chinahope404

chinahope404's Stars

• danielmiessler/SecLists

  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

  Language:PHP57k1.9k26223.7k

• k8gege/Ladon

  Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange

  Language:PowerShell4.8k9076860

• zhzyker/exphub

  Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

  Language:Python4.1k14851.1k

• Qianlitp/crawlergo

  A powerful browser crawler for web vulnerability scanners

  Language:Go2.8k55133470

• tomnomnom/httprobe

  Take a list of domains and probe for working HTTP and HTTPS servers

  Language:Go2.8k4647497

• nil0x42/phpsploit

  Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

  Language:Python2.2k10496437

• 0xn0ne/weblogicScanner

  weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883

  Language:Python2k3620337

• FunnyWolf/pystinger

  Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

  Language:Python1.4k2110205

• LangziFun/LangSrcCurise

  SRC子域名资产监控

  Language:Python1.3k1854238

• c0ny1/upload-fuzz-dic-builder

  上传漏洞fuzz字典生成脚本

  Language:Python1.2k184254

• zxcvbn001/password_brute_dictionary

  口令爆破字典，有键盘组合字典、拼音字典、字母与数字混合这三种类型

  Language:Python1.2k154319

• nahamsec/bbht

  A script to set up a quick Ubuntu 17.10 x64 box with tools I use.

  Language:Shell1.1k4917432

• r35tart/RW_Password

  此项目用来提取收集以往泄露的密码中符合条件的强弱密码

  Language:Python1.1k303307

• k8gege/Aggressor

  Ladon 911 for Cobalt Strike & Cracked Download,Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp

  9792421189

• YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi

  Tomcat-Ajp协议文件读取漏洞

  Language:Python751118341

• 78778443/xssplatform

  一个经典的XSS渗透管理平台

  Language:PHP698828197

• timwhitez/Cobalt-Strike-Aggressor-Scripts

  Cobalt Strike Aggressor 插件包

  Language:C669131199

• pureqh/bypassAV

  免杀shellcode加载器

  Language:Python4476697

• mo-xiaoxi/AWD_CTF_Platform

  一个简单的AWD训练平台

  Language:CSS34242087

• ggg4566/SQLEXP

  SQL 注入利用工具，存在waf的情况下自定义编写tamper脚本 dump数据

  Language:Python2838045

• sukabuliet/ThinkphpRCE

  Thinkphp rce扫描脚本，附带日志扫描

  Language:Python2415429

• Y4er/fastjson-bypass-autotype-1.2.68

  fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.

  Language:Java2235021

• odboy/shadowProxy

  Language:Python18611246

• ddosi/Voyager

  一个安全工具集合平台，用来提高乙方安全人员的工作效率，请勿用于非法项目

  Language:HTML1796069

• NEALWE/AWD_FrameWork

  近乎无解的AWD框架

  Language:Python1512135

• killeven/Poison-Ivy-Reload

  Poison Ivy Remote administrator tool Reload

  Language:Pascal14910857

• MRdoulestar/ArrowProxy

  针对红队&渗透测试的代理池随机跳板(HTTP/HTTPS)

  Language:Python55126

• admintony/SQL-injection

  解决sqlmap不能跑的注入

  Language:Python373028

• JrDw0/sqlmap_tamper

  bypass waf

  Language:Python24209

• Mr-xn/subDomainsBrute

  A fast sub domain brute tool for pentesters

  Language:Python2