JOHN-FROD

JOHN-FROD's Stars

• c0ny1/HTTPHeadModifer

  一款快速修改HTTP数据包头的Burp Suite插件

  Language:Java25439

• shuanx/BurpAPIFinder

  攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

  Language:Java1.1k67

• rtcatc/Packer-Fuzzer

  Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

  Language:Python2.9k298

• xiaoliu-11/newedusrc

  Language:Python3

• wy876/POC

  收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1400多个poc/exp，长期更新。

  4.6k970

• PaloAltoNetworks/rbac-police

  Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego

  Language:Go34137

• pen4uin/java-memshell-generator

  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

  Language:Java1.7k198

• Ne0nd0g/merlin

  Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

  Language:Go5.1k807

• Yelp/detect-secrets

  An enterprise friendly way of detecting and preventing secrets in code.

  Language:Python3.9k481

• allanlw/svg-cheatsheet

  A cheatsheet for exploiting server-side SVG processors.

  70592

• ExpLangcn/NucleiTP

  自动整合全网Nuclei的漏洞POC，实时同步更新最新POC！

  2.7k351

• fr0gger/Awesome-GPT-Agents

  A curated list of GPT agents for cybersecurity

  5.8k634

• gquere/pwn_jenkins

  Notes about attacking Jenkins servers

  Language:Python2k331

• bridgecrewio/checkov

  Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

  Language:Python7.3k1.1k

• knownsec/404StarLink

  404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目

  8.7k832

• ASTTeam/CodeQL

  《深入理解CodeQL》Finding vulnerabilities with CodeQL.

  1.5k167

• codingo/DNSCewl

  A DNS Bruteforcing Wordlist Generator

  Language:C++35053

• harsh-bothra/learn365

  This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

  1.6k399

• Bypass007/Learn-security-from-0

  从0开始学安全，注重实战+技巧的运用，分享各种安全攻防干货，包括但不限于：Web安全、代码审计 、内网渗透、企业安全等。

  498117

• cseroad/Exp-Tools

  一款集成高危漏洞exp的实用性工具

  1.2k80

• Threekiii/Vulnerability-Wiki

  基于 docsify 快速部署 Awesome-POC 中的漏洞文档

  Language:HTML1.7k339

• HXSecurity/TerraformGoat

  TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

  Language:HCL54485

• teamssix/awesome-cloud-security

  awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员

  1.8k223

• artsploit/SecLists

  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

  Language:PHP13938

• EdgeSecurityTeam/EHole

  EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具

  Language:Go3.2k404

• niudaii/zpscan

  一个有点好用的信息收集工具。A somewhat useful information gathering tool.

  Language:Go1.1k100

• lintstar/About-Attack

  一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集，降低红队技术门槛的手册【持续更新】

  620138

• Afant1/RemoteObjectInvocationHandler

  bypass JEP290 RaspHook code

  Language:Java629

• tangxiaofeng7/SecExample

  JAVA 漏洞靶场 (Vulnerability Environment For Java)

  Language:HTML436107

• PowerShellMafia/PowerSploit

  PowerSploit - A PowerShell Post-Exploitation Framework

  Language:PowerShell12k4.6k