lousix's Stars
lousix/BurpAPIFinder
攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
cor0ps/codeql
收集规则
fr0gger/Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
lousix/FSL-Deobfuscation
lousix/Log4j2-RCE-Scanner
log4j2 rce漏洞扫描器
goglezon/OSAdmin
PHP版本的开源管理后台
xaoyaoo/PyWxDump
获取微信信息;读取数据库,本地查看聊天记录并导出为csv、html等格式用于AI训练,自动回复等。支持多账户信息获取,支持所有微信版本。
QiuChenlyOpenSource/InjectLib
基于Ruby编写的命令行注入版本
LanYunDev/InjectLib_bak
⚠️ 仅存放surge crack到Releases (随缘更新)
TheNetAdmin/zjuthesis
Zhejiang University Graduation Thesis LaTeX Template
wangfly-me/LoaderFly
助力每一位RT队员,快速生成免杀木马
sprintcube/docker-compose-lamp
A basic LAMP stack environment built using Docker Compose.
inbug-team/InScan
边界打点后的自动化渗透工具
0x727/FingerprintHub
侦查守卫(ObserverWard)的指纹库
github/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
github/codeql-cli-binaries
Binaries for the CodeQL CLI
k8gege/Ladon
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
dushixiang/evil-mysql-server
evil-mysql-server is a malicious database written to target jdbc deserialization vulnerabilities and requires ysoserial.
knownsec/404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
amehime/hexo-theme-shoka
Just For https://shoka.lostyu.me/
danielbohannon/Invoke-Obfuscation
PowerShell Obfuscator
Y4tacker/JavaSec
a rep for documenting my study, may be from 0 to 0.1
godspeedcurry/godscan
WhiteHSBG/JNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
Mr-xn/Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
u21h2/nacs
事件驱动的渗透测试扫描器 Event-driven pentest scanner
shadow1ng/fscan
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
lz520520/railgun
payloadbox/sql-injection-payload-list
🎯 SQL Injection Payload List
fuzzdb-project/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.