser + crawler for .DS_Store files exposed publi cally |
2023-06-06 18:09:05 | |
wafw00f | v2.2.0 | WAFW00F allows one to identify and fingerprint Web A pplication Firewall (WAF) products protecting a websi te. |
2023-06-04 13:46:55 |
shc | 4.0.3 | Shell script compiler | 2023-06-02 08:41:25 |
safety | 2.3.5 | Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected. |
2023-05-29 16:30:35 |
hassh | HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH i mplementations. The fingerprints can be easily stored , searched and shared |
2023-05-25 19:10:33 | |
ntlmv1-multi | NTLMv1 Multitool | 2023-05-25 16:48:31 | |
poc-graphql | 1.0.0 | Research on GraphQL from an AppSec point of view. | 2023-05-24 00:09:39 |
OffensiveNotion | v1.5.0 | Notion as a platform for offensive operations | 2023-05-21 13:23:44 |
proxychains-ng | v4.16 | proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http prox ies. continuation of t |
2023-05-20 15:27:22 |
dnsFookup | DNS rebinding toolkit | 2023-05-19 09:27:46 | |
APIKit | v1.5.1 | APIKit:Discovery, Scan and Audit APIs Toolkit All I n One. |
2023-05-19 03:55:41 |
shadow-tls | v0.2.23 | A proxy to expose real tls handshake to the firewall | 2023-05-18 12:55:36 |
javaboy-code-samp les |
公众号【江南一点雨】文章案例汇总,技术文章请戳这里-- ---> |
2023-05-14 14:01:53 | |
espanso | v2.1.8 | Cross-platform Text Expander written in Rust | 2023-05-09 18:53:48 |
chainoffools | A PoC for CVE-2020-0601 | 2023-05-09 14:27:30 | |
xortool | A tool to analyze multi-byte xor cipher | 2023-05-09 12:44:51 | |
theZoo | v0.60 | A repository of LIVE malwares for your own joy and p leasure. theZoo is a project created to make the poss ibility of malware analysis open and available to the public. |
2023-05-06 13:34:51 |
s3reverse | v1.0.1 | The format of various s3 buckets is convert in one f ormat. for bugbounty and security testing. |
2023-05-06 07:37:24 |
gitls | v1.0.4 | 🖇 Enumerate git repository URL from list of URL / U ser / Org. Friendly to pipeline |
2023-05-06 07:34:44 |
the-craft-of-self teaching |
One has no future if one couldn't teach themself. | 2023-05-03 13:55:59 | |
hello-world | 2023-05-02 20:01:18 | ||
CVEs | The following is a list of my collected CVE's | 2023-05-01 07:48:24 | |
ssti-payloads | 🎯 Server Side Template Injection Payloads | 2023-04-28 20:48:39 | |
yaml-payload-for- ruoyi |
A memory shell for ruoyi | 2023-04-28 06:23:16 | |
humre | A human-readable regular expression module for Pytho n. |
2023-04-26 22:04:13 | |
bypass-403 | A simple script just made for self use for bypassing 403 |
2023-04-26 15:57:51 | |
jsrsasign | 10.8.5 | The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/R SAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X |
2023-04-26 14:07:32 |
cloudscraper | 1.2.68 | A Python module to bypass Cloudflare's anti-bot page . |
2023-04-25 23:19:48 |
ccat | v1.01 | Cisco Config Analysis Tool | 2023-04-23 13:08:09 |
KodExplorer | 4.51.03 | A web based file manager,web IDE / browser based cod e editor |
2023-04-23 10:03:11 |
Pinyin2Hanzi | 拼音转汉字, 拼音输入法引擎, pin yin -> 拼音 | 2023-04-18 01:33:43 | |
cheetah | a very fast brute force webshell password tool | 2023-04-17 01:33:52 | |
Girsh | v0.41 | Automatically spawn a reverse shell fully interactiv e for Linux or Windows victim |
2023-04-15 14:50:20 |
htmlq | v0.4.0 | Like jq, but for HTML. | 2023-04-15 10:54:19 |
sttr | v0.2.18 | cross-platform, cli app to perform various operation s on string |
2023-04-13 13:07:21 |
SeeYouCM-Thief | 2023-04-12 14:53:09 | ||
Powershellery | This repo contains Powershell scripts used for gener al hackery. |
2023-04-11 00:42:08 | |
proxypool | v0.3.1 | Automatically crawls proxy nodes on the public inter net, de-duplicates and tests for usability and then p rovides a list of nodes |
2023-04-10 16:05:05 |
Homework-of-Pytho n |
Python codes of my blog. | 2023-03-31 03:02:43 | |
jo | 1.9 | JSON output from a shell | 2023-03-29 20:02:54 |
top25-parameter | v1.0.7 | For basic researches, top 25 vulnerability parameter s that can be used in automation tools or manual reco n. 🛡️⚔️🧙 |
2023-03-29 18:40:10 |
s3-buckets-finder | v1.2.0 | Find AWS S3 buckets and test their permissions. | 2023-03-28 15:47:31 |
Realtek_switch_ha cking |
折腾交换机 | 2023-03-26 06:39:45 | |
HostCollision | HostCol lision-2 .2.8 |
用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts 才能访问的主机或内部系统 |
2023-03-24 15:48:45 |
Azure-Red-Team | Azure Security Resources and Notes | 2023-03-21 18:38:40 | |
autotimeliner | Automagically extract forensic timeline from volatil e memory dump |
2023-03-17 07:29:33 | |
APT_CyberCriminal _Campagin_Collecti ons |
APT & CyberCriminal Campaign Collection | 2023-03-16 08:22:40 | |
nginx-ssl-ja3 | v0.0.2 | nginx module for SSL/TLS ja3 fingerprint. | 2023-03-15 17:20:30 |
GraphQLmap | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not us e for illegal testing ;) |
2023-03-11 22:34:56 | |
donut | v1.0 | Generates x86, x64, or AMD64+x86 position-independen t shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them wit h parameters |
2023-03-10 19:27:30 |
Red-Team-Infrastr ucture-Wiki |
Wiki to collect Red Team infrastructure hardening re sources |
2023-03-09 20:53:32 | |
pwn_jenkins | Notes about attacking Jenkins servers | 2023-03-09 09:16:14 | |
byp4xx | 40X/HTTP bypasser in Go. Features: Verb tampering, h eaders, #bugbountytips, User-Agents, extensions, defa ult credentials... |
2023-03-08 10:43:22 | |
exrex | Irregular methods on regular expressions | 2023-03-07 23:03:57 | |
CVE-2022-2588 | exploit for CVE-2022-2588 | 2023-03-04 05:52:28 | |
javascript-malwar e-collection |
Collection of almost 40.000 javascript malware sampl es |
2023-03-03 16:09:14 | |
alicloud-tools | v1.0.5 | 阿里云ECS、策略组辅助小工具 | 2023-03-02 07:00:17 |
ebpfkit-monitor | ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits |
2023-02-28 16:16:20 | |
jsencrypt | A zero-dependency Javascript library to perform Open SSL RSA Encryption, Decryption, and Key Generation. |
2023-02-27 13:24:14 | |
CVE-2020-0796-PoC | PoC for triggering buffer overflow via CVE-2020-0796 | 2023-02-26 07:01:03 | |
bopscrk | v2.4.5 | Generate smart and powerful wordlists | 2023-02-24 10:43:57 |
geckodriver | v0.33.0 | WebDriver for Firefox | 2023-02-21 17:00:51 |
CVE-2018-10933 | Spawn to shell without any credentials by using CVE- 2018-10933 (LibSSH) |
2023-02-20 02:06:14 | |
druid_sessions | 1.2 | 获取 alibaba druid 一些 sessions , sql , urls | 2023-02-19 14:37:57 |
cloud-native-secu rity-book |
《云原生安全:攻防实践与体系构建》资料仓库 | 2023-02-19 14:16:00 | |
onesixtyone | v0.3.4 | Fast SNMP Scanner | 2023-02-16 04:56:38 |
WaterDragon | WaterDragon:用GithubAction实现代理功能。红队,cve,代 理池,隐匿,攻防,对抗,hackone,src,proxy,CVE-2020,CVE-20 21,CVE-2022 |
2023-02-14 14:02:26 | |
SMx | 国家商用加密算法 SMx(SM2,SM3,SM4) | 2023-02-11 14:24:19 | |
shhgit | Ah shhgit! Find secrets in your code. Secrets detect ion for your GitHub, GitLab and Bitbucket repositorie s. |
2023-02-10 22:52:42 | |
apkleaks | v2.6.1 | Scanning APK file for URIs, endpoints & secrets. | 2023-02-10 12:54:03 |
tsh-go | Tiny SHell Go - An open-source backdoor written in G o |
2023-02-10 03:01:40 | |
github-search | v2.0.1 | A collection of tools to perform searches on GitHub. | 2023-02-09 14:17:04 |
CobaltStrikeParse r |
2023-02-06 11:44:53 | ||
binwalk | v2.3.4 | Firmware Analysis Tool | 2023-02-01 16:15:53 |
jira_scan | v0.0.6 | A simple remote scanner for Atlassian Jira | 2023-01-30 15:28:47 |
OddProxyDemo | 2023-01-30 13:08:58 | ||
anchore-engine | A service that analyzes docker images and scans for vulnerabilities |
2023-01-26 23:58:10 | |
EVTX-ATTACK-SAMPL ES |
Windows Events Attack Samples | 2023-01-24 12:02:50 | |
PHP_INCLUDE_TO_SH ELL_CHAR_DICT |
2023-01-24 05:09:04 | ||
reverse-shell | Reverse Shell as a Service | 2023-01-22 12:19:34 | |
fapro | v0.65 | Fake Protocol Server | 2023-01-20 02:59:57 |
cs2modrewrite | Convert Cobalt Strike profiles to modrewrite scripts | 2023-01-19 16:09:38 | |
pspy | v1.2.1 | Monitor linux processes without root permissions | 2023-01-17 20:48:02 |
wenyan | v0.3.4 | 文言文編程語言 A programming language for the ancien t Chinese. |
2023-01-17 00:00:53 |
slipstream | NAT Slipstreaming allows an attacker to remotely acc ess any TCP/UDP services bound to a victim machine, b ypassing the victim’s NAT/firewall, just by anyone o n the victim's network |
2023-01-14 21:39:03 | |
TLS-poison | 2023-01-12 23:41:20 | ||
flask-session-coo kie-manager |
v1.2.1. 1 |
🍪 Flask Session Cookie Decoder/Encoder | 2023-01-11 21:49:36 |
security-bucket-b rigade |
2023-01-11 20:30:02 | ||
hashcrack | Guesses hash types, picks some sensible dictionaries and rules for hashcat |
2023-01-03 14:11:00 | |
CVE-2021-27850_PO C |
A Proof of concept for CVE-2021-27850 affecting Apac he Tapestry and leading to unauthencticated remote co de execution. |
2023-01-03 13:46:34 | |
exploits | 2023-01-02 20:21:58 | ||
kerberoast | 2022-12-31 17:17:28 | ||
fi6s | IPv6 network scanner designed to be fast | 2022-12-30 21:27:04 | |
exploit-CVE-2017- 7494 |
SambaCry exploit and vulnerable container (CVE-2017- 7494) |
2022-12-27 20:25:09 | |
Arjun | 2.2.1 | HTTP parameter discovery suite. | 2022-12-23 06:14:37 |
usbrply | Replay USB messages from Wireshark (.cap) files | 2022-12-22 08:27:58 | |
javaweb-vuln | RASP测试靶场 | 2022-12-22 05:21:00 | |
Pentest101 | 一些关于渗透测试的Tips | 2022-12-19 07:03:19 | |
jasypt-spring-boo t |
jasypt- spring-b oot-pare nt-3.0.5 |
Jasypt integration for Spring boot | 2022-12-15 17:29:04 |
CC-attack | v3.7.1 | Using Socks4/5 or http proxies to make a multithread ing Http-flood/Https-flood (cc) attack. |
2022-12-12 13:49:54 |
marshalsec | 2022-12-11 17:30:28 | ||
base58 | Base58 and Base58Check implementation compatible wit h what is used by the bitcoin network. |
2022-12-11 10:26:58 | |
LiME | v1.9.1 | LiME (formerly DMD) is a Loadable Kernel Module (LKM ), which allows the acquisition of volatile memory fr om Linux and Linux-based devices, such as those power ed by Android. The too |
2022-12-09 21:45:29 |
git-tips | Git的奇技淫巧 | 2022-12-08 03:13:00 | |
CVE-2017-1000486 | Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Exe cution Exploit |
2022-12-04 19:32:52 | |
sec-dog | v1.0.4 | 2022-12-01 01:44:33 | |
MSOLSpray | A password spraying tool for Microsoft Online accoun ts (Azure/O365). The script logs if a user cred is va lid, if MFA is enabled on the account, if a tenant do esn't exist, if a user |
2022-11-30 17:54:53 | |
TerraformGoat | 0.0.7 | TerraformGoat is HXSecurity research lab's "Vulnerab le by Design" multi cloud deployment tool. |
2022-11-30 08:16:23 |
Chinese-Names-Cor pus |
v2.2 | 中文人名语料库。人名生成器。中文姓名,姓氏,名字,称呼, 日本人名,翻译人名,英文人名。可用于中文分词、人名实体识 别。 |
2022-11-30 04:09:39 |
toppwdhash | 常见密码哈希离线查询工具 , 包含算法类型'md5', 'md5x2 ', 'md5x3','sha1', 'ntlm', 'mysql', 'mysql5','md5_sha 1', 'sha1_sha1', 'sha1_md5', 'md5_base64','md5_middle ','base64_md5', 'md5_sha256', 'sha256',' |
2022-11-29 06:58:44 | |
UsnJrnl2Csv | v1.0.0. 24 |
Parser for $UsnJrnl on NTFS | 2022-11-27 13:32:11 |
sliver-gui | v0.0.9 | A Sliver GUI Client | 2022-11-22 06:24:18 |
HTTP-Smuggling-La b |
Use HTTP Smuggling Lab to learn HTTP Smuggling. | 2022-11-20 16:16:02 | |
ProxyNotShell-PoC | 2022-11-18 07:30:30 | ||
as_bypass_php_dis able_functions |
antsword bypass PHP disable_functions | 2022-11-18 03:01:00 | |
wix3 | wix3112 rtm |
WiX Toolset v3.x | 2022-11-16 01:53:10 |
exploitdb-bin-spl oits |
The legacy Exploit Database repository - New repo lo cated at https://gitlab.com/exploit-database/exploitd b-bin-sploits |
2022-11-10 20:52:36 | |
SSRF-Testing | SSRF (Server Side Request Forgery) testing resources | 2022-11-09 16:14:06 | |
tools | Security and Hacking Tools, Exploits, Proof of Conce pts, Shellcodes, Scripts. |
2022-11-03 10:05:04 | |
csdroid | cs手机版的源码,此处不放源jar包,自行添加编译 | 2022-11-03 08:49:21 | |
CVE-2022-3602 | 2022-11-01 19:56:11 | ||
anti-portscan | 使用 iptables 防止端口扫描 | 2022-10-31 09:12:54 | |
Extracted_WD_VDM | Windows Defender VDM lua collections | 2022-10-30 04:35:32 | |
firmware-mod-kit | Automatically exported from code.google.com/p/firmwa re-mod-kit |
2022-10-29 14:54:07 | |
siphon | v0.0.2 | ⚗️ Intercept stdin/stdout/stderr for any proc ess |
2022-10-27 08:18:20 |
NGLite | V1.0.01 | A major platform RAT Tool based by Blockchain/P2P.No w support Windows/Linux/MacOS |
2022-10-26 03:37:35 |
katoolin | Automatically install all Kali linux tools | 2022-10-23 09:21:55 | |
xerosploit | v1.0 | Efficient and advanced man in the middle framework | 2022-10-23 09:17:51 |
ProxyVulns | [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed R awIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-202 1-34473 & CVE-2021-345 |
2022-10-21 08:59:16 | |
Exchange2domain | CVE-2018-8581 | 2022-10-21 08:28:51 | |
MailSniper | MailSniper is a penetration testing tool for searchi ng through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture informat |
2022-10-20 08:13:33 | |
qqwry2mmdb | 2023041 9 |
为 Wireshark 能使用纯真网络 IP 数据库(QQwry)而提供的 格式转换工具 |
2022-10-20 07:05:45 |
telegram-bot-api | v5.5.1 | Golang bindings for the Telegram Bot API | 2022-10-20 00:35:52 |
SysmonEnte | 2022-10-18 08:55:29 | ||
HandleKatz | PIC lsass dumper using cloned handles | 2022-10-18 08:55:13 | |
Zoinks | Manage Engine Decrypter | 2022-10-17 15:45:01 | |
jwtcat | A CPU-based JSON Web Token (JWT) cracker and - to so me extent - scanner. |
2022-10-15 23:00:43 | |
IFaultrepElevated DataCollectionUAC |
2022-10-14 21:55:17 | ||
