No4l

No4l's Stars

• xiecat/fofax

  FOFAX是一个基于fofa.info的API命令行查询工具

  Language:Go73375

• 78778443/QingScan

  一个漏洞扫描器粘合剂,添加目标后30款工具自动调用；支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证，SSH批量测试、vulmap。

  Language:PHP1.8k288

• sma11new/webEye

  快速批量检测IP上指定端口的Web站点存活信息，获取其Title，红队信息搜集、蓝队资产探测梳理。

  Language:Python10829

• test502git/360Quake

  360 QuakeAPI批量查询工具

  Language:Python156

• lijiejie/log4j2_vul_local_scanner

  Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)

  Language:Python8512

• YinWC/2021hvv_vul

  2021hvv漏洞汇总

  Language:Python667239

• LandGrey/webshell-detect-bypass

  绕过专业工具检测的Webshell研究文章和免杀的Webshell

  Language:Classic ASP1.7k405

• 3had0w/Fuzzing-Dicts

  Web Security Dictionary

  987345

• ahmad0x1/ARWAD

  Advanced Reconnaissance and Web Application Discovery

  7515

• mrknow001/aliyun-accesskey-Tools

  阿里云accesskey利用工具

  Language:Python1.1k174

• matthiaskaiser/jmet

  Java Message Exploitation Tool

  Language:Java49496

• geektutu/7days-golang

  7 days golang programs from scratch (web framework Gee, distributed cache GeeCache, object relational mapping ORM framework GeeORM, rpc framework GeeRPC etc) 7天用Go动手写/从零实现系列

  Language:Go15.4k2.4k

• yumusb/DNSLog-Platform-Golang

  DNSLOG平台 golang

  Language:Go42478

• NCSC-NL/log4shell

  Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

  Language:Python1.9k605

• silentsignal/burp-log4shell

  Log4Shell scanner for Burp Suite

  Language:Kotlin48172

• cckuailong/reapoc

  OpenSource Poc && Vulnerable-Target Storage Box.

  Language:PHP677220

• microsoft/restler-fuzzer

  RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

  Language:Python2.6k300

• M4DM0e/DirDar

  DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

  Language:Go44597

• wyzxxz/aksk_tool

  AK资源管理工具，阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/百度云/七牛云存储 AccessKey AccessKeySecret，利用AK获取资源信息和操作资源，ECS/CVM/E2/UHOST/ECI/BCC执行命令，OSS/COS/S3/BOS管理，RDS/DB管理，域名管理，添加RAM/CAM/IAM账号等

  69862

• pureqh/bypasswaf

  关于安全狗和云锁的自动化绕过脚本

  Language:Python509110

• nbs-system/naxsi

  NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

  Language:C4.8k606

• tomnomnom/waybackurls

  Fetch all the URLs that the Wayback Machine knows about for a domain

  Language:Go3.5k470

• G-Security-Team/JS-Forward

  前端参数加密渗透测试通用解决方案

  Language:Python48270

• 0voice/learning_mind_map

  2021年【思维导图】盒子，C/C++，Golang，Linux，云原生，数据库，DPDK，音视频开发，TCP/IP，数据结构，计算机原理等

  2.7k597

• synacktiv/HopLa

  HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

  Language:Java71178

• taielab/awesome-hacking-lists

  平常看到好的渗透hacking工具和多领域效率工具的集合

  1k216

• vavkamil/awesome-bugbounty-tools

  A curated list of various bug bounty tools

  4.2k671

• c0ny1/java-memshell-scanner

  通过jsp脚本扫描java web Filter/Servlet型内存马

  Language:Java838121

• dibingfa/flash-linux0.11-talk

  你管这破玩意叫操作系统源码 — 像小说一样品读 Linux 0.11 核心代码

  Language:HTML20.2k2.7k

• cure53/DOMPurify

  DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

  Language:JavaScript13.9k723