tonghuaroot
OSCP. Cyber security enthusiast, not hacker. Focus on Cloud Security, Penetration testing.
Pinned Repositories
ADLab
域渗透攻击技术、检测规则以及方便重现漏洞的虚拟机实验环境 - Tricks and Tools for attacking Active Directory, Threat Hunting Detection Rules, and Lab used to reproduce the vulnerability.
Awesome-macOS-Red-Teaming
List of Awesome macOS Red Teaming Resources.
MiningGitlog
A script to mine email addresses in the Github repository.
Minos
一个基于Tornado/mongodb/redis的社区系统。
my_blog
一个基于Django的Blog。
Pentest
一些内网渗透中常用的安全工具、命令收集。
phone_shop
一个售卖二手手机的电子商城
ReShellAAS
Reverse Shell as a Service
Vulnerability-Env
收集国内外开源CMS存在漏洞的各种版本
w3af-cn-doc
w3af 中文文档
tonghuaroot's Repositories
tonghuaroot/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
tonghuaroot/Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
tonghuaroot/brook
Brook is a cross-platform(Linux/MacOS/Windows/Android/iOS) proxy/vpn software
tonghuaroot/canarytokens
Canarytokens helps track activity and actions on your network.
tonghuaroot/codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise
tonghuaroot/CodeQL-1
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
tonghuaroot/falco-website
Hugo content to generate website content. Hosted by the CNCF
tonghuaroot/faraday
Collaborative Penetration Test and Vulnerability Management Platform
tonghuaroot/gin-vue-admin
基于vite+vue3+gin搭建的开发基础平台(支持TS,JS混用),集成jwt鉴权,权限管理,动态路由,显隐可控组件,分页封装,多点登录拦截,资源权限,上传下载,代码生成器,表单生成器等开发必备功能。
tonghuaroot/google-ctf
Google CTF challenges
tonghuaroot/gpt_academic
为GPT/GLM提供图形交互界面,特别优化论文阅读润色体验,模块化设计支持自定义快捷按钮&函数插件,支持代码块表格显示,Tex公式双显示,新增Python和C++项目剖析&自译解功能,PDF/LaTex论文翻译&总结功能,支持并行问询多种LLM模型,支持清华chatglm等本地模型
tonghuaroot/GSIL
GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
tonghuaroot/guac
tonghuaroot/infracost-jenkins
Jenkins integration for Infracost. Shows cloud cost estimates for Terraform.
tonghuaroot/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
tonghuaroot/joern
Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs
tonghuaroot/kubernetes
Production-Grade Container Scheduling and Management
tonghuaroot/mariana-trench
Our security focused static analysis tool for Android and Java applications.
tonghuaroot/Notes-1
tonghuaroot/nuclei
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
tonghuaroot/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
tonghuaroot/project-layout
Standard Go Project Layout
tonghuaroot/prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.
tonghuaroot/PurpleCloud
An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.
tonghuaroot/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
tonghuaroot/Security_Engineer_Interview_Questions
Every Security Engineer Interview Question From Glassdoor.com
tonghuaroot/sqlmap
Automatic SQL injection and database takeover tool
tonghuaroot/vulhub
Docker-Compose file for vulnerability environment
tonghuaroot/xray
xray 安全评估工具
tonghuaroot/YYeTsBot
🎬 人人影视bot,完全对接人人影视全部无删减资源