zz1900

zz1900's Stars

• c0ny1/upload-fuzz-dic-builder

  上传漏洞fuzz字典生成脚本

  Language:Python1.2k256

• we1h0/web-sec-interview

  Information Security (Web Security/Penetration Testing Direction) Interview Questions/Solutions 信息安全(Web安全/渗透测试方向)面试题/解题思路

  475105

• Pluto-123/Bypass_cdn

  绕过CDN查找网站的真实IP地址

  Language:Python18728

• lemonlove7/EHole_magic

  EHole(棱洞)魔改。可对路径进行指纹识别；支持识别出来的重点资产进行漏洞检测(支持从hunter和fofa中提取资产)支持对ftp服务识别及爆破

  Language:Go79148

• owasp-amass/amass

  In-depth attack surface mapping and asset discovery

  Language:Go12k1.9k

• 0xmaximus/Galaxy-Bugbounty-Checklist

  Tips and Tutorials for Bug Bounty and also Penetration Tests.

  1.4k340

• Az0x7/vulnerability-Checklist

  This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

  2.3k558

• gh0stkey/CaA

  CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.

  Language:Java82255

• gh0stkey/HaE

  HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

  Language:Java3.1k245

• vaycore/OneScan

  OneScan是递归目录扫描的BurpSuite插件

  Language:Java69629

• kohlersbtuh15/accesskey_tools

  阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具，accesskey利用工具，包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,aws accesskey rce;remote command execute

  Language:Python48642

• Aabyss-Team/awsKeyTools

  AWS云平台 AccessKey 泄漏利用工具

  Language:Python34544

• zema1/suo5

  一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

  Language:Java2.1k199

• 1ucky7/jmg-for-Godzilla

  Godzilla插件|内存马|Suo5内存代理｜jmg for Godzilla

  2007

• pen4uin/java-memshell-generator

  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

  Language:Java1.6k186

• Rvn0xsy/BadCode

  恶意代码逃逸源代码 http://payloads.online

  Language:C++729122

• luckyfuture0177/ReZeroBypassAV

  从零开始学免杀

  42953

• SpenserCai/Hunter-SDK

  奇安信 Hunter SDK

  Language:Python5

• wgpsec/ENScan_GO

  一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。

  Language:Go3.1k297

• zhzyker/vulmap

  Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

  Language:Python3.4k571

• zhzyker/exphub

  Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

  Language:Python4.1k1.1k

• API-Security/APIKit

  APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

  Language:Java1.9k168

• Quitten/Autorize

  Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  Language:Python951196

• jhao104/proxy_pool

  Python ProxyPool for web spider

  Language:Python21.5k5.2k

• 0x727/ShuiZe_0x727

  信息收集自动化工具

  Language:Python3.8k571

• zz1900/ShuiZe_0x727

  信息收集自动化工具

  1

• knownsec/404StarLink

  404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目

  8.5k821

• wgpsec/DBJ

  大宝剑-边界资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

  Language:Python903148

• awake1t/linglong

  一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示

  Language:Go1.7k306

• yogeshojha/rengine

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  Language:HTML7.5k1.1k