moth404's Stars
ethicalhackingplayground/ssrf-king
SSRF plugin for burp Automates SSRF Detection in all of the Request
fransr/postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
epi052/feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
jpillora/chisel
A fast TCP/UDP tunnel over HTTP
guangzhengli/k8s-tutorials
k8s tutorials | k8s 教程
A-poc/RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
vuejs-templates/webpack
A full-featured Webpack + vue-loader setup with hot reload, linting, testing & css extraction.
glebarez/cero
Scrape domain names from SSL certificates of arbitrary hosts
stealthcopter/deepce
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
Schira4396/VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
apernet/hysteria
Hysteria is a powerful, lightning fast and censorship resistant proxy.
cipher387/osint_stuff_tool_collection
A collection of several hundred online tools for OSINT
YDCloudSecurity/cloud-security-guides
slowmist/Knowledge-Base
Knowledge Base 慢雾安全团队知识库
PowerShellMafia/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
GGyao/jbossScan
扫描jboss常见漏洞路径是否存在。
Quitten/Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
White-hua/Apt_t00ls
高危漏洞利用工具
HackJava/HackJava
《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
yaklang/yakit
Cyber Security ALL-IN-ONE Platform
0671/RedisModules-ExecuteCommand-for-Windows
可在Windows下执行系统命令的Redis模块,可用于Redis主从复制攻击。
numencyber/Vulnerability_PoC
melisplatform/melis-cms
MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools.
r00tSe7en/Flash-Pop
Flash钓鱼弹窗优化版
fortra/impacket
Impacket is a collection of Python classes for working with network protocols.
QAX-A-Team/BrowserGhost
这是一个抓取浏览器密码的工具,后续会添加更多功能
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
threedr3am/learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
kang8/CVE-2022-30778
Case for CVE-2022-30778