Pinned Repositories
-share_it
这个库用来分享一些东西
0sec-search
新版零组资料文库离线漏洞名搜索,功能:更新 、查询 (不包含漏洞详情)
1earn
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
2022-HW-POC
2022 护网行动 POC 整理
404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
7kbscan-WebPathBrute
7kbscan-WebPathBrute Web路径暴力探测工具
aliyun-accesskey-Tools
All-Defense-Tool
本项目集成了全网优秀的攻防工具项目,包含自动化利用,子域名、敏感目录、端口等扫描,各大中间件,cms漏洞利用工具以及应急响应等资料。
BurpCrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
gmwshz's Repositories
gmwshz/static-analysis
A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
gmwshz/osquery
SQL powered operating system instrumentation, monitoring, and analytics.
gmwshz/BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
gmwshz/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
gmwshz/BurpSuiteCn
Burp Suite 汉化 中文
gmwshz/LogonTracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
gmwshz/ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
gmwshz/cvelist
Pilot program for CVE submission through GitHub
gmwshz/ApkAnalyser
一键提取安卓应用中可能存在的敏感信息。
gmwshz/DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
gmwshz/sonar-scanning-examples
Shows how to use the Scanners
gmwshz/Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
gmwshz/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
gmwshz/jd_seckill
go版本jd_seckill,京东茅台抢购,降低使用门栏。
gmwshz/Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
gmwshz/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
gmwshz/MDAT
MDAT - Multiple Database Attacking Tool
gmwshz/Viper
metasploit-framework with webui / metasploit-framework 图形界面
gmwshz/Hack-Tools
The all-in-one Red Team extension for Web Pentester 🛠
gmwshz/ssh-tutorial
SSH 教程
gmwshz/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
gmwshz/aliyun-accesskey-Tools
gmwshz/openedr
Open EDR public repository
gmwshz/Middleware-Vulnerability-detection
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
gmwshz/HELK
The Hunting ELK
gmwshz/vulmap
Vulmap - Web漏洞扫描和验证工具,可对Web容器、Web服务器、Web中间件以及CMS等Web程序进行漏洞扫描,并且具备漏洞利用功能。 相关测试人员可以使用vulmap检测目标是否存在特定漏洞,并且可以使用漏洞利用功能验证漏洞是否真实存在。CVE-2020-14882, CVE-2020-2555, CVE-2020-2883, S2-061, CVE-2020-13942, CVE-2020-17530
gmwshz/sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
gmwshz/xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
gmwshz/antSword
AntSword is a cross-platform website management toolkit.
gmwshz/mongoaudit
🔥 A powerful MongoDB auditing and pentesting tool 🔥