594hsq's Stars
LandGrey/pydictor
A powerful and useful hacker dictionary builder for a brute-force attack
Threekiii/Awesome-Redteam
一个攻防知识仓库 Red Teaming and Offensive Security
2dust/v2rayN
A GUI client for Windows, support Xray core and v2fly core and others
last-byte/PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
1y0n/AV_Evasion_Tool
掩日 - 免杀执行器生成工具
20142995/Goby
shmilylty/dedecmscan
织梦全版本漏洞扫描
WhiteHSBG/JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
almandin/fuxploider
File upload vulnerability scanner and exploitation tool.
a1phaboy/FastjsonScan
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
AabyssZG/SpringBoot-Scan
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
tr0uble-mAker/POC-bomber
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
webraybtl/CodeQLpy
CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助代码审计人员快速定位源码可能存在的漏洞。
github/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
github/codeql-cli-binaries
Binaries for the CodeQL CLI
optiv/Freeze.rs
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
3xp10it/xwaf
Automatic bypass (brute force) waf
FunnyWolf/Viper
Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台
mrknow001/aliyun-accesskey-Tools
阿里云accesskey利用工具
wyzxxz/heapdump_tool
heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等
Aabyss-Team/WebShell
各种无后门大马的整理,有用就点个Star吧~
nomi-sec/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
rtcatc/Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
insightglacier/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
the-xentropy/samlists
Free, libre, effective, and data-driven wordlists for all!
mstxq17/SeCDictionary
少而精的常用字典,积累各种场景实现字典进化,只追求更简单更有效,不建议star,但建议pr。
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
zxcvbn001/password_brute_dictionary
口令爆破字典,有键盘组合字典、拼音字典、字母与数字混合这三种类型
gh0stkey/Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads