Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-hacking-lists
https://github.com/NetW0rK1le3r/awesome-hacking-lists
Last synced: 1 day ago
JSON representation
-
Go (531)
- kilt - Kilt is a project that defines how to inject foreign apps into containers.
- shodan_fetcher - Just a simple (very much ToS breaking) tool to scrape information from Shodan pages.
- cs-ssl-gen - Cobalt Strike SSL Generator
- pathbrute - Pathbrute
- v2ray-poseidon - An Enhanced V2Ray(based on v2ray-core) for VNetPanel, SSRPanel, V2board and SSPanel-v3-Uim to sync users from database to v2ray, to log traffics/system info
- panther - Detect threats with log data and improve cloud security posture
- telegramd - Unofficial open source telegram server written in golang
- awesome-go - A curated list of awesome Go frameworks, libraries and software
- nvm-windows - A node.js version management utility for Windows. Ironically written in Go.
- headerssrfXD - Scan ssrf on headers. Inspired by the tool https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/ssrf.py
- gofinder
- clickjackingXD
- xssXD
- tfsec - 🔒🌍 Security scanner for your Terraform code
- gortal - 🚪A super lightweight jumpserver service developed using the Go language. 一个使用 Go 语言开发的,超级轻量的跳板机服务。
- go-extend - go语言扩展包,收集一些常用的操作函数,辅助更快的完成开发工作,并减少重复代码
- xsec-ip-database - xsec-ip-database为一个恶意IP和域名库(Malicious ip database)
- sec-dev-in-action-src - 《白帽子安全开发实战》配套代码
- v2sub - 用于 linux 下订阅 v2ray 的小工具。
- rogue_mysql_server - 一个支持 go, php, python, java, 原生命令行等多种语言下客户端的 mysql 恶意服务器
- LadonGo - Ladon Pentest Scanner framework LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
- octant - Highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
- Cardinal - CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD platform - 欢迎 Star~ ✨
- phonedata - 手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新:2020年04月
- pingtunnel - ICMP流量伪装转发工具 ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.
- TcpRoute2 - TcpRoute , TCP 层的路由器。对于 TCP 连接自动从多个线路(电信、联通、移动)、多个域名解析结果中选择最优线路。
- go-ast-book - :books: 《Go语法树入门——开启自制编程语言和编译器之旅》(开源免费图书/Go语言进阶/掌握抽象语法树/Go语言AST/凹语言)
- xray-weblisten-ui - Xray 被动扫描管理
- go-admin - 基于Gin + Vue + Element UI的前后端分离权限管理系统脚手架(包含了:基础用户管理功能,jwt鉴权,代码生成器,RBAC资源控制,表单构建等)分分钟构建自己的中后台项目;文档:https://doc.go-admin.dev Demo: https://www.go-admin.dev
- asset-scan - asset-scan是一款适用甲方企业的外网资产周期性扫描监控系统
- goWeakPass - 使用golang编写的服务弱口令检测
- geph2 - Geph (迷霧通) is a modular Internet censorship circumvention system designed specifically to deal with national filtering.
- Hyuga - Hyuga 是一个用来记录DNS查询和HTTP请求的监控工具。
- go-sniffer - 🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。
- gout - gout to become the Swiss Army Knife of the http client @^^@---> gout 是http client领域的瑞士军刀,小巧,强大,犀利。具体用法可看文档,如使用迷惑或者API用得不爽都可提issues
- k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!
- iris - The fastest HTTP/2 Go Web Framework. AWS Lambda, gRPC, MVC, Unique Router, Websockets, Sessions, Test suite, Dependency Injection and more. A true successor of expressjs and laravel | 谢谢 https://github.com/kataras/iris/issues/1329 |
- BookStack - BookStack,基于MinDoc,使用Beego开发的在线文档管理系统,功能类似Gitbook和看云。
- mr2 - Mr.2 can help you expose local server to external network. Support both TCP/UDP, of course support HTTP. Zero-Configuration.
- Go42 - 《Go语言四十二章经》详细讲述Go语言规范与语法细节及开发中常见的误区,通过研读标准库等经典代码设计模式,启发读者深刻理解Go语言的核心思维,进入Go语言开发的更高阶段。
- jiacrontab - 简单可信赖的任务管理工具
- Blind-SQL-Injector - 手工盲注辅助注入工具
- docker_ssh_honeypot - 安全开发教学 - 用Docker制作一个高交互ssh蜜罐
- DocHub - 参考百度文库,使用Beego(Golang)开发的开源文库系统
- goproxy - Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
- cointop - A fast and lightweight interactive terminal based UI application for tracking cryptocurrencies
- idgen - 一个使用 golang 编写的大陆身份证生成器
- ElasticHD - Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索,Index template快捷替换修改,索引列表信息查看, SQL converts to DSL等
- fetchserver - phuslu删掉了fetchserver,我重新传一个
- flora-kit - 💐 基于 shadowsocks-go 做的完善实现,自动网络分流,完全兼容 Surge 的配置文件。
- crack_ssh - go写的协程版的ssh\redis\mongodb弱口令破解工具
- ebreader - 一个让你可以在浏览器中阅读Epub电子书的CLI程序,使用Golang编写
- xapimanager - XAPI MANAGER -专业实用的开源接口管理平台,为程序开发者提供一个灵活,方便,快捷的API管理工具,让API管理变的更加清晰、明朗。如果你觉得xApi对你有用的话,别忘了给我们点个赞哦^_^ !
- the-way-to-go_ZH_CN - 《The Way to Go》中文译本,中文正式名《Go 入门指南》
- commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
- deduplicate - Remove duplicate urls from input
- querycsv - QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file
- meg - Fetch many paths for many hosts - without killing the hosts
- Amass - In-depth Attack Surface Mapping and Asset Discovery
- emp3r0r - linux post-exploitation framework made by linux user
- commonspeak2 - Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
- h2conn - HTTP2 client-server full-duplex connection
- p12tool - A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
- sayBruh - its a rebuild of saycheese with golang
- headi - Customisable and automated HTTP header injection
- linkz
- postMessageFinder
- GoGitDumper - Dump exposed HTTP .git fast
- knary - A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
- qsfuzz - qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
- mzap - ⚡️ Multiple target ZAP Scanning
- git-hound - Git plugin that prevents sensitive data from being committed.
- rescope - Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
- madns - DNS server for pentesters
- gfz
- url2img - HTTP server with API for capturing screenshots of websites
- casbin-auth0-rbac-backend - Example RBAC implementation with Casbin and Auth0
- dmut - A tool to perform permutations, mutations and alteration of subdomains in golang.
- rsdl - Subdomain Scan With Ping Method.
- proxify - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
- dnsfaster - Test the speed and reliability of a list of DNS servers
- cloudlist - Cloudlist is a tool for listing Assets from multiple Cloud Providers.
- tcpprobe - a modern TCP tool and service for network performance observability.
- urlbrute - Directory/Subdomain scanner developed in GoLang.
- autopatchelf
- sourcemapper - Extract JavaScript source trees from Sourcemap files
- cloudquery - cloudquery transforms your cloud infrastructure into queryable SQL or Neo4j tables for easy monitoring, governance and security.
- nova - Find outdated or deprecated Helm charts running in your cluster.
- ssl_exporter - Exports Prometheus metrics for SSL certificates
- chashell - Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
- urlhunter - a recon tool that allows searching on URLs that are exposed via shortener services
- exclude-cdn - Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin
- ipdb-go - IPIP.net officially supported IP database ipdb format parsing library
- goz - A fantastic HTTP request libarary used in Golang.
- BurpSuite-MacOS-Crack
- collaborator - BurpSuite Standard/Private Collaborator Library
- GitHunter - A tool for searching a Git repository for interesting content
- k0s - k0s - Zero Friction Kubernetes
- CDK - CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
- RendezvousRAT - Self-healing RAT utilizing libp2p
- fscan - 一款内网扫描工具,方便一键大保健~
- xo - Command line tool to generate idiomatic Go code for SQL databases supporting PostgreSQL, MySQL, SQLite, Oracle, and Microsoft SQL Server
- keylogger - 键盘记录,支持定时回传
- starboard - Kubernetes-native security toolkit
- scorecard - OSS Security Scorecards
- Prometheus-Basics - A beginner friendly introduction to prometheus 🔥
- CVE-2020-13935 - Exploit for WebSocket Vulnerability in Apache Tomcat
- notify - Notify is a helper utility written in Go that allows you to pull results from burp collaborator instances and post them to Slack and Discord.
- git-lfs-RCE-exploit-CVE-2020-27955-Go
- alicloud-tools - 阿里云ECS、策略组辅助小工具
- inspektor-gadget - Collection of gadgets for debugging and introspecting Kubernetes applications using BPF
- grype - A vulnerability scanner for container images and filesystems
- DomainHiding - external c2 use domainhiding.
- Doge-Loader - 🐶Cobalt Strike Shellcode Loader by Golang
- BountyIt - A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures
- gophercap - Accurate, modular, scalable PCAP manipulation tool written in Go.
- nvdtools - A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
- waypoint - A tool to build, deploy, and release any application on any platform.
- fdnssearch - Swiftly search FDNS datasets from Rapid7 Open Data
- fdns - Concurrent Rapid7 FDNS dataset parser
- takeover - A tool for testing subdomain takeover possibilities at a mass scale.
- ferry - 本系统是集工单统计、任务钩子、权限管理、灵活配置流程与模版等等于一身的开源工单系统,当然也可以称之为工作流引擎。 致力于减少跨部门之间的沟通,自动任务的执行,提升工作效率与工作质量,减少不必要的工作量与人为出错率。
- urlive - Check url is live (*HTTP status code "200 ok" only*).
- fasthttp - Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
- github-subdomains - Find subdomains on GitHub
- webshell-analyzer - Web shell scanner and analyzer.
- gosecretsdump - Dump ntds.dit really fast
- berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
- subzy - Subdomain takeover vulnerability checker
- Go-SCP - Go programming language secure coding practices guide
- wurl - A tool to test working urls.
- yarr - yet another rss reader
- bcscope - Get the scope of your bugcrowd programs
- hetty - Hetty is an HTTP toolkit for security research.
- s5_server
- crowdsec - Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database.
- quickpress - Small tool to automate SSRF wordpress and XMLRPC finder
- monsoon - Fast HTTP enumerator
- asnip - ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
- mapcidr - Small utility program to perform multiple operations for a given subnet/CIDR ranges.
- gld - Go shellcode LoaDer
- wildcheck - A simple tool to detect wildcards domain based on Amass's wildcards detector.
- unew - A tool for append URLs, skipping duplicates/paths & combine parameters.
- CloudBrute - Awesome cloud enumerator
- iconhash - fofa shodan favicon.ico hash icon ico 计算器
- rush - A cross-platform command-line tool for executing jobs in parallel
- go-web-framework-stars - :star: Web frameworks for Go, most starred on GitHub
- req - a golang http request library for humans
- clair-scanner - Docker containers vulnerability scan
- age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
- croc - Easily and securely send things from one computer to another :crocodile: :package:
- kubectl-rolesum - Summarize Kubernetes RBAC roles for the specified subjects.
- gonkey - Gonkey - a testing automation tool
- gqm - Go quick message
- dnslog - dnslog reverse vul-verify 反连平台 漏洞验证
- godnslog - An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
- TukTuk - Tool for catching and logging different types of requests.
- wordlistgen - Generates target specific word lists for Fuzzing with fuff
- smogcloud - Find cloud assets that no one wants exposed 🔎 ☁️
- stargz-snapshotter - Fast docker image distribution plugin for containerd, based on CRFS/stargz
- ssrf-tool
- JCRandomProxy - 随机代理
- dorkX - Pipe different tools with google dork Scanner
- linkJS
- Gxss - A tool to check a bunch of URLs that contain reflecting params.
- vermin - The smart virtual machines manager. A modern CLI for Vagrant Boxes.
- wadl-dumper - Dump all available paths and/ endpoints on WADL file.
- ExternalC2Go
- gox - A dead simple, no frills Go cross compile tool
- yet-another-cloudwatch-exporter - AWS cloudwatch to prometheus exporter - Discovers services through AWS tags, gets cloudwatch data and provides them as prometheus metrics with AWS tags as labels.
- bbr - An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
- slackcat - A simple way of sending messages from the CLI output to your Slack with webhook.
- registry-creds - Automate Kubernetes ImagePullSecrets to extend Docker Hub limits.
- threagile - Agile Threat Modeling Toolkit
- dumproid - Android process memory dump tool without ndk.
- goloader - load and run golang code at runtime.
- peirates - Peirates - Kubernetes Penetration Testing tool
- go-smb2 - SMB2/3 client library written in Go.
- rose
- garble - Obfuscate Go builds
- NaviPassRead - Read Navicat 12 Password
- dracon - Security scanning & static analysis tool
- Go365 - An Office365 User Attack Tool
- whoxyrm - A reverse whois tool based on Whoxy API.
- wordlistgen - Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
- osm - Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.
- sprig - Useful template functions for Go templates.
- nali - An offline tool for querying IP geographic information and CDN provider.一个查询IP地理信息和CDN服务提供商的离线终端工具.
- gitkube - Build and deploy docker images to Kubernetes using git push
- Misc-Tools - Miscellaneous tools I've developed over the years for help in infosec.
- reflect-pe - Reflectively load PE
- jet - Jet template engine
- usercorn - dynamic binary analysis via platform emulation
- sourcegraph - Universal code search (self-hosted)
- chisel - A fast TCP/UDP tunnel over HTTP
- number-verifier - Number Verifier is a SMS verification tool that makes it easy to get a disposable SMS number and bypass SMS number verifications on any site.
- Boomerang - Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks
- over-golang - Golang相关:[进度80%]Go语法、Go并发思想、Go与web开发、Go微服务设施等
- kerbrute - A tool to perform Kerberos pre-auth bruteforcing
- go-dork - The fastest dork scanner written in Go.
- hakq - A basic golang server/client for distributing tasks over multiple systems.
- ponieproxy - Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.
- Talon - A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.
- interview-go - golang面试题集合
- httpdump - Capture and parse http traffics
- slicer - A tool to automate the boring process of APK recon
- leakdb - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
- kitphishr - A tool designed to hunt for Phishing Kit source code
- gokrazy - a pure-Go userland for your Raspberry Pi 3 or 4 appliances
- apk-medit - memory search and patch tool on debuggable apk without root & ndk
- ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
- kustomize - Customization of kubernetes YAML configurations
- gofingerprint - GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
- kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
- Go4aRun - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
- medusa - Fastest recursive HTTP fuzzer, like a Ferrari.
- awsls - A list command for AWS resources
- rod - A Devtools driver for web automation and scraping
- MailHog - Web and API based SMTP testing
- lokomotive - Lokomotive is a 100% open-source, easy to use and secure Kubernetes distribution from the volks at Kinvolk
- dirstalk - Modern alternative to dirbuster/dirb
- go-envconfig - A Go library for parsing struct tags from environment variables.
- feedpushr - A simple feed aggregator daemon with sugar on top.
- ChopChop - ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
- httpx - httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
- go-execute-assembly - Allow a Go process to dynamically load .NET assemblies
- iox - Tool for port forwarding & intranet proxy
- addSome - Simple Go script to check if found domains in a file are already saved in your Findomain database
- fuzzit - CLI to integrate continuous fuzzing with Fuzzit
- 1ndiList - Recon Custom WordList Ganerator
- whoareyou - whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)
- Zin - A Payload Injector for bugbounties written in go
- haktldextract - Extract domains/subdomains from URLs en masse
- sqlmw - Interceptors for database/sql
- gid - Golang 分布式ID生成系统,高性能、高可用、易扩展的id生成服务
- sliver - Implant framework
- chaos-client - Go client to communicate with Chaos DNS API.
- mos-chinadns - 一个开箱即用的 DNS 分流器。
- naabu - A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
- cf-check - CloudFlare Checker written in Go
- KoiPhish - A simple yet beautiful phishing proxy.
- forwardproxy - Forward proxy plugin for the Caddy web server
- backdoorfactory - A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire.
- ssrf-finder - Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
- 1ndi-hacks - Bug Bounty Tools
- fff - The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
- slack-c2bot - Slack C2bot that executes commands and returns the output.
- subgen - A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
- waybackcollector - Fetch wayback machine historical content for a given url
- rbacsync - Automatically sync groups into Kubernetes RBAC
- ratelimit - A Golang blocking leaky-bucket rate limit implementation
- CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
- sharingan - Offensive Security recon tool
- rate-limit-checker - Check whether the domain has a rate limit enabled.
- wuzz - Interactive cli tool for HTTP inspection
- zgrab2 - Fast Go Application Scanner
- apkurlgrep - Extract endpoints from APK files
- terrier - Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
- intercept - INTERCEPT / Policy as Code Static Analysis Auditing
- git-hound - Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
- sudis - Sudis !! Distributed supervisor process control system
- tailscale - The easiest, most secure way to use WireGuard and 2FA.
- whoisyou - Take a list of domains and output the hostname and ip.
- Venom - Venom - A Multi-hop Proxy for Penetration Testers
- gopoc - 用cel-go重现了长亭xray的poc检测功能的轮子
- ohmybackup - Scan Victim Backup Directories & Backup Files
- Modlishka - Modlishka. Reverse Proxy.
- dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
- zdns - Fast CLI DNS Lookup Tool
- jaeles - The Swiss Army knife for automated Web Application Testing
- go-interview - Collection of Technical Interview Questions solved with Go
- gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
- yunSpider - 百度云网盘爬虫
- v2ray-web-manager - v2ray-web-manager 是一个v2ray的面板,也是一个集群的解决方案;同时增加了流量控制/账号管理/限速等功能。key: admin , panel ,web,cluster,集群,proxy
- docker-image-generator - Customized docker images generation toolkit
- WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
- ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
- nuclei - Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
- argo - Argo Workflows: Get stuff done with Kubernetes.
- fprobe - Take a list of domains/subdomains and probe for working http/https server.
- lazydocker - The lazier way to manage everything docker
- Hacking-with-Go - Golang for Security Professionals
- shuffledns - shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
- broxy - An HTTP/HTTPS intercept proxy written in Go.
- ReverseGoShell - A Golang Reverse Shell Tool With AES Dynamic Encryption
- geacon - Practice Go programming and implement CobaltStrike's Beacon in Go
- slack-webm-sentinel - A bot that tracks .webm links and converts them to .mp4
- tour - Go 语言官方教程中文版
- gophish - Open-Source Phishing Toolkit
- hacks - A collection of hacks and one-off scripts
- iploc - Fastest IP To Country Library
- hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.
- rumble-tools - Open source tools, libraries, and datasets related to the Rumble Network Discovery product and associated research
- hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
- trivy - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
- gowp - golang worker pool , Concurrency limiting goroutine pool
- syncd - syncd是一款开源的代码部署工具,它具有简单、高效、易用等特点,可以提高团队的工作效率.
- insider - Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
- verifier - A minimal, customizable Go package for Email & Mobile number verification
- nmap-to-netscan - A helper utility for turning nmap xml files into target lists for go-netscan
- kruise - Automate application management on Kubernetes
- video-srt-windows - 这是一个可以识别视频语音自动生成字幕SRT文件的开源 Windows-GUI 软件工具。
- haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education
- crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台,支持任何语言和框架
- alkaid - Alkaid is a BaaS(Blockchan as a Service) service based on Hyperledger Fabric.
- golang-notes - Go source code analysis(zh-cn)
- goLazagne - Go library for credentials recovery
- kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
- tracee - Container and system event tracing using eBPF
- Cloak - A censorship circumvention tool to evade detection against state adversaries
- gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
- gh-ost - GitHub's Online Schema Migrations for MySQL
- radvpn - Decentralized VPN
- gin-admin - RBAC scaffolding based on Gin + Gorm+ Casbin + Wire
- learning-golang - Go 学习之路:Go 开发者博客、Go 微信公众号、Go 学习资料(文档、书籍、视频)
- dsiem - Security event correlation engine for ELK stack
- goex - Exchange Rest And WebSocket API For Golang Wrapper support okcoin,okex,huobi,hbdm,bitmex,coinex,poloniex,bitfinex,bitstamp,binance,kraken,bithumb,zb,hitbtc,fcoin, coinbene
- sampler - Tool for shell commands execution, visualization and alerting. Configured with a simple YAML file.
- o365-attack-toolkit - A toolkit to attack Office365
- gobuster - Directory/File, DNS and VHost busting tool written in Go
- delator - Golang-based subdomain miner leveraging certificate transparency logs
- assetfinder - Find domains and subdomains related to a given domain
- build-web-application-with-golang - A golang ebook intro how to build a web with golang
- mixin-network-snapshot-golang - crypto currency gateway plugin for web store
- lemonade - Lemonade is a remote utility tool. (copy, paste and open browser) over TCP.
- k3os - Purpose-built OS for Kubernetes, fully managed by Kubernetes.
- termshark - A terminal UI for tshark, inspired by Wireshark
- vscan-go - golang version for nmap service and application version detection (without nmap installation)
- ffuf - Fast web fuzzer written in Go
- CapOS - 等级保护测评windows工具源码
- x-crack - x-crack - Weak password scanner, Support: FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
- vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- pathbrute - Pathbrute
- whatweb - 更快速的进行Web应用指纹识别
- goWhatweb - [学习GO] go语言写的web指纹识别 - Identify websites by go language
- livego - live video streaming server in golang
- meshbird - Distributed private networking
- dnsbrute - a fast domain brute tool
- goscan - Interactive Network Scanner
- gsm - 使用树莓派配合硬件来进行短信转发
- Platypus - :hammer: A modern multiple reverse shell sessions manager written in go
- goscan - golang的扫描框架, 支持协程池和自动调节协程个数.
- coyim - coyim - a safe and secure chat client
- awesome-go-zh - :books: Go资源精选中文版(含中文图书大全)
- gosec - Golang security checker
- nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
- cmus-lyric - cmus lyric viewer
- webtty - Share a terminal session over WebRTC
- auxpi - 🍭 集合多家 API 的新一代图床
- plik - Plik is a scalable & friendly temporary file upload system ( wetransfer like ) in golang.
- fac - Easy-to-use CUI for fixing git conflicts
- gogs - Gogs is a painless self-hosted Git service
- lazygit - simple terminal UI for git commands
- gitea - Git with a cup of tea, painless self-hosted git service
- shuttle - A web proxy in Golang with amazing features.
- dnsutil - dns dig for golang
- tcping - ping over a tcp connection
- subcommands - Go subcommand library.
- torsniff - torsniff - a sniffer that sniffs torrents from BitTorrent network
- merge-nmap-masscan - Merge results from NMAP and Masscan into one CSV file
- BAT_Check_DomainName
- tmux-themepack - A pack of various Tmux themes.
- usql - Universal command-line interface for SQL databases
- v2 - Minimalist and opinionated feed reader
- overture - A customized DNS relay server written in Go.
- gosu - Simple Go-based setuid+setgid+setgroups+exec
- subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
- qrcp - :zap: Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.
- rfd-checker - RFD Checker - security CLI tool to test Reflected File Download issues
- duplicacy - A new generation cloud backup tool
- CHAOS - :fire: CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.
- godht
- shadowsocks-go - go port of shadowsocks (Deprecated)
- GoQuiet - A Shadowsocks obfuscation plugin utilising domain fronting to evade deep packet inspection
- subjack - Subdomain Takeover tool written in Go
- lightsocks - ⚡️一个轻巧的网络混淆代理🌏
- SubOver - A Powerful Subdomain Takeover Tool
- x-patrol - github泄露扫描系统
- gost - GO Simple Tunnel - a simple tunnel written in golang
- apkverifier - APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.
- goWAPT - Go Web Application Penetration Test
- grv - GRV is a terminal interface for viewing git repositories
- guard - NOT MAINTAINED! A generic high performance circuit breaker & proxy server written in Go
- AWS-Scanner - Scans a list of websites for Cloudfront or S3 Buckets
- dnscrypt-proxy - dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
- hyperfox - HTTP/HTTPS MITM proxy and recorder.
- ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
- go-http-tunnel - Fast and secure tunnels over HTTP/2
- ft - File Transferer
- go-ethereum - Official Go implementation of the Ethereum protocol
- secureoperator - A DNS-protocol proxy for DNS-over-HTTPS providers, such as Google and Cloudflare
- ben - Your benchmark assistant, written in Go.
- gOSINT - OSINT Swiss Army Knife
- ignite - A SS(R) panel for managing multiple users, powered by Go & Docker.
- gsnova - Private proxy solution & network troubleshooting tool.
- goscan - goscan is a simple and efficient IPv4 network scanner that discovers all active devices on local subnet.
- hpkp - golang hpkp client library
- subnet - Simple, auditable & elegant VPN, built with TLS mutual authentication and TUN.
- goHackTools - Hacker tools on Go (Golang)
- rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files
- assh - :computer: make your ssh client smarter
- docker-image
- searchscan - Search Nmap and Metasploit scanning scripts.
- sov2ex - A site search for V2EX
- goflyway - An encrypted HTTP server
- fzf - :cherry_blossom: A command-line fuzzy finder
- kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing
- slt - A TLS reverse proxy with SNI multiplexing in Go
- frp
- ngrok - Introspected tunnels to localhost
- moby - Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
- hugo - The world’s fastest framework for building websites.
- cloud-torrent - ☁️ Cloud Torrent: a self-hosted remote torrent client
- docker_practice - Learn and understand Docker technologies, with real DevOps practice!
- kubesec - Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
- dht - BitTorrent DHT Protocol && DHT Spider.
- btcd - An alternative full node bitcoin implementation written in Go (golang)
- firefly-proxy - A proxy software to help circumventing the Great Firewall.
- gscan_quic - Google Quic 扫描工具
- glider - glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
- brook - Brook is a cross-platform strong encryption and not detectable proxy. Zero-Configuration.
- caddy - Fast, multi-platform web server with automatic HTTPS
- xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
- gh-polls - Polls for user feedback in GitHub issues
- fibratus - A modern tool for the Windows kernel exploration and tracing
- WindowsSpyBlocker - Block spying and tracking on Windows
- dnssearch - A subdomain enumeration tool.
- zgrab - **DEPRECATED** This project has been replaced by https://github.com/zmap/zgrab2
- brutemachine - A Go library which main purpose is giving an interface to loop over a dictionary and use those words/lines as input for some custom logic such as HTTP file bruteforcing, DNS bruteforcing, etc.
- rqlite - The lightweight, distributed relational database built on SQLite.
- aquatone - A Tool for Domain Flyovers
- git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
- clair - Vulnerability Static Analysis for Containers
- repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
- cronsun - A Distributed, Fault-Tolerant Cron-Style Job System.
- fsql - Search through your filesystem with SQL-esque queries.
- blockchain_guide - Introduce blockchain related technologies, from theory to practice with bitcoin, ethereum and hyperledger.
- node - Mysterium Network Node - official implementation of distributed VPN network (dVPN) protocol
- kr - A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
- go-mbf - MongoDB Login Brute Forcer
- frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
- cilium - eBPF-based Networking, Security, and Observability
- linuxkit - A toolkit for building secure, portable and lean operating systems for containers
- scope - Monitoring, visualisation & management for Docker & Kubernetes
- gdrive - Google Drive CLI Client
- dnscontrol - Synchronize your DNS to multiple providers from a simple DSL
- ruler - A tool to abuse Exchange services
- honeybits - A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
- qshell - Shell Tools for Qiniu Cloud
- geoip - query geo-locations of ips
- gitrob - Reconnaissance tool for GitHub organizations
- wukong - 高度可定制的全文搜索引擎
- beego - beego is an open-source, high-performance web framework for the Go programming language.
- kcptun - A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。
- negroni - Idiomatic HTTP Middleware for Golang
- jvm-mon - Console-based JVM monitoring tool
- kingshard - A high-performance MySQL proxy
- BlueShell - 红蓝对抗跨平台远控工具
- autocert - ⚓ A kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers
- GeoIP2-CN - 最小巧、最准确、最全面、最实用的中国大陆 GeoIP2 数据库及 IP 地址段
- HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
- cve-db - 一个用于生成cve数据库的程序并提供简单的http协议查询接口
- algorithm-pattern - 算法模板,最科学的刷题方式,最快速的刷题路径,你值得拥有~
- NmapTools - Go语言练习,第一个小工具,nmaptools解析xml导出xlsx结果、进行web服务探测、进行socket数据探测等
- go-sword - 【Go-sword】可视化CRUD管理后台生成工具
- goxygen - Generate a modern Web project with Go and Angular, React or Vue in seconds 🚀
- linglong - 一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
- LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
- dnstunnel - dns tunnel backdoor DNS隧道后门
- teler - Real-time HTTP Intrusion Detection
- scilla - 🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
- Juggler - A system that may trick hackers. 一个也许能骗到黑客的系统。
- dalfox - 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
- SakuraFrp - 基于 Frp 二次开发定制的版本,可实现多用户管理、限速等商业化功能
- Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
- gohtran - 反向socks5代理, 关键词: go htran 重复造轮子 ssocks ew
- gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
- ksubdomain - 无状态子域名爆破工具
- kunpeng - kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
- RedisShake - Redis-shake is a tool for synchronizing data between two redis databases. Redis-shake是一个用于在两个redis之间同步数据的工具,满足用户非常灵活的同步、迁移需求。
- Caesar - 一个全新的敏感文件发现工具
- Cloudreve - 🌩支持多家云存储的云盘系统 (A project helps you build your own cloud in minutes)
- pilosa - Pilosa is an open source, distributed bitmap index that dramatically accelerates queries across multiple, massive data sets.