Veil | 3.1.14 | Veil 3.1.X (Check version info in Veil at runtime) | 2022-10-14 19:01:44 |
CVE-2022-40684 | A proof of concept exploit for CVE-2022-40684 affect ing Fortinet FortiOS, FortiProxy, and FortiSwitchMana ger |
2022-10-13 15:23:42 | |
bash-insulter | Insults the user when typing wrong command | 2022-10-10 03:05:22 | |
Digital-Privacy | Information Protection & OSINT resources | 一个关于 数字隐私搜集、保护、清理集一体的方案,外加开源信息收集( OSINT)对抗 |
|
CVE-2022-2992 | Authenticated Remote Command Execution in Gitlab via GitHub import |
2022-10-09 03:54:53 | |
Pentest-Windows | Windows internals and exploitation tricks | 2022-10-08 19:58:19 | |
mimipenguin | 2.0-rel ease |
A tool to dump the login password from the current l inux user |
2022-10-08 07:10:03 |
hackergame2021-wr iteups |
中国科学技术大学第八届信息安全大赛的官方与非官方题解 | 2022-10-06 15:01:40 | |
Socks5 | Socks5代理服务器搭建脚本/Socks5 shortcut creation sc ript |
2022-10-06 11:49:51 | |
poodle-PoC | 🐩 Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 🐩 |
2022-10-05 07:29:14 | |
monomorph | v1.0 | MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash |
2022-09-30 22:11:15 |
ipv6toolkit | SI6 Networks' IPv6 Toolkit | 2022-09-30 08:36:12 | |
TaskSchedulerMisc | Misc TaskScheduler Plays | 2022-09-27 22:06:36 | |
poc_and_exp | 搜集的或者自己写的poc或者exp | 2022-09-27 01:00:54 | |
CVE-2022-39197-pa tch |
patch-0 .2 |
CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerabilit y Patch. |
2022-09-26 13:20:27 |
Security-PPT | Security-related Slide Presentation & Security Resea rch Report(大安全各领域各公司各会议分享的PPT以及各类 安全研究报告) |
2022-09-26 07:24:00 | |
network-fingerpri nt |
v0.0.1 | A fingerprint generation helper for nuclei network t emplates |
2022-09-24 00:07:01 |
powerline-shell | A beautiful and useful prompt for your shell | 2022-09-22 18:12:11 | |
gokart | v0.5.1 | A static analysis tool for securing Go code | 2022-09-22 16:13:48 |
crlfuzz | v1.4.1 | A fast tool to scan CRLF vulnerability written in Go | 2022-09-22 15:33:19 |
choose | v1.3.4 | A human-friendly and fast alternative to cut and (so metimes) awk |
2022-09-16 20:11:10 |
go-dork | v1.0.2 | The fastest dork scanner written in Go. | 2022-09-16 12:11:46 |
CVE-2022-34918 | CVE-2022-34918 netfilter nf_tables 本地提权 POC | 2022-09-15 03:19:28 | |
go-mimikatz | A wrapper around a pre-compiled version of the Mimik atz executable for the purpose of anti-virus evasion. |
2022-09-08 18:14:14 | |
imcat | Show any image in a terminal window. | 2022-09-08 01:20:03 | |
CVE-2022-36804 | A real exploit for BitBucket RCE CVE-2022-36804 | 2022-09-07 12:09:19 | |
See-SURF | v2.0 | Python based scanner to find potential SSRF paramete rs |
2022-09-06 18:44:31 |
CVE-2022-34918-LP E-PoC |
2022-09-06 14:05:22 | ||
fireprox | AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation |
2022-09-06 13:42:42 | |
iscsicpl_bypassUA C |
v1.0 | UAC bypass for x64 Windows 7 - 11(无弹窗版) | 2022-09-05 03:30:34 |
package-manager-p roxy-settings |
记录各个包管理器代理设置坑点。 | 2022-09-04 13:32:56 | |
taskcafe | 0.3.2 | An open source project management tool with Kanban b oards |
2022-09-02 17:05:43 |
Suborner | 1.0.1 | 2022-09-02 09:04:46 | |
gmapsapiscanner | 2022-08-29 19:10:51 | ||
LOG-HUB | 日志分析库,nuclei 的另一种用法 | 2022-08-28 09:06:05 | |
Jira-Lens | v1.0.2 | Fast and customizable vulnerability scanner For JIRA written in Python |
2022-08-23 09:57:51 |
nps-auth-bypass | nps认证绕过利用工具,CVE-2022-40494,使用此工具可在 浏览器访问web控制端后台页面,或者批量获取socks5和http 代理 |
2022-08-19 09:04:09 | |
Invoke-x64dbg-loa ddll |
调用x64dbg中的loadll.exe白加黑示例代码 | 2022-08-18 13:07:04 | |
Lsass-Shtinkering | 2022-08-14 13:53:44 | ||
phantom-attack | POC for Phantom Attack | 2022-08-10 21:53:18 | |
ini | v1.67.0 | Package ini provides INI file read and write functio nality in Go |
2022-08-08 11:35:30 |
WTSRM | WTSRM | 2022-08-07 18:46:18 | |
Loki-bot | 多功能Windows机器运维管理工具 | 2022-08-04 09:52:19 | |
ctop | v0.7.7 | Top-like interface for container metrics | 2022-08-01 11:32:57 |
7z2hashcat | 1.9 | extract information from password-protected .7z arch ives (and .sfx files) such that you can crack these " hashes" with hashcat |
2022-07-30 10:04:17 |
LinuxEelvation | Linux Eelvation(持续更新) | 2022-07-29 09:34:03 | |
get_AV | Windows杀软在线对比辅助 | 2022-07-26 08:58:33 | |
PPLdump | Dump the memory of a PPL with a userland exploit | 2022-07-24 14:03:10 | |
DahuaConsole | Dahua Console, access internal debug console and/or other researched functions in Dahua devices. Feel fre e to contribute in this project. |
2022-07-23 17:42:41 | |
unfurl | v0.4.3 | Pull out bits of URLs provided on stdin | 2022-07-19 14:36:05 |
tomorrow-theme | Tomorrow Theme | 2022-07-09 10:34:23 | |
jarm_randomizer | This tool was open sourced as part of JARM Randomize r: Evading JARM Fingerprinting for HiTB Amsterdam 202 1. |
2022-07-08 15:08:16 | |
XORpass | Encoder to bypass WAF filters using XOR operations. | 2022-07-07 14:00:04 | |
jira-mobile-ssrf- exploit |
Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2 022-26135) |
2022-07-05 21:13:41 | |
csp_security_mist akes |
This repo has been replaced by https://www.cloudvuln db.org |
2022-06-29 16:29:31 | |
KillDefender | A small (Edited) POC to make defender useless by rem oving its token privileges and lowering the token int egrity |
2022-06-28 15:53:57 | |
writeups | 2022-06-26 15:01:41 | ||
qsreplace | v0.0.3 | Accept URLs on stdin, replace all query string value s with a user-supplied value |
2022-06-23 20:13:39 |
DFSCoerce | 2022-06-23 15:48:05 | ||
ExtractedDefender | 2022-06-23 14:12:39 | ||
ADFSRelay | v1.0 | Proof of Concept Utilities Developed to Research NTL M Relaying Attacks Targeting ADFS |
2022-06-22 03:00:15 |
PwnKit | Self-contained exploit for CVE-2021-4034 - Pkexec Lo cal Privilege Escalation |
2022-06-21 14:52:05 | |
APTSimulator | v0.9.4 | A toolset to make a system look as if it was the vic tim of an APT attack |
2022-06-20 08:54:37 |
CTF_web | a project aim to collect CTF web practices . | 2022-06-19 16:05:25 | |
blueming | 2022080 20633 |
备份文件扫描,并自动进行下载 | 2022-06-18 14:23:03 |
cobalt-arsenal | My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+ |
2022-06-17 18:06:30 | |
DirtyPipe-Android | 1.0.3 | Dirty Pipe root exploit for Android (Pixel 6) | 2022-06-16 13:56:34 |
hikvision-decrypt er |
v1.0 | A simple cross platform program written in C++ used for decrypting the configuration files created by Hik vision Security Cameras. Successor to my hikvision-xo r-decrypter |
2022-06-15 03:27:54 |
PostConfluence | v1.0 | 哥斯拉Confluence后渗透插件 MakeToken SearchPage List AllUser AddAdminUser ListAllPage ........ |
2022-06-14 18:20:29 |
face_recognition | v1.2.2 | The world's simplest facial recognition api for Pyth on and the command line |
2022-06-10 09:12:18 |
httprobe | v0.2 | Take a list of domains and probe for working HTTP an d HTTPS servers |
2022-06-09 16:23:42 |
test | ysoseri al-0.0.6 -SNAPSHO T |
just test | 2022-06-09 01:08:48 |
client-side-proto type-pollution |
Prototype Pollution and useful Script Gadgets | 2022-06-08 05:41:00 | |
fastjson-blacklis t |
2022-06-07 15:54:35 | ||
dirble | v1.4.2 | Fast directory scanning and scraping tool | 2022-06-06 21:16:18 |
PoC-CVE-2022-3019 0 |
POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina |
2022-06-05 21:06:11 | |
knm | 鼠标键盘流量包取证 | 2022-05-31 12:21:32 | |
spring-boot-start er-swagger |
2.0.2.R ELEASE |
自制spring boot starter for swagger 2.x,来试试吧, 很好用哦~ |
2022-05-31 10:02:11 |
msdt-follina | Codebase to generate an msdt-follina payload | 2022-05-30 17:25:09 | |
CVE-2022-22972 | 2022-05-26 16:07:18 | ||
CVE-2022-0540-RCE | Atlassian Jira Seraph Authentication Bypass RCE(CVE -2022-0540) |
2022-05-25 13:43:09 | |
CVE-2022-0185 | CVE-2022-0185 POC and Docker and Analysis write up | 2022-05-24 11:17:17 | |
BlueLotus_XSSRece iver |
2022-05-23 16:13:20 | ||
ModSecurity-nginx | v1.0.3 | ModSecurity v3 Nginx Connector | 2022-05-20 20:41:39 |
fuzzdb | Automatically exported from code.google.com/p/fuzzdb | 2022-05-20 05:02:43 | |
ip2domain | ip2doma in_v0.2 |
批量查询ip对应域名及百度权重、备案信息;ip反查域名; ip查备案信息;资产归属查询;百度权重查询 |
2022-05-19 02:14:51 |
SharPyShell | v1.3.0 | SharPyShell - tiny and obfuscated ASP.NET webshell f or C# web applications |
2022-05-18 05:10:45 |
CVE-2021-22555-Pi peVersion |
CVE-2021-22555 exploit rewritten with pipe primitive | 2022-05-18 03:10:10 | |
WerTrigger | Weaponizing for privileged file writes bugs with win dows problem reporting |
2022-05-10 17:36:49 | |
Bug-Report | 2022-04-27 06:39:59 | ||
swagger2markup | v1.3.4 | A Swagger to AsciiDoc or Markdown converter to simpl ify the generation of an up-to-date RESTful API docum entation by combining documentation that’s been hand -written with auto-gene |
2022-04-26 06:34:27 |
check-virtual-mac hine |
2022-04-26 04:04:18 | ||
satellite | v0.0.4 | easy-to-use payload hosting | 2022-04-22 21:07:16 |
AllatoriCrack | 7.6.2 | 破解 Java 混淆工具 Allatori | 2022-04-19 03:56:36 |
BaoTa | 宝塔Linux面板 - 简单好用的服务器运维面板 | 2022-04-18 07:35:41 | |
zscan | v2.0.1 | Zscan a scan blasting tool set | 2022-04-18 02:47:59 |
sec-interview | 信息安全面试题汇总 | 2022-04-15 02:25:08 | |
gron | v0.7.1 | Make JSON greppable! | 2022-04-13 14:23:37 |
rules | Repository of yara rules | 2022-04-12 17:53:58 | |
CobaltNotion | A spin-off research project. Cobalt Strike x Notion collab 2022 |
2022-04-08 18:29:23 | |
aliyun-accesskey- Tools |
v1.3 | 阿里云accesskey利用工具 | 2022-04-08 08:17:32 |
zipcreater | v0.0.2 | ZipCreater主要应用于跨目录的文件上传漏洞的利用,它能 够快速进行压缩包生成。 |
2022-04-06 08:04:31 |
Spring4Shell-POC | Dockerized Spring4Shell (CVE-2022-22965) PoC applica tion and exploit |
2022-04-05 16:02:33 | |
waybackurls | v0.1.0 | Fetch all the URLs that the Wayback Machine knows ab out for a domain |
2022-04-05 10:20:15 |
CVE-2022-25636-Pi peVersion |
CVE-2022-25636 exploit rewritten with pipe primitive | 2022-04-05 08:56:33 | |
CVE-2022-0185-Pip eVersion |
CVE-2022-0185 exploit rewritten with pipe primitive | 2022-04-05 08:56:26 | |
SpringShell | Spring4Shell - Spring Core RCE - CVE-2022-22965 | 2022-04-04 14:09:11 | |
VindicateTool | LLMNR/NBNS/mDNS Spoofing Detection Toolkit | 2022-04-03 14:34:47 | |
Spring4Shell-POC | This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). |
2022-04-01 23:01:49 | |
pydictor | v2.0.5 | A powerful and useful hacker dictionary builder for a brute-force attack |
2022-04-01 10:15:24 |
kernel-exploits | My proof-of-concept exploits for the Linux kernel | 2022-03-31 18:22:23 | |
hetty | v0.7.0 | An HTTP toolkit for security research. | 2022-03-31 13:23:56 |
AttackDetection | Attack Detection | 2022-03-30 19:46:24 | |
CVE-2022-0778 | Proof of concept for CVE-2022-0778, which triggers a n infinite loop in parsing X.509 certificates due to a bug in BN_mod_sqrt |
2022-03-29 10:08:00 | |
writeups | 2022-03-28 19:01:31 | ||
CVE-2022-27666 | Exploit for CVE-2022-27666 | 2022-03-28 18:21:00 | |
rsatool | rsatool can be used to calculate RSA and RSA-CRT par ameters |
2022-03-22 22:32:55 | |
vulnerability-lis t |
在渗透测试中快速检测常见中间件、组件的高危漏洞。 | 2022-03-21 06:26:57 | |
XSStrike | 3.1.5 | Most advanced XSS scanner. | 2022-03-20 10:19:57 |
GBByPass | 冰蝎 哥斯拉 WebShell bypass | 2022-03-18 12:47:01 | |
anew | v0.1.1 | A tool for adding new lines to files, skipping dupli cates |
2022-03-15 22:38:57 |
Karta | v2.1.0 | Karta - source code assisted fast binary matching pl ugin for IDA |
2022-03-15 12:44:31 |
dompdf-rce | RCE exploit for dompdf | 2022-03-15 10:55:55 | |
big_screen | 数据大屏可视化 | 2022-03-12 16:32:06 | |
vcenter_saml_logi n |
A tool to extract the IdP cert from vCenter backups and log in as Administrator |
2022-03-09 14:12:24 | |
Markdown-XSS-Payl oads |
XSS payloads for exploiting Markdown syntax | 2022-03-09 14:07:11 | |
CVE-2022-0847-Dir tyPipe-Exploit |
A root exploit for CVE-2022-0847 (Dirty Pipe) | 2022-03-08 06:20:05 | |
AWSBucketDump | Security Tool to Look For Interesting Files in S3 Bu ckets |
2022-03-07 21:07:58 | |
CVE-2022-25636 | CVE-2022-25636 | 2022-03-07 17:18:19 | |
3vilGu4rd | 3vilGu4 rd-V0.2 |
This is a daemon process which make a programe runin g all time. |
2022-03-06 13:00:59 |
Spring-Cloud-Gate way-CVE-2022-22947 |
CVE-2022-22947 | 2022-03-03 14:03:29 | |
cidr-merger | v1.1.3 | A simple command line tool to merge ip/ip cidr/ip ra nge, supports IPv4/IPv6 |
2022-03-03 08:52:55 |
proxylogscan | v0.0.2 | A fast tool to mass scan for a vulnerability on Micr osoft Exchange Server that allows an attacker bypassi ng the authentication and impersonating as the admin (CVE-2021-26855). |
2022-03-02 15:41:22 |
MQTT-Explorer | v0.3.5 | An all-round MQTT client that provides a structured topic overview |
2022-02-27 22:03:15 |
cve-2022-23131 | cve-2022-23131 zabbix-saml-bypass-exp | 2022-02-24 15:02:12 | |
jQuery-with-XSS | jQuery with XSS, Testing and Secure Version | 2022-02-24 03:06:34 | |
CNVD-2022-10270-L PE |
2022-02 -24 |
基于向日葵RCE的本地权限提升,无需指定端口 | 2022-02-24 02:37:25 |
mitm6 | v0.3.0 | pwning IPv4 via IPv6 | 2022-02-22 18:49:07 |
WindowsElevation | Windows Elevation(持续更新) | 2022-02-19 06:33:03 | |
My-Shodan-Scripts | Collection of Scripts for shodan searching stuff. | 2022-02-14 21:58:36 | |
KillDefender | A small POC to make defender useless by removing its token privileges and lowering the token integrity |
2022-02-14 09:24:15 | |
403-fuzz | 针对 403 页面的 fuzz 脚本 | 2022-02-14 04:29:01 | |
CollaboratorPlusP lus |
v1.0.2 | 2022-02-11 16:42:50 | |
ripple20 | A Zeek package for the passive detection of "Ripple2 0" vulnerabilities in the Treck TCP/IP stack. |
2022-02-11 01:35:08 | |
CVE-2019-11539 | Exploit for the Post-Auth RCE vulnerability in Pulse Secure Connect |
2022-02-11 00:00:44 | |
patching | v0.1.2 | An Interactive Binary Patching Plugin for IDA Pro | 2022-02-10 09:16:09 |
CVE-2021-4034-NoG CC |
v4.0 | CVE-2021-4034简单优化,以应对没有安装gcc和make的目标 环境 |
2022-02-09 09:58:59 |
BeRoot | 1.0.1 | Privilege Escalation Project - Windows / Linux / Mac | 2022-02-08 10:30:38 |
Cloud-Pentesting | This repository is in progress, it will keep updatin g as I come across to new learning materials. Feel fr ee to contribute. |
2022-02-06 06:43:13 | |
trevorc2 | TrevorC2 is a legitimate website (browsable) that tu nnels client/server communications for covert command execution. |
2022-01-31 20:16:24 | |
netview | latest | Netview enumerates systems using WinAPI calls | 2022-01-30 21:59:32 |
CVE-2021-4034 | CVE-2021-4034 1day | 2022-01-30 14:21:40 | |
CVE-2021-4034 | polkit pkexec Local Privilege Vulnerability to Add c ustom commands |
2022-01-27 06:23:02 | |
CVE-2022-21882 | win32k LPE | 2022-01-27 04:18:18 | |
ja3box | extract ja3(s) when sniffing or from a pcap. | 2022-01-26 09:06:31 | |
CVE-2021-4034 | PoC for PwnKit: Local Privilege Escalation Vulnerabi lity in polkit’s pkexec (CVE-2021-4034) |
2022-01-26 07:38:31 | |
Libra | Libra [ 天秤座 ] | 网站篡改、暗链、死链监测平台 | |
social-engineer-t oolkit |
The Social-Engineer Toolkit (SET) repository from Tr ustedSec - All new versions of SET will be deployed h ere. |
2022-01-26 01:58:47 | |
SuperMem | A python script developed to process Windows memory images based on triage type. |
2022-01-20 16:37:37 | |
exploits | Pwn stuff. | 2022-01-20 01:23:18 | |
JSP-Webshells | Collect JSP webshell of various implementation metho ds. 收集JSP Webshell的各种姿势 |
2022-01-18 04:00:06 | |
CVE-2021-22205 | GitLab CE/EE Preauth RCE using ExifTool | 2022-01-16 15:54:07 | |
CVE-2021-21985_Po C |
2022-01-16 04:17:08 | ||
ShadowSteal | Pure Nim implementation for exploiting CVE-2021-3693 4, the SeriousSAM local privilege escalation |
2022-01-16 02:09:36 | |
gmsm | v1.4.1 | GM SM2/3/4 library based on Golang (基于Go语言的国密 SM2/SM3/SM4算法库) |
2022-01-14 09:07:16 |
SMTP-NC | v0.1.1 | SMTP Netcat , test SMTP protocol | 2022-01-14 04:05:46 |
domain_screen | 站点批量截图 | 2022-01-13 02:45:09 | |
go-shodan | v2.0.4 | Shodan API client | 2022-01-12 22:51:00 |
linux-exploit-sug gester-2 |
Next-Generation Linux Kernel Exploit Suggester | 2022-01-12 17:31:20 | |
MyTools | 2022-01-10 09:28:53 | ||
Blind-SSRF | Nuclei Templates to reproduce Cracking the lens's Re search |
2022-01-08 01:31:18 | |
shiftleft-go-demo | 2022-01-07 17:47:13 | ||
CVE-2019-5736-PoC | PoC for CVE-2019-5736 | 2022-01-05 04:09:42 | |
Spring-Boot-Vulne rability |
2022-01-05 03:18:27 | ||
blind-ssrf-chains | An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability |
2021-12-31 00:08:33 | |
ShadowCoerce | MS-FSRVP coercion abuse PoC | 2021-12-30 17:43:18 | |
SimpleDnsCrypt | 0.7.1 | A simple management tool for dnscrypt-proxy | 2021-12-30 09:11:09 |
rdesktop | v1.9.0 | 🚨 rdesktop is in need of a new maintainter. Please see the home page for more details. 🚨 |
2021-12-30 08:23:18 |
ZhouYu | (周瑜)Java - SpringBoot 持久化 WebShell 学习demo( 不仅仅是SpringBoot,适合任何符合JavaEE规范的服务) |
2021-12-29 06:12:29 | |
-Baseline-check | windows和linux基线检查,配套自动化检查脚本。纯手打。 | 2021-12-29 03:26:24 | |
Tencent_Yun_tools | 2021-12-26 08:44:50 | ||
CVE-2020-0683 | CVE-2020-0683 - Windows MSI “Installer service” El evation of Privilege |
2021-12-23 16:28:28 | |
cve-2021-22005-ex p |
2021-12-22 10:32:37 | ||
Logout4Shell | Use Log4Shell vulnerability to vaccinate a victim se rver against Log4Shell |
2021-12-22 02:02:51 | |
Duckyspark | Translator from USB-Rubber-Ducky payloads to a Digis park code. |
2021-12-22 01:41:35 | |
SIET | Smart Install Exploitation Tool | 2021-12-21 15:05:52 | |
distorm | 3.5.2b | Powerful Disassembler Library For x86/AMD64 | 2021-12-18 15:51:48 |
shakeitoff | AKB-Rel ease |
Windows MSI Installer LPE (CVE-2021-43883) | 2021-12-17 12:53:51 |
learn-java-bug | 2021-12-17 12:10:09 | ||
4-ZERO-3 | 403/401 Bypass Methods + Bash Automation + Your Supp ort ;) |
2021-12-15 17:44:36 | |
kekeo | 2.2.0-2 0211214 |
A little toolbox to play with Microsoft Kerberos in C |
2021-12-14 10:51:40 |
noPac | CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. | 2021-12-12 10:50:53 | |
Log4jAttackSurfac e |
2021-12-11 11:15:25 | ||
neofetch | 7.1.0 | 🖼️ A command-line system information tool written in bash 3.2+ |
2021-12-10 06:41:55 |
FourEye | 1.8 | AV Evasion Tool For Red Team Ops | 2021-12-08 11:55:14 |
SSRFire | An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to fin d XSS and open redirects |
2021-12-08 04:22:11 | |
gobfuscate | Obfuscate Go binaries and packages | 2021-12-07 22:27:25 | |
subjs | v1.0.1 | Fetches javascript file from a list of URLS or subdo mains. |
2021-12-05 18:19:46 |
lolcat | Rainbows and unicorns! | 2021-12-03 11:34:06 | |
StandIn | v1.3 | StandIn is a small .NET35/45 AD post-exploitation to olkit |
2021-12-02 14:26:57 |
VMware_vCenter | VMware vCenter 7.0.2.00100 unauth Arbitrary File Rea d + SSRF + Reflected XSS |
2021-12-01 08:02:39 | |
3gstudent | 2021-11-23 10:15:28 | ||
CVE-2021-42321 | Microsoft Exchange Server Poc | 2021-11-23 02:33:47 | |
k8s-CVE-2021-4355 7-poc |
PoC for CVE-2021-43557 | 2021-11-22 20:24:22 | |
CVE-2021-41277 | Metabase任意文件读取漏洞批量扫描工具 | 2021-11-22 11:42:18 | |
aem-hacker | 2021-11-21 18:28:46 | ||
Corsy | 1.0-rc | CORS Misconfiguration Scanner | 2021-11-20 05:05:49 |
YarnRpcRCE | 0.0.1 | 2021-11-20 04:56:10 | |
bitcracker | BitCracker is the first open source password crackin g tool for memory units encrypted with BitLocker |
2021-11-19 16:40:02 | |
CVE-2021-37580 | CVE-2021-37580 | 2021-11-19 09:03:13 | |
SharpMapExec | 2021-11-17 17:53:02 | ||
fmem | Linux Kernel Module designed to help analyze volatil e memory in the linux kernel |
2021-11-17 13:37:05 | |
F5-steganography | F5 steganography | 2021-11-16 12:13:07 | |
tyton | v1.2 | Kernel-Mode Rootkit Hunter | 2021-11-13 21:54:29 |
JavaCodeAudit | Getting started with java code auditing 代码审计入门 的小项目 |
2021-11-13 07:32:35 | |
SharpSphere | 2.1 | .NET Project for Attacking vCenter | 2021-11-11 09:39:10 |
crawlergo_x_XRAY | 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的 被动扫描功能 |
2021-11-10 05:44:48 | |
pafish | v0.6 | Pafish is a testing tool that uses different techniq ues to detect virtual machines and malware analysis e nvironments in the same way that malware families do |
2021-11-09 16:17:18 |
geye | 1.2.0 | 🚀Faster Github Monitor🚀 | 2021-11-06 06:51:45 |
aSiagaming | My Chrome and Safari exploit code + write-up repo | 2021-11-05 08:12:50 | |
CVE-2021-36260-me tasploit |
the metasploit script(POC) about CVE-2021-36260 | 2021-11-03 08:26:24 | |
HikPwn | HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. |
2021-11-02 19:04:36 | |
Gitlab-CVE-2021-2 2205 |
2021-11-02 14:44:28 | ||
BruteShark | v1.2.5 | Network Analysis Tool | 2021-10-30 11:25:25 |
pkcrack | pkcrack with modern building tools | 2021-10-30 10:53:11 | |
CVE-2020-9484 | 2021-10-28 02:31:04 | ||
avList | avList - 杀软进程对应杀软名称 | 2021-10-21 04:09:20 | |
impacket-ghostpot ato |
impacket-ghostpotato Fork from https://shenanigansla bs.io/2019/11/12/Ghost-Potato.html |
2021-10-18 11:15:12 | |
nosferatu | Windows NTLM Authentication Backdoor | 2021-10-17 01:14:27 | |
Finger | A tool for recognizing function symbol | 2021-10-14 07:52:35 | |
CVE-2020-5902 | CVE-2020-5902 BIG-IP | 2021-10-13 07:53:46 | |
jarm | 2021-10-12 19:01:22 | ||
Exchange_SSRF | Some Attacks of Exchange SSRF ProxyLogon&ProxyShell | 2021-10-12 02:17:09 | |
PortBrute | 一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MS SQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compac t port blasting tool that supports blasting FTP/SSH/S MB/MSSQL/MYSQL/POSTGRESQL/MONGOD |
2021-10-09 02:50:37 | |
NetLoader | Loads any C# binary in mem, patching AMSI + ETW. | 2021-10-03 16:41:03 | |
KMS_VL_ALL | 44 | 🔑KMS_VL_ALL - Smart Activation Script | 2021-10-03 03:54:27 |
NetUser | 2.0 | 使用windows api添加用户,可用于net无法使用时.分为nim 版,c++版本,RDI版,BOF版。 |
2021-09-29 14:22:09 |
CVE-2021-22005 | 2021-09-28 21:08:20 | ||
henggeFish | 自动化批量发送钓鱼邮件(横戈安全团队出品) | 2021-09-28 12:18:26 | |
CVE-2021-3493 | Ubuntu OverlayFS Local Privesc | 2021-09-28 04:08:43 | |
coremail-address- book |
0.0.2 | 📧Coremail邮件系统组织通讯录导出脚本 | 2021-09-28 00:28:22 |
JavaScript-MD5 | JavaScript MD5 implementation. Compatible with serve r-side environments like node.js, module loaders like RequireJS and all web browsers. |
2021-09-25 14:48:43 | |
wmi | 1.1.0 | WMI for Go | 2021-09-17 17:28:27 |
evilzip | 1.1 | evilzip lets you create a zip file(with password) th at contains files with directory traversal characters in their embedded path. |
2021-09-16 08:49:01 |
PrintNightmare | 2021-09-13 08:45:19 | ||
Tools | GitHub repository for sysadmin related tools | 2021-09-12 07:51:22 | |
CVE-2021-40444 | CVE-2021-40444 PoC | 2021-09-11 09:50:26 | |
altdns | Generates permutations, alterations and mutations of subdomains and then resolves them |
2021-09-09 23:36:19 | |
CS_mock | 模拟cobalt strike beacon上线包. Simulation cobalt st rike beacon connection packet. |
2021-09-09 08:32:16 | |
htpwdScan | HTTP weak pass scanner | 2021-09-07 02:52:33 | |
BeaconEye | Hunts out CobaltStrike beacons and logs operator com mand output |
2021-09-06 19:52:36 | |
outguess | 0.4 | Universal steganographic tool | 2021-09-03 01:09:10 |
pupy | Pupy is an opensource, cross-platform (Windows, Linu x, OSX, Android) C2 and post-exploitation framework w ritten in python and C |
2021-09-01 17:25:47 | |
CVE-2021-1675_RDL _LPE |
PrintNightMare LPE提权漏洞的CS 反射加载插件。开箱即 用、通过内存加载、混淆加载的驱动名称来ByPass Defender/ EDR。 |
2021-09-01 11:25:19 | |
CVE-2021-26084_Po C |
2021-09-01 01:01:06 | ||
sensinfor | 1.6 | A chrome extension use to find leak file and backup file. |
2021-08-31 11:40:57 |
coremail-exp | 2021-08-31 02:55:04 | ||
tongda-exp | 1.0.1 | python编写的多个通达常见漏洞exp | 2021-08-26 08:02:25 |
proxyshell-for-ex change_workload |
2021-08-25 06:30:55 | ||
CORS_vulnerable_L ab-Without_Databas e |
2021-08-25 03:01:03 | ||
cve-2021-3449 | CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻 💻 |
2021-08-25 01:00:49 | |
31-days-of-API-Se curity-Tips |
This challenge is Inon Shkedy's 31 days API Security Tips. |
2021-08-24 16:14:34 | |
jobber | v1.4.4 | An alternative to cron, with sophisticated status-re porting and error-handling |
2021-08-22 02:30:15 |
Invoke-BuildAnony mousSMBServer |
Use to build an anonymous SMB file server. | 2021-08-20 14:52:10 | |
textfilter | 敏感词过滤的几种实现+某1w词敏感词库 | 2021-08-20 05:11:01 | |
proxyshell-poc | 2021-08-19 18:05:50 | ||
RGPerson | RGPerson - Randomly generate identity information | 2021-08-19 10:49:13 | |
PadBuster | Automated script for performing Padding Oracle attac ks |
2021-08-18 17:51:52 | |
redis-rogue-serve r-win |
Redis 4.x & 5.x RCE | 2021-08-18 06:52:30 | |
vulnerability | 2021-08-16 09:16:46 | ||
proxyshell_payloa d |
proxyshell payload generate | 2021-08-14 17:20:00 | |
ProxyShell | ProxyShell POC Exploit : Exchange Server RCE (ACL By pass + EoP + Arbitrary File Write) |
2021-08-13 09:54:50 | |
ADCSPwn | ADCSPwn | A tool to escalate privileges in an active directory network by coercing authenticate from machine accoun ts and relaying to the certificate service. |
2021-08-11 14:51:53 |
experiments | Expriments | 2021-08-11 14:17:52 | |
CS-Loader | CS免杀 | 2021-08-11 06:43:52 | |
OSCP_note | 2021-08-10 07:37:48 | ||
CVE-Exploits | PoC exploits for software vulnerabilities | 2021-08-10 00:24:18 | |
xcdn | Try to find out the real ip behind cdn | 2021-08-08 05:26:37 | |
PySharpSphere | Yet another SharpSphere | 2021-08-01 03:25:35 | |
IOCs-IDPS | This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith) |
2021-07-29 15:55:31 | |
SecurityBaselineC heck |
2021-07-29 13:08:55 | ||
surferFTP | SSRF to TCP Port Scanning, Banner and Private IP Dis closure by abusing the FTP protocol/clients |
2021-07-29 06:56:39 | |
HiveNightmare | 0.6 | Exploit allowing you to read registry hives as non-a dmin on Windows 10 and 11 |
2021-07-26 14:16:19 |
CobaltStrikeDetec ted |
40行代码检测到大部分CobaltStrike的shellcode | 2021-07-25 14:37:11 | |
CVE-2021-3156 | Sudo Baron Samedit Exploit | 2021-07-23 15:46:37 | |
CVE-2021-33909 | Sequoia exploit (7/20/21) | 2021-07-20 23:04:13 | |
TongdaOA-exp | TongdaOA 11.7 ~11.8 通达OA,任意用户登录+后台getshel l |
2021-07-16 13:18:03 | |
cve-2021-34558 | 2021-07-13 06:15:46 | ||
CVE-2018-3245 | CVE-2018-3245-PoC | 2021-07-13 02:29:19 | |
CVE-2021-21974 | POC for CVE-2021-21974 VMWare ESXi RCE Exploit | 2021-07-09 19:38:41 | |
CVE-2021-1675 | C# and Impacket implementation of PrintNightmare CVE -2021-1675/CVE-2021-34527 |
2021-07-08 11:10:36 | |
CVE-2020-11651 | CVE-2020-11651: Proof of Concept | 2021-07-07 21:17:00 | |
speedtest-cli | v2.1.3 | Command line interface for testing internet bandwidt h using speedtest.net |
2021-07-07 19:50:15 |
CVE-2021-1675-LPE | Local Privilege Escalation Edition for CVE-2021-1675 /CVE-2021-34527 |
2021-07-05 06:46:12 | |
xxl-job | 1.0 | xxl-job RESTful API RCE | 2021-07-01 08:26:31 |
Limelighter | A tool for generating fake code signing certificates or signing real ones |
2021-06-28 21:35:56 | |
chacal | Golang anti-vm framework for Red Team and Pentesters | 2021-06-26 16:13:02 | |
yaml-payload-for- Win |
用于windows反弹shell的yaml-payload | 2021-06-26 16:10:51 | |
ssh-auditor | v0.18 | The best way to scan for weak ssh passwords on your network |
2021-06-24 00:39:29 |
