liey1's Stars
M1k0er/pentest-notes
记录自己在内网渗透学习中的一些心得和技巧,不定期记录中:)
zu1k/nali
An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.
yhy0/ExpDemo-JavaFX
图形化漏洞利用Demo-JavaFX版
decalage2/awesome-security-hardening
A collection of awesome security hardening guides, tools and other resources
xiecat/goblin
一款适用于红蓝对抗中的仿真钓鱼系统
peass-ng/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
cdk-team/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
sjatsh/unwxapkg
WeChat applet .wxapkg decoding tool
tr0uble-mAker/POC-bomber
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
liamg/traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
murphysecurity/murphysec-jetbrains-plugin
MurphySec plugin for JetBrains IDEs, identify and fix open source vulnerabilities in your project. 墨菲安全推出的一款 JetBrains IDE 插件,可以用来识别并修复项目中的开源组件漏洞
ASTTeam/CodeQL
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
RyanJarv/cdn-proxy
Bypass CDN and WAF restrictions using CDN re-fronting.
ticarpi/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
AntSword-Store/as_plugin_import_shell_from_csv
A powerful AntSword plugin to import shells from CSV
horizon3ai/proxyshell
Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207
ffffffff0x/403-fuzz
针对 403 页面的 fuzz 脚本
Kevil-hui/BestShell
世界上最好用的php大马
feihong-cs/Java-Rce-Echo
Java RCE 回显测试代码
Y4er/dotnet-deserialization
dotnet 反序列化学习笔记
Scorpio-m7/tomcat-backdoor
phith0n/PaddingZip
PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.
wuyouzhuguli/SpringAll
循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2,博客Spring系列源码:https://mrbird.cc
Wker666/wJa
java decompile audit tools
threedr3am/ZhouYu
(周瑜)Java - SpringBoot 持久化 WebShell 学习demo(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)
perfectblue/ctf-writeups
Perfect Blue's CTF Writeups
NyDubh3/Pentesting-Active-Directory-CN
域渗透脑图中文翻译版
iiiusky/alicloud-tools
阿里云ECS、策略组辅助小工具
wireghoul/htshells
Self contained htaccess shells and attacks