- DarkEye - 渗透测试情报收集工具
- RedisGo - 为更好的管理/监控Redis而倾心打造~
- app-env-docker - 基于 Docker 的真实应用测试环境
- PortScan - 端口扫描器
- jwt-hack - 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
- PortBrute - 一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compact port blasting tool that supports blasting FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD
- gorse - A recommender system service based on collaborative filtering written in Go
- go-gin-api - 基于 Gin 进行模块化设计的 API 框架,封装了常用功能,使用简单,致力于进行快速的业务研发。比如,validator.v9 参数验证、签名验证中间件、日志记录中间件、异常捕获中间件、jaeger 链路追踪、gRPC 的使用 等等。
- gitleaks - Scan git repos (or files) for secrets using regex and entropy 🔑
- scout - 🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
- askgit - Query git repositories with SQL. Generate reports, perform status checks, analyze codebases. 🔍 📊
- gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
- filebrowser - 📂 Web File Browser
- goribot - [Crawler/Scraper for Golang]🕷A lightweight distributed friendly Golang crawler framework.一个轻量的分布式友好的 Golang 爬虫框架。
- build - TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777
- HFish - 🍯 A Most Convenient Honeypot Platform. 🐝🐝🐝 🐝🐝
- bbs-go - 基于Golang的开源社区系统。
- zinx - 基于Golang轻量级TCP并发服务器框架
- Finder - 一款Go语言实现的端口扫描器.
- Yearning - 🐳 A most popular sql audit platform for mysql
- switcher - 一个多功能的端口转发/端口复用工具,支持转发本地或远程地址的端口,支持正则表达式转发(实现端口复用)。
- xsec-proxy-scanner - xsec-proxy-scanner是一款速度超快、小巧的代理扫描器
- xsec-dns-proxy - DNS代理服务器,可以记录log到数据库中
- gin-vue-admin - 基于gin+vue搭建的后台管理系统框架,集成jwt鉴权,权限管理,动态路由,分页封装,多点登录拦截,资源权限,上传下载,代码生成器,表单生成器,通用工作流等基础功能,五分钟一套CURD前后端代码,目前已支持VUE3,欢迎issue和pr~
- gf-vue-admin - 基于goframe+vue搭建的后台管理系统框架,集成jwt鉴权,权限管理,动态路由,分页封装,多点登录拦截,资源权限,上传下载,代码生成器,表单生成器等基础功能,五分钟一套CURD前后端代码包含数据库的快感你不要体验一下吗~,更多功能正在开发中,欢迎issue和pr~
- gron - Make JSON greppable!
- recursebuster - rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
- DNSGrep - Quickly Search Large DNS Datasets
- DNSSniffer - DNSQuery Sniffer in Golang
- Gurp - Burp Commander written in Go
- PhoneInfoga - Advanced information gathering & OSINT framework for phone numbers
- singo - Gin+Gorm开发Golang API快速开发脚手架
- goSkylar - 基于Golang开发的企业级外网端口资产扫描
- arpZebra - ARP+DNS欺骗工具,网络安全第三次实验,课堂演示用,严禁非法用途。ARPSpoof,wifi hijack,dns spoof
- godoh - 🕳godoh - A DNS-over-HTTPS C2
- godns - A dynamic DNS client tool supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS & DreamHost, etc, written in Go.
- go-onion-transport - Tor onion transport for IPFS
- ProxyClient - golang 代理库,和net一致的API。支持 socks4、socks4a、socks5、http、https 等代理协议。
- tcptunnel - 将本地内网服务器映射到公网。
- NATBypass - 一款lcx在golang下的实现
- dnsproxy - 防 DNS 缓存污染,兼顾查询质量与速度
- tap0901 - Go语言虚拟网卡库,可用于制作对战平台、加速器、防火墙、VPN等
- toxiproxy - :alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
-
HTML (177)
- awesomeaakash.github.io - Aakash Choudhary Personal website
- swf_json_csrf
- Real-timeDetectionAD_ver2
- sec_profile - 安全行业信息趋势分析
- quickstart-compliance-pci - AWS Quick Start Team
- Manual
- Web-Fuzzing-Box - Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
- VulnRange - 漏洞靶场-快速搭建Web安全漏洞和第三方组件漏洞环境,用于漏洞复现和研究
- js-port-knocking - Web 端口敲门的奇思妙想
- push-to-kindle - 📘 A web-based tool for pushing documents to your lovely kindle.
- HatLab_IOT_Wiki - 海特实验室物联网安全知识库
- WEB-shiro_rememberMe_encode_decode - shiro rememberMe 在线加解密工具
- kubeasz - 使用Ansible脚本安装K8S集群,介绍组件交互原理,方便直接,不受国内网络环境影响
- BurpExtend - 基于Burp插件开发打造渗透测试自动化
- keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
- xss_flash - Xss之Flash钓鱼
- Fake-flash.cn - flash.cn钓鱼页(中文+英文)
- LangNetworkTopologys - 端口扫描,指纹识别,网站探测,结果整理
- awesome-resume - 程序员简历例句,程序员简历范例,Java简历模版,Python简历模版,C++简历模版
- pentraining - 一个网络安全基础知识的教程。内容比较杂,好在都是实验视频和工具提供,可以自行动手完成实验。
- TranslatorX - JetBrains 系列软件汉化包 关键字: Android Studio 3.5 汉化包 CLion 2019.3 汉化包 DataGrip 2019.3 汉化包 GoLand 2019.3 汉化包 IntelliJ IDEA 2019.3 汉化包 PhpStorm 2019.3 汉化包 PyCharm 2019.3 汉化包 Rider 2019.3 汉化包 RubyMine 2019.3 汉化包 WebStorm 2019.3 汉化包
- WooyunDrops - Wooyun知识库,乌云知识库,https://wooyun.kieran.top
- fe - 《我的职业是前端工程师》 - Ebook:I'm a FrontEnd Developer
- 1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
- elasticsearch-definitive-guide - 欢迎加QQ群:109764489,贡献力量!
- 500LineorLess_CN - 500 line or less 中文翻译计划。
- php_webDataMining - php_webDataMining,PHP网络数据挖掘,第一个应用是爬取并分析和(草)谐(榴)论坛的一个版块数据并作可视化分析
- Zhihu_bigdata - 使用scrapy和pandas完成对知乎300w用户的数据分析。首先使用scrapy爬取知乎网的300w,用户资料,最后使用pandas对数据进行过滤,找出想要的知乎大牛,并用图表的形式可视化。
- Ap0k4L1p5.github.io
- security-automation-with-ansible-2 - Ansible Playbooks for Security Automation with Ansible2 book
- beijing_house_knowledge - 北京买房攻略
- Security_Article - scrapy website Article and link ...
- adobe-flash-phishing-page - Adobe Flash Phishing Page(Adobe Flash钓鱼页面)
- pup - Parsing HTML at the command line
- AboutSecurity - A list of payload and bypass lists for penetration testing and red team infrastructure build.
- Flash_Xss - Flash最新钓鱼源码对接官方API实现跟随官方升级而升级
- Bthub - Bthub最新地址发布页
- container-security-book
- ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
- CodedMailsFree - Ready to use 50+ responsive HTML email templates - Codedmails Free
- django-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
- c41n - Automated rogue access point setup tool.
- Flash-Pop - Flash钓鱼弹窗优化版
- apksneeze-lab - Analyze Android APK files from a browser.
- www-project-integration-standards - OWASP Foundation Web Respository
- calico - Cloud native networking and network security
- Phlexish - Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
- Windows-GDI-fuzzer - Windows Graphics Device Interface (GDI+) fuzzer
- CORS-EXPLOIT
- OpenClash - A Clash Client For OpenWrt
- kubernetes-goat - Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
- Language - Some dirty trick to learn different programming language.
- Needle - Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
- BabyShark - Basic C2 Server
- Windows-EoP - Windows EoP Bugs
- subspace - A fork of the simple WireGuard VPN server GUI community maintained
- post-exploitation-wiki - Post Exploitation Wiki
- autochrome - This tool downloads, installs, and configures a shiny new copy of Chromium.
- hacking-lab - Small Vulnerable Web
- inception - A highly configurable Framework for easy automated web scanning
- bugbountytip.com - Flask powered website to display tweets with a hashtag #bugbountytip
- Information-Security-Tasks - This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
- Subra - A Web-UI for subdomain enumeration (subfinder)
- fast-srt-subtitle - Make SRT Caption Fast!!!!
- DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
- gshark - Scan for sensitive information easily and effectively.
- Windows10Exploits - Microsoft » Windows 10 : Security Vulnerabilities
- chromium_for_spider - dynamic crawler for web vulnerability scanner
- SharedCourses - 大学课程共享计划整理
- hugo-theme-echo - A super concise theme for Hugo
- ATTACK-Tools - Utilities for MITRE™ ATT&CK
- attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
- DumpTheGit - DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.
- Airplay-SDK - Airplay Receiver SDK supports Airplay Mirroring and AirPlay Casting to a receiver device.
- APubPlat - Devops自动化部署、堡垒机开源项目、Web Terminal
- gentelella - Free Bootstrap 4 Admin Dashboard Template
- werdlists - :keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
- morpheus - Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)
- androwarn - Yet another static code analyzer for malicious Android applications
- APT_Sample-Weapoon - Pull some collected APT group related samples, ransomware, remote control and other malicious programs for security researchers to use.
- awesome-modern-cpp - A collection of resources on modern C++
- Nessus_Map - Parse .nessus file(s) and shows output in interactive UI
- iot-security-wiki - IOT security wiki
- CobaltStrikeForensic - Toolset for research malware and Cobalt Strike beacons
- nsfocus-rsas-knowledge-base - 绿盟科技漏洞扫描器(RSAS)漏洞库
- flutter-in-action - 《Flutter实战》电子书
- china-indie-podcasts - 发现与推荐高质量的中文独立播客
- HTML5 - HTML5学习、总结、实践
- win10-secure-baseline-gpo - Windows 10 and Server 2016 Secure Baseline Group Policy
- go101 - An online book focusing on Go syntax/semantics and runtime related things
- web-log-parser - An open source analysis web log tool
- nmap-bootstrap-xsl - A Nmap XSL implementation with Bootstrap.
- frida-all-in-one - 《FRIDA操作手册》by @hluwa @r0ysue
- live - 完整搭建直播平台实例
- zju-icicles - 浙江大学课程攻略共享计划
- xssgun - xss payloads generator
- cs_custom_404 - Cobalt strike custom 404 page
- BabySploit - :baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:
- SecurityMind - share experience towards for information management, brainstorming and so on.
- springboot-penguin - :penguin:基于SpringBoot+Mybatis+Thymeleaf+SemanticUI+Bootstrap的在线考试系统(低仿牛客网)
- yan-demo - 本项目是基于 SpringMVC+Spring+MyBatis (SSM) 架构的高效率便捷开发框架
- ChineseDarkWebCrawler - 中文暗网爬虫
- flask_multi_uploader - flask+webuploader实现多文件上传
- programthink - for 热心读者
- awesome-piracy - A curated list of awesome warez and piracy links
- zfaka - 免费、安全、稳定、高效的发卡系统,值得拥有!
- Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
- proxylist - proxylist, generate by fate0/getproxy project in every 15 minute
- dvxte - Damn Vulnerable Xebia Training Environment
- dotfiles - Sway acid dark
- vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
- fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- wordpress-vulscan - WordPress vulnerability scanner
- linux-explorer - Easy-to-use live forensics toolbox for Linux endpoints
- security-txt - A proposed standard that allows websites to define security policies.
- Awesome-CTF-Book - Study CTF, study security
- js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
- PyCharm-Chinese - PyCharm Chinese Language Pack(中文语言包)
- prism-break - Privacy/security-oriented software recommendations (mirrored from GitLab)
- krackattacks
- seedbox-manager - [UNMAINTAINED] Web app for manage your seedbox
- docker-armhf-torrentbox - Docker image with nginx + php5-fpm + rtorrent + rutorrent(web ui) started with supervisord
- CVE-2017-7092-PoC - This is the Pwn2Own 2017 Safari backup vul's exploit.
- dorm-system - Dorm System
- linuxtools_rst - Linux工具快速教程
- bitaddress.org - JavaScript Client-Side Bitcoin Wallet Generator
- DIY-Cybersecurity-For-Domestic-Violence - Abuse adapts to technology. You deserve privacy and compassion.
- privacytools-zh - privacytool.io -Traditional Chinese version
- Music-Downloader - Download any music from web
- drek - A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
- angryFuzzer - Tools for information gathering
- domxsswiki - Automatically exported from code.google.com/p/domxsswiki
- visualize_logs - A Python library and command line tools to provide interactive log visualization.
- ICS-Security-Tools - Tools, tips, tricks, and more for exploring ICS Security.
- WamaCry - a fake WannaCry
- HTTPLeaks - HTTPLeaks - All possible ways, a website can leak HTTP requests
- fluxion - Fluxion is a remake of linset by vk496 with enhanced functionality.
- OldMirrorsFrontend - mirrors.zju.edu.cn
- Broadlink-RM-SmartThings-Alexa - Control RF and Ir devices using SmartThings and Alexa.
- sleepy-puppy - Deprecated please use https://github.com/Netflix/sleepy-puppy
- badssl.com - :lock: Memorable site for testing clients against bad SSL configs.
- solid - Solid - Re-decentralizing the web (project directory)
- ThreatPinchLookup - Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
- ElvisProjs
- material-blog
- d3-v4-whats-new
- WebFundamentals - Best practices for modern web development
- learning-react - materials about learning react
- SF-zh - 《软件基础》中译版 Software Foundations Chinese Translation
- Crawler_Illegal_Cases_In_China - Collection of China illegal cases about web crawler 本项目用来整理所有中国大陆爬虫开发者涉诉与违规相关的新闻、资料与法律法规。致力于帮助在中国大陆工作的爬虫行业从业者了解我国相关法律,避免触碰数据合规红线。 [AD]中文知识图谱门户
- hexo-theme-matery - A beautiful hexo blog theme with material design and responsive design.一个基于材料设计和响应式设计而成的全面、美观的Hexo主题。国内访问:http://blinkfox.com
- HadoopAndSparkDataStudy - 这是一本关于大数据学习记录的手册,主要针对初学者.做为一个老IT工作者,学习是一件很辛苦的事情.希望这本手册对帮助大家快速的学习与认识大数据(特指Hadoop Spark),为了不让初学者一下接触爆炸式的新概念,我们会以实验先行,概念跟进的方式进行课程学习,这样有利于大家快速进入状态,而不至于一直深陷逻辑概念出不来,但是每个人的学习方式不一样,仁者见仁智者见智吧.大家如果有意见请给我发邮件[email protected] — 楚广明
- Campus-FakeAP - 针对校园网的wifi钓鱼工具
- privacytools.io - 🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
- LingZhi - 灵芝IAST是一款交互式应用安全评估工具,覆盖了Java WEB相关安全风险的检测,具有近实时检测、准确率高、误报率低、漏洞链路清晰等特点|使用之前请阅读官方文档
- v2-ui - 支持多协议多用户的 v2ray 面板,Support multi-protocol multi-user v2ray panel
- ccaa - Linux一键安装Aria2 + AriaNg + FileBrowse实现离线下载、文件管理。
- sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
- mall - ssm小商城
- springboot-manage - 基于SpringBoot + Mybatis + Thymeleaf + Redis + MongoDB + MySQL开发的商品管理系统
- JavaWiki - 不定期收集与JAVA有关书籍或文章
- Cyberspace_Security_Learning - 在学习CTF、网络安全路上整合自己博客和一些资料,持续更新~
- shiro-example - 跟我学Shiro(我的公众号:kaitao-1234567,我的新书:《亿级流量网站架构核心技术》)
- CV - :see_no_evil:Front End Engineer Curriculum Vitae -《切图仔面试宝典》 急需招人,简历请投 [email protected],谢谢
- wooyun-wiki - wiki.wooyun.org的部分快照网页
- skills - Linux、WAF、正则、web安全等一些知识点的总结
- LGBTQIA-in-China - 🏳️🌈 中国的性少数群体一直渴望着自由平等
- Berserker - A list of useful payloads for Web Application Security and Pentest/CTF
- Weak-password - 字典大全 dictionary
- SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods
- WAF-Bypass - WAF Bypass Cheatsheet
- Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
- Software-Security-Learning - Software-Security-Learning
- Web-Security-Learning - Web-Security-Learning
- ipot - Honeypot Research Blog 蜜罐技术研究小组
- Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
-
C (286)
- DetectCobaltStomp - Detects Module Stomping as implemented by Cobalt Strike
- smbdoor - Windows kernel backdoor via registering a malicious SMB handler
- bof-NetworkServiceEscalate - Abuses the Shared Logon Session ID Issue (Described [here](https://www.tiraniddo.dev/2020/04/sharing-logon-session-little-too-much.html) by the awesome James Forshaw) To Achieve System From NetworkService. Can be used as a "getsystem" as well
- ssocks - build static ssocks by cmake,cross build ssocks
- snort-rules - An UNOFFICIAL Git Repository of Snort Rules(IDS rules) Releases.
- ProcDump-for-Linux - A Linux version of the ProcDump Sysinternals tool
- wufuc - Disables the "Unsupported Hardware" message in Windows Update, and allows you to continue installing updates on Windows 7 and 8.1 systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
- StringBleed-CVE-2017-5135 - Stringbleed The CVE 2017-5135 SNMP authentication bypass, created and reserved for this issue, vulnerability type: Incorrect Access Control.
- Cobalt-Strike-Aggressor-Scripts - Cobalt Strike Aggressor 插件包
- Gh0st - 远控源码
- AUTO-EARN - 一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
- axeldown-core - 基于axel-webm的优化项目. 通过webui调用axel进行下载
- net-speeder - net-speeder 在高延迟不稳定链路上优化单线程下载速度
- kcp - KCP - A Fast and Reliable ARQ Protocol (快速可靠传输协议)
- GoodbyeDPI - GoodbyeDPI—Passive Deep Packet Inspection blocker and Active DPI circumvention utility (for Windows)
- AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
- Android_Security - This repository is a suplimentary material for Android Training's done by Anant Shrivastava
- BOFs - Collection of Beacon Object Files
- BOF-DLL-Inject - Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
- Fully-Undetectable-Techniques
- M2Crypto - OpenSSL for Python (both 2.x and 3.x) (generated by SWIG)
- AntiMSHookFunction - AntiMSHookFunction (make MSHookFunction doesn't work)
- n2n - Peer-to-peer VPN
- linux-inject - Tool for injecting a shared object into a Linux process
- ssh-inject-auto-find-libdl
- yabar - A modern and lightweight status bar for X window managers.
- uafuzz - UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
- wsb-detect - wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
- linuxStack - Linux技术栈
- Blizzard-Jailbreak - An Open-Source iOS 11.0 -> 11.4.1 (soon iOS 13) Jailbreak, made for teaching purposes.
- r77-rootkit - Ring 3 rootkit (processes & file system)
- Ventoy - A new bootable USB solution.
- domainTools - 内网域渗透小工具
- heap_exploit_2.31
- netelf - Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
- weizz-fuzzer
- gsocket - Global Socket. Moving data from here to there. Securely, Fast and trough NAT/Firewalls
- PEzor - Open-Source PE Packer
- ish - Linux shell for iOS
- CrossC2 - generate CobaltStrike's cross-platform payload
- c-jwt-cracker - JWT brute force cracker written in C
- whoisscanme
- bypass4netns - Accelerates slirp4netns using SECCOMP_IOCTL_NOTIF_ADDFD. As fast as `--net=host`.
- rtl8188eus - RealTek RTL8188eus WiFi driver with monitor mode & frame injection support
- fakehostname - Run a command and fake your hostname.
- 3snake - Tool for extracting information from newly spawned processes
- sic - Enumerate user mode shared memory mappings on Windows.
- upx - UPX - the Ultimate Packer for eXecutables
- ReflectiveDLLRefresher - Universal Unhooking
- wspe - Windows System Programming Experiments
- acwj - A Compiler Writing Journey
- LogServiceCrash - POC code to crash Windows Event Logger Service
- duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
- wacker - A WPA3 dictionary cracker
- CVE-2020-17382 - PoC exploits for CVE-2020-17382
- libinjection - SQL / SQLI tokenizer parser analyzer
- redteam-research - Collection of PoC and offensive techniques used by the BlackArrow Red Team
- s8_2019_2215_poc - PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass
- yacd - Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required
- knock - A port-knocking daemon
- UAC-TokenDuplication
- Kernelhub - :palm_tree:Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file
- reactos - A free Windows-compatible Operating System
- mem - Tool used for dumping memory from Android devices
- CSAL - Coresight Access Library
- webview - Tiny cross-platform webview library for C/C++/Golang. Uses WebKit (Gtk/Cocoa) and Edge (Windows)
- Damn_Vulnerable_C_Program - a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts.
- awesome-php-ffi - PHP FFI examples and use cases
- EternalBlueC - EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
- firewalker
- VmwareHardenedLoader - Vmware Hardened VM detection mitigation loader (anti anti-vm)
- neatcc - A small arm/x86(-64) C compiler
- opencl_brute - MD5,SHA1,SHA256,SHA512,HMAC,PBKDF2,SCrypt Bruteforcing tools using OpenCL (GPU, yay!) and Python
- littl_tools
- RedisModules-ExecuteCommand - Tools, utilities and scripts to help you write redis modules!
- redis-rogue-getshell - redis 4.x/5.x master/slave getshell module
- ant_php_extension - PHP 扩展, 用于 PHP-FPM、FastCGI、LD_PRELOAD等模式下突破 disabled_functions
- cobaltstrike_bofs - My CobaltStrike BOFS
- C_Shot
- UAC_Bypass_In_The_Wild - Windows 10 UAC bypass for all executable files which are autoelevate true .
- pafish - Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
- BOF_Collection - Various Cobalt Strike BOFs
- RpcSsImpersonator - Privilege Escalation Via RpcSs svc
- liblnk - Library and tools to access the Windows Shortcut File (LNK) format
- NINA - NINA: No Injection, No Allocation x64 Process Injection Technique
- peafowl - High performance Deep Packet Inspection (DPI) framework to identify L7 protocols and extract and process data and metadata from network traffic.
- libelfmaster - Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
- ftrace - POSIX Function tracing
- dsym_obfuscate - Obfuscates dynamic symbol table
- armpatched - clone of armadillo patched for windows
- CreateFile_based_rootkit
- Shellcode-In-Memory-Decoder - A simple C implementation to decoded your shellcode and writes it directly to memory
- hotwax - Coverage-guided binary fuzzing powered by Frida Stalker
- Nougat_dlfunctions
- faxhell - A Bind Shell Using the Fax Service and a DLL Hijack
- Impost3r - 👻Impost3r -- A linux password thief
- mimikatz - A little tool to play with Windows security
- PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
- sandboxie - The Sandboxie application
- NtLua - Lua in kernel-mode because why not.
- MailJack
- bline - Naver LINE VoIP reversing stuff
- WindTerm - A quicker and better cross-platform SSH/Sftp/Shell/Telnet/Serial client.
- nccfsas - Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.
- checkm8-a5 - checkm8 port for S5L8940X/S5L8942X/S5L8945X
- ctftool - Interactive CTF Exploration Tool
- ipftrace2 - A packet oriented Linux kernel function call tracer
- hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
- spoolsystem - Print Spooler Named Pipe Impersonation for Cobalt Strike
- KatroLogger - KeyLogger for Linux Systems
- shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
- HyperDbg - The Source Code of HyperDbg Debugger 🐞
- gatekeeper - First open-source DDoS protection system
- PoC - PoC of CVE/Exploit
- robotgo - RobotGo, Go Native cross-platform GUI automation @vcaesar
- thc-hydra - hydra
- enumy - Linux post exploitation privilege escalation enumeration
- ios-inject-custom - Example showing how to use Frida for standalone injection of a custom payload
- Android_InlineHook - Android内联hook框架
- keychaindump - A proof-of-concept tool for reading OS X keychain passwords
- tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
- snoopy - Snoopy is a small library that logs all program executions on your Linux/BSD system (a.k.a. Snoopy Logger).
- kirandomtpm - Get random bytes from the TPM (tool + BCrypt RNG provider)
- CTFENV - 为应对CTF比赛而搭建的各种环境
- RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
- SystemToken - Steal privileged token to obtain SYSTEM shell
- ldns - LDNS is a DNS library that facilitates DNS tool programming
- lulzbuster - A very fast and smart web directory and file enumeration tool written in C.
- CVE-2020-0796 - CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
- passcat - Passwords Recovery Tool
- AssetManage
- Shuriken - Offensive Android Kernel on Steroids - Shuriken is an Android kernel for Oneplus 5/5T which supports multiple features for pentesting.
- adduser - Programmatically create an administrative user under Windows
- ptrace-burrito - a friendly wrapper around ptrace
- SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
- Headshot - NGINX module to allow for RCE through a specific header
- scrcpy - Display and control your Android device
- ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
- smartdns - A local DNS server to obtain the fastest website IP for the best Internet experience, 一个本地DNS服务器,获取最快的网站IP,获得最佳上网体验。
- Dumpert - LSASS memory dumper using direct system calls and API unhooking.
- wasm-fuzzing-demo - Demos of and walkthroughs on in-browser fuzzing using WebAssembly
- SwiftLaTeX - SwiftLaTeX, a WYSIWYG Browser-based LaTeX Editor
- antispy - AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.
- igoat - OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
- iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
- graftcp - A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
- xmake - 🔥 A cross-platform build utility based on Lua
- massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
- rifiuti2 - Windows Recycle Bin analyser
- kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
- rdpscan - A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.
- cve-2019-5736-poc - Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)
- HashCheck - HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org
- endlessh - SSH tarpit that slowly sends an endless banner
- netfilter-full-cone-nat - A kernel module to turn MASQUERADE into full cone SNAT
- HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Windows Driver
- BlockRDPBrute - [HIPS]RDP(3389)爆破防护
- getshell - 各大平台提权工具
- wazuh - Wazuh - The Open Source Security Platform
- Introduction-to-Computer-Systems - Course : Introduction to Computer Systems
- sway - i3-compatible Wayland compositor
- badvpn - NCD scripting language, tun2socks proxifier, P2P VPN
- UnixTools - 一些处理数据的Unix小工具,支持管道操作。
- n2n - A development branch of the n2n p2p vpn software
- BinExp - Linux Binary Exploitation
- fi6s - IPv6 network scanner designed to be fast
- MacType-Patch - MacType Patch for DirectWrite Hook
- RaspberryPiPkg - DEPRECATED - DO NOT USE | Go here instead ->
- https_dns_proxy - A lightweight DNS-over-HTTPS proxy.
- sumatrapdf - SumatraPDF reader
- zogvm - zogna video manager
- virgo - :virgo::computer::computer::computer::computer: Virtual desktops for Windows
- netdata - Real-time performance monitoring, done right! https://www.netdata.cloud
- MBE - Course materials for Modern Binary Exploitation by RPISEC
- execve_exploit - Hardcore corruption of my execve() vulnerability in WSL
- eoip - EoIP/EoIPv6 for *nix.
- general - general mode via module loading
- 3proxy - 3proxy - tiny free proxy server
- electra - Electra iOS 11.0 - 11.1.2 jailbreak toolkit based on async_awake
- dnscrypt-proxy - DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)
- awesome-nginx - A curated list of awesome Nginx distributions, 3rd party modules, Active developers, etc. :octocat:
- CTF-All-In-One - CTF竞赛权威指南(Pwn篇)
- vlmcsd - KMS Emulator in C (currently runs on Linux including Android, FreeBSD, Solaris, Minix, Mac OS, iOS, Windows with or without Cygwin)
- motion - Motion, a software motion detector. Home page: https://motion-project.github.io/
- mpv - 🎥 Command line video player
- tinc - a VPN daemon
- linux-exploit-development-tutorial - a series tutorial for linux exploit development to newbie.
- krackattacks-test
- UACME - Defeating Windows User Account Control
- tinyproxy - tinyproxy - a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
- krackattacks-scripts
- icmp-backdoor - Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.
- KernelPCC - PCC is a new approach for TCP congestion control base on real-time performance analysis. This is a kernel implementation of it.
- tcp_china - TCP China congestion control algorithm
- tcpcopy - An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc
- Web-Application-Firewall - Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.