emby_ssrf | 2021-06-16 22:03:46 | ||
windows-kernel-ex ploits |
windows-kernel-exploits Windows平台提权漏洞集合 | 2021-06-11 23:29:15 | |
fuzzdb | v0.3 | Dictionary of attack patterns and primitives for bla ck-box application fault injection and resource disco very. |
2021-06-06 05:21:50 |
Teemo | A Domain Name & Email Address Collection Tool | 2021-05-25 10:33:03 | |
luaforwindows | v5.1.5- 52 |
Lua for Windows is a 'batteries included environment ' for the Lua scripting language on Windows. NOTICE: Looking for maintainer. |
2021-05-24 19:58:19 |
corsair_scan | v0.2.0 | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). |
2021-05-24 11:16:14 |
cronsun | v0.3.5 | A Distributed, Fault-Tolerant Cron-Style Job System. | 2021-05-23 11:29:47 |
blog-hugo | 基于Hugo的静态博客 | 2021-05-22 08:59:29 | |
CVE-2021-31166 | v1 | Proof of concept for CVE-2021-31166, a remote HTTP.s ys use-after-free triggered remotely. |
2021-05-21 23:58:22 |
OscpStudyGroup | Oscp study group | 2021-05-19 05:19:33 | |
nmap-bootstrap-xs l |
A Nmap XSL implementation with Bootstrap. | 2021-05-18 07:11:46 | |
AntSword-Labs | Awesome environment for antsword tests | 2021-05-17 03:35:09 | |
iconhash | v0.4.3 | fofa shodan favicon.ico hash icon ico 计算器 | 2021-05-13 06:57:27 |
TLS-poison | 2021-05-10 13:47:31 | ||
CTF-Mind-maps | 整合入门到中高级题目的思路,for new CTFers ! | 2021-05-04 13:07:28 | |
endlessh | 1.0 | SSH tarpit that slowly sends an endless banner | 2021-04-30 14:00:40 |
smuggler | Smuggler - An HTTP Request Smuggling / Desync testin g tool written in Python 3 |
2021-04-28 22:24:28 | |
cuckoo | 2.0.6 | Cuckoo Sandbox is an automated dynamic malware analy sis system |
2021-04-26 15:48:32 |
RCE-Exploit-in-BI G-IP |
2021-04-26 07:38:18 | ||
payloads | Git All the Payloads! A collection of web attack pay loads. |
2021-04-22 12:11:05 | |
morty | Privacy aware web content sanitizer proxy as a servi ce |
2021-04-22 10:38:34 | |
SimpleShellcodeIn jector |
SimpleShellcodeInjector receives as an argument a sh ellcode in hex and executes it. It DOES NOT inject th e shellcode in a third party application. |
2021-04-19 08:48:53 | |
big-list-of-naugh ty-strings |
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. |
2021-04-17 19:05:45 | |
msbuild-inline-ta sk |
2021-04-17 01:42:18 | ||
List-RDP-Connecti ons-History |
Use powershell to list the RDP Connections History o f logged-in users or all users |
2021-04-17 01:38:16 | |
Eventlogedit-evt- -General |
Remove individual lines from Windows Event Viewer Lo g (EVT) files |
2021-04-17 01:36:42 | |
From-System-autho rity-to-Medium-aut hority |
Penetration test | 2021-04-17 01:32:01 | |
Eventlogedit-evtx --Evolution |
v1.1.0 | Remove individual lines from Windows XML Event Log ( EVTX) files |
2021-04-17 01:28:00 |
CVE-2021-24086 | Proof of concept for CVE-2021-24086, a NULL derefere nce in tcpip.sys triggered remotely. |
2021-04-15 12:46:33 | |
RedGhost | Linux post exploitation framework written in bash de signed to assist red teams in persistence, reconnaiss ance, privilege escalation and leaving no trace. |
2021-04-14 06:30:09 | |
CoreMailUploadRce | Coremail任意文件上传漏洞POC | 2021-04-11 05:31:00 | |
Syborg | Recursive DNS Subdomain Enumerator with dead-end avo idance system (BETA) |
2021-04-09 13:46:36 | |
x-crack | 1.0.1 | x-crack - Weak password scanner, Support: FTP/SSH/SN MP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB |
2021-04-09 13:23:39 |
suricata-rules | Suricata IDS rules 用来检测红队渗透/恶意行为等,支持 检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/ 挖矿/反弹shell/ICMP隧道等 |
2021-04-08 10:49:03 | |
REALITY_SMASHER | vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-219 83, CVE-0DAY-?????) |
2021-04-07 03:10:07 | |
CVE-2021-22986 | CVE-2021-22986 & F5 BIG-IP RCE | 2021-04-03 12:56:37 | |
geacon | 修改自geacon的多功能linux运维管理工具 | 2021-04-02 03:00:47 | |
SharpProxyLogon | C# POC for CVE-2021-26855 aka ProxyLogon, supports t he classically semi-interactive web shell as well as shellcode injection |
2021-03-31 11:57:26 | |
Python-dsstore | A library for parsing .DS_Store files and extracting file names |
2021-03-28 17:47:40 | |
Evaluation_tools | 测评工具 | 2021-03-25 01:51:21 | |
sasquatch | 2021-03-25 00:21:17 | ||
hey | v0.1.4 | HTTP load generator, ApacheBench (ab) replacement | 2021-03-23 23:39:03 |
Luyten | v0.5.4_ Rebuilt_ with_Lat est_depe nencies |
An Open Source Java Decompiler Gui for Procyon | 2021-03-17 20:09:12 |
ProxyLogon | 2021-03-17 15:28:18 | ||
ProxyLogon | ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange S erver RCE(SSRF->GetWebShell) |
2021-03-17 05:06:18 | |
security-research -pocs |
Proof-of-concept codes created as part of security r esearch done by Google Security Team. |
2021-03-12 15:00:01 | |
Proxylogon-exploi t |
proxylogon exploit - CVE-2021-26857 | 2021-03-11 17:34:15 | |
CVE-2017-7494 | Remote root exploit for the SAMBA CVE-2017-7494 vuln erability |
2021-03-09 09:12:55 | |
CVE-2021-21972 | CVE-2021-21972 Unauthorized RCE in VMware vCenter me tasploit exploit script |
2021-03-07 17:12:01 | |
Vulmap | Vulmap Online Local Vulnerability Scanners Project | 2021-03-06 15:11:40 | |
CVE-2021-1732-Exp loit |
CVE-2021-1732 Exploit | 2021-03-05 03:10:26 | |
Malbox | 恶意软件容器靶机 | 2021-03-04 09:30:01 | |
CVE-2021-23132 | com_media allowed paths that are not intended for im age uploads to RCE |
2021-03-03 03:52:10 | |
DotNetToJScriptMi ni |
A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memo ry. |
2021-03-01 12:08:23 | |
exploits | Some of my exploits. | 2021-02-25 19:50:10 | |
CVE-2021-21972 | Proof of Concept Exploit for vCenter CVE-2021-21972 | 2021-02-25 16:04:58 | |
CANToolz | v3.7.0 | CANToolz - Black-box CAN network analysis framework | 2021-02-24 07:26:06 |
Inspur | Inspur vul repo | 2021-02-23 00:56:19 | |
WebAliveScan | 对目标域名进行快速的存活扫描、简单的指纹识别、目录扫 描 |
2021-02-22 08:36:06 | |
linuxprivchecker | linuxprivchecker.py -- a Linux Privilege Escalation Check Script |
2021-02-20 23:36:02 | |
awesome-iocs | A collection of sources of indicators of compromise. | 2021-02-19 23:21:08 | |
ruler | 2.4.1 | A tool to abuse Exchange services | 2021-02-19 09:07:52 |
SpringBootLearnin g |
Spring Boot learning process | 2021-02-18 07:59:42 | |
Mod_Rewrite_Autom ation |
Scripts to automate standing up apache2 with mod_rew rite in front of C2 servers. |
2021-02-17 17:44:23 | |
CVE-2021-3156-plu s |
CVE-2021-3156非交互式执行命令 | 2021-02-09 19:31:00 | |
Jumpserver-EXP | JumpServer远程代码执行漏洞检测利用脚本 | 2021-02-09 04:52:18 | |
CVE-2021-3156 | PoC for CVE-2021-3156 (sudo heap overflow) | 2021-02-08 03:42:50 | |
wrk | Modern HTTP benchmarking tool | 2021-02-07 07:13:05 | |
docker-oracle-xe- 11g |
Dockerfile of Oracle Database Express Edition 11g Re lease 2 |
2021-02-06 13:59:13 | |
CVE-2019-1040 | CVE-2019-1040 with Exchange | 2021-02-02 12:25:47 | |
CVE-2021-3156 | 2021-02-01 09:10:11 | ||
CVE-2021-3156 | CVE-2021-3156 | 2021-01-31 04:56:56 | |
laravel-exploits | Exploit for CVE-2021-3129 | 2021-01-29 13:59:00 | |
ListRDPConnection s |
0.0.3 | C# 读取本机对外RDP连接记录和其他主机对该主机的连接记 录,从而在内网渗透中获取更多可通内网网段信息以及定位运 维管理人员主机 |
2021-01-28 08:01:12 |
webuploader | 0.1.5 | It's a new file uploader solution! | 2021-01-27 12:18:48 |
BT_Panel_Privileg e_Escalation |
宝塔面板Windows版提权方法 | 2021-01-26 17:46:03 | |
suricata-rules | Suricata rules for the new critical vulnerabilities | 2021-01-26 15:50:13 | |
AheadLib-x86-x64 | 1.2 | hijack dll Source Code Generator. support x86/x64 | 2021-01-25 06:45:58 |
EgGateWayGetShell _py |
EgGateWayGetShell py脚本 | 2021-01-24 01:25:55 | |
skyscorpion | 1.0.rel ease.202 10322 |
新版将不再对外公开发布。天蝎权限管理工具采用Java平台 的JavaFX技术开发的桌面客户端,支持跨平台运行,目前基于 JDK1.8开发,运行必须安装JDK或JRE 1.8,注意不能是open jdk,只能是oracle的jdk。 天蝎权限管理工具基于冰蝎加密 流量进行WebShell通信管理的原理,目前实现了jsp、aspx、p hp、asp端的常用操作功能,在原 |
2021-01-20 14:12:33 |
passToJs | 爆破js加密的后台登陆;JS加密;爆破密码;PyExecJS | 2021-01-20 07:45:21 | |
SAP_EEM_CVE-2020- 6207 |
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) |
2021-01-15 16:25:18 | |
bugbounty-cheatsh eet |
A list of interesting payloads, tips and tricks for bug bounty hunters. |
2021-01-15 14:36:29 | |
LuWu | 红队基础设施自动化部署工具 | 2021-01-12 08:41:56 | |
CVE-2020-36179 | CVE-2020-36179~82 Jackson-databind SSRF&RCE | 2021-01-10 06:48:52 | |
SharpRDPLog | 0.1 | Windows rdp相关的登录记录导出工具,可用于后渗透中Win dows服务器的信息收集阶段。输出内容包括:本地rdp端口、 mstsc缓存、cmdkey缓存、登录成功、失败日志事件。 |
2021-01-09 13:00:49 |
Drupalgeddon2 | Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE -2018-7600 / SA-CORE-2018-002) |
2021-01-08 10:31:20 | |
CVE-2020-17518 | 2021-01-06 13:41:03 | ||
windows_protocol | 2021-01-06 10:28:00 | ||
fuxploider | v1.0 | File upload vulnerability scanner and exploitation t ool. |
2021-01-04 10:35:01 |
dcpwn | an impacket-dependent script exploiting CVE-2019-104 0 |
2021-01-01 06:10:57 | |
CVE-2020-35728 | CVE-2020-35728 & Jackson-databind RCE | 2020-12-31 01:56:17 | |
CVE-2020-6308-PoC | PoC CVE-2020-6308 | 2020-12-29 10:49:49 | |
open-source-badge s |
Open Source & Licence Badges | 2020-12-27 18:48:52 | |
CVE-2020-17144-EX P |
Exchange2010 authorized RCE | 2020-12-24 08:11:51 | |
LsassSilentProces sExit |
Command line interface to dump LSASS memory to disk via SilentProcessExit |
2020-12-23 11:51:21 | |
UnblockNeteaseMus ic |
v0.25.3 | Revive unavailable songs for Netease Cloud Music | 2020-12-22 13:39:09 |
xpinyin | Translate Chinese hanzi to pinyin (拼音) by Python, 汉字转拼音 |
2020-12-21 07:58:11 | |
AngelSword | Python3编写的CMS漏洞检测框架 | 2020-12-21 07:26:48 | |
web-cve-tests | A simple framework for sending test payloads for kno wn web CVEs. |
2020-12-16 14:02:31 | |
rsdl | Subdomain Scan With Ping Method. | 2020-12-12 17:25:57 | |
volatility | An advanced memory forensics framework | 2020-12-11 14:52:02 | |
CVE-2020-17144 | weaponized tool for CVE-2020-17144 | 2020-12-09 20:56:53 | |
dnSpy | v6.1.8 | .NET debugger and assembly editor | 2020-12-07 21:07:17 |
Kali-TX | Customized Kali Linux - Ansible playbook | 2020-12-07 03:16:03 | |
kalitools | Kali Linux工具清单 | 2020-12-07 02:48:41 | |
ActuatorExploit | SpringBoot Actuator未授权自动化利用,支持信息泄漏/RC E |
2020-12-05 13:57:34 | |
web-log-parser | An open source analysis web log tool | 2020-12-02 10:57:07 | |
Apache-NiFi-Api-R CE |
2020-12-01 05:39:38 | ||
wfuzz | v3.1.0 | Web application fuzzer | 2020-11-28 19:59:28 |
peerflix | Streaming torrent client for node.js | 2020-11-27 08:14:37 | |
HackMySQL | Using To MySQL Elevate Privileges. | 2020-11-24 09:39:30 | |
CVE-2020-14882 | CVE-2020–14882、CVE-2020–14883 | 2020-11-16 04:23:09 | |
webshell-detect-b ypass |
绕过专业工具检测的Webshell研究文章和免杀的Webshell | 2020-11-15 11:40:17 | |
hackergame2018-wr iteups |
Write-ups for hackergame 2018 | 2020-11-14 10:46:28 | |
Malleable-C2-Prof iles |
Malleable C2 is a domain specific language to redefi ne indicators in Beacon's communication. This reposit ory is a collection of Malleable C2 profiles that you may use. These profil |
2020-11-13 00:59:31 | |
subjack | 2.1 | Subdomain Takeover tool written in Go | 2020-11-12 04:11:12 |
CVE-2020-1472 | Exploit Code for CVE-2020-1472 aka Zerologon | 2020-11-05 16:37:19 | |
bigdata_practice | 大数据分析可视化实践 | 2020-11-04 03:18:44 | |
beanstack | v0.6.1 | X41 BeanStack - Stack Trace Fingerprinting BETA | 2020-11-03 16:06:45 |
CVE-2020-13935 | Exploit for WebSocket Vulnerability in Apache Tomcat | 2020-11-02 14:50:37 | |
XxlJob-Hessian-RC E |
XxlJob<=2.1.2配置不当情况下反序列化RCE | 2020-11-02 05:43:56 | |
java-file-ftp | POC for leaking java version through file and ftp pr otocols |
2020-11-01 10:09:29 | |
ja3transport | Impersonating JA3 signatures | 2020-10-31 20:49:32 | |
Impulse | 💣 Impulse Denial-of-service ToolKit | 2020-10-29 17:57:15 | |
js-port-knocking | Web 端口敲门的奇思妙想 | 2020-10-22 01:37:07 | |
pure-bash-bible | 📖 A collection of pure bash alternatives to externa l processes. |
2020-10-21 15:39:38 | |
rekall | v1.7.1 | Rekall Memory Forensic Framework | 2020-10-17 22:34:30 |
tlslite-ng | New home of the TLS implementation in pure python | 2020-10-16 03:40:05 | |
springfox | 3.0.0 | Automated JSON API documentation for API's built wit h Spring |
2020-10-14 01:49:23 |
HERCULES | HERCULES is a special payload generator that can byp ass antivirus softwares. |
2020-10-04 12:47:26 | |
Quickdraw-Snort | Digital Bond's IDS/IPS rules for ICS and ICS protoco ls. |
2020-10-02 18:15:13 | |
geacon | Practice Go programming and implement CobaltStrike's Beacon in Go |
2020-10-02 10:34:29 | |
SAP_RECON | PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vuln erability) |
2020-09-29 17:20:11 | |
GitGot | Semi-automated, feedback-driven tool to rapidly sear ch through troves of public data on GitHub for sensit ive secrets. |
2020-09-28 18:42:57 | |
Print-My-Shell | Python script wrote to automate the process of gener ating various reverse shells. |
2020-09-27 12:23:31 | |
firmwalker | Script for searching the extracted firmware file sys tem for goodies! |
2020-09-26 17:11:01 | |
CVE-2020-1472 | PoC for Zerologon - all research credits go to Tom T ervoort of Secura |
2020-09-24 19:59:53 | |
tget | tget is wget for torrents | 2020-09-23 00:48:25 | |
pentest-wiki | PENTEST-WIKI is a free online security knowledge lib rary for pentesters / researchers. If you have a good idea, please share it with others. |
2020-09-22 00:22:31 | |
synner | A TCP SYN flood client written in Rust, powered by l ibpnet |
2020-09-21 12:19:29 | |
CVE-2020-15148-by passes |
几条关于CVE-2020-15148(yii2反序列化)的绕过 | 2020-09-21 04:04:31 | |
cve-2020-14386 | 2020-09-18 00:00:53 | ||
memshell | mxd_reb ehinder_ v3_0_5 |
Tomcat 冰蝎内存马。 | 2020-09-14 01:51:49 |
