cr1f

cr1f's Stars

• yt-dlp/yt-dlp

  A feature-rich command-line audio/video downloader

  Language:Python94.5k5358.3k7.4k

• juliocesarfort/public-pentesting-reports

  A list of public penetration test reports published by several consulting firms and academic security groups.

  Language:HTML8.6k498182k

• securego/gosec

  Go security checker

  Language:Go7.9k86464620

• blacklanternsecurity/bbot

  The recursive internet scanner for hackers. 🧡

  Language:Python7.4k59896561

• Threekiii/Awesome-POC

  一个漏洞POC知识库 目前数量 1000+

  3.8k804788

• safe6Sec/Fastjson

  Fastjson姿势技巧集合

  1.7k185339

• abrahamjuliot/creepjs

  Creepy device and browser fingerprinting

  Language:TypeScript1.6k53218200

• BishopFox/jsluice

  Extract URLs, paths, secrets, and other interesting bits from JavaScript

  Language:Go1.5k1414100

• vladko312/SSTImap

  Automatic SSTI detection tool with interactive interface

  Language:Python8911228108

• cckuailong/JNDI-Injection-Exploit-Plus

  80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

  Language:Java74110699

• trickest/resolvers

  The most exhaustive list of reliable DNS resolvers.

  708151070

• vortexau/dnsvalidator

  Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

  Language:Python6612229109

• 0xacb/viewgen

  Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys

  Language:Python59011282

• dolevf/graphw00f

  graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

  Language:Python58771770

• blacklanternsecurity/badsecrets

  A library for detecting known secrets across many web frameworks

  Language:Python53993948

• su18/hack-fastjson-1.2.80

  4948163

• ewilded/shelling

  SHELLING - a comprehensive OS command injection payload generator

  Language:Java440192112

• ambionics/cnext-exploits

  Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

  Language:Python4268652

• bndeff/socksdroid

  Language:C3939091

• nicholasaleks/graphql-threat-matrix

  GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations

  2989928

• huntergregal/PNG-IDAT-Payload-Generator

  Generate a PNG with a payload embedded in the IDAT chunk (Based off of previous concepts and code -- credit in README)

  Language:Python1987553

• ambionics/wrapwrap

  Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.

  Language:Python180335

• BishopFox/CVE-2023-27997-check

  Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing

  Language:Python1303125

• DistriNet/timeless-timing-attacks

  A Python implementation that facilitates finding timeless timing attack vulnerabilities.

  Language:Python12110420

• p1n93r/SpringBootAdmin-thymeleaf-SSTI

  SpringBootAdmin-thymeleaf-SSTI which can cause RCE

  Language:HTML772110

• MayankPandey01/Sparty-2.0

  An MS Sharepoint and Frontpage Auditing Tool

  Language:Python452013

• xoocoon/hp-15-ew0xxx-snd-fix

  DKMS module for fixing the sound on Linux for HP models Envy x360 15-ew0xxx

  Language:Shell3583417

• DistriNet/evil-epubs

  Using EPUBs for the semi-automated evaluation of security and privacy implications of EPUB reading systems.

  Language:HTML30428

• W01fh4cker/CVE-2024-30043-XXE

  Exploiting XXE Vulnerabilities on Microsoft SharePoint Server and Cloud via Confused URL Parsing

  Language:Python27102

• michurin/xterm256-color-picker

  Online color picker for terminal 256 color palette. Examples for shell prompt, vim, term/xterm

  Language:HTML13413