Iamnotbad's Stars
J0o1ey/BountyHunterInChina
重生之我在安全行业讨口子系列,分享在安全行业讨口子过程中,SRC、项目实战的有趣案例
safe6Sec/CodeqlNote
Codeql学习笔记
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
ExpLangcn/NucleiTP
自动整合全网Nuclei的漏洞POC,实时同步更新最新POC!
burpheart/PHPAuditGuideBook
《PHP代码审计入门指南》 这本指南包含了我在学习PHP代码审计过程中整理出的一些技巧和对漏洞的一些理解
SummerSec/learning-codeql
CodeQL Java 全网最全的中文学习资料
knownsec/ksubdomain
无状态子域名爆破工具
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
Bypass007/Nessus_to_report
Nessus中文报告自动化脚本
peass-ng/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
z1un/Z1-AggressorScripts
适用于Cobalt Strike的插件
pingc0y/URLFinder
一款快速、全面、易用的页面信息提取工具,可快速发现和提取页面中的JS、URL和敏感信息。
enaqx/awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
infosecn1nja/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Rvn0xsy/BadCode
恶意代码逃逸源代码 http://payloads.online
safe6Sec/GolangBypassAV
研究利用golang各种姿势bypassAV
midisec/BypassAnti-Virus
免杀姿势学习、记录、复现。
luckyfuture0177/ReZeroBypassAV
从零开始学免杀
d3ckx1/OLa
shmilylty/netspy
netspy是一款快速探测内网可达网段工具(深信服深蓝实验室天威战队强力驱动)
wyzxxz/shiro_rce_tool
shiro 反序列 命令执行辅助检测工具
seventeenman/CallBackDump
dump lsass进程工具
moonD4rk/HackBrowserData
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
wgpsec/CreateHiddenAccount
A tool for creating hidden accounts using the registry || 一个使用注册表创建隐藏帐户的工具
koutto/web-brutator
Fast Modular Web Interfaces Bruteforcer
c0ny1/FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
sp4zcmd/WeblogicExploit-GUI
Weblogic漏洞利用图形化工具 支持注入内存马、一键上传webshell、命令执行
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
DeEpinGh0st/Erebus
CobaltStrike后渗透测试插件
cisagov/log4j-scanner
log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.