xvwa | XVWA is a badly coded web application written in PHP /MySQL that helps security enthusiasts to learn appli cation security. |
2020-09-12 17:26:23 | |
cupp | Common User Passwords Profiler (CUPP) | 2020-09-12 09:48:23 | |
AhMyth-Android-RA T |
Android Remote Administration Tool | 2020-09-11 14:42:21 | |
CVE-2020-0787-EXP -ALL-WINDOWS-VERSI ON |
1 | Support ALL Windows Version | 2020-09-11 07:38:14 |
POC-T | 2.0.5 | 渗透测试插件化并发框架 / Open-sourced remote vulnera bility PoC/EXP framework |
2020-09-07 01:54:32 |
ysoserial-mangguo gan |
2020-09-06 15:11:21 | ||
ICS-Protocol-iden tify |
Using nmap NSE scripts for identifying common ICS pr otocols[使用nmap的nse脚本对常见工控协议进行识别,附对 应nse脚本,并记录pcap流量] |
2020-09-03 06:38:24 | |
snmpwn | An SNMPv3 User Enumerator and Attack tool | 2020-08-23 10:41:36 | |
wait-for-it | Pure bash script to test and wait on the availabilit y of a TCP host and port |
2020-08-22 23:18:37 | |
Bad-Pdf | v1.1 | Steal Net-NTLM Hash using Bad-PDF | 2020-08-19 06:54:50 |
PowerSploit | v3.0.0 | PowerSploit - A PowerShell Post-Exploitation Framewo rk |
2020-08-17 23:13:56 |
jmet | 0.1.0 | Java Message Exploitation Tool | 2020-08-17 12:32:46 |
CS-checklist | v1.0 | PC客户端(C-S架构)渗透测试checklist / Client side(C -S) penetration checklist |
2020-08-09 09:45:11 |
Nmap-Tools | SpiderLabs shared Nmap Tools | 2020-08-07 12:41:45 | |
mole | v0.1 | Mole is a framework for identifying and exploiting o ut-of-band application vulnerabilities. |
2020-08-06 15:14:46 |
shiroPoc | 0.0.05 | 2020-08-06 04:57:17 | |
MSSQL_BackDoor | 2020-08-04 11:08:52 | ||
OSCP | OSCP | 2020-08-03 15:33:17 | |
Exploit-Framework | 🔥 An Exploit framework for Web Vulnerabilities written in Python |
2020-08-01 08:56:33 | |
google_dork_list | Google Dorks | Google helps you to find Vulnerable W ebsites that Indexed in Google Search Results. Here i s the latest collection of Google Dorks. A collection of 13.760 Dorks. Auth |
|
CAS_EXP | 0.0.1 | CAS 硬编码 远程代码执行漏洞 | 2020-07-31 06:51:11 |
Serverless-Top-10 -Project |
1.0 | OWASP Serverless Top 10 | 2020-07-27 06:33:20 |
kostebek | v1.2.0 | 2020-07-26 20:19:15 | |
Intensio-Obfuscat or |
Obfuscate a python code 2.x and 3.x | 2020-07-25 10:23:56 | |
CVE-2020-8559 | This is a PoC exploit for CVE-2020-8559 Kubernetes V ulnerability |
2020-07-23 12:55:26 | |
PE2HTML | Injects HTML/PHP/ASP to the PE | 2020-07-23 10:39:37 | |
CVE-2020-6287-exp loit |
PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @ zeroSteiner from metasploit. Original Metasploit PR m odule: https://github. |
2020-07-21 18:50:06 | |
smogcloud | Find cloud assets that no one wants exposed 🔎 ☁️ | 2020-07-20 20:26:15 | |
memtriage | v0.3.2- alpha |
Allows you to quickly query a Windows machine for RA M artifacts |
2020-07-17 21:45:45 |
CVE-2020-1350-DoS | A denial-of-service proof-of-concept for CVE-2020-13 50 |
2020-07-17 13:07:28 | |
Exploits | Exploits for various CVEs | 2020-07-14 15:41:00 | |
crowbar | v4.2 | Crowbar is brute forcing tool that can be used durin g penetration tests. It is developed to support proto cols that are not currently supported by thc-hydra an d other popular brute |
2020-07-13 11:41:43 |
f5-bigip-rce-cve- 2020-5902 |
F5 BIG-IP RCE CVE-2020-5902 automatic check tool | 2020-07-12 10:36:19 | |
CVE-2020-11651-po c |
PoC exploit of CVE-2020-11651 and CVE-2020-11652 | 2020-07-10 09:30:09 | |
cobalt_strike_bot | 2020-07-05 15:12:56 | ||
SMBGhost_RCE_PoC | 2020-07-02 18:49:21 | ||
PocCollect | Poc Collected for study and develop | 2020-07-02 08:28:30 | |
ripple20-poc | Treck Network Stack Discovery Tool by JSOF | 2020-06-30 21:54:41 | |
LeakLooker | Find open databases - Powered by Binaryedge.io | 2020-06-28 08:43:21 | |
Reptile | 2.0 | LKM Linux rootkit | 2020-06-27 16:24:35 |
tomcat_nofile_web shell |
Tomcat基于动态注册Filter的无文件Webshell | 2020-06-20 19:00:06 | |
cve-2020-1054 | LPE for CVE-2020-1054 targeting Windows 7 x64 | 2020-06-17 18:10:15 | |
CVE-2020-1066-EXP | exp | CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统 |
2020-06-17 00:55:57 |
Spring-Boot-Actua tor-Exploit |
Spring Boot Actuator (jolokia) XXE/RCE | 2020-06-16 21:24:05 | |
XssPy | XssPy - Web Application XSS Scanner | 2020-06-13 23:13:14 | |
LSB-Steganography | Python program to steganography files into images us ing the Least Significant Bit. |
2020-06-12 17:03:02 | |
CallStranger | Vulnerability checker for Callstranger (CVE-2020-126 95) |
2020-06-12 09:45:36 | |
BadDNS | v1.0.1 | 2020-06-12 07:40:43 | |
ICSim | Instrument Cluster Simulator | 2020-06-12 05:38:00 | |
Vulnerability-goa pp |
Web application build Golang with Vulnerability | 2020-06-08 17:37:00 | |
VpsEnvInstall | 一键部署渗透VPS | 2020-06-06 06:25:21 | |
factordb-python | 1.3.0 | FactorDB client library with Python | 2020-06-05 14:14:20 |
RedisWriteFile | 通过 Redis 主从写出无损文件 | 2020-05-25 14:39:46 | |
CVE-2020-3153 | Cisco AnyConnect < 4.8.02042 privilege escalation th rough path traversal |
2020-05-25 08:33:24 | |
Pentest_Interview | 个人准备渗透测试和安全面试的经验之谈,和去部分厂商的 面试题,干货真的满满~ |
2020-05-25 03:58:04 | |
redis-ssrf | redis ssrf gopher generater & redis ssrf to rce by m aster-slave-sync |
2020-05-24 14:16:47 | |
SB-Actuator | Spring Boot Actuator未授权访问【XXE、RCE】单/多目标 检测 |
2020-05-21 02:28:36 | |
flashsploit | Exploitation Framework for ATtiny85 Based HID Attack s |
2020-05-20 07:42:52 | |
tomcat-cluster-se ssion-sync-exp |
tomcat使用了自带session同步功能时,不安全的配置(没 有使用EncryptInterceptor)导致存在的反序列化漏洞,通过 精心构造的数据包, 可以对使用了tomcat自带session同步功 能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484是se ssion持久化的洞,这个是session集群同步的洞! |
2020-05-19 05:11:55 | |
CVE-2020-10199 | CVE-2020-10199 回显版本 | 2020-05-15 06:18:17 | |
CAAC-CTF-2018-Pri mary |
2018年民航网络安全职业技能竞赛-初赛 | 2020-05-15 02:26:16 | |
writeups | 昔書いたctfライトアップなど | 2020-05-11 00:54:10 | |
mssqli-duet | SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on R ID bruteforcing |
2020-05-10 19:29:48 | |
cve-2020-11651-ex p-plus |
2020-05-09 07:30:04 | ||
isf | v0.1.0 | ISF(Industrial Control System Exploitation Framework ),a exploitation framework based on Python |
2020-05-08 03:23:55 |
static-binaries | Various *nix tools built as statically-linked binari es |
2020-04-26 20:49:10 | |
asset | NMAP扫描网络资产自动导入到Elasticstack进行展示 | 2020-04-25 02:22:48 | |
MassBleed | MassBleed SSL Vulnerability Scanner | 2020-04-18 22:40:20 | |
awesome-shodan-qu eries |
🔍 A collection of interesting, funny, and depressin g search queries to plug into shodan.io 👩💻 |
2020-04-18 15:18:05 | |
vmware_vcenter_cv e_2020_3952 |
Exploit for CVE-2020-3952 in vCenter 6.7 | 2020-04-16 08:38:42 | |
android-malware | Collection of android malware samples | 2020-04-15 22:22:00 | |
assetfinder | Find domains and subdomains related to a given domai n |
2020-04-15 10:38:43 | |
redis-rce | Redis RCE 的几种方法 | 2020-04-14 10:24:36 | |
Xray_and_crwlergo _in_server |
雇一位免费的360工程师和一位长亭工程师为你挖洞,还有 听话的server酱给你汇报 |
2020-04-12 15:40:36 | |
CVE-2020-0796 | v1.0 | CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost | 2020-04-08 19:27:06 |
nyancat | 1.2.1 | Nyancat in your terminal, rendered through ANSI esca pe sequences. This is the source for the Debian packa ge nyancat. |
2020-03-30 10:10:13 |
linux-kernel-expl oits |
linux-kernel-exploits Linux平台提权漏洞集合 | 2020-03-30 07:25:49 | |
o365enum | Enumerate valid usernames from Office 365 using Acti veSync, Autodiscover v1, or office.com login page. |
2020-03-24 08:38:06 | |
CrackSleeve | 破解CS4.0 | 2020-03-24 01:27:45 | |
cve-2019-1040-sca nner |
2020-03-23 11:22:53 | ||
CVE-2020-0688 | Exploit and detect tools for CVE-2020-0688 | 2020-03-21 05:44:15 | |
CVE-2019-1040-dcp wn |
CVE-2019-1040 with Kerberos delegation | 2020-03-20 13:24:42 | |
OA-tongda-RCE | Office Anywhere网络智能办公系统 | 2020-03-20 08:26:06 | |
IoT_Sec_Tutorial | IoT安全教程 | 2020-03-19 13:18:17 | |
CVE-2019-1388 | guest→system(UAC手动提权) | 2020-03-18 06:21:12 | |
motd | My funny motd config. Just for fun! | 2020-03-17 12:40:52 | |
emergency-respons e-checklist |
1.0 | 应急响应指南 / emergency response checklist | 2020-03-13 05:22:16 |
hack_postgres | 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于 数据库管理员知道postgres密码却不知道ssh或RDP密码的时候 在服务器执行系统命令。 |
2020-03-10 14:50:40 | |
CVE-2020-9548 | CVE-2020-9548:FasterXML/jackson-databind 远程代码执 行漏洞 |
2020-03-02 14:18:38 | |
CVE-2020-9547 | CVE-2020-9547:FasterXML/jackson-databind 远程代码执 行漏洞 |
2020-03-02 14:18:14 | |
leaky-repo | 1.1.2 | Benchmarking repo for secrets scanning | 2020-03-01 02:36:02 |
cve-2020-0688 | cve-2020-0688 | 2020-02-26 00:58:38 | |
javasec_study | java代码审计学习笔记 | 2020-02-24 16:36:56 | |
Spray-AD | A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passw ords. |
2020-02-23 13:16:00 | |
CVE-2020-8813 | The official exploit for Cacti v1.2.8 Remote Code Ex ecution CVE-2020-8813 |
2020-02-22 16:33:31 | |
CNVD-2020-10487-T omcat-Ajp-lfi |
Tomcat-Ajp协议文件读取漏洞 | 2020-02-20 15:39:27 | |
CVE-2020-0668 | Use CVE-2020-0668 to perform an arbitrary privileged file move operation. |
2020-02-20 11:03:17 | |
updog | 1.4 | Updog is a replacement for Python's SimpleHTTPServer . It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth. |
2020-02-19 03:26:57 |
SiteCopy | sitecopy is a tool that facilitates personal website backup and network data collection |
2020-02-17 11:16:19 | |
jieba | v0.42.1 | 结巴中文分词 | 2020-02-15 08:33:35 |
Bashfuscator | A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red te am and blue team. |
2020-02-14 22:25:01 | |
SharpToolsAggress or |
内网渗透中常用的c#程序整合成cs脚本,直接内存加载。持 续更新~ |
2020-02-13 06:36:06 | |
WDExtract | Extract Windows Defender database from vdm files and unpack it |
2020-02-10 06:53:35 | |
bucket-stream | Find interesting Amazon S3 Buckets by watching certi ficate transparency logs. |
2020-02-03 22:59:08 | |
CVE-2019-8449 | CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4 | 2020-02-03 15:11:25 | |
ffuf-scripts | Scripts to help with different ffuf tasks and workfl ows |
2020-02-02 15:00:08 | |
lmg | Script for automating Linux memory capture and analy sis |
2020-02-01 14:00:13 | |
CVE-2018-0296 | Script to test for Cisco ASA path traversal vulnerab ility (CVE-2018-0296) and extract system information. |
2020-01-30 12:52:42 | |
spring-boot-actua tor-h2-rce |
Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database |
2020-01-26 08:06:45 | |
PrivExchange | Exchange your privileges for Domain Admin privs by a busing Exchange |
2020-01-23 19:48:39 | |
cve-2019-19781 | This is a tool published for the Citrix ADC (NetScal er) vulnerability. We are only disclosing this due to others publishing the exploit code first. |
2020-01-22 20:23:36 | |
at-ps | Adversary Tactics - PowerShell Training | 2020-01-22 18:47:55 | |
CVE-2019-0708-EXP -Windows |
1.0 | CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在 当前控制台反弹System权限Shell |
2020-01-21 02:36:38 |
SharpNetCheck | 2020-01-15 15:05:04 | ||
docker_mirror | v1.0 | 查找最快的docker镜像 | 2020-01-13 06:15:21 |
Xiaomi_Mi_WiFi_R3 G_Vulnerability_PO C |
A login bypass(CVE-2019-18371) and a command injecti on vulnerability(CVE-2019-18370) in Xiaomi Router R3G up to version 2.28.23. |
2020-01-12 02:34:44 | |
CVE-2019-19781 | Citrix ADC Remote Code Execution | 2020-01-11 14:03:51 | |
LLC | Linux Log Cleaner (utmp, wtmp, btmp, lastlog) | 2020-01-10 11:45:14 | |
CVE-2019-1215 | 2020-01-07 14:29:44 | ||
hsd-cipher-sm | 国产密码算法SM2,SM3,SM4 | 2020-01-07 02:11:41 | |
ICS-pcap | A collection of ICS/SCADA PCAPs | 2020-01-03 20:07:54 | |
Vxscan | python3写的综合扫描工具,主要用来存活验证,敏感文件 探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别, 端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注 入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授 权测试,请勿用来搞破坏。 |
2020-01-02 02:59:44 | |
CVE-2019-9810 | 1 | Exploit for CVE-2019-9810 Firefox on Windows 64-bit. | 2019-12-28 18:24:48 |
jd-gui | v1.6.6 | A standalone Java Decompiler GUI | 2019-12-25 14:42:26 |
AssetScan | 资产探测工具,检测存活,检测风险端口,常规端口,全端 口探测等等,对探测的端口的脆弱面进行安全分析进行 |
2019-12-20 03:50:54 | |
ClashA | 0.0.3.9 | A Android GUI for Clash | 2019-12-20 01:14:04 |
wordpress-dos-poc | WordPress <= 5.3.? DoS | 2019-12-17 16:21:48 | |
Probable-Wordlist s |
v2.0 | Version 2 is live! Wordlists sorted by probability o riginally created for password generation and testing - make sure your passwords aren't popular! |
2019-12-04 22:50:46 |
linux-hardening-c hecklist |
Simple checklist to help you deploying the most impo rtant areas of the GNU/Linux production systems - wor k in progress. |
2019-12-02 21:30:56 | |
gogsownz | Gogs CVEs | 2019-11-30 10:34:27 | |
idcardgenerator | win_v1. 3 |
身份证图片生成工具 generate an id card picture | 2019-11-25 08:28:47 |
ThreatHound | ThreatHound is a threat intelligence query tool use for detecting potentially malicious IP or domains. It combines the MISP open source threat intelligence sh aring platform as its |
2019-11-25 05:37:33 | |
EBurst | 这个脚本主要提供对Exchange邮件服务器的账户爆破功能, 集成了现有主流接口的爆破方式。 |
2019-11-21 07:52:45 | |
Cisco-UCM-SQLi-sc ripts |
Scripts that can be used to exploit CVE-2019-15972 w hich was an Authenticated SQLi issue in Cisco Unified Call Manager (UCM). |
2019-11-20 15:05:54 | |
genpAss | 2019-11-20 04:58:52 | ||
massh-enum | OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE -2018-15473). |
2019-11-15 08:11:17 | |
SHIRO-721 | RememberMe Padding Oracle Vulnerability RCE | 2019-11-14 04:15:14 | |
RdpThief | Extracting Clear Text Passwords from mstsc.exe using API Hooking. |
2019-11-13 14:13:52 | |
Diggy | Extract endpoints from apk files. | 2019-11-13 14:05:34 | |
phuip-fpizdam | Exploit for CVE-2019-11043 | 2019-11-12 18:52:37 | |
CVE-2017-1000353 | 1.1 | jenkins CVE-2017-1000353 POC | 2019-11-12 07:14:25 |
webmin_cve-2019-1 2840_poc |
A standalone POC for CVE-2019-12840 | 2019-11-10 13:26:40 | |
aws_public_ips | 1.0.7 | Fetch all public IP addresses tied to your AWS accou nt. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services |
2019-11-07 20:02:42 |
RoarCTF-Writeup-s ome-Source-Code |
没有怎么整理,大家将就看吧,有问题发一个issue给我 | 2019-11-05 16:11:34 | |
CVE-2017-3506 | CVE-2017-3506 | 2019-11-05 14:12:11 | |
CVE-2017-17562 | Standalone Python 3 exploit for CVE-2017-17562 | 2019-11-02 16:16:56 | |
CVE-2019-3396 | Confluence 未授权 RCE (CVE-2019-3396) 漏洞 | 2019-11-01 14:33:21 | |
apache- | apache权限维持后门 | 2019-10-31 07:37:45 | |
patoolkit | v1.0 | PA Toolkit is a collection of traffic analysis plugi ns focused on security |
2019-10-29 06:13:04 |
snmp_fuzzer | snmp_fuzzer | 2019-10-25 08:14:39 | |
CloudUnflare | Reconnaissance Real IP address for Cloudflare Bypass | 2019-10-24 19:49:54 | |
CVE-2019-7609 | exploit CVE-2019-7609(kibana RCE) on right way by py thon2 scripts |
2019-10-23 07:10:34 | |
Firewall | 美国国家安全局NSA下属方程式黑客组织(Equation Group )被The Shadow Brokers(影子经纪人)hack出来的并免费分 享的源码 |
2019-10-22 03:22:12 | |
RoarCTF-Writeup-2 019 |
https://github.com/berTrAM888/RoarCTF-Writeup-some-S ource-Code.git |
2019-10-21 04:08:55 | |
cve-2017-18635 | PoC for CVE-2017-18635 | 2019-10-19 18:36:43 | |
Venom | v1.1.0 | Venom - A Multi-hop Proxy for Penetration Testers | 2019-10-14 15:45:40 |
sec-chart | 安全思维导图集合 | 2019-10-13 14:20:08 | |
struts2-057-exp | s2-057 最新漏洞分析和EXP脚本 | 2019-10-10 07:14:53 | |
batch_ping | support multi ping | 2019-10-10 03:47:43 | |
PortTran | PortTran (.NET端口转发工具,支持任意权限) | 2019-10-10 03:29:07 | |
cve-2019-0708 | Metasploit module for massive Denial of Service usin g #Bluekeep vector. |
2019-10-01 15:31:25 | |
ispy | ispy V1.0 - Eternalblue(ms17-010)/Bluekeep(CVE-2019- 0708) Scanner and exploit ( Metasploit automation ) |
2019-10-01 10:33:39 | |
loginlog_windows | 读取登录过本机的登录失败或登录成功的所有计算机信息, 在内网渗透中快速定位运维管理人员。 |
2019-09-30 04:11:59 | |
CVE-2019-8451 | Jira未授权SSRF漏洞 | 2019-09-30 01:45:49 | |
Vegile | This tool will setting up your backdoor/rootkits whe n backdoor already setup it will be hidden your spesi sifc process,unlimited your session in metasploit and transparent. Even whe |
2019-09-27 19:01:38 | |
rtcp | v0.1.0 | 利用 Python 的 Socket 端口转发,用于远程维护 | 2019-09-27 13:58:40 |
CVE-2019-10392 | CVE-2019-10392 RCE Jackson with Git Client Plugin 2. 8.2 (Authenticated) |
2019-09-26 05:49:20 | |
APTnotes | Various public documents, whitepapers and articles a bout APT campaigns |
2019-09-18 04:11:33 | |
as_webshell_venom | 免杀webshell无限生成工具蚁剑版 | 2019-09-16 15:41:35 | |
CVE-2019-1579 | 2019-09-10 15:56:48 | ||
ACLight | A script for advanced discovery of Privileged Accoun ts - includes Shadow Admins |
2019-09-09 06:48:44 | |
CVE-2019-1132 | EoP POC for CVE-2019-1132 | 2019-09-08 07:58:11 | |
secscan-authcheck | v0.1 | 越权检测工具 | 2019-09-04 12:24:58 |
BlueKeep | Proof of concept for CVE-2019-0708 | 2019-09-03 20:50:27 | |
RSA-In-CTF | 2019-09-03 08:48:44 | ||
CVE-2019-11510 | Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) |
2019-09-02 16:36:30 | |
fastjson_gadgets_ scanner |
2019-09-01 14:19:39 | ||
CVE-2019-15642 | Webmin Remote Code Execution (authenticated) | 2019-09-01 11:35:42 | |
staffdb | 2019-08-29 10:31:46 | ||
AggressorScript-C reateCloneHiddenAc count |
创建一个克隆隐藏的管理员账号/Create a Clone Hidden A dministrator Account |
2019-08-28 13:00:18 | |
GoogleHacking-Pag e |
This is a summary of my study and use of Google hack ing. I hope I can share it with you. If you like, ple ase give me a star or fork it, thank you. |
2019-08-27 16:13:02 | |
30min_guides | 覃健祥的学习笔记,各种几十分钟入门的文档 | 2019-08-23 04:25:59 | |
RedTeam-BCS | BCS(北京网络安全大会)2019 红队行动会议重点内容 | 2019-08-22 23:55:03 | |
CVE-2017-12149 | Jboss Java Deserialization RCE (CVE-2017-12149) | 2019-08-22 21:08:14 | |
Subdomain-Takeove r |
一个子域名接管检测工具 | 2019-08-21 17:24:01 | |
CVE-2019-7238 | Nexus Repository Manager 3 Remote Code Execution wit hout authentication < 3.15.0 |
2019-08-19 17:33:55 | |
RSA-ATTACK | RSA加密应用常见缺陷的原理与实践 | 2019-08-18 07:36:18 | |
CVE-2018-13379 | CVE-2018-13379 | 2019-08-14 08:40:24 | |
CVE-2018-13382 | CVE-2018-13382 | 2019-08-13 15:06:19 | |
Kayak | untagge d-359703 9ad20ce9 798a99 |
Kayak is a CAN bus analysis tool based on SocketCAN | 2019-08-09 14:48:44 |
CVE-2019-2725 | CVE-2019-2725 命令回显 | 2019-08-08 09:48:20 | |
halive | A fast http and https prober, to check which URLs ar e alive |
2019-08-05 16:11:45 | |
sec_tools | 2019-08-05 02:26:26 | ||
Jackson_RCE-CVE-2 019-12384 |
CVE-2019-12384 漏洞测试环境 | 2019-08-01 05:37:03 | |
Nmap_Bypass_IDS | Nmap&Zmap特征识别,绕过IDS探测 | 2019-08-01 02:53:31 | |
CVE-2019-13272 | Linux 4.10 < 5.1.17 PTRACE_TRACEME local root | 2019-07-31 08:05:52 | |
BB-Tips | Collection of Bug Bounty Tips | 2019-07-29 14:32:10 | |
InfinityHook | Hook system calls, context switches, page faults and more. |
2019-07-25 18:11:48 | |
golang-developer- roadmap-cn |
在 2019 成为一名 Go 开发者的路线图。为学习 Go 的人而 准备。 |
2019-07-24 16:10:15 | |
CVE-2019-12384 | Jackson Rce For CVE-2019-12384 | 2019-07-24 07:31:24 | |
BKScan | BlueKeep scanner supporting NLA | 2019-07-18 12:54:37 | |
CVE-2019-11580 | CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE |
2019-07-18 10:03:26 | |
discuz-ml-rce | discuz ml rce | 2019-07-16 12:52:02 | |
Red-Baron | Automate creating resilient, disposable, secure and agile infrastructure for Red Teams. |
2019-07-11 01:15:33 | |
LuCI_RCE_exp | Exp of cve-2019-12272 | 2019-07-10 04:32:12 | |
RedisModules-Exec uteCommand |
Tools, utilities and scripts to help you write redis modules! |
2019-07-09 09:31:56 | |
redis-rogue-serve r |
Redis 4.x & 5.x RCE | 2019-07-09 07:31:07 | |
zoom_vulnerabilit y_poc |
2019-07-08 15:23:42 | ||
instantbox | 📦 Get a clean, ready-to-go Linux box in seconds. | 2019-07-03 09:20:55 | |
CTF | 保存有关自己做的 CTF 题目 | 2019-06-23 02:02:40 | |
Cipher_Encryption _Type_Identificati on |
对密文的加密类型进行判断的命令行工具。 | 2019-06-21 04:50:52 | |
dics | 2019-06-19 02:54:24 | ||
security | Some of my security stuff and vulnerabilities. Nothi ng advanced. More to come. |
2019-06-11 16:18:12 | |
jenkins-rce | 😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream! |
2019-06-10 06:57:57 | |
rdpscan | A quick scanner for the CVE-2019-0708 "BlueKeep" vul nerability. |
2019-06-08 21:23:39 | |
docker-vulnerabil ity-environment |
Use the docker to build a vulnerability environment | 2019-05-31 07:37:02 | |
Nessus_to_report | Nessus中文报告自动化脚本 | 2019-05-28 08:25:28 | |
Serverless-Goat | OWASP ServerlessGoat: a serverless application demon strating common serverless security flaws |
2019-05-27 17:41:16 | |
aquatone | v1.7.0 | A Tool for Domain Flyovers | 2019-05-19 09:07:52 |
awesome-jenkins-r ce-2019 |
There is no pre-auth RCE in Jenkins since May 2017, but this is the one! |
2019-05-17 13:05:21 | |
CVE-2019-0803 | Win32k Elevation of Privilege Poc | 2019-05-17 10:53:20 | |
CVE-2019-2615 | 2019-05-12 16:53:21 | ||
XAntiDebug | VMProtect 3.x Anti-debug Method Improved | 2019-05-11 07:58:40 | |
WSPIH | Website Sensitive Personal Information Hunter 网站个 人敏感信息文件扫描器 |
2019-05-05 01:57:02 | |
S9MF-php-webshell -bypass |
为方便WAF入库的项目 | 分享PHP免杀大马 | |
CapOS | 等级保护测评windows工具源码 | 2019-05-04 05:07:50 | |
yujianrdpcrack | 御剑RDP爆破工具 | 2019-05-03 17:34:46 | |
lor-axe | 🪓 a multi-threaded, low-bandwidth HTTP DOS tool | 2019-05-01 17:02:46 | |
Hosts_scan | 这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹 配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统 。 |
2019-04-30 11:15:54 | |
cve-2018-1273 | Spring Data Commons RCE 远程命令执行漏洞 | 2019-04-29 04:25:35 | |
CNVD-C-2019-48814 -COMMON |
CNVD-C-2019-48814 poc work on linux and windows | 2019-04-29 04:04:02 | |
Threat-Intelligen ce-Analyst |
威胁情报,恶意样本分析,开源Malware代码收集 | 2019-04-27 12:16:57 | |
BlueCommand | Dashboarding and Tooling front-end for PowerShell Em pire using PowerShell Universal Dashboard |
2019-04-19 03:19:25 | |
CVE-2019-3396_EXP | CVE-2019-3396 confluence SSTI RCE | 2019-04-12 01:46:32 | |
vlany | Linux LD_PRELOAD rootkit (x86 and x86_64 architectur es) |
2019-04-08 06:34:23 | |
w8fuckcdn | Get website IP address by scanning the entire net 通 过扫描全网绕过CDN获取网站IP地址 |
2019-04-07 08:24:42 | |
RW_Password | 此项目用来提取收集以往泄露的密码中符合条件的强弱密码 | 2019-04-01 06:24:17 | |
UPGDSED | v1.1.2 | Universal PatchGuard and Driver Signature Enforcemen t Disable |
2019-03-29 10:32:56 |
SQLInjectionWiki | 一个专注于聚合和记录各种SQL注入方法的wiki | 2019-03-23 03:42:34 | |
sas-top-10 | Serverless Architectures Security Top 10 Guide | 2019-03-20 11:26:26 | |
phpinfo_scanner | 一个抓取phpinfo重要信息的小工具 | 2019-03-05 02:05:13 | |
Win-Logs-Parse-to ol |
2019-03-04 06:03:28 | ||
BlockRDPBrute | [HIPS]RDP(3389)爆破防护 | 2019-02-28 04:11:19 | |
acefile | POC of https://research.checkpoint.com/extracting-co de-execution-from-winrar/ |
2019-02-27 13:59:48 | |
awesome-serverles s-security |
A curated list of awesome serverless security resour ces such as (e)books, articles, whitepapers, blogs an d research papers. |
2019-02-26 14:05:42 | |
CVE-2019-7238 | 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manag er 3 Remote Code Execution 🐱💻 |
2019-02-25 07:37:06 | |
CVE-2018-20250 | exp for https://research.checkpoint.com/extracting-c ode-execution-from-winrar |
2019-02-22 05:58:07 | |
cve-2019-1003000- jenkins-rce-poc |
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-20 19-1003000 (Script Security), CVE-2019-1003001 (Pipel ine: Groovy), CVE-2019-1003002 (Pipeline: Declarative ) |
2019-02-19 13:12:38 | |
JavaID | java source code static code analysis and danger fun ction identify prog |
2019-02-18 08:16:01 | |
ja3_4java | Java library for SSL/TLS ja3 fingerprint | 2019-02-13 20:17:16 | |
SharpShooter | Payload Generation Framework | 2019-02-13 09:39:06 | |
Kali-learning-not es |
Write down some kali learning notes | 2019-02-09 12:34:00 | |
CiscoRV320Dump | CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Ci sco RV320 Configurations & Debugging Data AND Remote Root Exploit! |
2019-02-08 12:38:05 | |
SharpDump | SharpDump is a C# port of PowerSploit's Out-Minidump .ps1 functionality. |
2019-02-07 02:52:18 | |
bugcrowd-levelup- subdomain-enumerat ion |
This repository contains all the material from the t alk "Esoteric sub-domain enumeration techniques" give n at Bugcrowd LevelUp 2017 virtual conference |
2019-02-05 07:34:59 | |
Digispark-Duckdui no |
Poor man's rubber ducky | 2019-02-01 01:09:22 | |
impacket-examples -windows |
v0.9.17 | The great impacket example scripts compiled for Wind ows |
2019-01-31 22:34:52 |
mijisou | Privacy-respecting metasearch engine | 2019-01-26 10:11:11 | |
bypass_disablefun c_via_LD_PRELOAD |
bypass disable_functions via LD_PRELOA (no need /usr /sbin/sendmail) |
2019-01-21 01:55:33 | |
webshell | 入侵分析时发现的Webshell后门 | 2019-01-17 02:58:28 | |
icsmaster | ICS/SCADA Security Resource(整合工控安全相关资源) | 2019-01-04 02:00:25 | |
Paper | Web Security Technology & Vulnerability Analysis Whi tepapers |
2019-01-01 10:36:33 | |
CVE-2018-8581 | CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
|
rdpwrap | v1.6.2 | RDP Wrapper Library | 2018-12-20 15:50:35 |
CTF-Training | 收集各大比赛的题目和Writeup | 2018-12-20 13:34:56 | |
SharpPack | An Insider Threat Toolkit | 2018-12-17 11:54:45 | |
cve-2018-1002105 | Test utility for cve-2018-1002105 | 2018-12-13 16:56:27 | |
poc_CVE-2018-1002 105 |
PoC for CVE-2018-1002105. | 2018-12-10 11:09:26 | |
Invoke-TheHash | PowerShell Pass The Hash Utils | 2018-12-09 15:38:35 | |
CVE-2018-0296 | v0.0.4 | Test CVE-2018-0296 and extract usernames | 2018-12-09 11:57:14 |
CVE-2018-3252 | CVE-2018-3252-PoC | 2018-12-07 04:31:49 | |
riscv-ida | RISC-V ISA processor module for IDAPro 7.x | 2018-11-27 13:04:06 | |
NATBypass | 一款lcx在golang下的实现, 可用于内网穿透, 建立TCP反弹 隧道用以绕过防火墙入站限制等, A tool for establish rev erse tunnel for NAT network environment and proxy, su pport all functions of lcx.exe |
2018-11-03 06:25:09 | |
JQShell | A weaponized version of CVE-2018-9206 | 2018-10-30 01:48:36 | |
CVE-2017-7269-Ech o-PoC |
CVE-2017-7269 回显PoC ,用于远程漏洞检测.. | 2018-10-27 03:20:04 | |
CVE-2018-2893 | CVE-2018-2893-PoC | 2018-10-27 01:42:20 | |
XXEpayload | 2018-10-25 03:03:02 | ||
CVE-2018-9206 | A Python PoC for CVE-2018-9206 | 2018-10-22 16:48:59 | |
SpoolerScanner | Check if MS-RPRN is remotely available with powershe ll/c# |
2018-10-21 17:11:38 | |
modbus-cli | Modbus command line utility | 2018-10-16 05:57:43 | |
base100 | base💯 - Encode your data into emoji | 2018-10-14 19:06:27 | |
wavecrack | v1.0 | Wavestone's web interface for password cracking with hashcat |
2018-10-12 08:26:24 |
luacheck | 0.23.0 | A tool for linting and static analysis of Lua code. |
2018-10-11 21:47:39 |
Internal-Monologu e |
Internal Monologue Attack: Retrieving NTLM Hashes wi thout Touching LSASS |
2018-10-11 12:12:46 | |
me_cleaner | v1.2 | Tool for partial deblobbing of Intel ME/TXE firmware images |
2018-10-07 08:24:52 |
SpoolSample | PoC tool to coerce Windows hosts authenticate to oth er machines via the MS-RPRN RPC interface. This is po ssible via other protocols as well. |
2018-10-05 22:36:05 | |
dictionary | List of some dictionaries | 2018-09-28 11:29:40 | |
Win2016LPE | Windows10 & Windows Server 2016 LPE Exploit (use sch edsvc!SchRpcSetSecurity()) |
2018-09-28 05:28:59 | |
SM2Java | 国密SM2,SM3 Java实现 | 2018-09-26 09:25:14 | |
