Iamnotbad's Stars
API-Security/APIKit
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
theLSA/emergency-response-checklist
应急响应指南 / emergency response checklist
DiogoMRSilva/websitesVulnerableToSSTI
Simple websites vulnerable to Server Side Template Injections(SSTI)
PortSwigger/bypass-bot-detection
Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection
esrrhs/spp
A simple and powerful proxy
miss-mumu/developer2gwy
公务员从入门到上岸,最佳程序员公考实践教程
lemono0/FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
dogadmin/windodws-logs-analysis
windows日志一键分析小工具
threedr3am/JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
vxCrypt0r/Voidgate
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
fofapro/Hosts_scan
这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
X1r0z/EBurstGo
利用 Exchange 服务器 Web 接口爆破邮箱账户 | Brute force email accounts using Exchange server web endpoints
T4y1oR/RingQ
一款后渗透免杀工具,助力每一位像我这样的脚本小子快速实现免杀,支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader
whocansee/FilelessAgentMemShell
无需文件落地Agent内存马生成器
f0ng/captcha-killer-modified
captcha-killer的修改版,支持关键词识别base64编码的图片,添加免费ocr库,用于验证码爆破,适配新版Burpsuite
wy876/POC
收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1000多个poc/exp,长期更新。
onewinner/POCS
收集最新漏洞POC(Yaml\Python)
F6JO/RouteVulScan
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
INotGreen/Webshell-loader
ASPX内存执行shellcode,绕过Windows Defender(AV/EDR)
OsmanKandemir/web-wordlist-generator
WEB-Wordlist-Generator creates related wordlists after scanning your web applications.
wafinfo/DecryptTools
DecryptTools-综合解密
Naturehi666/searchall
强大的敏感信息搜索工具
Accenture/Spartacus
Spartacus DLL/COM Hijacking Toolkit
xinxin999/My-Summarizing
我自己的一些总结
CodingGay/BlackDex
BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.
R4gd0ll/I-Wanna-Get-All
OA漏洞利用工具
skylot/jadx
Dex to Java decompiler
horsicq/XAPKDetector
APK/DEX detector for Windows, Linux and MacOS.
WindXaa/Android-Vulnerability-Mining
Android APP漏洞之战系列,主要讲述如何快速挖掘APP漏洞
firerpa/lamda
⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化取证 ALL-IN-ONE 框架,你的工作从未如此简单快捷。