r3kind1e's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
The-Run-Philosophy-Organization/run
润学全球官方指定GITHUB,整理润学宗旨、纲领、理论和各类润之实例;解决为什么润,润去哪里,怎么润三大问题; 并成为新**人的核心宗教,核心信念。
robertdavidgraham/masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
enaqx/awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
hashcat/hashcat
World's fastest and most advanced password recovery utility
microsoftarchive/redis
Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes
WeNeedHome/SummaryOfLoanSuspension
全国各省市停贷通知汇总
aboul3la/Sublist3r
Fast subdomains enumeration tool for penetration testers
byt3bl33d3r/CrackMapExec
A swiss army knife for pentesting networks
meirwah/awesome-incident-response
A curated list of tools for incident response
imWildCat/scylla
Intelligent proxy pool for Humans™ to extract content from the internet and build your own Large Language Models in this new AI era
slowmist/Knowledge-Base
Knowledge Base 慢雾安全团队知识库
projectdiscovery/interactsh
An OOB interaction gathering server and client library
fullhunt/log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
mbechler/marshalsec
welk1n/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
NCSC-NL/log4shell
Operational information regarding the log4shell vulnerabilities in the Log4j logging library.
kozmer/log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
ShawnDEvans/smbmap
SMBMap is a handy SMB enumeration tool
Heroic-Studio/Google-Mirrors
Google谷歌、Wikipedia维基百科、谷歌学术镜像2024最新 新增各种镜像站
epsylon/xsser
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
christophetd/log4shell-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
pimps/JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
BlackArch/webshells
Various webshells. We accept pull requests for additions to this collection.
DaxiaSec/SXF_aTrust_sandbox_bypass
init
LiveOverflow/log4shell
Small example repo for looking into log4j CVE-2021-44228
r3kind1e/Log4Shell-obfuscated-payloads-generator
Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.
fox-it/log4shell-pcaps
Log4Shell PCAPS and Network Coverage