halodoom's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
GTFOBins/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
LOLBAS-Project/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
google/fuzzing
Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
1y0n/AV_Evasion_Tool
掩日 - 免杀执行器生成工具
SummerSec/ShiroAttack2
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
helloexp/0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
bit4woo/domain_hunter_pro
domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
mm0r1/exploits
Pwn stuff.
googleprojectzero/domato
DOM fuzzer
threedr3am/JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
bit4woo/python_sec
python安全和代码审计相关资料收集 resource collection of python security and code review
wh1t3p1g/ysomap
A helpful Java Deserialization exploit framework.
dirkjanm/krbrelayx
Kerberos unconstrained delegation abuse toolkit
1n7erface/PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
SummerSec/JavaLearnVulnerability
Java漏洞学习笔记 Deserialization Vulnerability
Rvn0xsy/BadCode
恶意代码逃逸源代码 http://payloads.online
zhaoyumi/WeaverExploit_All
泛微最近的漏洞利用工具(PS:2023)
INotGreen/GlllPowerloader
绕过AV/EDR的代码例子(Code example to bypass AV/EDR)
ctfhub-team/ctfhub_base_image
Index of CTFHub Base Images
KpLi0rn/0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
Jevon101/MyMalwareAnalyze
本项目记录一些我分析的恶意代码用于归档使用