Pinned Repositories
2020-Vulnerabilities
2020年漏洞复现大全
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
ARL-Finger-ADD-Go
ARL(灯塔)批量添加指纹
ARL2
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Awesome-POC
一个各类漏洞POC知识库
Awesome-Redteam
一个红队知识仓库
betaseclab_tools
Bypass_Disable_functions_Shell
一个各种方式突破Disable_functions达到命令执行的shell
poc2jar
Java编写,Python作为辅助依赖的漏洞验证、利用工具,添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块,加快测试效率
Ninja400ya's Repositories
Ninja400ya/2020-Vulnerabilities
2020年漏洞复现大全
Ninja400ya/ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Ninja400ya/betaseclab_tools
Ninja400ya/Bypass_Disable_functions_Shell
一个各种方式突破Disable_functions达到命令执行的shell
Ninja400ya/bypass_disablefunc_via_LD_PRELOAD
bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
Ninja400ya/CiscoExploit
Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
Ninja400ya/DirBrute
多线程WEB目录爆破工具 [Multi-thread WEB directory blasting tool(with dics inside) ]
Ninja400ya/edusrcurl
全国edu将近50万个域名
Ninja400ya/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Ninja400ya/GobyExtension
Goby extension doc.
Ninja400ya/GSIL
GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Ninja400ya/InCloud
运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程,可以自己根据喜好定制功能,InCloud已经为您定制好了十种针对网段和域名的不同场景的信息收集与漏洞扫描流程。
Ninja400ya/JSFinder
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
Ninja400ya/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Ninja400ya/Ladon
大型内网渗透扫描器&Cobalt Strike,包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、Weblogic、ActiveMQ、Tomcat、Struts2系列等,密码口令爆破含(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash)等,可高度自定义插件支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器一键生成Web漏洞POC,可快速扩展扫描或利用能力。支持Cobalt Strike 3.X-4.0
Ninja400ya/LangSrcCurise
SRC子域名资产监控
Ninja400ya/massdns
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Ninja400ya/MYSQL_SQL_BYPASS_WIKI
mysql注入,bypass的一些心得
Ninja400ya/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Ninja400ya/PENTESTING-BIBLE
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
Ninja400ya/PHPStudy_BackDoor_Exp
PHPStudy_BackDoor_EXP PHPstudy后门利用脚本
Ninja400ya/powershell
Ninja400ya/Python-100-Days
Python - 100天从新手到大师
Ninja400ya/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Ninja400ya/shellcodeloader
shellcodeloader
Ninja400ya/src
日常src平台域名收集
Ninja400ya/SRC-script
挖掘src常用脚本
Ninja400ya/Viper
metasploit-framework with webui / metasploit-framework 图形界面
Ninja400ya/wfuzz
Web application fuzzer
Ninja400ya/windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合