Pinned Repositories
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
3PDroid-public
3PDroid is a Python tool for verifying if an Android app complies with the Google Play privacy guidelines.
AllThingsAndroid
A Collection of Android Pentest Learning Materials
androguard
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
Android-
文档
Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
android-webviews-fileaccess
Samples apps for the scenarios described in the article.
FridaScripts
一群聪明的frida用户所编写的脚本
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
RMS-Runtime-Mobile-Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
gguowang's Repositories
gguowang/FridaScripts
一群聪明的frida用户所编写的脚本
gguowang/0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
gguowang/Android-Reports-and-Resources
A big list of Android Hackerone disclosed reports and other resources.
gguowang/AndSecCxQL
Android Security Bug Queries for CheckMarx
gguowang/apkleaks
Scanning APK file for URIs, endpoints & secrets.
gguowang/awesome-bugbounty-tools
A curated list of various bug bounty tools
gguowang/awvs14-scan
针对 Acunetix AWVS扫描器开发的批量扫描脚本,支持log4j漏洞专项,支持联动xray、burp、w13scan等被动批量
gguowang/bane
this is a python module that contains functions and classes which are used to test the security of web/network applications. it's coded on pure python and it's very intelligent tool ! It can easily detect: XSS (relected/stored), RCE (Remote Code/Command Execution), SSTI, SSRF, CORS Misconfigurations, File Upload, CSRF, Path Traversal,.... Also, it have DDoS capabilities, and variety of information gathering tools packed inside ! Aside of many other useful functionalities.
gguowang/bazaar
Android security & privacy analysis for the masses
gguowang/Bug-Bounty-Methodology
These are my checklists which I use during my hunting.
gguowang/cf
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
gguowang/CodeAnalysis
Static Code Analysis
gguowang/CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
gguowang/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
gguowang/Godzilla
哥斯拉
gguowang/GooFuzz
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
gguowang/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
gguowang/lemma
Remote CLI tools at your fingertips
gguowang/log4JFrida
gguowang/medusa
Binary instrumentation framework based on FRIDA
gguowang/msdt-follina
Codebase to generate an msdt-follina payload
gguowang/pinduoduo_backdoor
拼多多apk内嵌提权代码,及动态下发dex分析
gguowang/pinduoduo_backdoor_x
对拼多多app利用0day漏洞控制用户手机及窃取数据的分析,含分析指引
gguowang/qq
8亿QQ绑定数据泄露查询源码,附送数据。不定期更新下载地址 关注越多送的越多
gguowang/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
gguowang/sekiro
基于长链接和代码注入的Android private API暴露框架
gguowang/slicer
A tool to automate the boring process of APK recon
gguowang/spy-debugger
微信调试,各种WebView样式调试、手机浏览器的页面真机调试。便捷的远程调试手机页面、抓包工具,支持:HTTP/HTTPS,无需USB连接设备。
gguowang/strong-frida
make frida strong, bypass frida detection.
gguowang/Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet