mantouxiao's Stars
wy876/POC
收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1000多个poc/exp,长期更新。
kkbo8005/mitan
密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集,文件扫描、密码字典等功能
ibaiw/2023Hvv
2023 HVV情报速递~
ybdt/post-hub
后渗透
Tas9er/ByPassBehinder
ByPassBehinder / 冰蝎WebShell免杀生成 / Code By:Tas9er
Lucifer1993/TPscan
一键ThinkPHP漏洞检测
zangcc/Aakian-FaCai
基于前端vue框架的JavaFx图形化GUI漏洞扫描工具,支持一键扫描vue-manage-system系统前端泄露的未授权目录接口漏洞,并且对扫描的暴露目录进行逐一测试和验证,方便渗透人员快速确定未授权接口。还添加了出口IP地址信息本地DNS信息等的查询,方便清楚自身出口IP。
Schira4396/VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
achuna33/MYExploit
OAExploit一款基于产品的一键扫描工具。
TideSec/BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
Cuerz/PoC-ExP
【漏洞Poc知识库】一个网络安全爱好者对网络上一些漏洞poc的收录。
safe6Sec/Fastjson
Fastjson姿势技巧集合
OpenEthan/SMSBoom
SMSBoom - Deprecate: Due to judicial reasons, the repository has been suspended!
ExpLangcn/HoneypotDic
蜜罐抓到的Top密码,根据使用频率排序,持续更新中...
huiyadanli/RevokeMsgPatcher
:trollface: A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁(我已经看到了,撤回也没用了)
0dayCTF/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
mantouxiao/SharpXDecrypt
Xshell全版本密码解密工具
pureqh/bypasswaf
关于安全狗和云锁的自动化绕过脚本
1n7erface/PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
0verSp4ce/PoCBox
PoCBox - Vulnerability Test Aid Platform
mantouxiao/Vulnerability
此项目将不定期从棱角社区对外进行公布一些最新漏洞。
Y4er/CVE-2020-2555
Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
Y4er/CVE-2020-2551
Weblogic IIOP CVE-2020-2551
Mr-xn/SRC-experience
工欲善其事,必先利其器
Mr-xn/Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
1oid/cms_poc_exp
cms漏洞插件搜集
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
foospidy/payloads
Git All the Payloads! A collection of web attack payloads.
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SecWiki/linux-kernel-exploits
linux-kernel-exploits Linux平台提权漏洞集合