write-ups-2015 | Wiki-like CTF write-ups repository, maintained by th e community. 2015 |
2018-09-19 10:37:33 | |
CVE-2018-8420 | 原PoC甚至符号都打错了!太不走心了! | 2018-09-18 05:47:26 | |
CVE-2018-15473-Ex ploit |
Exploit written in Python for CVE-2018-15473 with th reading and export formats |
2018-09-13 15:09:33 | |
butterfly | A web terminal based on websocket and tornado | 2018-09-12 08:23:06 | |
ASWCrypter | An Bash&Python Script For Generating Payloads that B ypasses All Antivirus so far [FUD] |
2018-09-09 10:40:56 | |
EventCleaner | A tool mainly to erase specified records from Window s event logs, with additional functionalities. |
2018-09-07 11:02:00 | |
PHP_Code_Challeng e |
总结一些php代码审计ctf练习题 | 2018-09-06 06:44:48 | |
Pass-to-hash-EWS | 2018-08-29 05:49:00 | ||
MITMf | v0.9.8 | Framework for Man-In-The-Middle attacks | 2018-08-28 15:37:24 |
ueditor-getshell | ueditor .net getshell | 2018-08-27 15:44:35 | |
mscache | a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimi katz and impacket |
2018-08-22 10:24:50 | |
ExchangeRelayX | An NTLM relay tool to the EWS endpoint for on-premis e exchange servers. Provides an OWA for hackers. |
2018-08-17 00:46:06 | |
DotNetToJScript | v1.0.4 | A tool to create a JScript file which loads a .NET v 2 assembly from memory. |
2018-08-13 18:08:54 |
CVE-2018-8120 | CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7 |
2018-08-08 05:48:23 | |
CTF-RSA | 总结一下各路大师傅的RSA脚本233 | 2018-07-27 15:49:44 | |
OSCE | Collection of things made during my preparation to t ake on OSCE |
2018-07-23 02:02:03 | |
CVE-2018-2628 | CVE-2018-2628 & CVE-2018-2893 | 2018-07-20 01:24:35 | |
OSCE | Some exploits, which I’ve created during my OSCE pr eparation. |
2018-07-07 23:56:54 | |
redis_lua_exploit | 2018-06-20 11:33:45 | ||
checkO365 | checkO365 is a tool to check if a target domain is u sing O365 |
2018-06-11 19:20:15 | |
CiscoSmartInstall Exploit |
2018-06-10 16:05:41 | ||
Prowl | 2018-06-08 10:02:15 | ||
poc-cve-2018-1273 | POC for CVE-2018-1273 | 2018-06-05 15:07:17 | |
Convert-Invoke-Ke rberoast |
Converts the output from Invoke-Kerberoast into hash cat format. |
2018-05-31 15:17:17 | |
CVE-2018-8174_EXP | CVE-2018-8174_python | 2018-05-30 03:32:04 | |
naive-hashcat | Crack password hashes without the fuss 🐈 | 2018-05-23 21:39:15 | |
CVE-2018-8174-msf | CVE-2018-8174 - VBScript memory corruption exploit. | 2018-05-23 20:43:57 | |
java-deserializat ion-exploits |
A collection of curated Java Deserialization Exploit s |
2018-05-22 17:18:54 | |
CVE-2018-1111 | CVE-2018-1111 DynoRoot | 2018-05-21 13:10:47 | |
CVE-2018-1111 | Environment for DynoRoot (CVE-2018-1111) | 2018-05-17 10:03:06 | |
GPON | Exploit for Remote Code Execution on GPON home route rs (CVE-2018-10562) written in Python. Initially disc losed by VPNMentor (https://www.vpnmentor.com/blog/cr itical-vulnerability-g |
2018-05-10 15:08:42 | |
CVE-2018-9995_dvr _credentials |
(CVE-2018-9995) Get DVR Credentials | 2018-05-05 17:46:26 | |
Mind-Map | 各种安全相关思维导图整理收集 | 2018-04-29 18:06:13 | |
cloud-torrent | 0.8.25 | ☁️ Cloud Torrent: a self-hosted remote torrent cli ent |
2018-04-27 16:17:01 |
CVE-2018-7600 | Exploit for Drupal 7 <= 7.57 CVE-2018-7600 | 2018-04-26 15:40:27 | |
ProcessInjection | Some ways to inject a DLL into a alive process | 2018-04-26 02:22:58 | |
scan-backup-langz i- |
扫描备份文件和敏感信息泄漏的扫描器,速度快,器大活好 | 2018-04-01 14:19:50 | |
CVE-2018-2380 | PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM |
2018-03-14 12:13:43 | |
BypassCaiDao | 过WAF菜刀 | 2018-03-10 01:14:44 | |
clairctl | v1.2.8 | Tracking container vulnerabilities with Clair Contro l for CoreOS Clair |
2018-03-07 13:28:50 |
TextMining | Python文本挖掘系统 Research of Text Mining System | 2018-03-02 06:00:21 | |
vncpwd | v0.1 | VNC Password Decrypter | 2018-02-23 09:38:39 |
nextnet | v0.0.2 | nextnet is a pivot point discovery tool written in G o. |
2018-02-23 08:11:40 |
CANoodler | CANoolder: CAN to 3.3V logic level interface. Dumb. Cheap. Simple. Pick 3. |
2018-02-14 03:22:39 | |
inSp3ctor | AWS S3 Bucket/Object Finder | 2018-02-05 01:44:00 | |
suricata-traffici d |
Application and service identification rules for Sur icata |
2018-01-17 12:42:08 | |
NtlmRelayToEWS | ntlm relay attack to Exchange Web Services | 2018-01-15 12:47:56 | |
spectre-attack | Example of using revealed "Spectre" exploit (CVE-201 7-5753 and CVE-2017-5715) |
2018-01-10 01:14:43 | |
cisco-snmp-rce | Cisco IOS SNMP RCE PoC | 2018-01-05 12:08:04 | |
KPTI-PoC-Collecti on |
Meltdown/Spectre PoC src collection. | 2018-01-04 00:19:08 | |
danderspritz-evtx | v1.0 | Parse evtx files and detect use of the DanderSpritz eventlogedit module |
2017-12-15 14:10:01 |
rce-over-spark | Remote Command Execution Over Spark | 2017-12-15 08:03:06 | |
Invoke-WCMDump | PowerShell Script to Dump Windows Credentials from t he Credential Manager |
2017-12-12 00:46:32 | |
S2-055-PoC | S2-055的环境,基于rest-show-case改造 | 2017-12-07 01:57:31 | |
DigiKeyboard_DE | angepasste Header-Dateien für Deutsches Tastatur Lay out |
modfied headers for german keyboard layout | |
HugeDirtyCowPOC | A POC for the Huge Dirty Cow vulnerability (CVE-2017 -1000405) |
2017-11-30 00:24:11 | |
CVE-2017-11882 | Proof-of-Concept exploits for CVE-2017-11882 | 2017-11-29 16:13:22 | |
CVE-2017-11882 | CVE-2017-11882 from https://github.com/embedi/CVE-20 17-11882 |
2017-11-29 03:33:45 | |
evolve | v1.6 | Web interface for the Volatility Memory Forensics Fr amework |
2017-11-21 00:38:21 |
CVE-2017-0199 | v4.0.1 | Exploit toolkit CVE-2017-0199 - v4.0 is a handy pyth on script which provides pentesters and security rese archers a quick and effective way to test Microsoft O ffice RCE. It could ge |
2017-11-19 11:01:15 |
CACTUSTORCH | CACTUSTORCH: Payload Generation for Adversary Simula tions |
2017-11-16 10:20:08 | |
PTP-RAT | Exfiltrate data over screen interfaces | 2017-11-13 12:24:11 | |
awvs_script_decod e |
解密好的AWVS10.5 data/script/目录下的脚本 | 2017-11-11 13:31:08 | |
CVE-2017-8759 | CVE-2017-8759 | 2017-11-09 02:41:18 | |
SAP-Pentest | 2017-11-03 16:01:47 | ||
volatility-plugin s |
Plugins I've written for Volatility | 2017-10-23 15:38:26 | |
Python-Brainfuck | Just a small Brainfuck interpreter written in Python | 2017-10-23 10:07:47 | |
Sensitive-word | 收集的一些敏感词汇,挺全的,还细分了暴恐词库、反动词 库、民生词库、色情词库、贪腐词库、其他词库等 |
2017-09-28 02:11:48 | |
MSSQL-Fileless-Ro otkit-WarSQLKit |
Bildiğiniz üzere uzun zamandır MSSQL üzerine çalışma lar yapmaktayım. Bu yazımda uzun zamandır uğraştığım bir konuyu ele alacağım, MSSQL Rootkit. Bildiğiniz üz ere şimdiye kadar MS-S |
2017-09-17 18:29:53 | |
DigistumpArduino | 1.6.7 | Files to add Digistump support (Digispark, Pro, Digi X) to Arduino 1.6.X (1.6.5+) |
2017-08-29 23:49:34 |
dnsAutoRebinding | ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、 dnsPoisoning、Support ipv4/ipv6 |
2017-08-17 05:16:11 | |
outguess | An unmaintained fork of the OutGuess steganographic tool. Try https://github.com/resurrecting-open-source -projects/outguess for possibly a better option. |
2017-08-14 02:11:00 | |
joffrey | Stupid MQTT Brute Forcer | 2017-07-27 18:47:20 | |
csrf-poc-generato r |
this html file creates a csrf poc form to any http r equest. |
2017-07-27 11:53:58 | |
Struts2-048 | CVE-2017-9791 | 2017-07-08 02:08:35 | |
wydomain | to discover subdomains of your target domain | 2017-06-26 09:05:27 | |
RiskySPN | Detect and abuse risky SPNs | 2017-06-15 07:41:17 | |
wifi_keylogger | DIY Arduino Wi-Fi Keylogger (Proof of Concept) | 2017-06-14 18:09:57 | |
Exploits | Windows Exploits | 2017-06-14 16:30:27 | |
sandcastle | 🏰 A Python script for AWS S3 bucket enumeration. | 2017-06-12 21:25:27 | |
PocCollect | a plenty of poc based on python | 2017-06-10 09:28:18 | |
ffmpeg-avi-m3u-xb in |
2017-05-22 23:34:25 | ||
WindowsExploits | Windows exploits, mostly precompiled. Not being upda ted. Check https://github.com/SecWiki/windows-kernel- exploits instead. |
2017-05-21 17:21:47 | |
Go-For-OSCP | 2017-05-17 08:47:59 | ||
cve-2017-7269-too l |
CVE-2017-7269 to webshell or shellcode loader | 2017-05-16 18:47:07 | |
vulnd_xxe | A server vulnerable to XXE that can be used to test payloads using the xxer tool. |
2017-05-13 17:29:21 | |
aeskeyfind | Fork of aeskeyfind that knows more formats of AES ke y schedule |
2017-05-11 11:27:34 | |
filterbypass | Browser's XSS Filter Bypass Cheat Sheet | 2017-05-06 13:53:03 | |
kernel-exploits | 2017-04-23 15:43:30 | ||
icmptunnel | v1.0.0 | Transparently tunnel your IP traffic through ICMP ec ho and reply packets. |
2017-04-22 12:44:44 |
hotoloti | documentation, scripts, tools related to Zena Forens ics (http://blog.digital-forensics.it) |
2017-04-21 21:59:14 | |
IllegalWordsDetec tion |
提供高效率的较简单的Unity3d手游客户端的敏感词检测的 算法,能应付大部分敏感词过滤需求 |
2017-04-20 09:00:16 | |
cve-2017-7269 | fixed msf module for cve-2017-7269 | 2017-03-30 22:19:57 | |
ZeroNights-HackQu est-2016 |
2 web tasks from ZeroNights HackQuest 2016 | 2017-03-24 11:16:15 | |
CVE-2016-5195 | A CVE-2016-5195 exploit example. | 2017-03-21 16:46:03 | |
SensitiveWordFilt er |
机器学习实现敏感词过滤 | 2017-03-09 07:58:22 | |
duck2spark | Converter for raw RubberDucky payloads to Digispark Arduino IDE Sketch source. |
2017-03-06 16:40:56 | |
dirtycow-vdso | PoC for Dirty COW (CVE-2016-5195) | 2017-02-27 18:55:55 | |
MSSQL-SQLi-Labs | 2017-02-27 14:23:42 | ||
Windows-Exploit-S uggester |
This tool compares a targets patch levels against th e Microsoft vulnerability database in order to detect potential missing patches on the target. It also not ifies the user if ther |
2017-02-17 14:01:56 | |
docker-remote-api -exp |
docker remote api未授权访问的利用代码 | 2017-02-14 09:34:45 | |
ShellcodeWrapper | Shellcode wrapper with encryption for multiple targe t languages |
2017-01-23 11:09:08 | |
VolUtility | v1.2 | Web App for Volatility framework | 2017-01-20 09:34:55 |
public | my public code | 2017-01-11 08:52:03 | |
luadec | Lua Decompiler for lua 5.1 , 5.2 and 5.3 | 2017-01-06 12:43:51 | |
ew | 内网穿透(跨平台) | 2016-12-31 06:11:18 | |
xss | php写的个人研究测试用的 xss cookie 攻击管理平台,开源 出来 |
2016-12-30 03:58:46 | |
weakfilescan | 动态多线程敏感信息泄露检测工具 | 2016-12-17 14:27:18 | |
peepdf | Powerful Python tool to analyze PDF documents | 2016-11-17 21:30:21 | |
FingerPrint | web应用指纹识别 | 2016-11-15 06:47:41 | |
SCADAPASS | 1.2 | SCADA StrangeLove Default/Hardcoded Passwords List | 2016-11-14 13:49:56 |
ssh-audit | SSH server auditing (banner, key exchange, encryptio n, mac, compression, compatibility, security, etc) |
2016-11-02 10:45:56 | |
dirtycow-docker-v dso |
2016-11-01 15:52:23 | ||
MySQL-Monitor | MySQL服务器执行SQL记录实时监控(WEB版本) | 2016-10-25 09:04:30 | |
linux-inject | Tool for injecting a shared object into a Linux proc ess |
2016-09-06 21:09:20 | |
sensitive-stop-wo rds |
互联网常用敏感词、停止词词库 | 2016-08-30 01:47:33 | |
Conveigh | Conveigh is a Windows PowerShell LLMNR/NBNS spoofer detection tool |
2016-08-28 19:55:34 | |
armitage | Automatically exported from code.google.com/p/armita ge |
2016-07-08 22:05:20 | |
DirBrute | 多线程WEB目录爆破工具 [Multi-thread WEB directory bl asting tool(with dics inside) ] |
2016-07-04 15:14:53 | |
PoCs | Proof of Concepts for CVE-2016–3714 | 2016-05-23 17:34:28 | |
docker_api_vul | docker 未授权访问漏洞利用脚本 | 2016-05-18 16:08:02 | |
cub3 | Proof of concept for LD_PRELOAD malware that uses ex tended attributes to protect files. |
2016-05-18 03:48:15 | |
ios-malware | iOS malware samples | 2016-05-13 09:52:30 | |
foolav | v1.0 | Pentest tool for antivirus evasion and running arbit rary payload on target Wintel host |
2016-05-06 19:59:29 |
vulnapp | use docker to attack web as a demo | 2016-03-24 15:16:32 | |
ysoserial | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
2016-03-13 19:28:06 | |
Redpoint | Digital Bond's ICS Enumeration Tools | 2016-03-08 17:24:55 | |
windows-exploits | Used for the osce exam preparation | 2016-03-03 17:36:51 | |
CVE-2015-7547 | Proof of concept for CVE-2015-7547 | 2016-02-16 01:01:27 | |
ntdsxtract | Active Directory forensic framework | 2016-02-13 06:07:04 | |
getsystem-offline | Small tool to get a SYSTEM shell | 2016-02-07 23:52:20 | |
Jenkins | Jenkins漏洞探测、用户抓取爆破 | 2015-12-28 10:46:00 | |
clusterd | 0.5 | application server attack toolkit | 2015-11-19 07:34:44 |
FBI-WARNING-in-co nsole |
FBI-WARNING-in-console | 2015-11-02 11:09:01 | |
PLCinject | 2015-08-08 04:24:57 | ||
PixelJihad | A JavaScript steganography tool | 2015-03-29 22:43:41 | |
PowerShell-AD-Rec on |
PowerShell Scripts I find useful | 2015-03-09 01:20:21 | |
dnsenum | 1.2.4.2 | dnsenum is a perl script that enumerates DNS informa tion |
2015-02-20 18:56:16 |
Unix-Privilege-Es calation-Exploits- Pack |
Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc. |
2014-12-24 22:03:07 | |
rtsp_authgrinder | A authentication brute forcing tool for the rtsp pro tocol |
2014-12-02 11:56:12 | |
winshock-test | Bash script that tests if a system is Winshock (MS14 -066) vulnerable |
2014-11-15 09:57:54 | |
UPnP-Pentest-Tool kit |
UPnP Pentest Toolkit for Windows | 2014-11-13 08:31:34 | |
shellshock_scanne r |
Python Scanner for "ShellShock" (CVE-2014-6271) | 2014-09-29 23:22:12 | |
kjackal | Linux Rootkit Scanner | 2014-06-16 14:05:21 | |
Linux_Exploit_Sug gester |
Linux Exploit Suggester; based on operating system r elease number |
2014-05-18 23:18:10 | |
shellcode_launche r |
Shellcode launcher utility | 2014-02-16 01:22:49 | |
thc-pptp-bruter | [Mirror] thc.org uses a CA that is not trusted on a base Arch system so we are mirroring some source here . |
2013-11-11 16:00:11 | |
vipasswordict | Vietnamese Password Dicts | 2013-10-15 18:59:21 | |
