tonghuaroot

ADLab

域渗透攻击技术、检测规则以及方便重现漏洞的虚拟机实验环境 - Tricks and Tools for attacking Active Directory, Threat Hunting Detection Rules, and Lab used to reproduce the vulnerability.

Awesome-macOS-Red-Teaming

List of Awesome macOS Red Teaming Resources.

MiningGitlog

A script to mine email addresses in the Github repository.

my_blog

一个基于Django的Blog。

Pentest

一些内网渗透中常用的安全工具、命令收集。

phone_shop

一个售卖二手手机的电子商城

PyScript

方便日常工作的Python脚本

ReShellAAS

Reverse Shell as a Service

Vulnerability-Env

收集国内外开源CMS存在漏洞的各种版本

w3af-cn-doc

w3af 中文文档

tonghuaroot/hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

tonghuaroot/weiboSpider

新浪微博爬虫，用python爬取新浪微博数据

tonghuaroot/Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

tonghuaroot/Awesome-Asset-Discovery

List of Awesome Asset Discovery Resources

tonghuaroot/brook

Brook is a cross-platform(Linux/MacOS/Windows/Android/iOS) proxy/vpn software

tonghuaroot/cai

Cybersecurity AI (CAI), the framework for AI Security

tonghuaroot/cmdb

CMDB: configuration and management of IT resources

tonghuaroot/codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

tonghuaroot/DeFiHackLabs

Reproduce DeFi hacked incidents using Foundry.

tonghuaroot/dify

Production-ready platform for agentic workflow development.

tonghuaroot/falco-website

Hugo content to generate website content. Hosted by the CNCF

tonghuaroot/GC2-sheet

GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.

tonghuaroot/gin-vue-admin

基于vite+vue3+gin搭建的开发基础平台（支持TS,JS混用），集成jwt鉴权，权限管理，动态路由，显隐可控组件，分页封装，多点登录拦截，资源权限，上传下载，代码生成器，表单生成器等开发必备功能。

tonghuaroot/gpt_academic

为GPT/GLM提供图形交互界面，特别优化论文阅读润色体验，模块化设计支持自定义快捷按钮&函数插件，支持代码块表格显示，Tex公式双显示，新增Python和C++项目剖析&自译解功能，PDF/LaTex论文翻译&总结功能，支持并行问询多种LLM模型，支持清华chatglm等本地模型

tonghuaroot/guac

tonghuaroot/joern

Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

tonghuaroot/kubernetes

Production-Grade Container Scheduling and Management

tonghuaroot/mariana-trench

Our security focused static analysis tool for Android and Java applications.

tonghuaroot/nuclei

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

tonghuaroot/PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

tonghuaroot/project-layout

Standard Go Project Layout

tonghuaroot/PurpleCloud

An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches.

tonghuaroot/Restore-JS

《反爬虫JS破解与混淆还原手册》 by @No-Attack @LoseNine。 一本教你JS破解以及混淆与还原的教程。欢迎star，持续更新。

tonghuaroot/SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

tonghuaroot/shhgit

Ah shhgit! Find GitHub secrets in real time

tonghuaroot/sqlmap

Automatic SQL injection and database takeover tool

tonghuaroot/truffleHog

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

tonghuaroot/vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

tonghuaroot/xray

xray 安全评估工具

tonghuaroot/YYeTsBot

🎬 人人影视bot，完全对接人人影视全部无删减资源