huaibaobao's Stars
xidaner/Bypass_Go
参考CS的Bypass插件+分离免杀**改造
hedgedoc/hedgedoc
HedgeDoc - Ideas grow better together
cam-stalk/IPSca
bernsteining/instaloctrack
An Instagram OSINT tool to collect all the geotagged locations available on an Instagram profile in order to plot them on a map, and dump them in a JSON.
YAANNZ/APNodeService
接收H5压缩包上传,自动打包,提供ipa下载的node服务,供Cordova项目使用。
rtcatc/Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
EdgeSecurityTeam/EHole
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
lintstar/About-Attack
一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
r0eXpeR/File-Download-Generator
文件下载命令快捷生成器,单文件版
az0ne/bayonet
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
al0ne/Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
orlabs/orange
OpenResty/Nginx Gateway for API Monitoring and Management.
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
owasp-amass/amass
In-depth attack surface mapping and asset discovery
ntestoc3/norecon
recon小工具, 提供whois查询,dns查询,ip扫描,http快照一条龙服务
Ridter/Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
Ridter/CVE-2019-1040
CVE-2019-1040 with Exchange
ehang-io/nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
NetSPI/goddi
goddi (go dump domain info) dumps Active Directory domain information
th3unkn0n/TeleGram-Scraper
telegram group scraper tool. fetch all information about group members
Heptagrams/Heptagram
This project is used to collect the EXP/POC disclosed on the Internet and provide project support for Heptagram security team.
brimdata/zui
Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.
VoidSec/CVE-2020-1472
Exploit Code for CVE-2020-1472 aka Zerologon
Maskhe/FastjsonScan
一个简单的Fastjson反序列化检测burp插件
pmiaowu/BurpShiroPassiveScan
一款基于BurpSuite的被动式shiro检测插件
Mr-xn/Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
lakemoon602/snail2.0
批量检测敏感信息泄露
assimon/dujiaoka
🦄独角数卡(自动售货系统)-开源站长自动化售货解决方案、高效、稳定、快速!🚀🚀🎉🎉
k1995/BaiduyunSpider
百度云网盘搜索引擎,包含爬虫 & 网站
pandasec888/taowu-cobalt_strike