tsh | Tiny SHell is an open-source UNIX backdoor. | 2013-09-28 10:34:45 | |
Rogue-MySql-Serve r |
Rogue MySql Server | 2013-09-15 09:52:34 | |
ReflectiveDLLInje ction |
Reflective DLL injection is a library injection tech nique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host pro |
2013-09-05 08:10:09 | |
pwnginx | Pwn nginx - a nginx backdoor provides shell access, socks5 tunneling, http password sniffing. |
2013-09-04 06:51:04 | |
BurpAuthzPlugin | 2013-07-22 21:00:44 | ||
lib_mysqludf_sys | A UDF library with functions to interact with the op erating system. These functions allow you to interact with the execution environment in which MySQL runs. |
2013-02-21 00:39:07 | |
base92 | Implementations of base92 in various languages (C, p ython) |
2013-01-28 04:26:46 | |
h3c-pt-tools | Huawei/H3C/HP Penetration Testing Tools | 2012-11-16 14:05:15 | |
evilarc | Create tar/zip archives that can exploit directory t raversal vulnerabilities |
2011-02-27 23:07:47 | |
crawlergo | |||
CVE-2020-1938 | |||
Emergency | |||
Cas_Exploit | |||
Shiro-721 | |||
CTF-RSA-tool | |||
security | |||
sangfor-edr-explo it |
|||
CTFCrackTools | |||
PrintNightmare | |||
VolDiff | |||
graphql-voyager | |||
OSCE-Exploit-Deve lopment |
|||
searx | |||
cobaltstrike-bof- toolset |
|||
fuzz | |||
company-crawler | |||
metarget | |||
WordPress_4 | |||
Hyuga | |||
debugtron | |||
fastjson-1 | |||
privilege-escalat ion-awesome-script s-suite |
|||
idea-project-fish -exploit |
|||
code-server | |||
CVE-2021-26855 | |||
pcap_dnsproxy | |||
follina | |||
cas4 | |||
odoh-server-go | |||
nps | |||
snort-rules | |||
impacket | |||
PatchAMSI | |||
VirusTotalC2 | |||
names | |||
IPList | |||
nginxconfig | |||
RouterScan-consol e |
|||
dirtycow | |||
HealthChecker | |||
clash | |||
testssl | |||
RCE-0-day-for-Gho stScript-9 |
|||
spring-boot-start er-swagger |
|||
wechat_info_colle ct |
|||
Janus | |||
phpvuln | |||
findomain | |||
IIS_exploit | |||
shadowsocks | |||
ecapture | |||
JSPHorse | |||
DVWA | |||
aSYNcrone | |||
capa | |||
Fofa-collect | |||
clash_for_windows _pkg |
|||
bluescan | |||
CVE-2018-14729 | |||
EyeWitness | |||
RsaCtfTool | |||
awvs-decode | |||
Windows-Exploit-S uggester |
|||
YourNextBugTip | |||
pdf-export | |||
hackingthe | |||
USB-Rubber-Ducky | |||
CobaltSpam | |||
hackbar2 | |||
dc_find | |||
masnmapscan-V1 | |||
nanodump | |||
BaiLu-SED-Tool | |||
Thanos | |||
password_brute_di ctionary |
|||
CVE-2017-12615 | |||
S2-045 | |||
S2-055 | |||
S2-056-XStream | |||
xss-payload-list | |||
httpie | |||
WOTD | |||
CVE-2020-8840 | |||
Grafana-VulnTips | |||
ncDecode | |||
webuploader-0 | |||
dnscrypt-proxy | |||
jsonhero-web | |||
bro-pdns | |||
Axis-1 | |||
2020-Interview-ex perience |
|||
CVE-2021-1727 | |||
InstallerFileTake Over |
|||
ProfSvcLPE | |||
LangNetworkTopolo gy3 |
|||
DFA | |||
libssh-scanner | |||
mscan | |||
dedecmscan | |||
ddos-tools | |||
slowloris | |||
iCULeak | |||
cryptovenom | |||
2017-Security-ppt | |||
subzy | |||
SharpCookieMonste r |
|||
Middleware-Vulner ability-detection |
|||
WXDBDecrypt | |||
BurpSuiteSuite-co llections |
|||
hackbar2 | |||
linux-exploit-sug gester |
|||
idcard | |||
EggShell | |||
SeeyonEXP | |||
PowerDNS-Admin | |||
Cas_Exploit | |||
1earn | |||
AboutSecurity | |||
CVE-2021-41653 | |||
CVE-2020-0601 | |||
SMBGhost | |||
qqwry | |||
chineseocr_lite | |||
Amass | |||
CVE-2022-21907-ht tp |
|||
RDWArecon | |||
Ruoyi-All | |||
PeiQi-WIKI-POC | |||
awesome-pentest-n ote |
|||
conote-community | |||
CVE-2021-21985 | |||
CVE-2021-22005 | |||
CVE-2021-29200 | |||
CVE-2021-30128 | |||
Benchmarks | |||
Hacking-With-Gola ng |
|||
joomscan | |||
cs-ssl-gen | |||
hideNsneak | |||
oh-my-zsh | |||
exp | |||
hashtopolis | |||
MITM-cheatsheet | |||
impacket | |||
DumpTheGit | |||
jumpserver_rce | |||
Fuzz_dic | |||
wechat-export | |||
2022-HW-POC | |||
csirt | |||
poshkatz | |||
CVE-2019-2890 | |||
VPS-web-hacking-t ools |
|||
suricata-rules | |||
metinfo_sqlinject ion |
|||
TPScan | |||
microsoftSpider | |||
Struts2_045-Poc | |||
awvs13_batch_py3 | |||
blackeye | |||
VTSCAN | |||
prowler | |||
Bug-Hunting-Domai ns |
|||
CSAgent | |||
repo-security-sca nner |
|||
CVE-2018-8120 | |||
CVE-2022-2639-Pip eVersion |
|||
CVE-2018-3191 | |||
wappalyzer | |||
Kage | |||
sam-the-admin | |||
Whonix | |||
woodpecker-framwo rk-release |
|||
fastjson_rce_tool | |||
shiro_rce | |||
gojwtcrack | |||
STS2G | |||
chrome_password_g rabber |
|||
wxappUnpacker | |||
xxx | |||
clashX | |||
yougar0 | |||
seeyou_exp | |||
CVE-2019-0708 | |||
SiteServer-CMS-Re mote-download-Gets hell |
|||
zhuqingcode | |||
Joker | |||
gitleaks | |||
RSA |
杂七杂八
APP合规
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
camille | 基于Frida的Android App隐私合规检测辅助工具 | 2023-05-06 06:17:39 |
chatgpt
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Awesome-ChatGPT | ChatGPT资料汇总学习,持续更新...... | 2023-07-07 02:24:11 | |
chatgpt | ChatGPT网址导航,分享免费好用AI网站! | 2023-07-01 15:12:07 | |
ChatGPT-Shortcut | v3.1.6 | 🚀💪Maximize your efficiency and productivity, suppo rt for English,中文,Español,العربية. 让生产力加倍的AI 快捷指令。更有效地定制、保存和分享自己的提示词。在提示 词分享社区中,轻松找到适用于不同场景的指令。 |
2024-01-13 21:59:00 |
chatgpt-mac | v0.0.5 | ChatGPT for Mac, living in your menubar. | 2022-12-12 12:03:30 |
awesome-chatgpt-z h |
ChatGPT 中文指南🔥,ChatGPT 中文调教指南,指令指南, 应用开发指南,精选资源清单,更好的使用 chatGPT 让你的 生产力 up up up! 🚀 |
2023-12-18 13:02:48 |
github加速
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
FastGithub | 2.1.4 | github加速神器,解决github打不开、用户头像无法加载、 releases无法上传下载、git-clone、git-pull、git-push失 败等问题 |
2022-12-07 00:24:48 |
MySQL实时监控工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
MySQLMonitor | 1.0 | MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具) | 2022-03-09 03:08:09 |
pppoe拦截
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
pppoe-intercept | v0.3 | 用来模拟中间人拦截 pppoe 拨号过程的账号密码 | 2019-06-12 14:03:18 |
python笔记
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Python-100-Days | Python - 100天从新手到大师 | 2023-02-05 16:59:39 |
web靶场
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SSRF_Vulnerable_L ab |
This Lab contain the sample codes which are vulnerab le to Server-Side Request Forgery attack |
2023-08-21 17:02:38 | |
https://dvwa.co.uk/ | |||
DoraBox | DoraBox - Basic Web Vulnerability Training | 2021-12-24 04:58:09 | |
WackoPicko | WackoPicko is a vulnerable web application used to t est web application vulnerability scanners. |
2021-11-17 16:51:38 | |
xssed | A set of XSS vulnerable PHP scripts for testing | 2013-02-10 02:53:13 | |
sqli-labs | SQLI labs to test error based, Blind boolean based, Time based. |
2014-10-31 19:10:23 | |
BWVS | Web漏洞渗透测试靶场 | 2018-02-05 13:06:03 | |
upload-labs | 0.1 | 一个想帮你总结所有类型的上传漏洞的靶场 | 2020-01-15 14:38:33 |
vulstudy | 使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个 靶场。 |
2020-03-25 07:11:46 | |
xxe-lab | 一个包含php,java,python,C#等各种语言版本的XXE漏洞Dem o |
2022-11-28 12:56:03 | |
vulnerable-node | A very vulnerable web site written in NodeJS with th e purpose of have a project with identified vulnerabi lities to test the quality of security analyzers tool s tools |
2023-03-13 10:54:55 | |
vulfocus | v0.3.2. 11 |
🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜 像,放入即可使用,开箱即用。 |
2023-05-31 03:45:48 |
hackademic | the main hackademic code repository | 2017-02-24 16:48:07 | |
Hello-Java-Sec | 1.10 | ☕️ Java Security,安全编码和代码审计 | 2023-01-03 08:25:42 |
SpringBootVulExpl oit |
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑 盒安全评估 check list |
2021-03-10 13:03:17 | |
ElectricRat | v1.3.0 | 电气鼠靶场系统是一种带有漏洞的Web应用程序,旨在为Web 安全渗透测试学习者提供学习和实践的机会。The Electrical Mouse Target Range System is a web application with vulnerabilities designed to provide learning and prac tice opport |
2023-03-26 12:59:39 |
VulApps | 快速搭建各种漏洞环境(Various vulnerability environme nt) |
2020-04-15 09:23:17 | |
bodgeit | 1.4.0 | The BodgeIt Store is a vulnerable web application wh ich is currently aimed at people who are new to pen t esting. |
2018-01-08 20:27:03 |
MCIR | The Magical Code Injection Rainbow! MCIR is a framew ork for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerabil ity testbeds. |
2020-08-07 12:44:09 | |
DSVW | Damn Small Vulnerable Web | 2021-07-22 16:02:49 | |
SecExample | JAVA 漏洞靶场 (Vulnerability Environment For Java) | 2021-07-15 09:11:24 | |
vulhub | Pre-Built Vulnerable Environments Based on Docker-Co mpose |
2023-12-30 18:04:55 | |
webug4.0 | webug4.0 | 2022-02-14 09:27:09 | |
WebGoat | v2023.8 | WebGoat is a deliberately insecure application | 2024-01-09 14:10:16 |
pikachu | 一个好玩的Web安全-漏洞测试平台 | 2023-07-01 15:14:35 | |
https://hackmyvm.eu/anon/ | |||
https://www.pentesterlab.com/exercises/web_for_pentester/course |
安全思维脑图
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
HackerMind | 各种安全相关思维导图整理收集。渗透步骤,web安全,CTF ,业务安全,人工智能,区块链安全,数据安全,安全开发, 无线安全,社会工程学,二进制安全,移动安全,红蓝对抗, 运维安全,风控安全,linux安全 |
2023-12-04 07:10:47 |
按键精灵
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
KeymouseGo | v5.1.1 | 类似按键精灵的鼠标键盘录制和自动化操作 模拟点击和键 入 |
automate mouse clicks and keyboard input |
报告模板
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
HackReport | 渗透测试报告/资料文档/渗透经验文档/安全书籍 | 2023-08-20 06:06:08 |
动态口令
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
rotp | v6.3.0 | Ruby One Time Password library | 2023-08-30 19:25:56 |
短信轰炸
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SMSBoom | main | 短信轰炸/短信测压/ | 一个健壮免费的python短信轰炸程 序,专门炸坏蛋蛋,百万接口,多线程全自动添加有效接口, 支持异步协程百万并发,全免费的短信轰炸工具!!hongkong er开发全网首发!! |
短信转发器
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
SmsForwarder | v3.2.0 | 短信转发器——监控Android手机短信、来电、APP通知,并 根据指定规则转发到其他手机:钉钉群自定义机器人、钉钉企 业内机器人、企业微信群机器人、飞书机器人、企业微信应用 消息、邮箱、bark、webhook、Telegram机器人、Server酱、P ushPlus、手机短信等。包括主动控制服务端与客户端,让你 轻松远程发短信、查短信、查通话、查话簿、查电量等。 |
2024-01-13 02:09:28 |
恶意网络流量模拟
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
flightsim | v2.5.0 | A utility to safely generate malicious network traff ic patterns and evaluate controls. |
2023-10-02 07:30:27 |
机器学习
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Augmentor | Image augmentation library in Python for machine lea rning. |
2023-03-29 07:02:37 | |
dddd_trainer | ddddocr训练工具 | 2022-09-26 07:26:52 |
科学上网
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
trojan | v2.15.3 | trojan多用户管理部署程序, 支持web页面管理 | 2023-09-24 15:03:27 |
v2rayfree | v2ray节点、免费节点、免费v2ray节点、最新公益免费v2ra y节点订阅地址、免费v2ray节点每日更新、免费ss/v2ray/tr ojan节点、freefq |
2024-01-13 12:34:25 | |
free | 翻墙、免费翻墙、免费科学上网、免费节点、免费梯子、免 费ss/v2ray/trojan节点、蓝灯、谷歌商店、翻墙梯子 |
2024-01-14 00:00:03 | |
v2rayA | v2.2.4. 6 |
A web GUI client of Project V which supports VMess, VLESS, SS, SSR, Trojan, Tuic and Juicity protocols. 🚀 |
2023-12-16 17:09:56 |
克隆声音
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
MockingBird | v0.0.1 | 🚀AI拟声: 5秒内克隆您的声音并生成任意语音内容 Clone a voice in 5 seconds to generate arbitrary speech in real-time |
2023-09-05 15:15:04 |
区块链
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
zksync-auto | some help for zksync incentive | 2023-05-31 02:48:51 | |
zksync | 2023-08-14 14:33:28 | ||
all-in-one-v2 | 2023-12-31 05:25:42 | ||
zksync2-python | v0.6.0 | 2023-08-18 13:06:29 |
软件及系统国内镜像
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Thanks-Mirror | 整理记录各个包管理器,系统镜像,以及常用软件的好用镜 像,Thanks Mirror。 走过路过,如觉不错,麻烦点个赞👆🌟 |
2023-09-28 13:00:26 |
渗透测试报告辅助
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
BugRepoter_0x727 | BugRepoter_0x727(自动化编写报告平台)根据安全团队定制 化协同管理项目安全,可快速查找历史漏洞,批量导出报告。 |
2023-01-30 08:54:59 | |
SAReport | 渗透测试自动化报告平台 | 2019-04-05 11:08:19 | |
APTRS | Automated Penetration Testing Reporting System | 2023-05-06 09:52:47 | |
report | v1.0.1 | 乙方渗透测试漏洞报告管理系统 | 2021-06-30 05:46:36 |
pentest_report | v1.0.0 | A pentest reporter generator | 2023-04-10 09:58:30 |
WaterExp | WaterExp:面向安服仔的 水报告模板和工具 | 2022-10-14 15:55:30 | |
Savior | new | 渗透测试报告自动生成工具! | 2022-05-09 08:03:18 |
生成虚假数据
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
faker | v22.2.0 | Faker is a Python package that generates fake data f or you. |
2024-01-10 22:57:56 |
数据库管理软件
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
dbeaver | 23.3.2 | Free universal database tool and SQL client | 2024-01-12 21:47:37 |
网站压测工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
dperf | v1.6.0 | dperf is a 100Gbps network load tester. | 2024-01-07 06:19:58 |
WebBench | Webbench是Radim Kolar在1997年写的一个在linux下使用的 非常简单的网站压测工具。它使用fork()模拟多个客户端同时 访问我们设定的URL,测试网站在压力下工作的性能,最多可 以模拟3万个并发连接去测试网站的负载能力。官网地址:http ://home.tiscali.cz/~cz210552/webbench.html |
2018-01-20 17:33:28 | |
tcpburn | 1.0.0 | The most powerful tool for stress testing of Interne t server applications |
2019-07-14 09:20:34 |
文字识别
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Umi-OCR | release /2.0.1 |
OCR software, free and offline. 开源、免费的离线OCR 软件。支持截屏/粘贴/批量导入图片,段落排版/排除水印, 扫描/生成二维码。内置多国语言库。 |
2024-01-07 03:01:42 |
压测工具
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
locust | 2.20.1 | Write scalable load tests in plain Python 🚗💨 | 2024-01-11 20:21:44 |
验证码生成
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
Calculate_Captcha | v1.1 | 计算验证码生成器,用于训练使用 | 2022-01-21 00:25:44 |
远程软件
项目名称 | 版本 | 项目描述 | 最近提交时间 |
---|---|---|---|
FreeRDP | 3.1.0 | FreeRDP is a free remote desktop protocol library an d clients |
2024-01-11 15:00:40 |
Quasar | v1.4.1 | Remote Administration Tool for Windows | 2023-08-14 19:33:43 |
rustdesk | 1.2.3 | An open-source remote desktop, and alternative to Te amViewer. |
2024-01-11 06:47:53 |