CHUJIU33's Stars
wy876/POC
收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1000多个poc/exp,长期更新。
zhaoyumi/WeaverExploit_All
泛微最近的漏洞利用工具(PS:2023)
13exp/SpringBoot-Scan-GUI
Soufaker/laoyue
自动化监控赏金项目-定期收集资产,漏洞进行推送(现在可以稳定收菜,有问题issues我)-关注-夜安团队SEC-加我微信进群可下载最新自动化版本,git目前不会更新了,群里目前版本1.3.1,项目优化了非常多,功能也加入了非常多,建议进群(没收费项目放心白嫖)
zangcc/Aakian-FaCai
基于前端vue框架的JavaFx图形化GUI漏洞扫描工具,支持一键扫描vue-manage-system系统前端泄露的未授权目录接口漏洞,并且对扫描的暴露目录进行逐一测试和验证,方便渗透人员快速确定未授权接口。还添加了出口IP地址信息本地DNS信息等的查询,方便清楚自身出口IP。
welk1n/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
cseroad/Webshell_Generate
用于生成各类免杀webshell
d3ckx1/Fvuln
F-vuln(全称:Find-Vulnerability)是为了自己工作方便专门编写的一款自动化工具,主要适用于日常安全服务、渗透测试人员和RedTeam红队人员,它集合的功能包括:存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。
shadow1ng/fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
uknowsec/SharpNetCheck
Xyntax/POC-T
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
alwaystest18/cdnChecker
A tool to detect CDN for given domains
pmiaowu/HostCollision
用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
projectdiscovery/dnsx
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
chaitin/xpoc
为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergency response tool designed for supply chain vulnerability scanning.
lijiejie/swagger-exp
A Swagger API Exploit
BaizeSec/bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
lz520520/railgun
swisskyrepo/SSRFmap
Automatic SSRF fuzzer and exploitation tool
projectdiscovery/nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
PeiQi0/PeiQi-WIKI-Book
面向网络安全从业者的知识文库🍃
ffffffff0x/1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
k8gege/Ladon
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息,高危漏洞检测16个含MS17010、Zimbra、Exchange
LFYSec/ActuatorExploit
SpringBoot Actuator未授权自动化利用,支持信息泄漏/RCE
lanmaster53/recon-ng
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
infosecn1nja/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
gentilkiwi/mimikatz
A little tool to play with Windows security
0x4D31/awesome-oscp
A curated list of awesome OSCP resources
rtcatc/Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.