Pinned Repositories
BurpSuite-1
burp mac application version
checkmarx_rest
checkmarx rest api 工具,实现自动化项目扫描、报告生成、漏洞数据写入redis
collectapi
从java代码里提取api、请求方法、参数等信息,进行api资产管理
CTF_WEB_SOURCE
a project aim to collect CTF web practices .
DroidSSLUnpinning
Android certificate pinning disable tools
extractdependencies
从pom.xml提取依赖信息,构建依赖信息库,用于管理依赖及快速处理存在安全隐患的依赖
Hacking-With-Golang
Golang安全资源合集
Mind-Map
各种安全相关思维导图整理收集
oxpecker
oxpecker是一款用于从IDE提取开发项目仓库地址、当前分支、三方组件等信息用于安全分析的JetBrains家族IDE插件。
rhizobia_P
PHP安全SDK及编码规范
iicoming's Repositories
iicoming/checkmarx_rest
checkmarx rest api 工具,实现自动化项目扫描、报告生成、漏洞数据写入redis
iicoming/collectapi
从java代码里提取api、请求方法、参数等信息,进行api资产管理
iicoming/extractdependencies
从pom.xml提取依赖信息,构建依赖信息库,用于管理依赖及快速处理存在安全隐患的依赖
iicoming/Antenna
Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式,将不同漏洞场景检测能力通过插件的形式进行集合,通过与目标进行out-bind的数据通信方式进行辅助检测。
iicoming/archerysec
Centralize Vulnerability Assessment and Management for DevSecOps Team
iicoming/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
iicoming/aws-sdk-js
AWS SDK for JavaScript in the browser and Node.js
iicoming/BurpLoaderKeygen
Burp Suite Pro Loader & Keygen
iicoming/CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
iicoming/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
iicoming/code-inspector
JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分析。由于作者精力有限,可能不会再更新这个项目
iicoming/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
iicoming/crawlergo
A powerful browser crawler for web vulnerability scanners
iicoming/d18n
d18n is a data desensitization tool for RDBMS.
iicoming/DongTai-agent-java
“火线~洞态IAST”是一款专为甲方安全人员、代码审计工程师和0 Day漏洞挖掘人员量身打造的辅助工具,可用于集成devops环境进行漏洞检测、作为代码审计的辅助工具和自动化挖掘0 Day。
iicoming/Focus
关注我要关注的—RSS本地阅读器
iicoming/go-zero
go-zero is a web and rpc framework written in Go. It's born to ensure the stability of the busy sites with resilient design. Builtin goctl greatly improves the development productivity.
iicoming/HFish
🍯 A Most Convenient Honeypot Platform. 🐝🐝🐝 🐝🐝
iicoming/JavaDataFlow
Creating Data Flow Graphs from java input classes
iicoming/JSFinder
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
iicoming/kubernetes-handbook
Kubernetes中文指南/云原生应用架构实践手册 - https://jimmysong.io/kubernetes-handbook
iicoming/riskscanner
RiskScanner 是开源的多云安全合规扫描平台,通过 Cloud Custodian 的 YAML DSL 定义扫描规则,实现对主流公(私)有云资源的安全合规扫描及使用优化建议。
iicoming/secguide
iicoming/spectre-meltdown-checker
Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD
iicoming/SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
iicoming/Static-Program-Analysis-Book
Getting started with static program analysis. 静态程序分析入门教程。
iicoming/SZhe_Scan
碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC
iicoming/tabby
A CAT called tabby ( Code Analysis Tool )
iicoming/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries, Network devices
iicoming/xssor2
XSS'OR - Hack with JavaScript.