- dsptunnel - IP over audio tunnel
- sniproxy - Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
- seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
- wireguard-monolithic-historical - Historical monolithic WireGuard repository, split into wireguard-tools, wireguard-linux, and wireguard-linux-compat.
- tcpkit - the tcpkit was designed to make network packets programable with Lua script
- LocateIP - 高效的IP数据库解析库
- vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5
- axel - Lightweight CLI download accelerator
- gps-sdr-sim - Software-Defined GPS Signal Simulator
- keepassxc-debian - Debian source package for the KeePassXC password manager.
- ios-kexec-utils - boot LLB/iBoot/iBSS/iBEC image from a jailbroken iOS kernel
- HSEVD-ArbitraryOverwrite - HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit
- sudo-CVE-2017-1000367
- kcptun-raw - Kcptun with raw socket and fake TCP headers.
- Invoke-Vnc - Powershell VNC injector
- shujit - Java Just-in-Time Compiler for x86 processors
- exploit-CVE-2017-7494 - SambaCry exploit and vulnerable container (CVE-2017-7494)
- AD-control-paths - Active Directory Control Paths auditing and graphing tools
- pcileech - Direct Memory Access (DMA) Attack Software
- DoubleAgent - Zero-Day Code Injection and Persistence Technique
- wanakiwi - Automated wanadecrypt with key recovery if lucky
- Adafruit-GPIO-Halt - Press-to-halt program for headless Raspberry Pi. Similar functionality to the rpi_power_switch kernel module from the fbtft project, but easier to compile (no kernel headers needed).
- mptunnel - MPUDP Tunnel (User space MultiPath UDP)
- Rhme-2016 - Rhme2 challenge (2016)
- UnmanagedPowerShell - Executes PowerShell from an unmanaged process
- injectopi - A set of tutorials about code injection for Windows.
- demos - Demos of various injection techniques found in malware
- honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
- post-exploitation - Post Exploitation Collection
- esp8266_deauther - Affordable WiFi hacking platform for testing and learning
- eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
- Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
- scap - Network Sniffer (Scan and Capture Incoming Packets)
- ncrack - Ncrack network authentication tool
- cve-2015-6639 - QSEE Privilege Escalation Exploit using PRDiag* commands (CVE-2015-6639)
- inetutils - the copy of https://git.savannah.gnu.org/cgit/inetutils.git/ with knali support
- mtr - Official repository for mtr, a network diagnostic tool
- libproofofwork - Simple hash-mining c library and its python binding.
- wifi_crack_windows - wifi crack project for windows
- NTDSDumpEx - NTDS.dit offline dumper with non-elevated
- android_security - Public Android Vulnerability Information (CVE PoCs etc)
- winafl - A fork of AFL for fuzzing Windows binaries
- f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API.
- pentestkoala - Modified dropbear server which acts as a client and allows authless login
- john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
- firejail - Linux namespaces and seccomp-bpf sandbox
- SE315-OperatingSystem - SJTU-SE315 Operating System labs from MIT 6.828, by a SE12er.
- passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
- wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
- android_kernel_crash_poc
- USG - The USG is Good, not Bad
- ossec-hids - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
- bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
- mimipenguin - A tool to dump the login password from the current linux user
- How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++
- Learn-Algorithms - 算法学习笔记
- wrk - Modern HTTP benchmarking tool
- JC-AntiPtrace - 安卓绕过ptrace反调试
- CVE-2019-0708-EXP-Windows - CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell
- learn-kvm - Qemu KVM(Kernel Virtual Machine)学习笔记
- smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)
- process-inject - 在Windows环境下的进程注入方法:远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
- AppProtect - 整理一些app常见的加固方法,包括java层、native层和资源文件加固等
- tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
- linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
- algorithm-structure - 2020年最新总结 100个常用数据结构,算法,算法导论,面试常用,大厂高级工程师整理总结
- AderXCoding - 介绍各类语言,库,系统编程以及算法的学习
- Linux-NetSpeed - BBR+BBR魔改+Lotsever(锐速)一键脚本 for Centos/Debian/Ubuntu
- hihttps - hihttps是一款完整源码的高性能web应用防火墙,既支持传统WAF的所有功能如SQL注入、XSS、恶意漏洞扫描、密码暴力破解、CC、DDOS等ModSecurity正则规则,又支持无监督机器学习,自主对抗未知攻击。
- unit - Unit 中文文档源,每 24 小时与官方同步。中文文档请点README_CN.md。
- getSystem - webshell下提权执行命令 Reference:https://github.com/yusufqk/SystemToken
- domainWeakPasswdCheck - 内网安全·域账号弱口令审计
- patchelf - A small utility to modify the dynamic linker and RPATH of ELF executables
- MemoryModule - Library to load a DLL from memory.
- donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
- nDPI - Open Source Deep Packet Inspection Software Toolkit
- byOpen - 🎉A dlopen library that bypasses mobile system limitation
- OpenWAF - Web security protection system based on openresty
- bypass_disablefunc_via_LD_PRELOAD - bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
- rdp2tcp - rdp2tcp: open tcp tunnel through remote desktop connection.
- FastHook - Android ART Hook
- p0f-mtu - p0f with patches to save MTU value and export it via API (for VPN detection)
- Pentest - tools
- Android_Kernel_CVE_POCs - A list of my CVE's with POCs
- icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.
- heap-exploitation - This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
- windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
- Android-Inline-Hook - thumb16 thumb32 arm32 inlineHook in Android
-
Java (504)
- SandVXposed - Xposed environment without root (OS 5.0 - 10.0)
- JavaSecurity - Java web and command line applications demonstrating various security topics
- MysqlMonitor-GUI
- JNDIExploit - A malicious LDAP server for JNDI injection attacks
- xmind - The most popular mind mapping software
- CobaltStrike - CobaltStrike's source code
- MyBatisCodeHelper-Pro-Crack - Crack for Intellij IDEA plugin: MybatisCodeHelperPro.
- BurpSuite_Pro_v1.7.32 - BurpSuite_Pro_v1.7.32
- ShiroScanner
- CVE-2020-2551 - CVE-2020-2551
- BurpSuiteLoader - Burp Suite loader version --> ∞
- TSLab-Exploit - One tool of exploit vuln in batch!!!
- Burp-TCP-and-DNS-Proxy - TCP and DNS Proxy for Burp Suite.
- BurpUnlimited - This project EXTENDS BurpLoader's license. It is NOT intended to replace BurpLoader.
- tomcat-maven
- android-tips-tricks - :ballot_box_with_check: [Cheatsheet] Tips and tricks for Android Development
- dexshellerInMemory - android APK一键DEX加固脚本(内存加载DEX)
- frostmourne - frostmourne是基于Elasticsearch, InfluxDB数据,Mysql数据的监控,报警,分析系统. Monitor & alert & alarm & analyze for Elasticsearch && InfluxDB Log Data。主要使用springboot2 + vue-element-admin。 https://frostmourne-demo.github.io/
- WeChatAssist - 一款基于Android AccessibilityService(辅助服务)的自动操作微信的app,实现的功能有,附近的人自动打招呼,通讯录自动发消息,自动加好友,自动点赞评论,自定发漂流瓶,自动加群好友,自动推广公众号等等,同时,使用hook模块进行了微信的模拟定位,附近的人位置随意切换。
- flink-learning - flink learning blog. http://www.flink-learning.com 含 Flink 入门、概念、原理、实战、性能调优、源码解析等内容。涉及 Flink Connector、Metrics、Library、DataStream API、Table API & SQL 等内容的学习案例,还有 Flink 落地应用的大型项目案例(PVUV、日志存储、百亿数据实时去重、监控告警)分享。欢迎大家支持我的专栏《大数据实时计算引擎 Flink 实战与性能优化》
- RMIDeserialize - RMI 反序列化环境 一步步
- shiro-check - Shiro反序列化回显利用检查 Burp插件
- JspMaster-Deprecated - 一款基于webshell命令执行功能实现的GUI webshell管理工具,支持流量加密
- JustTrustMe-master - 在JustTrustMe的基础上修改了log日志打印位置,便于追踪hook函数
- fastjson-autotype-bypass-demo - fastjson 1.2.68 版本 autotype bypass
- RxAppEncryptionProtocol - frida反特征检测 app协议破解 Frida破解协议 sslping抓包 通用逆向破解 打印native动态注册函数
- tomcat-cluster-session-sync-exp - tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484是session持久化的洞,这个是session集群同步的洞!
- frpMgr - Frp快速配置面板
- FindClassInJars - 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。
- jackson-CVE-2020-8840 - FasterXML/jackson-databind 远程代码执行漏洞
- learnjavabug - Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
- GDA-android-reversing-Tool - GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
- Decrypt_Weblogic_Password - 搜集了市面上绝大部分weblogic解密方式,整理了7种解密weblogic的方法及响应工具。
- dk-fitting - Fitting是一个面向大数据的统一的开发框架,由大快搜索主导并完全开源,克服了大数据技术开发涉及技术面广,各组件间缺乏统一规范等问题,能有效降低大数据的学习难度,并提高大数据项目的开发效率并可与开源项目混用。 Fitting遵循Apache2.0开源协议,采用类黑箱框架模式,将大数据生态圈内各组件底层API根据应用组合封装为Fitting API服务。用户编程时直接引用Fitting框架,即可使用功能丰富的Fitting API,完成过去复杂的编码工作。 Fitting框架由数据处理(dataprocess)、数据源(datasource)、ElasticSQL引擎(elasticsql)、图计算(graphx)、机器学习(ml)、自然语言处理(nlp)、搜索(search)、SQL工具类、(sqlutils)、流计算(stream)九大部分组成,可以单独部署,也可整体部署。 Fitting支持C、C++、C#、Cocoa、Common Lisp、Dlang、Dart、Delphi、Erlang、Go、Haskell、Haxe、Java (SE)、Java (ME)、Lua、node.js、OCaml、Perl、PHP、Python、Ruby、Rust、Smalltalk等二十多种编程语言。
- BLCS - 一款集合多个Android开源库的使用工具,可以展示各个开源库的特性。并简单了解其使用方法。包含[★1.1仿微信功能-字体大小★1.2仿微信功能-存储空间★1.3仿微信功能-多语言★1.4仿微信功能-地区选择★2.BottomNavigationView★3.RecyclerView4.DialogFragment★5.toolbar★6.RxToast★7.转盘小游戏★8.跑马灯/水波纹/标签★9.侧滑菜单/悬浮按钮★10.ViewPage指示器★11.ViewPage★12-13.OpenGl★14.常用Dialog★15.进度条★16.蛛网等级及颜色选取★17.Banner轮播图★18.通知NotificationCompat★19.选择器Picker★20.标签列表LabelList★21.声音与震动★22.PopupWindow★23.放大镜★24.刮刮卡★25.腾讯开源UI库《QMUI_Android》★26.开源图表库《MPAndroidChart》★27.条形码/二维码★1.博客★2.版本更新★3.全局异常捕获★4.内存泄漏检测★5.Rxjava+Retrofit封装★6.调用系统功能★7.SQLite ]
- sqlmap4burp-plus-plus - sqlmap4burp++是一款兼容Windows,mac,linux多个系统平台的Burp与sqlmap联动插件
- passive-scan-client - Burp被动扫描流量转发插件
- captcha-killer - burp验证码识别接口调用插件
- wgcloud - linux运维监控工具
- wooyun-payload - 从wooyun中提取的payload,以及burp插件
- shell-plus - 💻Shell Plus 是基于 RMI 的一款服务器管工具,由服务端、注册中心、客户端进行组成。该工具主要用于服务器管理、攻防后门安全测试以及技术研究,禁止用于非法犯罪。
- mongodb-file-server - MongoDB File Server is a file server system based on MongoDB. 基于 MongoDB 的文件服务器。
- VirtualLocation - 利用Hook技术对APP进行虚拟定位,可修改微信、QQ、以及一些打卡APP等软件,随意切换手机所处位置!
- S2-055-PoC - S2-055的环境,基于rest-show-case改造
- study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095 - Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告
- lanproxy - lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面...)。目前市面上提供类似服务的有花生壳、TeamView、GoToMyCloud等等,但要使用第三方的公网服务器就必须为第三方付费,并且这些服务都有各种各样的限制,此外,由于数据包会流经第三方,因此对数据安全也是一大隐患。技术交流QQ群 1067424330
- CVE-2017-12149 - CVE-2017-12149 JBOSS as 6.X反序列化(反弹shell版)
- Tomcat_weak_password_scan - Tomcat弱口令扫描器
- waf - :vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
- blog - SpringBoot + Mybatis + thymeleaf 搭建的个人博客 http://www.54tianzhisheng.cn/
- spring-boot-projects - 该仓库中主要是 Spring Boot 的入门学习教程以及一些常用的 Spring Boot 实战项目教程,包括 Spring Boot 使用的各种示例代码,同时也包括一些实战项目的项目源码和效果展示,实战项目包括基本的 web 开发以及目前大家普遍使用的线上博客项目/企业大型商城系统/前后端分离实践项目等,摆脱各种 hello world 入门案例的束缚,真正的掌握 Spring Boot 开发。
- VisualSocialNetwork - 用图状数据结构表达社交网络中实体、边的关系,以 web 应用形式可视化展示。
- bigtable-sql - 分布式大数据SQL查询可视化界面!
- XrayGUI - Build A GUI For Xray,给Xray造一个GUI控制端。
- BurpCustomizer - Because just a dark theme wasn't enough!
- burp-send-to - Adds a customizable "Send to..."-context-menu to your BurpSuite.
- java-load - 记录自己从零开始学习Java SE的道路
- burpJsEncrypter - More Easier Burp Extension To Solve Javascript Front End Encryption,一款更易使用的解决前端加密问题的Burp插件。
- LandrayDES - 蓝凌OA的前后台密码的加解密工具
- BurpFastJsonScan - 一款基于BurpSuite的被动式FastJson检测插件
- ysoserial-modified - That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
- CVE-2020-26259 - CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
- RegexFinder - RegexFinder - Burp Suite extension to passively scan responses for occurrence of regular expression patterns.
- swurg - Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
- burp-suite-utils - Utilities for creating Burp Suite Extensions.
- As-Exploits - 中国蚁剑后渗透框架
- XposedAppium - 基于Xposed自动化框架
- XposedOkHttpCat
- android-emulator-detector - Easy to detect android emulator
- publiccms_decrypt - publiccms_decrypt
- freddy-deserialization-bug-finder
- Burp2Slack - Push notifications to Slack channel or to custom server based on BurpSuite response conditions.
- burp-info-extractor - burpsuite extension for extract information from data
- VulnerableApp - OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
- super-jadx - Add new features for reverse engineering, such as: renaming of classes, fields, methods, variables, reference graphs and more.
- IntelliJDashPlugin - A smart and simple plugin that provides keyboard shortcut access for Dash, Velocity or Zeal in IntelliJ IDEA, RubyMine, WebStorm, PhpStorm, PyCharm and Android Studio.
- Damn-Vulnerable-Bank - Vulnerable Banking Application for Android
- DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
- jgraphx - jgraphx 4.0.4 build for cs project
- proxyee - HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
- BurpSuite-Exclude-From-Scope
- ApkSignatureKiller - 一键破解APK签名校验
- XxlJob-Hessian-RCE - XxlJob<=2.1.2配置不当情况下反序列化RCE
- lnk2pwn - Malicious Shortcut(.lnk) Generator
- Burp-Auto-Do-Intercept - Burp Suite Extender can auto intercept response for specify URL.
- FakerAndroid - A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.
- AnLinux-App - AnLinux allow you to run Linux on Android without root access.
- burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
- Lokiboard-Mod - Just Mod Version of lokiboard with remote reporting via Gmail
- burp-multiplayer - Burp with Friends
- dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
- SootTutorial - A step-by-step tutorial for Soot (a Java static analysis framework)
- BCELCodeman - BCEL encode/decode manager for fastjson payloads
- Richsploit - Exploitation toolkit for RichFaces
- MagiCude - 分布式端口(漏洞)扫描、资产安全管理、实时威胁监控与通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架
- Mini-Android-Challenges - A small Android CTF challenge
- BehinderClientSource - 冰蝎客户端源码-3.0-BETA6
- CVE-2020-2551 - Weblogic IIOP CVE-2020-2551
- attackRmi - attackRmi
- memshell - Tomcat 冰蝎内存马。
- BCELConverter - BCEL class转换插件
- ShiroScan - burp插件 ShiroScan 主要用于框架、无dnslog key检测
- passive-scan-client-and-sendto - burp被动扫描自动转发和手动重发插件
- JavaLearnVulnerability - Java漏洞学习笔记 Deserialization Vulnerability
- HackingSimplified - This is where I share code/material shown in my videos
- spring-view-manipulation - When MVC magic turns black
- FastjsonScan - 一个简单的Fastjson反序列化检测burp插件
- androidx - Development environment for Android Jetpack extension libraries under the androidx namespace. Synchronized with Android Jetpack's primary development branch on AOSP.
- fastjson-bypass-autotype-1.2.68 - fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
- nutz - Nutz -- Web Framework(Mvc/Ioc/Aop/Dao/Json) for ALL Java developer
- JWT4B - JWT Support for Burp
- shiro-urldns - shiro反序列化检测(只是个玩具23333)
- ShiroRce-Burp
- powerauth-push-server - PowerAuth Push Server repository
- Struts2-Vuln-Demo - Struts2漏洞实例源码
- WebLogic-Shiro-shell - WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell
- cfr - This is the public repository for the CFR Java decompiler
- jvm-sandbox - Real - time non-invasive AOP framework container based on JVM
- weblogic_cmd - weblogic t3 deserialization rce
- rmi-jndi-ldap-jrmp-jmx-jms - rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
- RemoteObjectInvocationHandler - bypass JEP290 RaspHook code
- CVE-2020-2555 - Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
- security_taint_propagation - Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.
- javaparser - Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13
- JavaProbe - A Java runtime information-gathering tool which uses the Java Attach API for information acquisition
- soot - Soot - A Java optimization framework
- cafecompare - Java code comparison tool (jar / class)
- fastjson-blacklist - 打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。
- R9000
- libsu - A complete solution for apps using root permissions
- cve_2020_14644
- ovaa - Oversecured Vulnerable Android App
- Apache-Tomcat-Redis-Remote-Code-Execution - Apache-Tomcat-Redis-Remote-Code-Execution
- snyk-maven-plugin - A maven plugin that can test a pom.xml for vulnerabilities in its dependencies
- BetterBackdoor - A backdoor with a multitude of features.
- AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers
- StaticInitializerPayload
- leetcode-editor - Do Leetcode exercises in IDE, support leetcode.com and leetcode-cn.com, to meet the basic needs of doing exercises.Support theoretically: IntelliJ IDEA PhpStorm WebStorm PyCharm RubyMine AppCode CLion GoLand DataGrip Rider MPS Android Studio
- threatmodel-sdk - A Java library for parsing and programmatically using threat models
- shiroPoc
- ShiroScan - Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)
- ysoserial - forked from frohoff/ysoserial and added my own payloads.
- SerializationDumper - A tool to dump Java serialization streams in a more human readable form.
- CVE-2020-14645 - Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
- JavaThings - Share Things Related to Java - Java安全漫谈笔记相关内容
- CAS_EXP - CAS 硬编码 远程代码执行漏洞
- secscan-authcheck - 越权检测工具
- JavaSerialKiller - Burp extension to perform Java Deserialization Attacks
- CVE-2020-9547 - CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞
- pine - Dynamic java method hook framework on ART.
- tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
- SCTF2020 - SCTF2020
- keycloak - Open Source Identity and Access Management For Modern Applications and Services
- rmi-deserialization - Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
- WebLogicPasswordDecryptorUi - 解密weblogic AES或DES加密方法
- CVE-2020-5902 - CVE-2020-5902 BIG-IP
- AndroidWebDoor - A minimalistic android backdoor
- xjar - Spring Boot JAR 安全加密运行工具,支持的原生JAR。
- PHONK - PHONK is a self-contained creative scripting toolbox for new and old Android Devices
- jvmxray - Make Java security events of interest visible for analysis
- CronScheduler - An alternative to ScheduledThreadPoolExecutor proof against the clock drift problem
- ysomap - A helpful Java Deserialization exploit framework based on ysoserial
- after-deserialization-attack - Java After-Deserialization Attack
- ApkCrack - A tool that make your apk debuggable for Charles/Fiddler in Android 7.0
- WebViewDebugHook - Use Xposed force all webView to debug on android 4.4+
- FridaLoader - A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices
- burp-security-headers-checker - Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses
- VulnreportForBurp - Burp Suite extension to enable reporting findings directly to VulnReport
- Copy-as-JavaScript-Request - Copy as JavaScript Request plugin for Burp Suite
- YaguraExtender - Burpsuite extension. Supports CJK (Chinese, Japanese, Korean) encoding.
- burp-api-common - common methods that used by my burp extension projects
- burp-samesite-reporter - Burp extension that passively reports various SameSite flags
- burp-suite-swaggy - Burp Suite extension for parsing Swagger web service definition files
- BigIPDiscover - It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
- r-forwarder-burp - The burp extension to forward the request
- burp-multistep-csrf-poc - Burp extension to generate multi-step CSRF POC.
- burp-suite-jsonpath - JSONPath extension for BurpSuite
- log-requests-to-sqlite - BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
- cstc - CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
- TeaBreak - A productivity burp extension which reminds to take break while you are at work!
- jvm-rasp - 基于JVM-Sandbox实现RASP安全监控防护
- Apache-Tomcat-MongoDB-Remote-Code-Execution - Apache Tomcat + MongoDB Remote Code Execution
- awvs - Java版的awvs批量添加扫描任务,适用于awvs_12
- fortify-license-crack - fortify-license-crack
- DVMUnpacker
- fastjson-blacklist
- Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
- freddy - Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
- dragondance - Binary code coverage visualizer plugin for Ghidra
- hack-root - Android APP get root-level permissions without rooted system
- Android-GetAPKInfo - 获取Android应用基本信息的工具集
- FastJson1.2.62-RCE - 来源于jackson-CVE-2020-8840,需要开autotype
- rogue-jndi - A malicious LDAP server for JNDI injection attacks
- BurpCrypto - BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
- rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
- roots_a11y - PoC files for the publication 'How Android's UI Security is Undermined by Accessibility'.
- JSP-Webshells - Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
- JustTrustMePlus
- SpringBootVulExploit - SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
- CVE-2020-2883 - Weblogic coherence.jar RCE
- MyPerf4J - High performance Java APM. Powered by ASM. Try it. Test it. If you feel its better, use it.
- threadtear - Multifunctional java deobfuscation tool suite
- EdXposedManager - Companion Android application for EdXposed
- param-miner
- ShiroExploit-Deprecated - Shiro550/Shiro721 一键化利用工具,支持多种回显方式
- JspForAntSword - 中国蚁剑JSP一句话Payload
- CollaboratorPlusPlus
- LoggerPlusPlus - Advanced Burp Suite Logging Extension
- firing-range
- JNDI - JNDI 注入利用工具
- Bridge - 无回显漏洞测试辅助平台,平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
- generator-burp-extension - Everything you need about Burp Extension Generation
- Burpy - A plugin that allows you execute python and get return to BurpSuite.
- java-object-searcher - java内存对象搜索辅助工具
- sonarqube - Continuous Inspection
- find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
- CryptionTool - 一个CTF+渗透测试工具框架,集成常见加解密,密码、编码转换,端口扫描,字符处理等功能
- PathLayoutManager - RecyclerView的LayoutManager,轻松实现各种炫酷、特殊效果,再也不怕产品经理为难!
- CookBook - 🎉🎉🎉JAVA高级架构师技术栈==任何技能通过 “刻意练习” 都可以达到融会贯通的境界,就像烹饪一样,这里有一份JAVA开发技术手册,只需要增加自己练习的次数。🏃🏃🏃
- dubbo-exp - Dubbo反序列化一键快速攻击测试工具,支持dubbo协议和http协议,支持hessian反序列化和java原生反序列化。
- class-decompile-intellij - decompile .class file
- tools-ocr - 树洞 OCR 文字识别(一款跨平台的 OCR 小工具)
- GadgetProbe - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
- SoloPi - SoloPi 自动化测试工具
- gnirehtet - Gnirehtet provides reverse tethering for Android
- opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java
- mockserver - MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and SOCKS Proxying (i.e. dynamic port forwarding).
- proguard - ProGuard, Java optimizer and obfuscator
- JNDI-Injection-Exploit - JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
- Bastillion - Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
- SecMobile - 移动安全检测平台,支持Android和iOS应用辅助分析。
- FridaHooker - Android Frida GUI Manager; Android 图形化Frida管理器
- akhq - Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
- falcon - Falcon: A practical log-based analysis tool for distributed systems
- poi-slinger - Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan
- rapid - Rapid is a Burp extension that enables you to save HTTP Request & Response data to a single file a lot easier and faster, in one go.
- burp-cookie-porter - 一个可快速“搬运”cookie的Burp Suite插件
- android-backup-extractor - Android backup extractor
- adonistrack - Simple Java profiling tool
- powerauth-cmd-tool - Command-line utility for PowerAuth Reference Client
- rotacsufbo - did u know the name of the repo is obfuscator backwards?
- VyAPI - VyAPI - A cloud based vulnerable hybrid Android App
- automatic-api-attack-tool - Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
- diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
- SwissArmyKnife - android ui调试工具
- AndroTickler - Penetration testing and auditing toolkit for Android apps.
- uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
- android-classyshark - Analyze any Android/Java based app or game
- BigData-Notes - 大数据入门指南 :star:
- java_xxe_2019 - 总结了一下2019年在JVM环境中使用XXE攻击的知识
- Brida - The new bridge between Burp Suite and Frida!
- apk_auto_enforce - APK一键自动化加固脚本
- atlassian-agent - Atlassian's productions crack.
- eshop - 基于Spring Boot +Dubbo微服务商城系统
- pingyougou - 使用IDEA版本开发品优购商城项目
- eladmin - 项目基于 Spring Boot 2.1.0 、 Jpa、 Spring Security、redis、Vue的前后端分离的后台管理系统,项目采用分模块开发方式, 权限控制采用 RBAC,支持数据字典与数据权限管理,支持一键生成前后端代码,支持动态路由
- SeimiCrawler - 一个简单、敏捷、分布式的支持SpringBoot的Java爬虫框架;An agile, distributed crawler framework.
- hope-cloud - :whale: Hope-Cloud is a Java microservice project
- redtorch - Java开源量化交易开发框架
- zheshiyigeniubidexiangmu - 数字货币量化交易系统,支持多家交易所
- vulnado - Purposely vulnerable Java application to help lead secure coding workshops
- SpringCloudLearning - 《史上最简单的Spring Cloud教程源码》
- authz
- concurrent-programming - :cactus:《实战java高并发程序设计》源码整理
- Msgs - 短信群发,支持单卡/双卡,发送短信,Excel导入
- Second-hand-mall - 模仿咸鱼的二手交易商城
- Shiro-Action - 基于 Shiro 的权限管理系统,支持 restful url 授权,体验地址 :
- java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
- steady - Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
- Spring-Boot-In-Action - Spring Boot 系列实战合集
- answerWeb - 基于SSM在线答题系统
- Java_deserialize_vuln_lab - Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
- SpringAll - 循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2,博客Spring系列源码:https://mrbird.cc
- Gotrip - 民宿旅游管理系统,SSM框架实现
- EStore - 一个基于JavaWeb的网上电子购物城项目,实现展示商品、购买商品、提交订单、持久化保存到数据库等基本功能
- hfuu_shop - 原生Jsp和Servlet实现的简单二手物品交易网站
- MMall_JAVA - 基于SSM框架的前后端分离设计完整仿天猫网站服务器端源码。项目特点:前后端分离,数据库接口设计,架构设计,功能开发,上线运维
- godofwar - GodOfWar - Malicious Java WAR builder with built-in payloads
- biubiu - 弹幕视频与直播网站
- multimarkdown - 破解 IntelliJ IDEA 的 Markdown Navigator 插件,觉着不错的话可以 Start 一下哟!
- Images-to-PDF - An app to convert images to PDF file!
- CVE-2018-3252 - CVE-2018-3252-PoC
- jboss-_CVE-2017-12149 - CVE-2017-12149 jboss反序列化 可回显
- javacore - :coffee: JavaCore 是对 Java 核心技术的经验总结。
- HackBar - HackBar plugin for Burpsuite
- traccar - Traccar GPS Tracking System
- MySQLMonitor - MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)
- springboot-ssm - springboot整合mybatis(SSM项目整合)
- chunked-coding-converter - Burp suite 分块传输辅助插件
- Nessus_to_report - Nessus中文报告自动化脚本
- SpringCloudLesson - SpringCloud从入门到精通系列课程
- locker - mybatis乐观锁插件,MyBatis Optimistic Locker Plugin
- mytwitter - 一个模仿Twitter的Java Web项目(基于原生的Servlet)
- ghidra - Ghidra is a software reverse engineering (SRE) framework
- toBeTopJavaer - To Be Top Javaer - Java工程师成神之路
- manong-ssm - 基于SSM框架的Java电商项目
- Java - All Algorithms implemented in Java
- miaosha - ⭐⭐⭐⭐秒杀系统设计与实现.互联网工程师进阶与分析🙋🐓
- weixin-bot - 使用微信Api实现微信客户端功能(使用Java开发) 可用于监控微信消息、特别关心钉钉提醒功能
- advanced-java - 😮 互联网 Java 工程师进阶知识完全扫盲:涵盖高并发、分布式、高可用、微服务、海量数据处理等领域知识,后端同学必看,前端同学也可学习
- Java-Web-Security - Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
- jndiat - JNDI Attacking Tool
- gitstar-ranking - GitHub star ranking for users, organizations and repositories
- AES-Killer - Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
- BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
- Cknife - Cknife
- IIS-ShortName-Scanner - latest version of scanners for IIS short filename (8.3) disclosure vulnerability
- CVE-2018-1270 - Spring messaging STOMP protocol RCE
- gdns - A Secure DNS Server (forwarder) based on Google DNS over HTTPS Service
- mybatis-generator-gui - mybatis-generator界面工具,让你生成代码更简单更快捷
- mssql-jdbc - The Microsoft JDBC Driver for SQL Server is a Type 4 JDBC driver that provides database connectivity with SQL Server through the standard JDBC application program interfaces (APIs).
- MybatisPlugin-Crack-Javassist - Javassist实现的破解IDEA MybatisPlugin修改字节码工具,仅供学习用途。
- lombok-intellij-plugin - Lombok Plugin for IntelliJ IDEA
- PhrackCTF-Platform-Team - CTF platfrom(Team Version) developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
- javaide - Code editor, java auto complete, java compiler, aapt, dx, zipsigner for Android
- TLS-Scanner - The TLS-Scanner Module from TLS-Attacker
- Recaf - The modern Java bytecode editor
- proxyee-down - http下载工具,基于http代理,支持多连接分块下载
- ANRManager - ANR collector which can collect ANR information(收集ANR相关信息的工具类)
- SecQuanCknife - SecQuanCknife
- PhrackCTF-Platform-Personal - CTF platfrom developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
- MemoryMonitor - Memory clean, pss monitor tool, for developer
- dexknife-wj - apk加固插件 带签名校验、dex加密、资源混淆
- haven - Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors
- probe-android - OONI Probe Android
- OpenRefine - OpenRefine is a free, open source power tool for working with messy data and improving it
- burp-molly-scanner - Turn your Burp suite into headless active web application vulnerability scanner
- sAINT - :eye: (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
- ksql - The event streaming database purpose-built for stream processing applications
- BaRMIe - Java RMI enumeration and attack tool.
- dragonite-java - [DEPRECATED, please check https://github.com/tobyxdd/hysteria]
- burp-vulners-scanner - Vulnerability scanner based on vulners.com search API
- xtunnel - An useful TCP/SSL tunnel utility.
- jsp
- bypasswaf - Add headers to all Burp requests to bypass some WAF products
- sqlmap4burp - sqlmap embed in burpsuite
- burp-paramalyzer - Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
- SuperSerial-Active - SuperSerial-Active - Java Deserialization Vulnerability Active Identification Burp Extender
- ShakaApktool - ShakaApktool
- JKS-private-key-cracker-hashcat - Nail in the JKS coffin - Cracking passwords of private key entries in a JKS file
- J2EEScan - J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
- JavaRansomware - Simple Ransomware Tool in Pure Java
- csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
- xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
- marshalsec
- Burp-Hunter - XSS Hunter Burp Plugin
- whois - RIPE Database whois code repository
- EquationExploit - Eternalblue Doublepulsar exploit
- WebLogicPasswordDecryptor - PowerShell script and Java code to decrypt WebLogic passwords
- jackhammer - Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
- hack_sjtu_2017
- Wsdler - WSDL Parser extension for Burp
- Java-Deserialization-Scanner - All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
- RxHttpUtils - Rxjava+Retrofit封装,便捷使用
- hack-android - Collection tools for hack android, java
- ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
- Halcyon-IDE - First IDE for Nmap Script (NSE) Development.
- SerialKiller - Look-Ahead Java Deserialization Library
- binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
- android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
- burplist
- backslash-powered-scanner - Finds unknown classes of injection vulnerabilities
- netty-in-action-cn - Netty In Action 中文版
- zhihuWebSpider - https://github.com/QiuMing/zhihuWebSpider.git
- zaproxy - The OWASP ZAP core project
- ip2region - Ip2region is a offline IP location library with accuracy rate of 99.9% and 0.0x millseconds searching performance. DB file is ONLY a few megabytes with all IP address stored. binding for Java,PHP,C,Python,Nodejs,Golang,C#,lua. Binary,B-tree,Memory searching algorithm
- shelling - SHELLING - a comprehensive OS command injection payload generator
- disconf - Distributed Configuration Management Platform(分布式配置管理平台)
- moco - Easy Setup Stub Server
- AndroidUtilCode - :fire: Android developers should collect the following utils(updating).
- GitClub - An elegent Android Client for Github. 不仅仅是Github客户端,而且是一个发现优秀Github开源项目的app
- rocketmq - Mirror of Apache RocketMQ
- shiro_attack - shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
- DexRepair - dex修复程序
- burp-api-drops - burp插件开发指南
- java-memshell-scanner - 通过jsp脚本扫描java web Filter/Servlet型内存马
- CVE-2020-5398 - 💣 CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
- momo-code-sec-inspector-java - IDEA静态代码安全审计及漏洞一键修复插件
- OSSTunnel - 基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具
- MysqlMonitor - Mysql 语句执行记录监控
- JS-Sorting-Algorithm - 一本关于排序算法的 GitBook 在线书籍 《十大经典排序算法》,多语言实现。
- java-core-learning-example - 关于Java核心技术学习积累的例子,是初学者及核心技术巩固的最佳实践。
- RxJavaLearningMaterial - 这是一份详细的RxJava学习攻略 & 指南
- hello-algorithm - 🌍「算法面试+算法知识」针对小白的算法训练 | 还包括:1、阿里、字节、滴滴 百篇大厂面经汇总 2、千本开源电子书 3、百张思维导图 (右侧来个 star 吧 🌹,English version supported)
- tomcat_nofile_webshell - Tomcat基于动态注册Filter的无文件Webshell
- security - 🔐 Open Distro for Elasticsearch Security plugin
- base-admin - Base Admin一套简单通用的后台管理系统,主要功能有:权限管理、菜单管理、用户管理,系统设置、实时日志,实时监控,API加密,以及登录用户修改密码、配置个性菜单等
- albedo - Albedo 是一个Java企业应用开源框架,使用经典技术组合(SpringBoot2.x、MyBatis、Vue),包括核心模块如:组织机构、角色用户、权限授权、数据权限、代码生成、定时任务等。
- gadgetinspector - 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
- mall-learning - mall学习教程,架构、业务、技术要点全方位解析。mall项目(39k+star)是一套电商系统,使用现阶段主流技术实现。涵盖了SpringBoot 2.3.0、MyBatis 3.4.6、Elasticsearch 7.6.2、RabbitMQ 3.7.15、Redis 5.0、MongoDB 4.2.5、Mysql5.7等技术,采用Docker容器化部署。
- SSM-Maven-Heima - 这是一个使用SSM(Spring+Springmvc+Mybatis)框架的商城小项目,使用Maven构建项目,以MySQL为数据库系统,Redis的缓存服务器(并不是用的很多)。商城分为后台人员管理界面和前台处理服务器两个方面。实现了登录,邮件注册,redis缓存机制,cookie的历史记录浏览,分页浏览商品,加入购物车,提交订单等等功能。最精彩的是,如果你刚刚学完基础的SSM框架,那么你就可以跟着视频一起完成这个很nice的小工程了。话不多说,让我们进入无尽的学习中吧!(光头不再是梦想:) )
- ProjectTree - 新人熟悉项目必备工具!基于AOP开发的一款方法调用链分析框架,简单到只需要一个注解,异步非阻塞,完美嵌入Spring Cloud、Dubbo项目!再也不用担心搞不懂项目!
- CS-Notes - :books: 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计、Java、Python、C++
- zrlog - ZrLog是使用 Java 开发的博客/CMS程序,具有简约,易用,组件化,内存占用低等特点。自带 Markdown 编辑器,让更多的精力放在写作上,而不是花费大量时间在学习程序的使用上。
- itchat4j - itchat4j -- 用Java扩展个人微信号的能力
- preWork - 陈炯栩SRP-专利联机分析挖掘可视化系统,所需要的预备性工作,包括获取专利文件、数据库的建立、索引等等
- Estore - Java 语言实现的 苹果网上商城 ,前端模仿 苹果爱否 商城的页面 ,后端运用纯 Servlet + JSP +c3p0 数据库连接池以及web 相关技术,实现的基础功能包括前后台、实现展示首页、管理商品页面、商品分类、添加购物车、购买、提交订单 、联系客服等 ,欢迎 star,谢谢!!!
- fastdep - Fast integration dependencies in spring boot.是一个快速集成依赖的框架,集成了一些常用公共的依赖。例:多数据源,Redis,JWT...
- JustAuth - :100: 小而全而美的第三方登录开源组件。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐、Gitlab、美团、饿了么和推特等第三方平台的授权登录。 Login, so easy!
- Java - Java的学习之路,学习JavaEE以及框架时候的一些项目,结合博客和源码,让你受益匪浅,适合Java初学者和刚入门开始学框架者
- OnlineMall - :arrow_up: 基于springboot+thymeleaf+spring data jpa+druid+bootstrap+layui等技术的JavaWeb电商项目(项目包含前后台,分为前台商城系统及后台管理系统。前台商城系统包含首页门户、商品推荐、商品分类、商品搜索、商品展示、商品详情、购物车、订单流程、用户中心、评论(有些bug,当时做得不够好,下一个项目的评论模块比这个好)、模拟支付等模块。 后台管理系统包含商品管理、订单管理、用户管理等模块。系统介绍及详细功能点、技术点见项目内文档描述):sunny:
- fastjson-remote-code-execute-poc - fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java
- log-agent - 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊
- Java-Rce-Echo - Java RCE 回显测试代码
- Vulnerable_Env_Collect - 一些软件的漏洞复现环境
- leetcode-java - 🎓🎓🎓 Leetcode solution in Java - 536/921 Solved. https://leetcode.com/problemset/all/
- burp-fofa - 基于BurpSuite的一款FOFA Pro 插件
- CAS_Execution_decode - Apereo CAS payload AES解密
- Lens - 功能简介:一种开发帮助产品研发的效率工具。主要提供了:页面分析、任务分析、网络分析、DataDump、自定义hook 、Data Explorer 等功能。以帮助开发、测试、UI 等同学更便捷的排查和定位问题,提升开发效率。
- BurpShiroPassiveScan - 一款基于BurpSuite的被动式shiro检测插件
- oxpecker - oxpecker是一款用于从IDE提取开发项目仓库地址、当前分支、三方组件等信息用于安全分析的JetBrains家族IDE插件。
- StockData2Hbase - 股票交易数据处理的整个业务流程 数据源--->数据采集--->数据归类--->数据储存--->数据分析--->数据可视化
- Xpatch - 免Root实现app加载Xposed插件工具。This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.
- xk-time - xk-time 是时间转换,时间计算,时间格式化,时间解析,日历,时间cron表达式和时间NLP等的工具,使用Java8,线程安全,简单易用,多达70几种常用日期格式化模板,支持Java8时间类和Date,轻量级,无第三方依赖。
- mosec-maven-plugin - 用于检测maven项目的第三方依赖组件是否存在安全漏洞。
- mosec-gradle-plugin - 用于检测gradle项目的第三方依赖组件是否存在安全漏洞。
- tkey - 以材料最全、示例最多为目标的单点登录系统(SSO)
- scm-biz-suite - 供应链中台系统基础版,集成零售管理, 电子商务, 供应链管理, 财务管理, 车队管理, 仓库管理, 人员管理, 产品管理, 订单管理, 会员管理, 连锁店管理, 加盟管理, 前端React/Ant Design, 后端Java Spring+自有开源框架,全面支持MySQL, PostgreSQL, 全面支持国产数据库南大通用GBase 8s,通过REST接口调用,前后端完全分离。
- MyTech - Java的基础总结和学习笔记,包括Java核心技术点和常见知识点。同时提供了Java基础原理的代码实现,供大家实践时参考。已补充JVM和JUC的相关内容,欢迎交流。
- java-learning - 旨在打造在线最佳的 Java 学习笔记,含博客讲解和源码实例,包括 Java SE 和 Java Web
- segmentfault-lessons - Segment Fault 在线讲堂 代码工程
- fullstack-tutorial - 🚀 fullstack tutorial 2020,后台技术栈/架构师之路/全栈开发社区,春招/秋招/校招/面试
- JCSprout - 👨🎓 Java Core Sprout : basic, concurrent, algorithm
- domain_hunter - A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
- knife - A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
- template-collection - Java Web开发模板集合
- POC-Collect - 各种开源CMS 各种版本的漏洞以及EXP 该项目将不断更新
- jeecg-boot - 基于代码生成器的低代码平台,超越传统商业平台!前后端分离架构SpringBoot 2.x,SpringCloud,Ant Design&Vue,Mybatis-plus,Shiro,JWT。强大的代码生成器让前后端代码一键生成,无需写任何代码! 引领新低代码开发模式OnlineCoding->代码生成->手工MERGE,帮助Java项目解决70%重复工作,让开发更关注业务,既能快速提高开发效率,帮助公司节省成本,同时又不失灵活性。
- FEBS-Shiro - Spring Boot 2.4.0,Shiro1.6.0 & Layui 2.5.6 权限管理系统。预览地址:http://47.104.70.138:8080/login
- vuldebug - JAVA 漏洞调试项目,主要为复现、调试java相关的漏洞。
- OpenFire_Decrypt - OpenFire 管理后台账号密码解密
- rhizobia_J - JAVA安全SDK及编码规范
- LEMarket - 基于Java SSM框架和layui构建的手机商城系统(包含前后台)
- xxshop - (B2C) 基于Java 的SSM的B2C电商网站
- Psychological-counseling-system - 简易心理咨询预约系统Based On SSM
- S-mall-ssm - 小小商城系统,JavaWEB项目,基于SSM,仿天猫页面,功能齐全,实现了自动处理关联查询的通用Mapper、抽象 BaseService 类、注解鉴权、参数注解校验等
- xxl-sso - A distributed single-sign-on framework.(分布式单点登录框架XXL-SSO)
- vhr - 微人事是一个前后端分离的人力资源管理系统,项目采用SpringBoot+Vue开发。
- spring-boot-examples - about learning Spring Boot via examples. Spring Boot 教程、技术栈示例代码,快速简单上手教程。
- mybatis-lite - Mybatis - Plugin Free版
- JavaEE - 🔥⭐️👍框架(SSM/SSH)学习笔记
- t-io - 解决其它网络框架没有解决的用户痛点,让天下没有难开发的网络程序
- LeetCodeAnimation - Demonstrate all the questions on LeetCode in the form of animation.(用动画的形式呈现解LeetCode题目的思路)
- TrackRay - 溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
- greys-anatomy - Java诊断工具
- study - 全栈工程师学习笔记;Spring登录、shiro登录、CAS单点登录和Spring boot oauth2单点登录;Spring data cache 缓存,支持Redis和EHcahce; web安全,常见web安全漏洞以及解决思路;常规组件,比如redis、mq等;quartz定时任务,支持持久化数据库,动态维护启动暂停关闭;docker基本用法,常用image镜像使用,Docker-MySQL、docker-Postgres、Docker-nginx、Docker-nexus、Docker-Redis、Docker-RabbitMQ、Docker-zookeeper、Docker-es、Docker-zipkin、Docker-ELK等;mybatis实践、spring实践、spring boot实践等常用集成;基于redis的分布式锁;基于shared-jdbc的分库分表,支持原生jdbc和Spring Boot Mybatis
- SSM-personnel-management-system - 基于SSM的人事管理系统,适合初学者第一个实战项目
- S-mall-servlet - 小小商城系统,JavaWEB项目,基于原生Servlet,仿天猫页面,功能齐全
- APIJSON - 🏆码云最有价值开源项目 🚀后端接口和文档自动化,前端(客户端) 定制返回 JSON 的数据和结构!🏆Gitee Most Valuable Project 🚀A JSON Transmission Protocol and an ORM Library for automatically providing APIs and Docs.
- mall - mall项目是一套电商系统,包括前台商城系统及后台管理系统,基于SpringBoot+MyBatis实现,采用Docker容器化部署。 前台商城系统包含首页门户、商品推荐、商品搜索、商品展示、购物车、订单流程、会员中心、客户服务、帮助中心等模块。 后台管理系统包含商品管理、订单管理、会员管理、促销管理、运营管理、内容管理、统计报表、财务管理、权限管理、设置等模块。
- BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
- JavaGuide - 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试,首选 JavaGuide!
- ApkToolPlus - ApkToolPlus 是一个 apk 逆向分析工具(a apk analysis tools)。
- ideaagent - IntelliJ IDEA 辅助工具
- fastjson_exploit - Fastjson 反序列化漏洞快速检测和利用工具
- Burpsuite-UAScan - burpsuite插件:被动进行未授权访问扫描
- JNDI-Exploit-Kit - JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
- javaboy-code-samples - 公众号【江南一点雨】文章案例汇总,技术文章请戳这里----->
- YCAndroidTool - 用于项目测试,崩溃重启操作,崩溃记录日志【可以查看,分享】和重启【多种重启app方式】;网路拦截查看的工具小助手,拦截请求和响应数据,统计接口请求次数,流量消耗,以及统计网络链接/dns解析/request请求/respond响应等时间。提高开发效率……
- spring-boot-demo - 该项目已成功集成 actuator(监控)、admin(可视化监控)、logback(日志)、aopLog(通过AOP记录web请求日志)、统一异常处理(json级别和页面级别)、freemarker(模板引擎)、thymeleaf(模板引擎)、Beetl(模板引擎)、Enjoy(模板引擎)、JdbcTemplate(通用JDBC操作数据库)、JPA(强大的ORM框架)、mybatis(强大的ORM框架)、通用Mapper(快速操作Mybatis)、PageHelper(通用的Mybatis分页插件)、mybatis-plus(快速操作Mybatis)、BeetlSQL(强大的ORM框架)、upload(本地文件上传和七牛云文件上传)、redis(缓存)、ehcache(缓存)、email(发送各种类型邮件)、task(基础定时任务)、quartz(动态管理定时任务)、xxl-job(分布式定时任务)、swagger(API接口管理测试)、security(基于RBAC的动态权限认证)、SpringSession(Session共享)、Zookeeper(结合AOP实现分布式锁)、RabbitMQ(消息队列)、Kafka(消息队列)、websocket(服务端推送监控服务器运行信息)、socket.io(聊天室)、ureport2(中国式报表)、打包成war文件、集成 ElasticSearch(基本操作和高级查询)、Async(异步任务)、集成Dubbo(采用官方的starter)、MongoDB(文档数据库)、neo4j(图数据库)、docker(容器化)、JPA多数据源、Mybatis多数据源、代码生成器、GrayLog(日志收集)、JustAuth(第三方登录)、LDAP(增删改查)、动态添加/切换数据源、单机限流(AOP + Guava RateLimiter)、分布式限流(AOP + Redis + Lua)、ElasticSearch 7.x(使用官方 Rest High Level Client)、HTTPS、Flyway(数据库初始化)、UReport2(中国式复杂报表)。
- redis-manager - Redis 一站式管理平台,支持集群的监控、安装、管理、告警以及基本的数据操作
- BurpSuite-Random_UserAgent - Burp Suite extension for generate a random user-agents
- JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
- scan-check-builder - Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
- gadgetinspector - A byte code analyzer for finding deserialization gadget chains in Java applications
- weblogic_exploit - weblogic漏洞利用工具
- headless-burp - Automate security tests using Burp Suite.
- Burpsuite-Plugins-Usage - Burpsuite-Plugins-Usage
- pivaa - Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
- VirtualXposed - A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
- GitHub-Chinese-Top-Charts - :cn: GitHub中文排行榜,帮助你发现高分优秀中文项目、更高效地吸收国人的优秀经验成果;榜单每周更新一次,敬请关注!
- FastjsonExploit - Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
- jsEncrypter - 一个用于前端加密Fuzz的Burp Suite插件
- Liudao - “六道”实时业务风控系统
- XSSBlindInjector - burp插件,实现自动化xss盲打以及xss log
- HTTPHeadModifer - 一款快速修改HTTP数据包头的Burp Suite插件
- PyCmd - python+php+jsp WebShell(一句话木马)
- BurpUnlimitedre - This project !replace! BurpUnlimited of depend (BurpSutie version 1.7.27). It is NOT intended to replace them!
- NSTProxy - 一款存储HTTP请求入库的burpsuite插件
- PHPUnserializeCheck - PHP Unserialize Check - Burp Scanner Extension
- BurpCRLFPlugin - Another plugin for CRLF vulnerability detection
- psychoPATH - psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.
- DanmakuFlameMaster - Android开源弹幕引擎·烈焰弹幕使 ~
- Burpsuite-JSScan - burpsuite插件:主动和被动进行JS扫描并分析其中的可利用点
-
C# (212)
- SharpShares - .NET 4.0 Share Hunting and ACL Mapping
- SignHackTool - Sign your file with expired certificates
- SharpAttack - A simple wrapper for C# tools
- APSoft-Web-Scanner-v2 - Powerful dork searcher and vulnerability scanner for windows platform
- SharpC2 - .NET C2 Framework Proof of Concept
- scout - A .NET assembly for performing recon against hosts on a network
- SharpeningCobaltStrike - in realtime v35/40 dotnet compiler for your linux Cobalt Strike C2. New fresh compiled and obfuscated binary for each use
- Destroy-Windows-10-Spying - Destroy Windows Spying tool
- PSAttack - A portable console aimed at making pentesting with PowerShell a little easier.
- RunShellcode - .NET GUI program that runs shellcode
- awesome-dotnet-core - :honeybee: A collection of awesome .NET core libraries, tools, frameworks and software
- ApkToolBox - ApkTool Box,Apk集成反编译工具箱
- SharpGetTitle - SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器
- RevokeMsgPatcher - :trollface: A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁(我已经看到了,撤回也没用了)
- USBCopyer - 😉 用于在插上U盘后自动按需复制该U盘的文件。”备份&偷U盘文件的神器”(写作USBCopyer,读作USBCopier)
- ChromeAutoUpdate - 一个自动更新chrome的小工具
- SharpKatz - Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
- SharpTask - SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
- Carnivore - Microsoft External Attack Tool
- Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
- SharpBypassUAC - C# tool for UAC bypasses
- WSuspicious - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
- nopowershell - PowerShell rebuilt in C# for Red Teaming purposes
- EWSToolkit - Abusing Exchange via EWS
- solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
- CVE-2020-17144 - weaponized tool for CVE-2020-17144
- CVE-2020-17144-EXP - Exchange2010 authorized RCE
- DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
- SharpMapExec
- SSCMS_Decrypt - sscms database decrypt
- EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
- CSharp-Tools - .NET C# Tools
- RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
- lively - Free and open-source software that allows users to set animated and interactive desktop wallpapers.
- SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
- NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
- DInvisibleRegistry - DInvisibleRegistry
- DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
- DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
- BLE_HackMe - Bluetooth Low Energy hardware-less HackMe
- Fusion - 🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)
- ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
- StandIn - StandIn is a small .NET35/45 AD post-exploitation toolkit
- AggressiveProxy - Project to enumerate proxy configurations and generate shellcode from CobaltStrike
- Scan-and-Clean-Macro-Virus - Scan and clean specific Macro Virus, #C Sharp
- RedTeamCSharpScripts - C# Script used for Red Team
- xamarin-security-scanner - A tool to find security vulnerabilities in Xamarin.Android apps.
- KerberosRun - A little tool to play with Kerberos.
- SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments
- AggressiveGadgetToJScript - A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
- Gopher - C# tool to discover low hanging fruits
- SharpAdidnsdump - c# implementation of Active Directory Integrated DNS dumping (authenticated user)
- DecryptRDCManager - .NET 4.0 Remote Desktop Manager Password Gatherer
- SharpSQLDump - 内网渗透中快速获取数据库所有库名,表名,列名。具体判断后再去翻数据,节省时间。适用于mysql,mssql。
- CobaltStrikeScan - Scan files or process memory for CobaltStrike beacons and parse their configuration
- SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation.
- Rubeus - Trying to tame the three-headed dog.
- Fork-n-Run
- Zolom - C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed
- GRAT2 - We developed GRAT2 Command & Control (C2) project for learning purpose.
- LOLBITS - C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
- SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords..
- MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement
- SharpBuster - SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and similar tools, when running a similar tool over a SOCKS proxy is not feasible.
- SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
- Chromely - Build HTML Desktop Apps on .NET/.NET Core/.NET 5 using native GUI, HTML5, JavaScript, CSS
- webview_csharp - C# bindings for zserge/webview - Batteries included
- LNKMod - C# project to create or modify existing LNKs
- Open.NAT - Lightweight and easy-to-use class library to allow port forwarding in NAT devices with UPNP and/or PMP
- MysqlT - 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
- MiscTools - Miscellaneous Tools
- CSharpWinRM - .NET 4.0 WinRM API Command Execution
- DirSync-Poc - A PoC that uses the DirSync protocol to poll Active Directory for changes
- SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
- SharpHound - The Old BloodHound C# Ingestor (Deprecated)
- CsharpAmsiBypass - C# loader for msfvenom shellcode with AMSI bypass
- AduSkin - A Beautiful WPF Control UI
- SMBLibrary - Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0 and SMB 2.1 Server Library
- smtp4dev - smtp4dev - the fake smtp email server for development and testing
- ProcessInjection - This program is designed to demonstrate various process injection techniques
- SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet
- ProxyPunch - Finding SSL Blindspots for Red Teams
- SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
- GG-AESY - Hide cool stuff in images :)
- WebSocketRemoteControl - Remote Control With WebSocket
- Carbuncle - Tool for interacting with outlook interop during red team engagements
- PowerLine
- SharpSearch - Search files for extensions as well as text within.
- FunWithAMSI - A repo to hold any bypasses I work on/study/whatever
- SharpDllProxy - Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
- TrustJack - Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
- Costura - Embed references as resources
- KsDumper - Dumping processes using the power of kernel space !
- ADSearch - A tool to help query AD via the LDAP protocol
- SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
- PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
- Git-Credential-Manager-Core - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
- Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
- Telemetry - WINDOWS TELEMETRY权限维持
- Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
- sitrep
- Clippi-B
- Covenant_Alternate - Covenant is a collaborative .NET C2 framework for red teamers.
- ShellcodeLoader - 将shellcode用rsa加密并动态编译exe,自带几种反沙箱技术。
- SharpCompile - SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing using beacon's 'execute-assembly' in seconds.
- ILMerge - ILMerge is a static linker for .NET Assemblies.
- SearchOutlook - A C# tool to search through a running instance of Outlook for keywords
- BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
- SharpHellsGate - C# Implementation of the Hell's Gate VX Technique
- AMSITrigger - The Hunt for Malicious Strings
- BrowserGhost - 这是一个抓取浏览器密码的工具,后续会添加更多功能
- ICU - quick 'n dirty poc based on PoC windows auth prompt in c# based on https://gist.githubusercontent.com/mayuki/339952/raw/2c36b735bc51861a37194971a5e944f22c94df7c/CredentialUI.cs
- ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
- privilege-escalation-awesome-scripts-suite - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
- CVE-2020-1206-POC - CVE-2020-1206 Uninitialized Kernel Memory Read POC
- Sharp-Suite - My musings with C#
- reconness - ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
- CVE-2020-3153 - Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal
- SharpRDPCheck - Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)
- BlockEtw - .Net Assembly to block ETW telemetry in current process
- HiveJack - This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM hives and once copied to the attacker machines provides option to delete these files to clear the trace.
- SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
- SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
- SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
- ysoserial.net - Deserialization payload generator for a variety of .NET formatters
- SweetPotato - SweetPotato修改版,用于webshell下执行命令
- Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
- zBang - zBang is a risk assessment tool that detects potential privileged account threats
- DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
- chocoProxy
- SilkETW
- gsudo - A Sudo for Windows - run elevated without spawning a new Console Host Window
- Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
- zh-fiddler - Fiddler Web Debugger 中文版
- shellcat - ⚡️ ShellCat is a Reverse Shell Manager
- p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
- SharpBox - SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
- Destroy-Windows-10-Spying - Destroy Windows Spying tool
- EventLogParser - Parse PowerShell and Security event logs for sensitive information.
- IISPowershellModule - IIS Handler for *.ps1 files
- YaVipCore - Net Core Music Interface
- duplicati - Store securely encrypted backups in the cloud!
- CTFtools - 本项目主要搜集一些关于信息安全攻防相关的知识与工具,便于个人的渗透工作。
- TestBaiduPassword - 百度网盘分享文件密码测试器
- greenshot - Greenshot for Windows - Report bugs & features go here: https://greenshot.atlassian.net or look for information on:
- JCS - Joomla Vulnerability Component Scanner
- Locale-Emulator - Yet Another System Region and Language Simulator
- ShareX - ShareX is a free and open source program that lets you capture or record any area of your screen and share it with a single press of a key. It also allows uploading images, text or other types of files to many supported destinations you can choose from.
- SimpleDnsCrypt - A simple management tool for dnscrypt-proxy
- PenCrawLer - An Advanced Web Crawler and DirBuster
- WGestures - Modern mouse gestures for Windows. (C#)
- knowte-windows - Note taking
- MediaPortal-2 - Development of MediaPortal 2
- GitHubFolderDownloader - It lets you to download a single folder of a repository without cloning or downloading the whole repository.
- UPnP-Pentest-Toolkit - UPnP Pentest Toolkit for Windows
- KeeTrayTOTP - Tray TOTP Plugin for KeePass2.
- KeePassQRCodeView - KeePass 2.x plugin which shows QR Codes for entry fields.
- ShellLink - A .NET Class Library for processing ShellLink (LNK) files
- SyncTrayzor - Windows tray utility / filesystem watcher / launcher for Syncthing
- ChromeUpdater - :)
- 7Zip4Powershell - Powershell module for creating and extracting 7-Zip archives
- PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.
- CASCExplorer - CASCExplorer
- WopiHost - Office Online Server Wopi Host implement, No need Cobalt. Support DOCX, XLSX, PPTX online editing.
- cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
- R10 - Lightweight Ransomware @Choudai
- Windows-Event-Log-Messages - Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber
- Phalanger - PHP 5.4 compiler for .NET/Mono frameworks. Predecessor to the opensource PeachPie project (www.peachpie.io).
- cs2php - C# to PHP compiler
- SSMSPwd - SQL Server Management Studio(SSMS) saved password dumper
- flatpipes - A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.
- KeeAnywhere - A cloud storage provider plugin for KeePass Password Safe
- sandbox-attacksurface-analysis-tools - Set of tools to analyze Windows sandboxes for exposed attack surface.
- Altman - the cross platform webshell tool in .NET
- Windows-Hacks - Creative and unusual things that can be done with the Windows API.
- Cowboy - Cowboy.Sockets is a C# library for building sockets based services.
- MongoCola - A MongoDB Administration Tool
- GetPwd - 用CSharp写的一款信息搜集工具,目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密
- SharpCheckInfo - 收集目标主机信息,包括最近打开文件,系统环境变量和回收站文件等等
- SharpNetCheck - 在内网渗透过程中,对可以出网的机器是十分渴望的。在收集大量弱口令的情况下,一个一个去测试能不能出网太麻烦了。所以就有了这个工具,可配合如wmiexec、psexec等横向工具进行批量检测,该工具可以在dnslog中回显内网ip地址和计算机名,可实现内网中的快速定位可出网机器。
- Asteroid - CTF AWD 实时 3D 攻击大屏
- 360SafeBrowsergetpass - 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
- sharpwmi - sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
- AV_Evasion_Tool - 掩日 - 免杀执行器生成工具
- MatryoshkaDollTool - MatryoshkaDollTool-程序加壳/捆绑工具
- SweetPotato_CS - 修改的SweetPotato,使之可以用于CobaltStrike v4.0
- BadPotato - Windows 权限提升 BadPotato
- Ladon - 大型内网渗透扫描器&Cobalt Strike,Ladon7.2内置94个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
- pentestscripts - 白名单利用代码、渗透工具
- NFCGUI - NFCGUI 一个万恶的无聊的Windows图形界面! GUI for libnfc
- FangMomFucker - FangMomFucker 原作者代码的备份
- CMWTAT_Digital_Edition - CloudMoe Windows 10 Activation Toolkit get digital license, the best open source Win 10 activator in GitHub. GitHub 上最棒的开源 Win10 数字权利(数字许可证)激活工具!
- AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
- DllExport - .NET DllExport with .NET Core support (aka 3F/DllExport)
- DotNetToJScript - A tool to create a JScript file which loads a .NET v2 assembly from memory.
- EKFiddle - Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.
- Elite - Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
- wsManager - Webshell Manager
- Netch - Game network accelerator. Support Socks5, Shadowsocks, ShadowsocksR, Trojan, VMess, VLess proxies. UDP NAT FullCone
- Grouper2 - Find vulnerabilities in AD Group Policy
- kcptun-gui-windows - GUI for kcptun (https://github.com/xtaci/kcptun). (Need .NET framework 4.5)
- WSSAT - WEB SERVICE SECURITY ASSESSMENT TOOL
- VindicateTool - LLMNR/NBNS/mDNS Spoofing Detection Toolkit
- DbgShell - A PowerShell front-end for the Windows debugger engine.
- mV2RayConfig
- Social-Engineering-Payloads - Collection of social engineering payloads
- SuperSQLInjectionV1 - 超级SQL注入工具(SSQLInjection)是一款基于HTTP协议自组包的SQL注入工具,采用C#开发,直接操作TCP会话来进行HTTP交互,支持出现在HTTP协议任意位置的SQL注入,支持各种类型的SQL注入,支持HTTPS模式注入;支持以盲注、错误显示、Union注入等方式来获取数据;支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite/Informix等数据库;支持手动灵活的进行SQL注入绕过,可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计,需要使用人员对SQL注入有一定了解。
- Altman - the cross platform webshell tool in .NET
-
C++ (225)
- NetworkExplorer - Windows Network Information
- Windows-Setup-EoP
- Peinject_dll - cs peinject shellcode
- BitsArbitraryFileMove - Microsoft Windows BITS Arbitrary File Move Local Privilege Escalation
- navicat-keygen - A keygen for Navicat
- GetSystemEarlyBird - 这是一个直接取得系统权限的项目
- serenity - The Serenity Operating System 🐞
- crack_dexhelper - 梆梆企业加固详细逆向分析过程, 包含两种对该加固的脱壳机(直接解密classes0.jar和基于frida hook)
- USTC-CS-Courses-Resource - :heart:中国科学技术大学计算机学院课程资源(https://mbinary.xyz/ustc-cs/)
- pbb_crack - PBB视频解密
- KikoPlay - KikoPlay - NOT ONLY A Full-Featured Danmu Player 不仅仅是全功能弹幕播放器
- Arma-III-Chinese-Localization-Enhanced - 武裝行動3(Arma 3)官方中文潤飾、加強、在地化翻譯模組。
- SISE_Traning_CTF_RE - SNST Traning RE Project .华软网络安全小组逆向工程训练营,尝试以CTF 的形式来使大家可以动手训练快速提升自己的逆向工程水平.CTF 的训练程序又浅到深,没有使用太复杂的算法,在逆向的过程中遇到的难关都是在分析病毒和破解中遇到的实际情况,注重于实用.训练营还包含有源代码文件,训练程序和思路.希望可以帮助小伙伴们入门逆向工程这个神奇的世界..
- WdToggle - A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
- kbd-audio - Tools for capturing and analysing keyboard input paired with microphone capture 🎤⌨️
- AggressorCNA - Cobalt Strike Aggressor Scripts
- Jackalope - Binary, coverage-guided fuzzer for Windows and macOS
- ollvm-tll - Ollvm+Armariris+LLVM 6.0.0
- android_nfc_fuzzer
- inspectrum - Radio signal analyser
- shellcodeloader - shellcodeloader
- CVE-2020-1066-EXP - CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统
- CTAP2-test-tool - Test tool for CTAP2 authenticators
- CVE-2020-1034 - PoC demonstrating the use of cve-2020-1034 for privilege escalation
- OpenCat-Old - A programmable and highly maneuverable robotic cat for STEM education and AI-enhanced services.
- Reverse-Engineering-Tutorial - A FREE comprehensive reverse engineering course covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
- rehex - Reverse Engineers' Hex Editor
- rattler - Automated DLL Enumerator
- DingTalk_Assistant - 钉钉助手,主要功能包括:聊天消息防撤回、程序多开、屏蔽频繁升级等。
- XAPKDetector - APK/DEX detector for Windows, Linux and MacOS.
- pigasus - 100Gbps Intrusion Detection and Prevention System
- showstopper - ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
- BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
- dumper2020 - Yet another LSASS dumper
- FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
- aqemu - Official AQEMU repository - a GUI for virtual machines using QEMU as the backend
- apkstudio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
- ProcMonXv2 - Process Monitor X v2
- Raccine - A Simple Ransomware Vaccine
- fluffi - FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A distributed evolutionary binary fuzzer for pentesters
- efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation
- netview - Netview enumerates systems using WinAPI calls
- naiveproxy - Make a fortune quietly
- hermes - Hermes is a small and lightweight JavaScript engine optimized for running React Native on Android.
- DLLSpy - DLL Hijacking Detection Tool
- aes-finder - Utility to find AES keys in running processes
- linux-wallpaperengine - An attempt to make wallpaper engine wallpapers compatible with Linux
- Kernel-exploits - Windows kernel driver exploits
- ddoor - DDoor - cross platform backdoor using dns txt records
- FuZZan - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
- Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
- Manager - Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
- MasterHide - MasterHide x64 Rootkit
- KasperskyHook - Hook system calls on Windows by using Kaspersky's hypervisor
- iblessing - iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
- USO_Info_Leak - two heap address leak bugs in `usosvc` service
- vmpattack - A VMP to VTIL lifter.
- CcRemote - 这是一个基于gh0st远程控制的项目,使自己更深入了解远控的原理,采用VS2017,默认分支hijack还在修改不能执行,master分支的项目可以正常的运行的,你可以切换到该分支查看可以执行的代码
- Load_DLL
- NoVmp - A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
- openrasp - 🔥Open source RASP solution
- CheekyBlinder - Enumerating and removing kernel callbacks using signed vulnerable drivers
- spectre - A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
- srcinv - source code audit tool
- CVE-2020-1313 - Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
- my_vulnerabilities
- dazzleUP - A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
- securitylab - Resources related to GitHub Security Lab
- Primitives
- cryptoshark - Self-optimizing cross-platform code tracer based on dynamic recompilation
- OXID_Find - OXID_Find by C++(多线程) 通过OXID解析器获取Windows远程主机上网卡地址
- CVE-2020-1362 - writeup of CVE-2020-1362
- SavvyCAN - QT based cross platform canbus tool
- rang - A Minimal, Header only Modern c++ library for terminal goodies 💄✨
- anti-debug
- bypass-uac
- snort3 - Snort++
- exe_to_dll - Converts a EXE into DLL
- deoptfuscator - Deobfuscator for Android Application
- subconverter - Utility to convert between various subscription format
- BSF - Botnet Simulation Framework
- metasploit-execute-assembly - Custom Metasploit post module to executing a .NET Assembly from Meterpreter session
- UsoDllLoader - Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
- latte-dock - Replacement dock for Plasma desktops, providing an elegant and intuitive experience for your tasks and plasmoids
- juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
- tag_converter
- tiny_tracer - A Pin Tool for tracing API calls etc
- ksnip - Ksnip is a Qt based cross-platform screenshot tool that provides many annotation features for your screenshots.
- anti-sandbox - Windows对抗沙箱和虚拟机的方法总结
- Get-WeChat-DB - 获取目标机器的微信数据库和密钥,但是有很多bug需要解决,需要继续完善
- CVE-2020-0787-EXP-ALL-WINDOWS-VERSION - Support ALL Windows Version
- HttpInterface - Windows上C++封装的HTTP库,包含三种实现模式(WinInet、WinHttp、socket)
- DLLhijack-ShellcodeLoader - DLLhijack winmm.dll
- ReflectiveBase64DLL - This is a project to receive Base64 data and decode it in process
- Mapping-injection - NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection
- FuzzGen
- serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
- urldedupe - Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
- anbox - Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system
- RogueWinRM - Windows Local Privilege Escalation from Service Account to System
- revp - Reverse HTTP proxy that works on Linux, Windows, and macOS. Made with C++ and Boost.
- WerTrigger - Weaponizing for privileged file writes bugs with windows problem reporting
- invoker - Penetration testing utility.
- MicroV - A micro hypervisor for running micro VMs
- Qv2ray - :star: Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 :star:
- Socks5Server - Windows C/C++ Socks5 Server
- SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
- FUPK3 - 演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码:izm3
- IIS-Raid - A native backdoor module for Microsoft IIS (Internet Information Services)
- FunnyMeterpreter - 与反病毒软件老大哥们的打闹日常
- trojan - An unidentifiable mechanism that helps you bypass GFW.
- lava - LAVA: Large-scale Automated Vulnerability Addition
- Spray-AD - A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
- lnav - Log file navigator
- x64dbg-Plugin-Manager - Plugin manager for x64dbg
- XOpcodeCalc - Opcode calculator
- binspector - A binary format analysis tool
- HyperViper - Toolkit for Hyper-V security research
- cutter - Free and Open Source Reverse Engineering Platform powered by rizin
- Droidscope - A dynamic analysis platform for Android
- powerauth-mobile-sdk - Mobile SDK for PowerAuth Protocol (core, ios, watchos, android)
- lldbg - A lightweight native GUI for LLDB.
- ds2 - Debug server for lldb.
- ExtractMacho2 - IDA plugin to extract Mach-O binaries located in the disassembly or data
- DobbyDrill - hook MachO file based on Dobby (NOT DONE)
- veles - Binary data analysis and visualization tool
- iOSREBook - 《iOS应用逆向与安全》随书源码
- vnpy - 基于Python的开源量化交易平台开发框架
- rssguard - RSS Guard is simple feed reader which supports web-based feed services.
- raven - CobaltStrike External C2 for Websockets
- srs - SRS is a RTMP/HLS/WebRTC/SRT/GB28181 streaming cluster, high efficiency, stable and simple.
- Dir_Scan_ByQT5 - qt实现仿御剑风格路径扫描工具,增加延时,代理池Bypass功能,同时支持批量扫描,附带简单whois信息搜集与端口扫描模块,界面更加美观。
- SdoKeyCrypt-sys-local-privilege-elevation - CVE-2019-9729. Transferred from https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
- TranslucentTB - A lightweight utility that makes the Windows taskbar translucent/transparent.
- mactype - Better font rendering for Windows.
- fu - fu stands for File to URL, a utility design to help you upload images/files and produce Markdown/HTML snippets with couple of clicks.
- VwFirewall - 微盾®VirtualWall®防火墙整套源代码
- gqrx - Software defined radio receiver powered by GNU Radio and Qt.
- MS16-032 - MS16-032(CVE-2016-0099) for SERVICE ONLY
- quickviewer - A image/comic viewer application for Windows, Mac and Linux, it can show images very fast
- MINT - Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
- nysocks - Nysocks binds kcp and libuv to provide an aggressive tcp tunnel in nodejs.
- vnote - A pleasant note-taking platform.
- BatchRunTrayTool - A tray tool under windows to open any file by system default or any executable program.
- CommandTrayHost - A command line program monitor systray for Windows
- Exploit-CVE-2017-6008 - Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.
- incubator-pagespeed-ngx - Automatic PageSpeed optimization module for Nginx
- rtorrent - rTorrent BitTorrent client
- qwinff - A Qt4/5 GUI Frontend for FFmpeg
- tcpflow - TCP/IP packet demultiplexer. Download from:
- ngrok-c - ngrok client for c language,Due to the use of GO ngrok language development, porting to embedded devices some inconvenience, such as openwrt, so use C language rewrite a client. Very mini, the need to support polarssl library.
- SysExec - [Windows] Local Privilege Escalation - WebClient
- token-priv - Token Privilege Research
- notepad2-mod - LOOKING FOR DEVELOPERS - Notepad2-mod, a Notepad2 fork, a fast and light-weight Notepad-like text editor with syntax highlighting
- udp2raw-tunnel - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
- ssf - Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
- pipesocks - A pipe-like SOCKS5 tunnel system.
- twister-core - twister core / daemon
- mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
- Beagle_SDR_GPS - KiwiSDR: BeagleBone web-accessible shortwave receiver and software-defined GPS
- i2pd - 🛡 I2P: End-to-End encrypted and anonymous Internet
- hexed - Windows console-based hex editor
- fastnetmon - FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
- CodingInterviews - 剑指Offer——名企面试官精讲典型编程题
- Stacer - Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web
- HackSysDriverExploits
- psi - XMPP client
- librime - Rime Input Method Engine, the core library
- captcha-break - captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.
- From-System-authority-to-Medium-authority - Penetration test
- ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
- InjectProc - InjectProc - Process Injection Techniques [This project is not maintained anymore]
- gargoyle - A memory scanning evasion technique
- CascLib - An open-source implementation of library for reading CASC storages from Blizzard games since 2014
- wannakey - Wannacry in-memory key recovery
- rocksutil - A c++ develop toolkit
- security-research-pocs - Proof-of-concept codes created as part of security research done by Google Security Team.
- libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
- ARMv6m_Simulator - Simple Simulator of ARMv6m instructions
- x64dbg - An open-source x64/x32 debugger for windows.
- HookCase - Tool for reverse engineering macOS/OS X
- poc-exp - poc or exp of android vulnerability
- ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
- OPCDE - OPCDE Cybersecurity Conference Materials
- Richkware - Framework for building Windows malware, written in C++
- InfectPE - InfectPE - Inject custom code into PE file [This project is not maintained anymore]
- PiAUISuite - Raspberry PI AUI Suite
- iaito - This project has been moved to:
- koalaOS - Microkernel KoalaOS source code
- RedisStudio - RedisStudio Redis GUI client(tool) for windows
- simhash - 中文文档simhash值计算
- network_backdoor_scanner - This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
- TrafficMonitor - 这是一个用于显示当前网速、CPU及内存利用率的桌面悬浮窗软件,并支持任务栏显示,支持更换皮肤。
- vuln_javascript - 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode (a JavaScript Execute Envirment which study browser vuln and how to write Shellcode ) ..
- FUPK3-hook_kill - 本分支解决部分爱加密加固应用无法脱壳成功的问题。演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码:izm3
- chineseocr_lite - 超轻量级中文ocr,支持竖排文字识别, 支持ncnn推理 ( dbnet(1.8M) + crnn(2.5M) + anglenet(378KB)) 总模型仅4.7M
- 1earn - 个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
- RdpThief_tools - 窃取mstsc中的用户明文凭据
- Cobaltstrike-atexec - 使得Cobaltstrike支持Atexec
- C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
- shellcode-to-dll - shellcode 异或加密并生成dll
- CS-Loader - CS免杀
- net_user_tools_bypass_hook_net.exe - 绕过net监控小工具集
- AV_Kernel_Vulns - Pocs for Antivirus Software‘s Kernel Vulnerabilities
- Shell_Protect - VM加壳器,支持一键加壳/脱壳,全压缩/加密等。
- Antivirus_R3_bypass_demo - 分别用R3的0day与R0的0day来干掉杀毒软件
- NetUser - 使用windows api添加用户,可用于net无法使用时
- CodingInterviewsNotes - 涵盖C++ Primer 5th、 effective C++ 、 STL api和demos C++ 基础知识与理论、 智能指针、C++11、 Git教程 Linux命令 Unix操作系统(进程、线程、内存管理、信号)计算机网络、 数据结构(排序、查找)、数据库、、C++对象模型、 设计模式、算法(《剑指offer》、leetcode、lintcode、hihocoder、《王道程序员求职宝典》)、面试题、嵌入式相关等
- gnuradio - GNU Radio – the Free and Open Software Radio Ecosystem
- ShellcodeCompiler - Shellcode Compiler
- SuperDllHijack - SuperDllHijack:A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
- dumpDex - 💯一款Android脱壳工具,需要xposed支持, 易开发已集成该项目:
- SimpleRemoter - 基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。此项目初版见:https://github.com/zibility/Remote
- PCShare - PCShare是一款强大的远程控制软件,可以监视目标机器屏幕、注册表、文件系统等。
- fatcat - FAT filesystems explore, extract, repair, and forensic tool
- DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
- tinyfecVPN - A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
- UDPspeeder - A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction,for All Traffics(TCP/UDP/ICMP)
- extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
- HElib - HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations for efficient homomorphic evaluation, focusing on effective use of ciphertext packing techniques and on the Gentry-Halevi-Smart optimizations.
- CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit
- RpcView - RpcView is a free tool to explore and decompile Microsoft RPC interfaces
-
Dockerfile (37)
- docker-nps
- Awesome-TTRSS - 🐋 Awesome TTRSS, a powerful Dockerised all-in-one RSS solution.
- lnmp - :computer: :whale: :elephant: :dolphin: :penguin: :rocket: Start Docker LNMP(LEMP) In less than 2 minutes Powered by Docker Compose. 让 PHP 开发者快速(一键)搭建基于容器技术(Docker、Kubernetes)的开发、测试、生产(CI/CD by Drone)环境.
- Damn-Vulnerable-WooCommerce-Plugins - This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities.
- bento - Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.
- docker-kunlun-mirror - 昆仑镜docker镜像
- Pentest-In-Docker - Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
- Openresty-WAF - Openresty with WAF installed
- docker-sbt - Dockerfile for sbt (Scala build tool)
- docker-php-workspace - PHP development environment for Docker
- dockerized_fuzzing - Run fuzzing experiments in Docker
- bheu19-attacking-cloud-builds - Slides, Cheatsheet and Resources from our Blackhat EU talk
- BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or setup with Docker.
- crossbuild - :earth_africa: multiarch cross compiling environments
- hacker-container - Container with all the list of useful tools/commands while hacking Kubernetes Clusters
- Docker-OSX - Mac in Docker! Run near native OSX-KVM in Docker! X11 Forwarding!
- CVE-2020-9484
- drozer-docker - Drozer (2.4.4) docker container
- awesome-threat-modelling - A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
- pentesting-dockerfiles - Pentesting/Bugbounty Dockerfiles.
- docker-inurlbr - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. http://blog.inurl.com.br
- docker-mara-framework - Unofficial Docker image for MARA Framework
- ctf_xinetd - A docker repository for deploying pwnable challenges in CTF
- docker-pxe - A virtualized implementation of PXE supported by DNSMasq
- laradock - Full PHP development environment for Docker.
- rapidscan-docker - Docker image of rapidscan
- CVE-2019-6467 - CVE-2019-6467 (BIND nxdomain-redirect)
- docker-shadowsocks-with-simple-obfs - shadowsocks-libev with simple-obfs
- docker-transmission
- rtorrent-rutorrent - Docker container with supervisor/rtorrent/nginx/ruTorrent 64/32 bit
- docker-vulnerability-environment - Use the docker to build a vulnerability environment
- Dockertools - Some tools based on docker
- kms-server - a docker image for kms
- docker-hacklab - My personal hacklab, create your own.
- vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
- openvas-docker - A Docker container for Openvas
-
F# (2)
- RedTeamFSharp - Red Team Toolset written in F# (Experimental)
- Fetters - Port of Seatbelt in F#
-
JavaScript (485)
- crackFile - Encrypt binary - Decrypt binary
- gitbook-pdf - PDF Generator for GitBook
- PtestMethod - My knowledge database
- RealWorldPwn - vulns I found or I collect
- awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
- BTPanel-DIY-Template - BTPanel-DIY-Template
- wappalyzer - Identify technology on websites.
- Thief-Book - 一款真正的跨平台摸鱼神器
- awesome-selfhosted - A list of Free Software network services and web applications which can be hosted locally. Selfhosting is the process of hosting and managing applications instead of renting from Software-as-a-Service providers
- evilwaf - Web Application Firewall (WAF) Detection Tool
- calc4b-zh - :book: [译] MIT 18.03 面向初学者的微积分
- boot-chat - :bookmark: 基于SpringBoot + WebSocket的在线聊天系统,实现单窗口消息推送、群消息推送、上线提醒、Redis会话消息储存
- MCSManager - 轻量级,开箱即用,多实例和支持 Docker 的 Minecraft 服务端管理面板
- Kiddy - 被动式扫描器
- tool - 开发效率提升:Mac生产力工具链推荐
- ChromeAppHeroes - 🌈谷粒-Chrome插件英雄榜, 为优秀的Chrome插件写一本中文说明书, 让Chrome插件英雄们造福人类~ ChromePluginHeroes, Write a Chinese manual for the excellent Chrome plugin, let the Chrome plugin heroes benefit the human~ 公众号「0加1」同步更新
- PoCBox - PoCBox - 赏金猎人的脆弱性测试辅助平台(破300star写重构版本,400star免费线上版本开放【在线食用地址:由于经常被DDOS导致服务器资源恶意被占用 费用过大决定关闭服务 】,1000star开源重构全新版本!)
- zdir - 使用PHP开发的目录索引系统
- docker-labs - Docker在线实验室
- cerebro-codelf - ⭐️ 给变量起名的事情上,为你生命省 3s (Save 3 seconds of your life when naming things.)
- aliyun-oss-deploy - 🙈 一个 nodejs 命令行工具,用于部署静态资源到 aliyun oss,支持代码方式和 CLI 方式!
- blog - :open_book:基于Github API 的动态博客
- RSSHub - 🍰 Everything is RSSible
- Crash-Course-Computer-Science-Chinese - :computer: 计算机速成课 | Crash Course 字幕组 (全40集 2018-5-1 精校完成)
- win-powerup-exp-index - 🚄 火车上写的,现在已经基本不能用了
- awesome-blockchain-cn - 收集所有区块链(BlockChain)技术开发相关资料,包括Fabric和Ethereum开发资料
- electron-cn-docs - Electron中文文档! 精心翻译,完美排版,实时同步更新!, 最后同步:2017-05-23(个人比较忙,本项目已经不再维护了)
- ClearScript.Manager - Use tern.js in .netcontext 重构原有代码,require dll js等功能
- ieaseMusic - 网易云音乐第三方
- gaari-rss - gaari-rss is a twitter bot with rss feeds. 二次元Twitter新闻机器人
- Rss2Weibo - 将 rss 流同步到 微博. 如 twitter facebook 等
- Flarum - Flarum - 优雅自由的 PHP 轻社区
- Electorrent - A remote control client for µTorrent, qBittorrent, rTorrent, Transmission, Synology & Deluge
- Dply-Autobuild-Server - Dply.co自动创建服务器
- wtfjs - 🤪 A list of funny and tricky JavaScript examples
- hexo-theme-indigo - 这个只是我修改的别人的,大家fork去原项目啊
- WeiboImageReverse - Chrome 插件,反查微博图片po主
- tale - 🦄 Best beautiful java blog, worth a try
- iblog - 基于Gracejs及github issues的全功能博客方案,参考:
- squidproxy - squid 技術部署、客戶端(原創)提供
- SRCMS - SRCMS企业应急响应与缺陷管理系统
- tech-interview-handbook - 💯 Materials to help you rock your next coding interview
- git-visualizer - 👁🗨:octocat:Visualizes directory structure of GitHub repos
- debugger-protocol-viewer - DevTools Protocol API docs—its domains, methods, and events
- hexo-admin-qiniu - 根据[email protected]进行修改,添加粘贴图片上传至七牛
- How-To-Ask-Questions-The-Smart-Way - 本文原文由知名 Hacker Eric S. Raymond 所撰寫,教你如何正確的提出技術問題並獲得你滿意的答案。
- lib-qqwry - 用NodeJS解析纯真IP库(QQwry.dat) 支持IP段查询
- calibration-box - 图片标定:一个 Fabric 的小插件,可用于标定图片中车辆、人、交通灯标识、区域等。
- stargazed - 📋 Creating your own Awesome List of GitHub stars!
- BlueSea - BlueSea,一个有趣的英语学习扩展,支持划词翻译、单词高亮、单词弹幕、记忆曲线复习、词频统计...
- FridaHook - 记录学习Frida Hook时的知识点和小脚本
- OkHttpLogger-Frida - Frida 实现拦截okhttp的脚本
- Doge-XSS-Phishing - xss钓鱼,cna插件配合php后端收杆
- avList - avList - 杀软进程对应杀软名称
- MrDoc - MrDoc是基于Python开发的在线文档系统,支持 Markdown 和所见即所得的富文本编辑,适合作为个人和小型团队的文档、笔记、知识管理工具。a online document system developed based on python. It is suitable for individuals and small teams to manage documents, knowledge and notes.
- kuboard-press - Kuboard 是基于 Kubernetes 的微服务管理界面。同时提供 Kubernetes 免费中文教程,入门教程,最新版本的 Kubernetes v1.20 安装手册,(k8s install) 在线答疑,持续更新。
- wechat_history_export - 从 PC 端 (Windows) 不那么狼狈的阅读或导出微信公众号的历史文章
- easy-monitor - 企业级 Node.js 应用性能监控与线上故障定位解决方案
- BlogHelper - 帮助国内用户写作的托盘助手,一键发布本地文章到主流博客平台(知乎、简书、博客园、CSDN、SegmentFault、掘金、开源中国),剪贴板图片一键上传至图床(新浪、Github、图壳、腾讯云、阿里云、又拍云、七牛云)
- logonTracer - Windows系统安全登录日志分析工具logonTracer汉化修正版
- stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
- RMS-Runtime-Mobile-Security - Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
- CrawlerVuln - 一个NodeJS实现的漏扫动态爬虫
- gdb-frontend - ☕ GDBFrontend is an easy, flexible and extensionable gui debugger.
- tram - Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
- JavaCodeAudit - Getting started with java code auditing 代码审计入门的小项目
- evil-huawei - Evil Huawei - 华为作过的恶
- XSS-Scanner - XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts
- update-check - Minimalistic update notifications for command line interfaces
- cabot - Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty
- social-analyzer - API and Web App for analyzing & finding a person profile across 300+ social media websites (Detections are updated regularly)
- fridroid-unpacker - Defeat Java packers via Frida instrumentation
- juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
- Frida-Mobile-Scripts - Collection of useful FRIDA Mobile Scripts
- element3 - A Vue.js 3.0 UI Toolkit for Web.
- untrusted-types
- necrobrowser - necromantic session control
- bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
- diodb - Open-source vulnerability disclosure and bug bounty program database.
- arc-electron - Advanced REST Client - Desktop application
- VSCodeXssEncode - Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.
- nali-cli - :anchor: Parse geoinfo of IP Address without leaving your terminal
- jsmind - Javascript version of mind mapping
- my-mind - Online Mindmapping Software
- Fuzzing-Survey - The Art, Science, and Engineering of Fuzzing: A Survey
- cpsfy - 🚀 Tiny goodies for Continuation-Passing-Style functions, fully tested
- webscan - Browser-based network scanner & local-IP detection
- lecture-experience - :books: Liteboard.io - A lightweight browser-based lecturing platform using WebRTC :pencil2:
- bug-bounty-tools - Collection of HTTP scanners and fuzzers.
- LemonBooster-v2 - Reestructured LemonBooster.
- github-readme-stats - :zap: Dynamically generated stats for your github readmes
- trilium - Build your personal knowledge base with Trilium Notes
- pwndoc - Pentest Report Generator
- PPScan - Client Side Prototype Pollution Scanner
- API-Monitoring - Monitoring Subdomains, improve your recon.
- anti-honeypot - 一款可以检测WEB蜜罐并阻断请求的Chrome插件,能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api
- CrackMinApp - (反编译微信小程序)一键获取微信小程序源码(傻瓜式操作), 使用了C#加nodejs制作
- safe-regex - Detect possibly catastrophic, exponential-time regular expressions
- pdf-to-markdown - A PDF to Markdown converter
- cf-warp
- app-store-scraper - scrape data from the itunes app store
- xss-flash-fishing
- fridaMemoryAccessTrace
- darkshot - Lightshot scraper on steroids with OCR.
- njsscan - njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
- owasp-threat-dragon - An open source, online threat modelling tool from OWASP
- XSS-Catcher - Find blind XSS but why not gather data while you're at it.
- swift-frida - Frida library for interacting with Swift programs.
- netflix-1080p - Chrome extension to play Netflix in 1080p and 5.1
- r2con2020_r2frida - This repository houses the materials, slides and exercises from the r2con 2020 walkthrough sessions.
- content-farm-terminator - 「終結內容農場」瀏覽器套件 / Content Farm Terminator browser extension
- markdown-nice - 支持主题设计的 Markdown 编辑器,让排版变 Nice
- frider - Dump unpacked dex, trace/intercept Java/native function. Frida + adb + React +Django
- about-anti-honeypot - 关于蜜罐的一些微小的统计工作
- chinese-independent-blogs - 中文独立博客列表
- OS13k - A Fantasy OS and Tiny Game Engine
- anti-honeypot - 一款可以检测WEB蜜罐并阻断请求的Chrome插件
- PersistentJXA - Collection of macOS persistence methods and miscellaneous tools in JXA
- CVE-2020-6519
- AntiHoneypot-Chrome-simple - Chrome 蜜罐检测插件
- docker-training-psweb - docker-training-psweb
- node-red - Low-code programming for event-driven applications
- sensinfor - A chrome extension use to find leak file and backup file.
- ast-scope - A JavaScript AST scope analyzer
- cwe-sdk - A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
- singularity - A DNS rebinding attack framework.
- mp-unpack - 基于electron-vue开发的跨平台微信小程序自助解包(反编译)客户端
- Awesome-Profile-README-templates - A collection of awesome readme templates to display on your profile
- extract-relative-url-heapsnapshot - Extract relative urls from a heap snapshot
- broken-link-checker - Find broken links, missing images, etc within your HTML.
- XposedFridaBridge - A frida script implement XposedBridge & load xposed modules, without installing xposed framwork.
- Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
- Swagger-EZ - A tool geared towards pentesting APIs using OpenAPI definitions.
- behave - Behave! A monitoring browser extension for pages acting as "bad boi"
- pwndrop - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
- js-spark-md5 - Lightning fast normal and incremental md5 for javascript
- semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- assetnote - Push notifications for passive DNS data
- repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets. :mag:
- vanscan
- doraemon - Doraemon is a Prometheus based monitor system
- simple-middleman - Simple NodeJS server meant to handle logged url information (like with chromer).
- gDork - A Mozilla Firefox extension which allows quick access to your google-dorking result
- dnsFookup - DNS rebinding toolkit
- PwnFox - PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
- noia - [WIP] Simple mobile applications sandbox file browser tool. Powered by [frida.re](https://www.frida.re).
- friposed - Write java hook with frida
- dredd - Language-agnostic HTTP API Testing Tool
- SwiftnessX - A cross-platform note-taking & target-tracking app for penetration testers.
- fridacov - JS modules for Frida based tools to add code coverage to your instrumentation scripts.
- bagbak - Yet another frida based iOS dumpdecrypted, supports decrypting app extensions and no SSH required
- Shuffle - Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.
- reveal.js - The HTML Presentation Framework
- XServer - A Xposed Module for Android Penetration Test, with NanoHttpd.
- frida_hook_libart - Frida hook jni some functions
- frida_dump - frida dump dex, frida dump so
- CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
- shhgit - Ah shhgit! Find GitHub secrets in real time
- OSINT-JUMP - 开源情报收集 导航及快速跳转的油候脚本
- tad - A desktop application for viewing and analyzing tabular data
- XXRF-Shots - XXRF Shots - Useful for testing SSRF vulnerability
- transformations
- CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
- postMessage-logger - Simple "postMessage logger" Chrome extension
- postMessage-tracker - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
- github-search - Tools to perform basic search on GitHub.
- should-i-trust - OSINT tool to evaluate the trustworthiness of a company
- githubFind3r
- pulsar - Network footprint scanner platform. Discover domains and run your custom checks periodically.
- Crown - Based on SpringBoot2, Crown builds a rapidly developed web application scaffolding.
- frida-tsplugin - typescript autocomplete plugin for frida's java warpper
- multi-juicer - Run Capture the Flags and Security Trainings with OWASP Juice Shop
- opencti - Open Cyber Threat Intelligence Platform
- ClicliPure - :snowman: CliCli Whrite. clicli 纯白
- fuck-debugger-extensions - javascript anti-anti debugging
- KubeInvaders - Chaos Engineering Tool for Kubernetes and Openshift
- weaponised-XSS-payloads - XSS payloads designed to turn alert(1) into P1
- domdig - DOM XSS scanner for Single Page Applications
- Frida-Hook-Android - Android平台的Frida Hook工程; Android platform frida hook project
- DockerSecurityPlayground - A Microservices-based framework for the study of Network Security and Penetration Test techniques
- squatm3gator - Squatm3gator is a complete web solution based on the python tool squatm3, designed to enumerate available domains generated modifying the original domain name through different cybersquatting techniques
- DVHMA - Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
- Awesome-Design-Tools - The best design tools and plugins for everything 👉
- InfoScraper - 一个基于Electron的自动化Web资产探测工具,用于渗透前期的信息搜集工作
- frida-fuzzer - This experimetal fuzzer is meant to be used for API in-memory fuzzing.
- r2frida - Radare2 and Frida better together.
- powerauth-admin - PowerAuth Admin - Admin console for PowerAuth Server
- mobile-security - FeedHenry Mobile Security
- dexcalibur - [Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
- frida-snippets - Hand-crafted Frida examples
- StaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
- appmon - Documentation:
- vegvisir - A browser based GUI for **LLDB** Debugger.
- idascripts - Some IDA Python scripts for auto-analysis and a Hive-plot visualizer.
- anim - Quick JS program for creating animations
- Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
- web-ui - Casbin Official Web UI, for Casbin & Casbin-Server
- seccubus - Easy automated vulnerability scanning, reporting and analysis
- Adhrit - Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
- massc - Subdomain Scanner Tools with word-lists
- SecurityPaper-web - Security Paper
- howtodoinjava-zh - :book: [译] HowToDoInJava 中文系列教程
- frida-ios-dump - pull decrypted ipa from jailbreak device
- aws-serverless-security-workshop - In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.
- pdfTranslator - 一个具有划词翻译功能的跨平台pdf阅读器,用着挺好用开源一下造福众科研人员,欢迎star
- aws-fullstack-website - Deploy your fullstack websites without all the hassle on AWS with CloudFront, S3, ACM, Route53, API Gateway and Lambda via Serverless.
- codelf - A search tool helps dev to solve the naming things problem.
- iptv - Collection of 5000+ publicly available IPTV channels from all over the world
- Quella - Quella是基于SSM+shiro+redis开发的后台脚手架,集成了一些后台通用功能,并集成了一些常用的第三方服务。
- layuimini - 后台admin前端模板,基于 layui 编写的最简洁、易用的后台框架模板。只需提供一个接口就直接初始化整个框架,无需复杂操作。
- magnetW - 磁力链接聚合搜索
- huobi-robot - 火币合约自动交易机器人
- to-be-slack - !!!【接口已停,没有数据】今日热榜,摸鱼神器。支持全平台:Web、PC、Mobile 及 Chrome 插件。
- xray-poc-generation - 🧬 辅助生成 XRay YAML POC
- duct - Essential tool for finding blind injection attacks.
- CoCoMusic - a simple music player built by electron and vue
- webug4.0 - webug4.0
- tget - tget is wget for torrents
- steam-key - Online activation tool for Steam.
- itranswarp - Full-featured CMS including blog, wiki, discussion, etc. powered by SpringBoot.
- showdown - A bidirectional Markdown to HTML to Markdown converter written in Javascript
- confluence-export - Export document from confluence with nice style
- UnblockNeteaseMusic - Revive unavailable songs for Netease Cloud Music
- vsc-netease-music - UNOFFICIAL Netease Music extension for Visual Studio Code
- reflv - react component wrap flv.js
- Security-Baseline - Linux安全基线扫描、报告生成与自动修复程序
- AwesomeXSS - Awesome XSS stuff
- bilibili-helper-o - 哔哩哔哩 (bilibili.com) 辅助工具,可以替换播放器、推送通知并进行一些快捷操作
- Motrix - A full-featured download manager.
- lysec - 一个基于docker的安全培训系统
- d2-admin - An elegant dashboard
- Empire-GUI - Empire client application
- cbdyzj.github.io - jianzhao.org
- blog-html-to-pdf - [Fun] A sample program to convert blog website to merged pdf.
- v-region - A simple region cascade selector, provide 4 levels Chinese administrative division data
- edex-ui - A cross-platform, customizable science fiction terminal emulator with advanced monitoring & touchscreen support.
- pdf-sync - PDF Reader in JavaScript with Sync
- bookmarks-2-markdown - A Chrome extension for exporting bookmarks as markdown
- DisqusJS - :speech_balloon: Render Disqus comments in Mainland China using Disqus API
- bookmark2md - Convert chrome bookmarks to md files and push them to GitHub repository.
- gosuv - Deprecated!!! Process managerment writtern by golang, inspired by python-supervisor
- hexo-node-admin - A Hexo management tool with responsive UI designed to make it easier for you to compose.
- GenShell - AntSword Generate Shell Plugin
- filepizza - :pizza: Peer-to-peer file transfers in your browser
- font-spider - Smart webfont compression and format conversion tool
- Office-Document-Converter - Office Document Convertor (ODC) is an online convertor for office document which runs as a web service. Its aim is to provide the facility of converting almost all office documents into image which make office documents viewable even without any office suite software installed on your machines.
- SQLInjectionWiki - 一个专注于聚合和记录各种SQL注入方法的wiki
- A_Scan_Framework - Network Security Vulnerability Manage
- cve.wang - bug公开平台
- WebGoat - WebGoat is a deliberately insecure application
- electronic-wechat - :speech_balloon: A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.
- FileChangeMonitor - Continuous monitoring for JavaScript files
- github-blog - blog base on Vue.js and Github API
- Photon - A lightweight multi-threaded downloader based on aria2.
- salvia - A minimum-building static blog framework.
- Memory - A theme for wordpress.
- cfg-explorer - CFG explorer for binaries
- FireShodanMap - FireShodanMap is a Realtime map that integrates Firebase, Google Maps and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime.
- sdeploy-cli - A light development tool using SCP,SFTP and RSync
- forsaken-mail - a self-hosted disposable mail service
- forsaken-mail - a self-hosted disposable mail service
- RunningCheese-Firefox - A Graceful and Powerful Customized Firefox
- Camtd - Chrome multi-threaded download manager extension,based on Aria2 and AriaNg. Chrome多线程下载扩展。
- font_compare - Programming font comparison
- Sarasa-Gothic - Sarasa Gothic / 更纱黑体 / 更紗黑體 / 更紗ゴシック / 사라사 고딕
- DeerResume - MarkDown在线简历工具,可在线预览、编辑和生成PDF。[此项目已不再维护,建议使用 cv.ftqq.com 替代 ]
- marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
- userguide - Ubuntu 吧用户指南
- AWVS11.X-Chinese-Version - AWVS11.X汉化包|AWVS11.X-Chinese-Version
- sharelist - 快速分享 GoogleDrive OneDrive
- listen1_chrome_extension - one for all free music in china (chrome extension, also works for firefox)
- listen1_desktop - one for all free music in china (Windows, Mac, Linux desktop)
- KaTeX - Fast math typesetting for the web.
- insight - 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
- Yosoro - :shaved_ice:Beautiful Markdown NoteBook. 🏖
- scan_monitor - ip 域名 端口扫描 服务刺探 单机版
- PS4-5.01-WebKit-Exploit-PoC - PS4 5.01 WebKit Exploit PoC
- Surfingkeys - Map your keys for web surfing, expand your browser with javascript and keyboard.
- CIDR-in-Proxifier - :tea: A script for converting CIDRs list to configuration file segment of Proxifier.
- carbon - :black_heart: Create and share beautiful images of your source code
- reverse-shell - Reverse Shell as a Service
- rotonde-client - Rotonde Base Client
- rotonde-client - Rotonde Base Client
- SwitchHosts - Switch hosts quickly!
- HexoEditor - this markdown Editor for hexo blog
- cipm - standalone ci-oriented package installer for npm projects (moved)
- xmr-miner - Web-based Cryptocurrency miner, built with Vue.js
- blinksocks - A framework for building composable proxy protocol stack.
- tools - Some useful tools
- pm2 - Node.js Production Process Manager with a built-in Load Balancer.
- patchwork - A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB).
- wsproxy - A websocket proxy
- gh-feed - Generate RSS feed from GitHub Issues
- relationship - Chinese kinship system.中国亲戚关系计算器 - 家庭称谓/称呼计算/亲戚关系算法
- nba-go - 🏀 💻 The finest NBA CLI.
- dnstricker - A simple dns resolver of dns-record and web-record log server for pentesting
- Hexo-Theme-Life - Hexo Theme
- beaker - Rotonde client with user account combined(deprecated)
- ServerStockCheck - 库存检查工具
- seedbox-from-scratch - Creating a seedbox on a Linux server
- rain - http://rain.mengsky.net
- webtorrent-element - WebTorrent HTML element.
- seedbox-from-scratch - Creating a seedbox on a Linux server
- RatXaBox - Auto installation de ruTorrent avec rTorrent. Version "Seedbox-Manager Workflow"
- mrseedbox - [unmaintained] A Containerized Seedbox with Embedded Media Player
- Rtorrent-LXC - A Docker container with Rtorrent + Rutorrent.
- cqc - Code Quality Checker - Check your code quality by running one command.
- TeleShellBot - A simple Telegram Bot to run shell commands remotely
- awesome-cn-cafe - A curated list of awesome coffee places in China.
- reblog - A blog system using GitHub Issues, powered by React + Redux.
- js-ipfs - IPFS implementation in JavaScript
- SiteScan - A tool help get the basic information of one site
- noVNC - VNC client web application
- hugo-rapid-theme - A hugo theme as
- rssify - Convert anything to rss feed
- gitalk - Gitalk is a modern comment component based on Github Issue and Preact.
- gtop - System monitoring dashboard for terminal
- gattacker - A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks
- Cube - A cross-platform web music player in nw.js
- v2ray-config-gen - V2Ray Configuration generator
- CMS-of-Blog - deprecated
- star-history - The missing star history graph of github repos
- Google-IPs - :us: Google 全球 IP 地址库
- apparatus - A graphical security analysis tool for IoT networks
- twister-webkit - webkit package for twister
- cryptpad - The Encrypted Collaboration Suite
- cryptpad - Unity is Strength - Collaboration is Key - CryptPad is the zero knowledge realtime collaborative editor.
- elasticsearch-rtf - elasticsearch中文发行版,针对中文集成了相关插件,方便新手学习测试.
- squid-with-net-speeder - SQUID Proxy with net speed
- auth_proxy - A proxy + UI server for Contiv which handles authentication (local users/LDAP/AD) + authorization (RBAC)
- installer - Anarchy Linux - A simple and intuitive Arch Linux installer. https://anarchyinstaller.org/
- openwebrx - Open source, multi-user SDR receiver software with a web interface
- gateway - WebThings Gateway
- beaker - An experimental peer-to-peer Web browser
- borgweb - Web UI for Borg Backup
- hound - Lightning fast code searching made easy
- twister-react - proxy-based Twister client written with react-js
- anyproxy - A fully configurable http/https proxy in NodeJS
- NooBoss - NooBoss is an extension that handles your extensions like a boss!
- link-hijacker - Hijack clicks on and within links, probably for client-side routing
- xssor2 - XSS'OR - Hack with JavaScript.
- XSS-Radar
- securelogin - This version won't be maintained!
- browser-autofill-phishing - A simple demo of phishing by abusing the browser autofill feature
- eme - Elegant Markdown Editor.
- GeistMap - An experimental personal knowledge base with a focus on connections
- wssip - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
- platformio-atom-ide - PlatformIO IDE for Atom: The next generation integrated development environment for IoT
- node.bittrex.api - No longer maintained
- Clustered-Single-Value-Map-Visualization - Splunk Custom Visualization
- truffle - A tool for developing smart contracts. Crafted with the finest cacaos.
- DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
- git-unsaved - :mag_right: Scan your projects directory for dirty git repositories.
- mostly-adequate-guide-chinese - 函数式编程指北中文版
- sdu-mirror-website - 山大镜像站首页
- LinkedServerPwdDumper - SqlServer Linked Password Dumper.
- tinytime - ⏰ A straightforward date and time formatter in <1kb
- pcap-analyzer - online pcap forensic
- DomainFuzz - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
- Formstone - Library of modular front end components.
- codemirror-anywhere - [Greasemonkey] Use CodeMirror editor instead of textarea in anywhere
- frida-java-bridge - Java runtime interop from Frida
- gitment - A comment system based on GitHub Issues.
- xpath_tester - Demo
- APlayer - :lollipop: Wow, such a beautiful HTML5 music player
- wheels - 笨办法造轮子
- faraday - Collaborative Penetration Test and Vulnerability Management Platform
- h2gb-ui
- My_CTF_Challenges - :fire::sunny:
- leanote - Not Just A Notepad! (golang + mongodb) http://leanote.org
- OSINT-Framework - OSINT Framework
- wooyun-node - wooyun.org
- portainer - Making Docker and Kubernetes management easy.
- ui-for-docker - A web interface for Docker, formerly known as DockerUI. This repo is not maintained
- electron-anyproxy - 📢 A http/https proxy client, using to analyze and mock.
- magic-mirror-demo - A :zap:Magic Mirror:zap: powered by a UWP Hosted Web App :rocket:
- webui-aria2 - The aim for this project is to create the worlds best and hottest interface to interact with aria2. Very simple to use, just download and open index.html in any web browser.
- web-scraper-chrome-extension - Web data extraction tool implemented as chrome extension
- tcp-over-websockets - Tunnel TCP through WebSockets.
- e2email - E2EMail is a simple Chrome application - a Gmail client that exchanges OpenPGP mail.
- TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
- JianshuSpider - Use Node.js,HighChart,BootStrap,Mongo,Cucumber with Gulp to scrapy information from Jianshu.
- keeweb - Free cross-platform password manager compatible with KeePass
- PiBox - PiBox is a web control Interface written to control Embedded Board(Raspberry Pi).
- How-To-Ask-Questions-The-Smart-Way - Any update requests plz redirect to original --->
- WeFlow - A web developer workflow tool by WeChat team based on tmt-workflow, with cross-platform supported and environment ready.
- atrament.js - A small JS library for beautiful drawing and handwriting on the HTML Canvas.
- vue-hackernews-2.0 - HackerNews clone built with Vue 2.0, vue-router & vuex, with server-side rendering
- 500lines - 500 Lines or Less
- Scrippy - Scrippy is a browser extension that holds sql statements (think clip board) to aid devlopers in the testing of websites for basic code injections.
- xsshunter - The XSS Hunter service - a portable version of XSSHunter.com
- xss-scanner - Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.
- xsser - xss监控(xss monitor)
- back_manager - Paladin是啥? 它是一个以JFinal为底层的java基础后台框架。 结合了以下第三方组件: Beetl、Druid、Shiro、Ehcache(JFinal自带有工具类)。 界面使用的拼图的后台模板,自己做了些优化和更改。 最初目的:为了学习jfinal,通过一点点的摸索,把它建立起来了。 最终理想:形成一个工作中比较通用的基础后台框架。 适用人群 刚入门JFinal的同学,可以拿过去做个参考 各种大牛,看过、路过,给点指导,求虐求喷 部署方式 1、还原数据库文件;在app.properties中修改数据库配置 2、项目导入Eclipse,按照JFinal手册中的方式配置Java Applcation,使用jetty启动项目。 3、默认账号/密码:superadmin/asdasd 交流 QQ群:240452848 欢迎大家前来交流,给予宝贵的建议。 希望能在社区的力量下(高人指点、建议;喷子鄙视、虐待)下,逐步完善,让众人受益。 现在项目的难度还不是很高,功能、操作、代码都还有很大的提升空间。 所以有兴趣的兄弟,可以多多提交Pull Requests。 同一个功能,同一个操作,每个人都有自己的解决方案;可以拿出来聊一聊,比一比,哪种更加科学、实用。 就当是一场游戏,大家一起打怪,各路神仙,各显神通。让我们一起享受其中的乐趣吧_^ 目前初步已经完成的功能,很多还需要完善、改进 基础功能 登陆、注销 访问页面时,更具ActionKey获取WildcardPermission并进行权限判断 开始 欢迎使用 个人资料 修改密码 系统 系统设置 组织机构 用户管理 角色管理 资源管理 导航管理 开发 模型代码模板预览 控制器代码模板预览 视图代码模板预览 为啥要叫它Paladin? Paladin翻译过来貌似是游侠、圣骑士的意思。感觉这个名字挺酷的,所以它就叫这个吧。
- SailsAdmin - 利用nodejs sails框架搭建的权限管理系统和数据可视化界面的B/S
- DataVistual - 数字校园项目-大数据可视化平台
- log-date-view - 日志数据可视化
- csv2dv - 将csv数据转换成可视化所需的数据格式
- lagou-spider-data-handle - 拉勾数据处理,echarts数据可视化
- medlog - 数据可视化系统,持续迭代,包括前端采集+数据设计+大数据存储+可视化展示几个大块
- data-visualization - 数据可视化
- Compiler - 哈工大编译原理实验,使用node语言,实现了基于状态转换机制的词法分析器,以及自顶而下分析的语法分析器,gui基于electron&angular制作,数据可视化使用的是d3.js。
- ascii-art - A Node.js library for ansi codes, figlet fonts, ascii art and other ASCII graphics
- Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
- nodejs-nedb-excel - 基于nodejs+webpack,以nosql轻量级嵌入式数据库nedb作为存储,页面渲染采用react+redux,样式框架为ant design,实现了excel表格上传导出以及可视化
- baidu-netdisk-downloaderx - ⚡️ 一款图形界面的百度网盘不限速下载器,支持 Windows、Linux 和 Mac。
- baidu-netdisk-downloaderx - ⚡️ 一款图形界面的百度网盘不限速下载器,支持 Windows、Linux 和 Mac。已于 2020 年 4 月 15 日正式停用,源码仅用于程序员交流学习,细节请查看:关于停用 BND 的说明 https://ld246.com/article/1586956316578
- VRouter - 一个基于 VirtualBox 和 openwrt 构建的项目, 旨在实现 macOS / Windows 平台的透明代理.
- front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
- The-FlowingData-Guide - 自己整理的《鲜活的数据——数据可视化指南》一书的笔记,还有自己根据书中的讲解,整理出的各章代码。
- permeate - 一个用于渗透透测试演练的WEB系统,用于提升寻找网站能力,也可以用于web安全教学
- QB - QuickBox is much more than a ‘seedbox installer script’, it is a simplistic approach to achieving easy seedbox and services management from a beautifully designed dashboard. Allowing users the ability to interact with their seedbox and server on a professional grade level.
- oss-browser - OSS Browser 提供类似windows资源管理器功能。用户可以很方便的浏览文件,上传下载文件,支持断点续传等。
- multiple-host - 虚拟host解决方案,轻松实现两套host环境
- showdoc - ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API文档、技术文档工具
- find-subdomains - Abusing Certificate Transparency logs for getting HTTPS websites subdomains. (通过 HTTPS 证书透明日志,以 **非字典爆破** 的方式获取网站子域名。)
- github-hans - [废弃] {官方中文马上就来了} GitHub 汉化插件,GitHub 中文化界面。 (GitHub Translation To Chinese)
- chinese-poetry - The most comprehensive database of Chinese poetry 🧶最全中华古诗词数据库, 唐宋两朝近一万四千古诗人, 接近5.5万首唐诗加26万宋诗. 两宋时期1564位词人,21050首词。
- mp-unpack - 基于electron-vue开发的跨平台微信小程序自助解包(反编译)客户端
- yapi - YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台
- BugBountyTips - 记录一些国外漏洞赏金猎人的挖洞技巧和一些有意思的东西
- metersphere - MeterSphere 是一站式开源持续测试平台,涵盖测试跟踪、接口测试、性能测试、团队协作等功能,全面兼容 JMeter、Postman 等开源、主流标准。
- zigbee2mqtt - Zigbee 🐝 to MQTT bridge 🌉, get rid of your proprietary Zigbee bridges 🔨
- wxappUnpacker - 小程序反编译(支持分包)
- spy-debugger - 微信调试,各种WebView样式调试、手机浏览器的页面真机调试。便捷的远程调试手机页面、抓包工具,支持:HTTP/HTTPS,无需USB连接设备。
- xss-demo - 👮🏻♂️ xss 攻防靶场,issues 有答案
- sosrp - SOSRP Security 安全平台
- spug - 开源运维平台:面向中小型企业设计的轻量级无Agent的自动化运维平台,整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
- awesome-vscode - 🎨 A curated list of delightful VS Code packages and resources.
- Luckysheet - Luckysheet is an online spreadsheet like excel that is powerful, simple to configure, and completely open source.
- solr-sgk - 大数据社工裤 demo
- SResume - 一个简洁的网页简历生成器
- squid-PAC - 利用国外VPS搭建多协议代理服务,squid PAC代理服务器,25端口翻墙 ....墙已加高,https网站已失效,普通站点仍可代理..建议使用ssr替代
- rxeditor - HTML Visual Editor, based in Bootstrap. 基于Bootstrap实现的,HTML可视化编辑工具。
- GenPass - 用Vue.js给健忘的女票写的在线密码生成器。
- weapp-ide-crack - 【应用号】IDE + 破解 + Demo
- tesseract.js - Pure Javascript OCR for more than 100 Languages 📖🎉🖥
- note - 萌音云笔记 - 一个高效的在线云笔记、专注技术文档在线创作、阅读、分享和托管
- vue-sui-demo - 用vue 和 SUI-Mobile 写了一个移动端demo,用来反馈学习vue的成果(禁用了SUI自带的路由,使用vue-router, vue-resource, webpack)[a web app written by vue & sui-mobile]
- JR-scan - 利用python3写的综合扫描工具,可“一键”实现基本信息收集(端口、敏感目录、WAF、服务、操作系统、子域名),支持POC扫描(可自行添加POC,操作简单),支持利用AWVS探测(需使用API接口),未来争取实现xray联动。
- cloudbase-framework - ☁️ 云开发 🚀 云原生一体化部署工具 🏆 CloudBase Framework🏆 一键部署,不限框架语言,云端一体化开发,基于Serverless 架构。A front-end and back-end integrated deployment tool 🔥 One-click deploy to serverless architecture. https://docs.cloudbase.net/framework
- Life-Time-Tracker - 个人时间跟踪,可视化个人活动数据,管理个人生活,利用过去来指导未来,基于柳比歇夫的统计方法
- wechat-format - 微信公众号排版编辑器,转换 Markdown 到微信特制的 HTML
- as_plugin_godofhacker - 黑客神器,谁用谁知道!
- starrtc-edu-demo - web版本在线教育与白板演示示例,更多示例请参见:
- linux_rat - LINUX集群控制(LINUX反弹式远控) LINUX反向链接运维 BY:QQ:879301117
- html5-dash-hls-rtmp - :sunflower: HTML5播放器、M3U8直播/点播、RTMP直播、低延迟、推流/播流地址鉴权
- LiveRoomDemo_Client - 自己动手打造一个直播间(视频直播、聊天室、弹幕、多端适配)
- LiveRoomDemo_Server - 自己动手打造一个直播间(视频直播、聊天室、弹幕、多端适配)
- front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
- new-project-checklist - 🥳🥳🥳🥳 a checklist & tool for new project setup for developer. 新项目检查清单及其工具。
- GoogleHackingTool - 在线Google Hacking 小工具
- Github-Monitor - Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
- 33-js-concepts - :scroll: 每个 JavaScript 工程师都应懂的33个概念 @leonardomso
- webpack-demos - 📦 Demos && Courses for Webpack 4
- zresume - 程序员简历生成器(可导出静态页面、支持密码验证访问)
- taotao - IDEA版本淘淘商城
- amWiki - amWiki 是一款由 JS 开发、依赖 Atom 或 Nodejs-Npm 的 Markdown 轻量级前端化开源文库系统
- MKOnlineMusicPlayer - ⛔(停止维护)多源的在线音乐播放器,基于 Meting
- HackMyResume - Generate polished résumés and CVs in HTML, Markdown, LaTeX, MS Word, PDF, plain text, JSON, XML, YAML, smoke signal, and carrier pigeon.
- apachecn-algo-zh - ApacheCN 数据结构与算法译文集
- thal - 译文:Puppeteer 与 Chrome Headless —— 从入门到爬虫
- pxder - 🖼 Download illusts from pixiv.net P站插画批量下载器
- suo-blog - :fox_face:技术博客文章、笔记、实战、技术探讨、资源收集等等
- HackVault - A container repository for my public web hacks!
- Pcap_tools - 网络流量可配置嗅探,流量包解析,漏洞规则扫描,生成报告. ....搞网络安全这块,还凑合着用吧
- DVSA - a Damn Vulnerable Serverless Application
- Frida-Scripts - 一些frida脚本
- DroidSSLUnpinning - Android certificate pinning disable tools
- lxhToolHTTPDecrypt - Simple Android/iOS protocol analysis and utilization tool
- ant - 实时上线的 XSS 盲打平台
- CVE-2019-5786 - FileReader Exploit
- V2RayGeoKit
- WebRTC-Leak - Check if your VPN leaks your IP address via the WebRTC technology
- ThunderShell - Python / C# Unmanaged PowerShell based RAT
- KCon - KCon is a famous Hacker Con powered by Knownsec Team.
- GOSINT - The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
- WebshellManager - w8ay 一句话WEB端管理工具
- shadowsocks-over-websocket - 免费使用 Heroku 部署 shadowsocks
- awesome-mac - Now we have become very big, Different from the original idea. Collect premium software in various categories.
- weiboDataVis - 新浪微博数据可视化.
-
Others (1002)
- Security-and-Networking-eBooks-Collection
- cors-book - Cross-Origin Resource Sharing zh little book
- cnvd_database
- awesome-microservices - A curated list of Microservice Architecture related principles and technologies.
- awesome-docker - :whale: A curated list of Docker resources and projects
- awesome-incident-response - A curated list of tools for incident response
- megatools - Open-source command line tools for accessing Mega.co.nz cloud storage.
- awesome-linux - :penguin: A list of awesome projects and resources that make Linux even more awesome. :penguin:
- awesome-fuzzing - A curated list of awesome Fuzzing(or Fuzz Testing) for software security
- pentest-playbook - A collection of notes and resources that I have gathered during my journey in cybersecurity.
- Start-with-Bug-Bounty - This repository is continuously updated
- Dumps - Repository for my random scripts, notes and files ...
- OSCP-PWK-Notes-Public
- Cryptography - This project organizes the currently popular cryptographic information.
- Cas_Exploit - CAS反序列化漏洞利用工具
- awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
- AWVS-13-SCAN-PLUS - This is a companion software based on the Acunetix Web Vulnerability Scanner 13 (AWVS13) scanning engine.
- CVE-2020-1938 - CVE-2020-1938
- YourNextBugTip - Collection of Twitter Bug Bounty Tips and Tricks
- Scanner_Docker - Scanner Docker
- CrackMapExecWin - CrackMapExec v5.1.0 compiled for Windows
- Allin1gf - Gf pattern's all in one json Allin1gf
- awesome-leading-and-managing - Awesome List of resources on leading people and being a manager. Geared toward tech, but potentially useful to anyone.
- androidantivirus
- Weblogic-scan
- IDA-pro-7-for-Catalina-OSX-15
- awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
- it-ebooks-2019-03to12
- awesome-cpp - A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.
- btfm
- subdomain-bruteforce - a subdomain brute forcing tool for windows
- awesome-sdn - A awesome list about Software Defined Network (SDN)
- awesome-courses - :books: List of awesome university courses for learning Computer Science!
- awesome-indie - Resources for independent developers to make money
- cobaltstrike3.12_cracked - Cracked Cobaltstrike3.12 Trial Version
- cobalt_strike_3.12_patch - Cobalt Strike v3.12 patch
- Cobaltstrike-Trial
- Deeplink_Reverse_TCP - Get reverse connection using simple Metasploit reverse_tcp payload, Microsoft word and SettingContent-ms file
- Crack-Beyond-Compare-linux - crack beyond compare 4 on linux
- awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
- Biubiubiu - burp mac application version
- Hybrid-fonts - Monospaced fonts patched with Chinese characters and extra glyphs from Nerd Fonts
- CryptoPaper - Privacy, Security, and Anonymity For Every Internet User.
- github-cheat-sheet - A list of cool features of Git and GitHub.
- OSCP-Survival-Guide - Kali Linux Offensive Security Certified Professional Survival Exam Guide
- Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
- Blockchain-stuff - Blockchain and Crytocurrency Resources
- awesome-malware-analysis - Defund the Police.
- awesome-graphql - Awesome list of GraphQL & Relay
- awesome-funny-markov - A curated list of delightfully amusing and facetious Markov chain output.
- awesome-java - A curated list of awesome frameworks, libraries and software for the Java programming language.
- awesome-ruby - :gem: A collection of awesome Ruby libraries, tools, frameworks and software
- awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
- web-development-2021-course-list - A list of Udemy courses from Brad Traversy's Web Development 2021 video
- Mac - Mac系统、Mac软件的操作和使用技巧整理,正在不断完善中。努力做到最全。
- MyData - 相关资料存放,noval为阅读书源,pic为Github图床
- SecurityInterviewQuestions - 网络信息安全从业者面试指南(持续补充各公司招聘题目和侧重点)
- list-pentest-tools - A curated list of network penetration testing tools.
- 2018-BlackHat-Tools-List - 2018 BlackHat Tools List
- ubuntu_desktop_setup - Ubuntu桌面版系统安装和优化配置
- MDAT - MDAT - Multiple Database Attacking Tool
- MITM-cheatsheet - All MITM attacks in one place.
- Resources
- fofahelper - 一个fofa搜索辅助小工具/fofaGui
- Windows-Terminal-beautify - Windows Terminal美化教程
- phishing_kits - Exposing phishing kits seen from phishunt.io
- PenTestMethodology2020 - PenTest Methodology 2020
- awesome-opa - A curated list of OPA related tools, frameworks and articles
- diodata - Tools, data, and contact lists relevant to The disclose.io Project.
- Intranet_Penetration_CheetSheets - 做redteam时使用,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
- WAF-bypass
- burp-wildcard-plus - burp-wildcard 简单修改用以支持burp2020.11.2及后续的版本主题。
- passive-scan-client-plus - 基于passive-scan-client-0.1改造的burpsuite流量转发插件
- WebFuzzing - 自用字典,收集实战中遇到的奇特目录名、后门文件名等。不定期更新!
- Rainbow-Fart-MBG - 程序员要讲码德,耗子尾汁,好好反思!
- EHole - EHole(棱洞)-红队重点攻击系统指纹探测工具
- privacy - 个人数据泄漏检测网站,适用于近期流传的 40GB+ 数据。
- jetbrains-in-chinese - JetBrains 系列软件汉化包 关键字: Android Studio 3.5 汉化包 CLion 2019.3 汉化包 DataGrip 2019.3 汉化包 GoLand 2019.3 汉化包 IntelliJ IDEA 2019.3 汉化包 PhpStorm 2019.3 汉化包 PyCharm 2019.3 汉化包 Rider 2019.3 汉化包 RubyMine 2019.3 汉化包 WebStorm 2019.3 汉化包
- AESGFIC - 互联网企业安全高级指南读书笔记脑图 - http://www.mottoin.com/95816.html & http://www.mottoin.com/95828.html Author:hblf@MottoIN Team
- jasypt - jasypt Decrypt Encrypt
- english-wordlists - 常用英语词汇表
- PasswordDic - 2011-2019年Top100弱口令密码字典 Top1000密码字典 服务器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域名字典
- Taie-Bugbounty-killer - 挖掘国内外漏洞平台必备的自动化捡钱赏金技巧,看了并去做了捡钱如喝水。
- php_bug_wiki - 代码审计相关的一些知识
- Flink_RCE - Apache Flink Web Dashboard 未授权访问,上传恶意jar导致远程代码命令执行
- HackerMind - 渗透步骤,web安全,CTF,业务安全,人工智能,区块链安全,安全开发,无线安全,社会工程学,二进制安全,移动安全,红蓝对抗,运维安全,风控安全,linux安全
- BurpSuiteCn - Burp Suite 汉化 中文
- yjdirscan - 御剑目录扫描专业版,简单实用的命令行网站目录扫描工具,支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫描控速等功能。
- JavaTools - 一些Java编写的小工具。
- Pentest_Dic - 自己收集整理自用的字典
- --Java - 代码审计知识点整理-Java
- suricata-rules - Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
- TestowanieOprogramowania - Testowanie oprogramowania - Książka dla początkujących testerów
- behinder-clone - 魔改的冰蝎,仅供测试连接内存webshell使用
- learn-at-home
- Check-List- - Check List
- TFirewall - 防火墙出网探测工具,内网穿透型socks5代理
- 404StarLink-Project - Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.
- skyscorpion - 天蝎权限管理工具采用Java平台的JavaFX技术开发的桌面客户端,支持跨平台运行,目前基于JDK1.8开发,运行必须安装JDK或JRE 1.8,注意不能是open jdk,只能是oracle的jdk。 天蝎权限管理工具基于冰蝎加密流量进行WebShell通信管理的原理,目前实现了jsp、aspx、php、asp端的常用操作功能,在原基础上,优化了大文件上传下载、Socket代理的问题,修改了部分API接口代码。
- Fofa-gui - Fofa采集工具-自修改版本
- Windows-Red-Team-Cheat-Sheat - Windows for Red Teamers
- CHINA.NET- - 提供各类.NET、C#学习资料、免费图书社区
- DBconfigReader - 泛微ecology OA系统接口存在数据库配置信息泄露漏洞
- wg-identifying-security-threats - The purpose of the Identifying Security Threats working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
- Learn-security-from-0 - 从0开始学安全,注重实战+技巧的运用,分享各种安全攻防干货,包括但不限于:Web安全、代码审计 、内网渗透、企业安全等。
- ubuntu-system-local-use-k8s-minikube - ubuntu系统上本地搭建单机版的Kubernetes集群minikube(笔记)
- k8seasy_release_page - 一键安装kubernets(k8s)系统,已支持云环境的发布,可以在阿里云 azure 等云环境自主部署k8s系统,golang 编写 无需任何插件,无需翻墙下载任何内容,证书10年有效期,支持 单机 集群 生产环境的高可用 完全离线安装等标准。自带dashboard 监控,镜像仓库等内容,一键可用。
- CobaltStrike_Script_Wechat_Push - CobatStrike-Script, Beacon上线,微信实时推送!
- CodeGuide - :books: 本代码库是作者小傅哥多年从事一线互联网 Java 开发的学习历程技术汇总,旨在为大家提供一个清晰详细的学习教程,侧重点更倾向编写Java核心内容。如果本仓库能为您提供帮助,请给予支持(关注、点赞、分享)!
- Safety-baseline - 安全基线检查
- Citrix-ADC-RCE-CVE-2020-8193 - Citrix ADC从权限绕过到RCE
- iOSConfusion - iOS混淆 iOS代码混淆 iOS过审工具 iOS上架 iOS代码混淆工具 iOS工具 iOS马甲包 iOS马甲包工具 iOS混淆 iOS过4.3 iOS过审 iOS confuse iOS code confuse iOS2.3.1解决 iOS账号调查解决办法 iOS账号调查解决 iOS账号调查过审 OC代码混淆 IOS源码混淆 OC混淆 OC代码混淆 OC过审工具 OC代码混淆工具 OC工具 OC马甲包 OC马甲包工具 OC混淆 OC过4.3 OC过审 OC confuse OC code confuse OC解决 OC代码混淆 IOS源码混淆 Flutter源码混淆 Flutter混淆 Flutter代码混淆 Flutter confuse Flutter马甲包工具 Flutter过审工具 Flutterg提审 Flutter审核 RN源码混淆 RN混淆 RN代码混淆 RN confuse RN马甲包工具 RN过审工具 RN提审 RN审核 React Native 混淆
- StabilityGuide - 【稳定大于一切】打造国内稳定性领域知识库,让无法解决的问题少一点点,让世界的确定性多一点点。
- loginlog_windows - 读取登录过本机的登录失败或登录成功的所有计算机信息,在内网渗透中快速定位运维管理人员。
- docker-para-desenvolvedores - Código fonte do livro Docker para desenvolvedores
- javasec - 自己学习java安全的一些总结,主要是安全审计相关
- Pentest_Note - 渗透测试常规操作记录
- Pwdb-Public - A collection of all the data i could extract from 1 billion leaked credentials from internet.
- subDomains - 互联网公司子域名收集
- awesome-hacking-lists - 平常看到好的渗透hacking工具和多领域效率工具的集合
- fofa-dump - Fofa Pro Api下载工具
- Taie-RedTeam-OS - 泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统
- Threathunting-book - ATT&CK理解+sigma规则研究
- vuln_uris
- awesome-ios-security-cn - iOS安全资料整理(中文)
- shiro_rce - shiro rce 反序列 命令执行 一键工具 回显
- information-security-for-everyone - 写给大家看的信息安全手册
- awesome-java-security-checklist - awesome-java-security-checklist(关于Java安全方面,Java基础/审计/修复/设计/规范)
- PoC-in-GitHub - 📡 PoC auto collect from GitHub. Be careful malware.
- nw-tips - win内网_域控安全
- rules - 通用的指纹识别规则
- javasec_study - java代码审计学习笔记
- CVE-2019-1388 - guest→system(UAC手动提权)
- mca-administrative - 中华人民共和国民政部全国行政区划信息。topojson/geojson格式,至县一级。
- zuoxiangqicheng - 坐享其成——最简单的大脑锻炼方式
- seucourseshare - 东南大学课程共享计划
- articles - Personal Blog/主记录漏洞挖掘相关研究(文章位于issues)
- redteam-tips - 关于红队方面的学习资料
- ThinkPHP-Vuln - 关于ThinkPHP框架的历史漏洞分析集合
- Ontology-Triones-Service-Node-security-checklist - Ontology Triones Service Node security checklist(本体北斗共识集群安全执行指南)
- awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩💻
- crawlergo - A powerful dynamic crawler for web vulnerability scanners
- d4rkc0de-Android-CTF - d4rkc0de Android CTF
- ASCToolJar - Android Signature Crack Tool Jar 破解APK签名验证的jar包
- Android-Security-Notes-personal - 个人整理的Android安全学习笔记
- smarGate - 内网穿透,c++实现,无需公网IP,小巧,易用,快速,安全,最好的多链路聚合(p2p+proxy)模式,不做之一...这才是你真正想要的内网穿透工具!
- Awesome-Android-Learning-Guide - 一份系统、全面的安卓进阶学习指南(更新中)
- daily - 一份搜集的前端面试题目清单、面试相关以及各类学习的资料(不局限于前端)
- fastjson_rce_tool - fastjson命令执行自动化利用工具, remote code execute,JNDI服务利用工具 RMI/LDAP
- sig-security - 😎CNCF Special Interest Group on Security -- secure access, policy control, privacy, auditing, explainability and more!
- IosHackStudy - IOS安全学习资料汇总
- golang-developer-roadmap-cn - 在 2019 成为一名 Go 开发者的路线图。为学习 Go 的人而准备。
- StockTradingSignalSystem - 著名的投资大师巴菲特说"我始终知道我会富有",一开始我也想成为像巴同学那样的价值投资者,后来我发现价值投资在中国A股里面是走不通的,趋势投资才是王道。刚学投资的小白,想站在前人的基础上,开发基金股票买卖信号体系,在不浪费太多精力的同时获取超额收益,我知道我也终将富有^_ ^
- golang-anything-recommend - :fire: 让阅读变成一件有意义的事。Golang好文推荐;收录平时阅读到的一些Go相关写的比较好、质量较高的干货文章.
- A-Programmers-Guide-to-English - 专为程序员编写的英语学习指南 v1.2。在线版本请点 ->
- awesome-github-vue - Vue相关开源项目库汇总
- chinaip - 中国大陆 IP 列表(已优化)
- DeepWeb - 暗网网址大全TOR
- computerese-cross-references - 计算机专业术语中英文对照。
- Struts-S2-xxx - 整理收集Struts2漏洞环境
- docker-security - docker 安全基线规范
- architecture.of.internet-product - 互联网公司技术架构,微信/淘宝/微博/腾讯/阿里/美团点评/百度/Google/Facebook/Amazon/eBay的架构,欢迎PR补充
- Vulnerability-Env - 收集国内外开源CMS存在漏洞的各种版本
- tenant-point - 租房要点,适用于北上广深杭,欢迎补充。
- secbook - 信息安全从业者书单推荐
- DaiseaX - 戴西之海 - 先进数字集群:技术作者自留地
- Back-End-Developer-Interview-Questions - 后端开发面试题,翻译自 https://github.com/arialdomartini/Back-End-Developer-Interview-Questions
- git-tips - :trollface:Git的奇技淫巧
- AndroidChecklist - Android应用审计checklist整理
- awesome-php-cn - PHP资源大全中文版,库、框架、模板、安全、代码分析、日志、第三方库、配置工具、Web 工具等
- TimLiu-iOS - iOS开发常用三方库、插件、知名博客等等
- awesome-dat - Community curated resources for Dat Project
- pentest_study - 从零开始内网渗透学习
- XSS-Filter-Evasion-Cheat-Sheet-CN - XSS_Filter_Evasion_Cheat_Sheet 中文版
- Best-App - 收集&推荐优秀的 Apps/硬件/技巧/周边等
- awesome-chatbot-list - 深度学习聊天机器人资源集合 Awesome chatbot resource list
- network-security-mind-map - ☯️ 网络安全基础知识思维导图、大学笔记(Network security Mind Map)
- android_app_security_checklist - Android App Security Checklist
- D4rkXSS - A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF
- CVE-2020-11851 - Remote Code Execution vulnerability on ArcSight Logger
- golang - 《Golang修养之路》本书针对Golang专题性热门技术深入理解,修养在Golang领域深入话题,脱胎换骨。
- effective-java-3rd-chinese
- CVE-2020-17530
- Gift
- Recon-Methodology - Recon Methodology
- poc-collection - poc-collection 是对 github 上公开的 PoC 进行收集的一个项目。
- Awesome-CobaltStrike-Defence - Defences against Cobalt Strike
- PhishingInstall - 发信平台自动化部署
- Viper - metasploit-framework with webui / metasploit-framework 图形界面
- CVE-2020-35728 - CVE-2020-35728 & Jackson-databind RCE
- 100DaysToLearnandImprove - My notes of Day1 Day2 will be posted here as journey
- Static-Program-Analysis-Book - Getting started with static program analysis. 静态程序分析入门教程。
- Awesome-HTTPRequestSmuggling - A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
- apple-cve - apple cve list
- CVE-2020-17008 - CVE-2020-17008 splWOW64 Elevation of Privilege
- AllThingsBugHunting
- GobyExtension - Goby extension doc.
- aws_sec_traning
- software-supply-chain-compromises - A dataset of software supply chain compromises. Please help us maintain it!
- C2-JARM - A list of JARM hashes for different ssl implementations used by some C2/red team tools.
- burpsuite-plugins-notes
- APT_Digital_Weapon - Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
- bypass-beacon-config-scan - Bypass cobaltstrike beacon config scan
- GF-Patterns
- gf-patterns
- grep-pattern - collection of various grep patterns collected from tomnomnom/gf and other places
- myGF_patterns
- auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
- ms-teams-rce
- redteam_vul - 红队作战中比较常遇到的一些重点系统漏洞整理。
- awesome-electronjs-hacking - A curated list of awesome resources about Electron.js (in)security
- Web-Application-Cheatsheet - This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples.
- PenTestMethodology2020 - PenTest Methodology 2020
- awesome-devsecops - An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
- webHunt - Web App bug hunting
- SomePubRegex - Some useful regexes
- attack-guardduty-navigator - A MITRE ATT&CK Navigator export for AWS GuardDuty Findings
- ptswarm-twitter
- Sql_injection_medium-advanced.md
- Kunlun-M-GUI - Kunlun-M 的GUI程序
- awesome-graph-attack-papers - Adversarial attacks and defenses on Graph Neural Networks.
- diodata - Tools, data, and contact lists relevant to The disclose.io Project.
- Manual
- InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
- Bloodhound-Custom-Queries - Custom Query list for the Bloodhound GUI based off my cheatsheet
- APTMalware - APT Malware Dataset Containing over 3,500 State-Sponsored Malware Samples
- fast-security-scanners - Security checks for your researches
- nmaps - 采用Golang编写的新一代端口及指纹扫描器
- advmlthreatmatrix - Adversarial Threat Matrix
- OSCP - OSCP cheatsheet
- sig-database - IDA FLIRT Signature Database
- Glibc-source-browser - Multi-version glibc source browser based on code.woboq.org 's product.
- awesome-go-style - A collection of Go style guides
- awesome-iam - 👤 Identity and Access Management Knowledge for Cloud Platforms
- BurpSuite-For-Pentester
- security-champions-playbook - Security Champions Playbook v 1.1
- rhq - Recon Hunt Queries
- palm-kit-desktop - 发布 palm-kit 桌面版
- awesome-home-networking-cn - 家庭网络知识整理
- Windows-Terminal-beautify - Windows Terminal美化教程
- apache-openoffice-rce-via-uno-links
- awesome-android-security - A curated list of Android Security materials and resources For Pentesters and Bug Hunters
- TailorScan - 自用缝合怪内网扫描器,支持端口扫描,识别服务,获取title,扫描多网卡,ms17010扫描,icmp存活探测。
- jasypt - jasypt Decrypt Encrypt
- oracleShell - oracle 数据库命令执行
- anhkgg-tools - Anhkgg's Tools
- vti-dorks - Awesome VirusTotal Intelligence Search Queries
- JetBrainsActiveCode - Jetbrains Active
- Protocol-Vul - Some Vulnerability in the some protocol are collected.
- OneLinerBashrcCommands
- CTFWPS - All the writeups of www.ctfwp.com
- phishing_kits - Exposing phishing kits seen from phishunt.io
- red-kube - Red Team KubeCTL Cheat Sheet
- Wordpress-BruteForce-List - WordPress Bruteforce List, Default paths and endpoints
- wechat-feeds - 给微信公众号生成 RSS 订阅源
- Android - Android 加固应用Hook方式-Frida
- HackTheBoxWriteups - Writeups for the machines on ethical hacking site Hack the Box
- bylibrary - 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
- ojdk - 最新的JDK国内下载地址
- FuzzingPaper - Recent Fuzzing Paper
- pentest-book
- awesome-hacker-note-taking - Awesome note-taking apps for hackers & pentesters !
- Priv2Admin - Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
- Summarization-Papers - Summarization Papers
- GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- Payloads_xss_sql_bypass
- CVE-2020-16947 - PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility)
- CVE-2020-15227 - CVE-2020-15227 exploit
- Hunting-Tips - Tips For Bug Bounty Hunters
- webapp-tech
- kortto-admin-panel-finder-bypasser
- Jboss_JMXInvokerServlet_Deserialization_RCE - Jboss_JMXInvokerServlet_Deserialization_RCE
- JWT_Brute - JWT_Brute
- cvebase.com - cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs
- whoami-priv-Hackinparis2019 - Slides from my talk in "Hackinparis" 2019 edition
- CrossC2 - generate CobaltStrike's cross-platform payload
- BurpSuite-icns - 制作BurpSuite icns 在Mac OS上
- rtfm - Cheat sheet and notes inspired by the book RTFM - Red Team Field Manual
- windows-pentesting-resources
- OWASP-Web-App-Pentesting-checklists
- CAPEv2 - Malware Configuration And Payload Extraction
- windows-XP-SP1 - 网上泄露的Windows XP SP1 source code
- SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
- oraclejet - Oracle JET is a modular JavaScript Extension Toolkit for developers working on client-side applications.
- honukai-iterm-zsh - Honukai theme and colors for Oh My ZSH and iTerm
- Subdomain-Enumaration
- huge-list-probed-BB-subdomains - List of nearly 7 lakhs subdomains in scope probed using httpx to feed to nuclei
- rb-recon
- encrypted-dns - Configuration profiles for DNS HTTPS and DNS over TLS for iOS 14 and MacOS Big Sur
- vmware-exploitation - A collection of links related to VMware escape exploits
- awesome-networking - A collection of awesome networking courses, books, tutorials and other resources
- web-methodology - Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
- crt.sh-one-liner - Updated crt.sh one liner to get subdomains
- awesome-sec-s3 - A collection of awesome AWS S3 tools that collects and enumerates exposed S3 buckets
- PrivEscCon-Slides - Slide Deck I presented at PrivEscCon Webinar
- ghsec-jaeles-signatures - Signatures for jaeles scanner by @j3ssie
- Java-Security - Java Security Documents
- Amsi-Bypass-Powershell - This repo contains some Amsi Bypass methods i found on different Blog Posts.
- fileleak - 又一款敏感文件泄漏检测工具
- Bug_Bounty_List - Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
- ysoserial-mangguogan
- Enum_For_All
- binaryedge-cheatsheet - A list of queries and actions that I repeat over and over again
- light-map - A light-map tool is used to hack any website affected by sql and XSS exploit,light-map has many websites there are affected by sql and XSS exploit, and it have a sqlmap tool,you can download and install it
- CVE-2020-8289 - CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze
- freedom - A DOM fuzzer
- Awesome-SOAR - A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.
- xx-zh-roadmap - 中文翻译 Road Map
- AllAboutBugBounty - All about bug websites (bypasses, payloads, and etc)
- SecurityTips
- awesome-radare2 - A curated list of awesome projects, articles and the other materials powered by Radare2
- bbtips - BugBountyTips
- BugBounty_CheatSheet - Bug Bounty Cheat Sheet.
- railgun
- CRLF-one-liner - A simple Bash one liner with aim to automate CRLF vulnerability scanning.
- tips - 顾名思义,收集国内外各大佬的奇淫技巧
- fuzzdb-1 - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- pikvm - Open and cheap DIY IP-KVM based on Raspberry Pi
- sec-interview - 信息安全面试题汇总
- top10webseclist - Top Ten Web Hacking Techniques List
- HowToHunt - Some Tutorials and Things to Do while Hunting That Vulnerability.
- SAP-Pentest
- Mind-Maps - Mind-Maps of Several Things
- AI-research-tools - :hammer:AI 方向好用的科研工具
- HowToHunt - Tutorials and Things to Do while Hunting Vulnerability.
- BDOpener - 开启APK调试与备份选项的Xposed模块
- DarkGuardian - RDP远程登录挂盘监控工具
- DarkGuardian - RDP远程登录挂盘监控工具
- Red-Route53-Interactive
- Red-EC2 - Spin up RedTeam infrastructure on AWS via Ansible
- CVE-2020-15778
- Godzilla-Plugin-Store
- KingOfBugBountyTips
- StayKit - Cobalt Strike kit for Persistence
- book_notes
- Hacking-Cheatsheet - List of commands and techniques to while conducting any kind of hacking :)
- awesome-ctf-cheatsheet - CTF Cheatsheet
- wireshark-cheatsheet - Wireshark Cheat Sheet
- wpa-cracking - Command List for Hashcat and default keyspaces.
- BlueRepli-Plus - BlueRepli-Plus
- IoT-PT - A Virtual environment for Pentesting IoT Devices
- pe-bear-releases - PE-bear (builds only)
- awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
- ICS-Security-Study-Resources - A curated list of resources that I recommend when asked about how to learn about Industrial Control Systems Cyber Security.
- OSINT-RECON - Open source intelligence tools and resources
- TideWave - 潮涌web漏洞自动化挖掘平台——自动化扫描全网或特定范围web资产,之后获取指纹信息、爬取页面url并提炼,最后进行特定payload测试。
- CheckLists
- RxDocs - Rx和RxJava文档中文翻译项目
- SubdomainEnumeration - All about subdomain enumeration
- Red-Team-Notes - OSCP guide and Red Team assessment Guide
- rad
- Spring-Boot-Vulnerability
- OneLiners - Simple bash Oneliners to make life easier
- wg-vulnerability-disclosures - The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
- wg-best-practices-os-developers - The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
- wg-identifying-security-threats - The purpose of the Identifying Security Threats working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
- wg-security-tooling - OpenSSF Security Tooling Working Group
- storage-partitioning - Client-Side Storage Partitioning
- nginx-secure-config - Nginx configuration file for optimized security and performance
- Fofa-collect
- Shiroexploit - Shiro命令执行工具
- iproxy - HTTP/HTTPS proxy server by golang [high performance version]
- kill_webshell_detect - 总结了免杀webshell的方法论
- bugcrowd_university - Open source education content for the researcher community
- fofa2Xray - User fofa api get hosts and xray to webscan.
- Youpk - 又一款基于ART的主动调用的脱壳机
- Android-Analysis - Getting Genymotion & Burpsuite setup for Android Mobile App Analysis
- sysmon-config - Sysmon configuration file template with default high-quality event tracing
- RVDP-Programs - List of domains having RVDP programmes
- androidtrojan
- java-trusted-code-refactoring-exam
- pwk-cheatsheet
- Struts2-Vuln - 关于Struts2框架的历史漏洞个人分析文章
- PCAP-ATTACK - PCAP Samples for Different Post Exploitation Techniques
- Free_CyberSecurity_Professional_Development_Resources - An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free. Originally built during COVID-19 for cybersecurity professionals with downtime can take advantage of to improve their skills and marketability to come out on the other side ready to rock. Now its taken on a life of its own and will persist, COVID be damned.
- CVE-2020-13925
- Bugbounty-Resources - A list of resources for those interested in getting started in bug bounties inspired from https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
- Bug-Bounty-Roadmaps - Bug Bounty Roadmaps
- buy_pig_plan - 电话攻击(电话轰炸、可代替短信轰炸)、留言攻击工具 | 已删库
- blockchain-sociology - 區塊鏈社會學
- Awesome-Asset-Discovery - List of Awesome Asset Discovery Resources
- gui-inspect-tool - Gui Inspect tool for Windows
- Violation_Pnetest - 渗透红线Checklist
- paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
- oscp-practice - A random set of 5 machines for OSCP
- awesome-webshell - Awesome webshell collection. Including 150 Github repo, and 200+ blog posts.
- fuzzing-stuff - Resources About Fuzzing, For Multiple Platforms And All Popular Fuzzers. 500+ Open Source Tools Sorted By Star Count, 800+ Blog Posts Sorted By Publish Time.
- DBI-Stuff - Resources About Dynamic Binary Instrumentation and Dynamic Binary Analysis
- shellcode-resources - Resources About Shellcode
- android-security - Android Security Resources.
- anti-av - Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts
- obfuscation-stuff - Source Code Obfuscation And Binary Obfuscation, Multiple Languages And Multiple Platforms. Including 250+ Tools and 600+ Posts
- injection-stuff - PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts
- AndroidDevTools - 收集整理Android开发所需的Android SDK、开发中用到的工具、Android开发教程、Android设计规范,免费的设计素材等。
- Enterprise_-Security_tools - 企业安全建设中用到的开源or“免费”的工具
- sysmon-dfir - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
- windows_protocol
- BypassAV - Cobalt Strike插件,用于快速生成免杀的可执行文件
- FunkProxy - 流量转发工具
- tbhm - The Bug Hunters Methodology
- malleable-c2 - Cobalt Strike Malleable C2 Design and Reference Guide
- DUCKWARRIORS_Frida_Wars_1 - challenge built for first frida wars
- ALL-about-RSS - A list of RSS related stuff: tools, services, communities and tutorials, etc.
- Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
- WindowsExploitationResources - Resources for Windows exploit development
- sslconfig - Cloudflare's Internet facing SSL configuration
- CPUMicrocodes - Intel, AMD, VIA & Freescale CPU Microcode Repositories
- WH-Encryptor - WH-Encryptor Android + Windows with Extra tools and Features | antivirus Bypass 99% | wh-Cyberspace
- ADLabsReview - Active Directory Labs/exams Review
- personal-security-checklist - 🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021
- CVE-2020-5410-POC - CVE-2020-5410 Spring Cloud Config directory traversal vulnerability
- CloudPentestCheatsheets - This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
- All-in-one_BugBounty_PDF_bundles
- apikey
- Command-Mobile-Penetration-Testing-Cheatsheet - Mobile penetration testing android & iOS command cheatsheet
- hooking - Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.
- Red-vs-Blue - 红蓝对抗交流心得
- CORS-one-liner - A one liner Bash command which finds CORS in every possible endpoint.
- how-to-secure-anything - How to systematically secure anything: a repository about security engineering
- Struts2-RCE - A Burp Extender for checking for struts 2 RCE vulnerabilities.
- Chinese-Security-RSS - 网络安全资讯的RSS订阅,网络安全博客的RSS订阅
- .tmux - 🇫🇷 Oh my tmux! My self-contained, pretty & versatile tmux configuration made with ❤️
- persistence - Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
- cobalt-strike - Resources About Cobalt Strike. 100+ Tools And 200+ Posts.
- GobyVuls - Vulnerabilities of Goby supported with exploitation.
- public-bugbounty-programs - Community curated list of public bug bounty and responsible disclosure programs.
- ffufalias - Alias for storing ffuf results
- wildcarded-citrix-2020 - Wildcard certificates which were on vulnerable Citrix servers in 2020
- subs_all - Subdomain Enumeration Wordlist. 8956437 unique words. Updated.
- SpringBoot_Actuator_RCE - SpringBoot_Actuator_RCE
- Checklists - Red Teaming & Pentesting checklists for various engagements
- MyPayloads - Just a useless set of payload created by me. Saved here for remembrance.
- Cyber-Security-for-Mobile-Platforms - The subject provides an in-depth technical overview of mobile security architectures, new security risks and threats of modern mobile platforms and operating systems. Lab tutorials provide students with programming techniques (Android) in Cryptography, Network security, and Database security, and security tools in mobile penetration testing.
- bruteforce-lists - Some files for bruteforcing certain things.
- Nmap_Bypass_IDS - Nmap&Zmap特征识别,绕过IDS探测
- Resource-list - “网址”传输助手,记载一下平时用到好的在线网址。
- xvna - Extreme Vulnerable Node Application
- Windows-exploits - 🎯 Windows 平台提权漏洞大合集(收集)
- ctfhub_base_image - Index of CTFHub Base Images
- wordpress-exploits - All known and unknown public POC's for wordpress themes and plugins
- LFI-Payload-List - LFI Payloads List coolected from github repos
- Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
- ConfigureDefender - Utility for configuring Windows 10 built-in Defender antivirus settings.
- WordList-Compendium - Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.
- TreeHouse-Wordlists - Wordlist for Hacking, Penetration Testing, Vulnerability Assessments and More
- cobalt-arsenal - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
- Beat-the-Machine - Reverse engineering basics in puzzle form
- google_dork_list - Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff
- Dorkers - Dorks for Google, Shodan and BinaryEdge
- js-vuln-db - A collection of JavaScript engine CVEs with PoCs
- awesome-web-hacking - A list of web application security
- Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
- AllThingsAndroid - A Collection of Android Pentest Learning Materials
- hacker-roadmap - :pushpin: Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
- BurpSuitePro-2.1 - 什么? 你想用免费的BurpSuitePro版本!!!
- Attack-Cloud - Att&ck Cloud相关
- cyber-security-roadmap - A roadmap for learning cyber-security
- CVE-2020-0618 - SQL Server Reporting Services(CVE-2020-0618)中的RCE
- Web-Attack-Cheat-Sheet - Web Attack Cheat Sheet
- GQL-Helper - This is a small extension to make graphql readable
- vuln-list - NVD, RedHat, Debian, Ubuntu, Alpine
- 2019-k8s-centos - 2019最新k8s集群搭建教程(centos/ubuntu)
- assessment-mindset - Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
- OSCP-Human-Guide - My own OSCP guide
- keyhacks - Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
- CobaltStrike4.0_related - 破解的cs4.0、cs4.0官方手册翻译和一些笔记
- bug-bounty-dorks - List of Google Dorks for sites that have responsible disclosure program / bug bounty program
- awesome-security-collection - 1000+ Github Security Resource Collection Repos.
- hhkb_ydkb - HHKB 键盘 + YDKB 主控 = 完美键盘
- YubiKey-Guide - Guide to using YubiKey for GPG and SSH
- cazador_unr - Hacking tools
- DroidDrops - 梳理下自己之前写过的文章
- Here-Plugins - Plugins for Here App 🚀
- awesome-anki - A curated list of awesome Anki add-ons, decks and resources
- 31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips.
- Fortify - 源代码漏洞の审计
- MobileHackingCheatSheet - Basics on commands/tools/info on how to assess the security of mobile applications
- awesome-mobile-security - An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
- Adama - Searches For Threat Hunting and Security Analytics
- awesome-podcasts - Collection of awesome podcasts
- windows-security - Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
- all-my-collection-repos - All Security Resource Collections Repos That I Published.
- Bug-bounty - Ressources for bug bounty hunting
- Pentest-Tools
- jenkins - jenkins payload
- art-of-readme - :love_letter: Things I've learned about writing good READMEs.
- ansible-role-dsvpn - Install and configure dsvpn on your system.
- vechain-core-nodes-security-checklist - VeChain core nodes security checklist(唯链核心节点安全执行指南)
- smb_version_threadpool - 于几年前二次开发自 http://www.zcgonvh.com/post/CSharp_smb_version_Detection.html
- holer - Holer exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
- AndroidMalware_2019 - Popular Android threats in 2019
- awesome-burp-suite - Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.
- blog - summarize
- awesome-honeypot - Awesome Honeypot Resource Collection. Including 250+ Honeypot tools, and 350+ posts about Honeypot.
- VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
- redtunnel
- awesome-forensics - Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.
- awesome-rat - RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
- go-perfbook - Thoughts on Go performance optimization
- awesome-cyber-security - [Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.
- BearerAuthToken - This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach to solve the problem of Burp suite automated scanning failures when Authorization tokens exist.
- Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
- Charles-Crack - Removed according to DMCA.
- cutter-plugins - A curated list of Community Plugins and Scripts written for Cutter
- secure-ios-app-dev - Collection of the most common vulnerabilities found in iOS applications
- iOS-Pentesting - Wiki for Pentesting iOS apps
- iOS - Most usable tools for iOS penetration testing
- xsleaks - A collection of browser-based side channel attack vectors.
- OSWE - OSWE Preparation
- AWAE-Preparation - This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE.
- awesome-network-stuff - Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.
- iOS-Security-Guides - Every iOS security guide
- Mobile-Security-Paper_summaries - Papers summaries of some of the most important Mobile Security Papers 📃
- DataMaster-Android-AdBlock-Hosts - Android AdBlock Hosts file for /etc/hosts
- Mobile - The repo hold all our (mobile security) & applications reports.
- sec-tool-list - More than 21K security related open source tools, sorted by star count. Both in markdown and json format.
- ssrf-video-ffmpeg
- seecode-audit - Distributed white box code scanning tool
- awesome-ida-x64-olly-plugin - A curated list of IDA x64DBG and OllyDBG plugins.
- darkRat_HVNC - DarkRats Standalone HVNC
- awesome-reverse-engineering - Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)
- My-Github-Stars - My Github Stars
- KnowledgeGraphCourse - 东南大学《知识图谱》研究生课程
- iOSReview - 常见iOS面试中考察的知识点整理
- sql-injection-payload-list - 🎯 SQL Injection Payload List
- CVE-2019-2890 - CVE-2019-2890 Exploit for WebLogic with T3
- awesome-go-cn - Go 资源大全中文版, 内容包括:Web框架、模板引擎、表单、身份认证、数据库、ORM框架、图片处理、文本处理、自然语言处理、机器学习、日志、代码分析、教程和(电子)书等。由「开源前哨」和「Go开发大全」微信团队维护。
- RE-iOS-Apps - A completely free, open source and online course about Reverse Engineering iOS Applications.
- open_source_team - 国内顶尖团队的开源地址
- security-apis - A collective list of public JSON APIs for use in security. Contributions welcome
- awesome-frida - Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
- solr-injection - Apache Solr Injection Research
- Matplot3D-for-Java - Matplot3D for java. It is a library for drawing 3D plot
- CobaltStrike-file
- one-python-craftsman - 来自一位 Pythonista 的编程经验分享,内容涵盖编码技巧、最佳实践与思维模式等方面。
- SS-R-4in1 - 由于秋水逸冰网站国内无法访问,所以为有需要的朋友复制发布到github
- golang-developer-roadmap-cn - 在 2019 成为一名 Go 开发者的路线图。为学习 Go 的人而准备。
- pen-tool - 渗透工具使用教程,结合 vulhub, dvwa, metasploitable3 等靶场使用, 涵盖工具有菜刀,msf, sqlmap 等等。
- Dork-Admin - 盘点近年来的数据泄露、供应链污染事件
- linux-dotfiles - I configure lots of things, sorting them out here
- iCSS - 不止于 CSS
- Decryption-Tools - Decryption-Tools
- Fuzzing-Dicts - Web Security Dictionary
- sec_interview_know_list - 信息安全方面面试清单
- Web-Security-Note - Record some common Web security sites
- webshell-venom - 免杀webshell无限生成工具
- OSFCC - 一个收集可用于中文字体排印的开源字体集合。
- hacker-laws-zh - 💻📖对开发人员有用的定律、理论、原则和模式。(Laws, Theories, Principles and Patterns that developers will find useful.)
- Red-Teaming-Toolkit - A collection of open source and commercial tools that aid in red team operations.
- web-hack - 一份网络安全入门的资料。
- Awesome-Advanced-Windows-Exploitation-References - List of Awesome Advanced Windows Exploitation References
- cmsprint - CMS和中间件指纹库
- wiki - EthFans 知识库
- Information-security-reinforcement-scheme - 等级保护安全加固方案
- Confluence-Plugin-CN - 这是Confluence 插件Questions For Confluence的简体中文汉化文件
- Security-List - If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中,如果有什么好的意见或建议,请在Issues反馈,感谢您的参与。
- DarthSidious - Building an Active Directory domain and hacking it
- chatter - internet monitoring osint telegram bot for windows
- document-style-guide - 中文技术文档的写作规范
- bjguahao - 北京市预约挂号统一平台挂号小助手
- CVE-2018-1335-EXP-GUI - GUI版 EXP
- awesome-linux-rootkits - awesome-linux-rootkits
- Awesome-Red-Teaming - List of Awesome Red Teaming Resources
- bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
- orcs - OSINT Resource Classification System
- AD-Attack-Defense - Attack and defend active directory using modern post exploitation adversary tradecraft activity
- chitchat-on-translation - 翻译漫谈——我的翻译经验总结
- NessusReportInChinese - 半自动化将 Nessus 英文报告(csv格式)生成中文 excel ,中文漏洞库已有700多条常见漏洞,后续再进一步加上新漏洞自动翻译,实现全自动化
- awesome-risk-control - 风控知识总结
- reverse-shell-cheatsheet - 🙃 Reverse Shell Cheat Sheet 🙃
- Taipan - Web application vulnerability scanner
- Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things
- Effective-Java-3rd-edition-Chinese-English-bilingual - Effective Java(第3版)各章节的中英文学习参考(已完成)
- Front-End-Checklist - 🗂 The perfect Front-End Checklist for modern websites and meticulous developers
- penetration-testing-tools - Penetration Testing tools - one repo to clone them all... containing latest pen testing tools
- xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
- the-practical-linux-hardening-guide - This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
- awesome-go-security - A dedicated place for cool golang security projects
- my-infosec-awesome - My curated list of awesome links, resources and tools on infosec related topics
- awesome-spring-boot - Spring Boot Resources
- Lengyue-Vcode - Project Stopped
- awesome-el-yum-repository-additional - awesome EL(centos,redhat) additional yum repository
- CentOS7-Server-Configuration - CentOS7服务器的一些配置
- awesome-golang-security - Awesome Golang Security resources 🕶🔐
- NET-Deserialize - 总结了十篇.Net反序列化文章,持续更新
- git-commit-emoji-cn - 😁 git commit message emoji 使用指南
- mapSource - java基础思维导图(还有mybatis,spring)
- AI-Security-Learning - 自身学习的安全数据科学和算法的学习资料
- cheat-sheet - 常用工具和开源项目链接收藏
- awesome-burp-extensions - A curated list of amazingly awesome Burp Extensions
- How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
- Intranet_Penetration_Tips - 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
- threat-intelligence - 收集的一些国外能提供提供威胁情报的公司,涵盖网络安全、工控安全、终端安全、移动安全等领域
- risk-management-note - 🧯风险控制笔记,适用于互联网企业
- Interview-Notes - 秋招面试总结
- Hacking-With-Golang - Golang安全资源合集
- clash_for_windows_pkg - A Windows/macOS GUI based on Clash
- OI-wiki - :star2: Wiki of OI / ICPC for everyone. (某大型游戏线上攻略,内含炫酷算术魔法)
- ossa - Open-Source Security Architecture | 开源安全架构
- CS-Notes-PDF - https://github.com/CyC2018/CS-Notes PDF版本离线阅读
- Behinder - “冰蝎”动态二进制加密网站管理客户端
- web-develop - :seedling:《大话WEB开发》WEB开发相关经验总结分享
- quick-SQL-cheatsheet - A quick reminder of all SQL queries and examples on how to use them.
- BEST-HACKING-TOOLS - BEST HACKING TOOLS..For more tools visit our blog for Hackers
- antiG - Yet another live OS to resist Surveillance/Censorship and to protect digital privacy.
- mac-awesomeTools - mac常用软件等等,有你需要的!
- download
- upload-labs-writeup - upload-labs writeup
- landscape-of-programming - This repo aim to show you what to learn on the way to excellence.
- iptables-essentials - Iptables Essentials: Common Firewall Rules and Commands.
- the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- chinese-ai-developer - 👩🏿💻👨🏾💻👩🏼💻👨🏽💻👩🏻💻中国 AI 开发者项目列表 -- 分享大家都在做什么
- web-security - Web安全中比较好的文章
- telegramlist - Telegram中文群索引列表(言论自由版)
- TOEFL_laylalaisy - 备考托福的一丢丢经验+资料~祝小可爱和大佬们都早日和托福大魔王分手(o゜▽゜)o☆
- awesome-blockchain - 区块链白皮书、书籍、交易所、币种、自媒体等资源汇总 💯
- MacType.Decency - A MacType profile that provides decent solution to font rendering and font substitutions for Windows operating systems.
- 50weekly - 50weekly 发现高质量的前端资源 第三十六周已更新
- RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
- developer-roadmap-zh-CN - 在 2020 年成为 Web 开发工程师之路线图 | Roadmap to becoming a web developer in 2020
- developer-roadmap-chinese - 2019 年成為 Web 開發人員的路線圖
- CS_Chinese_support - Cobalt strike 修改支持回显中文。
- SecurityAdvisories - :closed_lock_with_key: Security advisories as a simple composer exclusion list, regularly updated
- awesome-blockchain-articles - A collection of awesome blockchain articles. Good learning resources about blockchain.
- software - 破解版工具/软件
- various_domain_list - A various list of domain
- awesome-vmp - 虚拟机分析相关资料
- chinese-independent-developer - 👩🏿💻👨🏾💻👩🏼💻👨🏽💻👩🏻💻中国独立开发者项目列表 -- 分享大家都在做什么
- awesome-elasticsearch - A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!
- linux_information - 自动化收集linux信息
- fontconfig-zh-cn
- rpi3-package - RaspberryPi3 with Raspbian
- upyun-resty - UPYUN's open source software for OpenResty development
- v2ray - template with websocket+tls+nginx of v2ray
- spring-reference-docset - Spring Reference Documentation docset for Dash
- DomainFrontingLists - A list of Domain Frontable Domains by CDN
- bleah - This repository is DEPRECATED, please use bettercap as this tool has been ported to its BLE modules.
- awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
- awesome-rtl-sdr - Software (meta-)package for RTL-SDR with some additional scripts and installers
- APTnotes - Various public documents, whitepapers and articles about APT campaigns
- Infosec_Reference - An Information Security Reference That Doesn't Suck
- Monitoring-Systems-Cheat-Sheet - A cheat sheet for pentesters and researchers about vulnerabilities in well-known monitoring systems.
- osx-security-awesome - A collection of OSX and iOS security resources
- MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
- awesome-threat-detection - A curated list of awesome threat detection and hunting resources
- pyethereum - Next generation cryptocurrency network
- coolq-telegram-bot-docker - 使用Docker容器化的QQ和Telegram的消息互转机器人。Source: jqqqqqqqqqq/coolq-telegram-bot
- speculation-bugs - Docs and resources on CPU Speculative Execution bugs
- awesome-bots - Awesome Links about bots.
- awesome-iot-hacks - A Collection of Hacks in IoT Space so that we can address them (hopefully).
- articles-translator - :books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
- bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
- OracleCVE - Vulnerabilities which found in Oracle products
- PWA-Book-CN - 第一本 PWA 中文书
- Ecommerce-Website-Security-CheckList - List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the Security testing phases.
- Best-websites-a-programmer-should-visit-zh - 程序员应该访问的最佳网站中文版
- collection-document - Collection of quality safety articles. Awesome articles.
- awesome-infosec - A curated list of awesome infosec courses and training resources.
- reverseengineering-reading-list - A list of Reverse Engineering articles, books, and papers
- ipsum - Daily feed of bad IPs (with blacklist hit scores)
- Security_list - Great security list for fun and profit
- awesome-vehicle-security - 🚗 A curated list of resources for learning about vehicle security and car hacking.
- hosts - 镜像:https://scaffrey.coding.net/p/hosts/git / https://git.qvq.network/googlehosts/hosts
- pentest-bookmarks - a collection of handy bookmarks
- Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
- raspi3-image-spec - contains the files to build the https://wiki.debian.org/RaspberryPi3 image
- FlarumChina - Flarum 中文优化版
- serverhosting - Server hosting providers
- docker-resources - Docker resources collection. docker资源汇总
- workshop-raspberrypi-64bit-os - Workshop to build a 64bit Docker OS for the Raspberry Pi 3
- GlumPy-CN - A Chinese Translation of GlumPy Documents 中文翻译GlumPy文档
- awesome-reversing - A curated list of awesome reversing resources
- avege - Yet Another Redsocks Golang Fork
- Awesome-Security-Gists - A collection of various GitHub gists for hackers, pentesters and security researchers
- alfred-workflows
- spring-cloud-tutorial - Spring Cloud Tutorial.《Spring Cloud 教程》
- cnretroshare - RetroShare中文介绍、FAQ、教程
- blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
- awesome-java-cn - Java资源大全中文版,包括开发库、开发工具、网站、博客、微信、微博等,由伯乐在线持续更新。
- pwn2exploit - all mine papers, pwn & exploit
- Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
- idaplugins-list - A list of IDA Plugins
- LoveImageMore - 各种技能树/图的收集整理
- bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
- awesome-sysadmin - A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.
- git-recipes - 🥡 Git recipes in Chinese by Zhongyi Tong. 高质量的Git中文教程.
- china_ip_list
- CVE-2017-8464-EXP - Support x86 and x64
- awesome-nodejs - :zap: Delightful Node.js packages and resources
- china-cdn-domain-whitelist - 中国CDN服务提供商域名白名单(China CDN Service Providers' Domain Whitelist)
- Awesome-Deep-Learning-for-Chinese - 最全的中文版深度学习资源索引,包括论文,慕课,开源框架,数据集等等
- trackerslist - Updated list of public BitTorrent trackers
- Google-IP-Range - 一个超大的 Google 全球 IP 扫描范围库
- whotofollow - Who to follow on Twitter/Telegram
- Debian-Privacy-Server-Guide - Guide to using a remote Debian server for security and privacy services
- conky_synthwave_neon - Synthwave-inspired Conky theme with weather support and a spiffy layout.
- bye - bye to yesterday and do yourself
- ShadowAgentNotes
- sites - 【编程随想】收藏的各色网站
- awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows.
- infographics - infographic
- ipfs - Peer-to-peer hypermedia protocol
- respin - Tool to backup and clone Ubuntu or Debian distros
- sync_hosts - 解除Resilio Sync/BTSync限制china地区 镜像:https://coding.net/u/renerli/p/sync_hosts/git
- os-observe - 我的Linux / 隐私安全笔记
- awesome-c - A curated list of awesome C frameworks, libraries and software.
- php_cve-2014-8142_cve-2015-0231 - php_cve-2014-8142_cve-2015-0231的漏洞环境docker
- API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
- wooyunallbugs - wooyun_all_bugs
- gfwlist - The one and only one gfwlist here
- SurgeRule - Deprecate since 2016
- Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker
- vulnerability-analysis-report - here records some personal vulnerability analysis reports
- RedTips - Red Team Tips as posted by @vysecurity on Twitter
- RussiaDNSLeak - Summary and archives of leaked Russian TLD DNS data
- INB-Principles - Blockchain related ICO Investing Principles by INBlockchain
- guide - Kubernetes clusters for the hobbyist.
- cheatsheets-ai - Essential Cheat Sheets for deep learning and machine learning researchers https://medium.com/@kailashahirwar/essential-cheat-sheets-for-machine-learning-and-deep-learning-researchers-efb6a8ebd2e5
- awesome-design-systems - 💅🏻 ⚒ A collection of awesome design systems
- symbolic-execution - History of symbolic execution (as well as SAT/SMT solving, fuzzing, and taint data tracking)
- awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
- Best-websites-a-programmer-should-visit - :link: Some useful websites for programmers.
- password_cracking_rules - One rule to crack all passwords. or atleast we hope so.
- php-static-analysis-tools - A reviewed list of useful PHP static analysis tools
- PracticalMalwareAnalysis-Labs - Binaries for the book Practical Malware Analysis
- awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
- persistence-aggressor-script - initial commit
- My_PHP_Kernel_Handbook_For_PWN - 这一切的开始,都要从我爷爷在悬崖下捡到一本白帽子讲web安全说起
- WebDeveloperSecurityChecklist - A checklist of important security issues you should consider when creating a web application.
- security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
- awesome-embedded-systems - A curated list of delightful Embedded Systems libraries, RTOSes, modules, references and more!
- awesome-python-books - 如果有人让你推荐 Python 技术书,请让他看这个列表
- awesome-compilers - :sunglasses: Curated list of awesome resources on Compilers, Interpreters and Runtimes
- windows_kernel_resources - Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
- SecPaper - SecurityPaper For www.polaris-lab.com
- Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
- OSINT_Team_Links - Links for the OSINT Team
- awesome-ml-for-cybersecurity - :octocat: Machine Learning for Cyber Security
- web-security-basics - Web security concepts
- PowerShell-AD-Recon - PowerShell Scripts I find useful
- filterbypass - Browser's XSS Filter Bypass Cheat Sheet
- unfixed-security-bugs - A list of publicly known but unfixed security bugs
- android-best-practices - Do's and Don'ts for Android development, by Futurice developers
- awesome-web-hacking - A list of web application security
- xv6-chinese - 中文版的 MIT xv6 文档
- twitter-analysis - The original dataset for my 2013 article on Twitter's network patterns
- docker-cheat-sheet - Docker Cheat Sheet
- mousejack - MouseJack device discovery and research tools
- iPic - iPic could automatically upload images and save Markdown links.
- WSL - Issues found on WSL
- bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
- sec-jobs - 信息安全实习和校招的面经、真题和资料 减少安全选手找实习/工作的痛苦
- typesetting-standard - 中文排版所需遵循的标准和规范
- Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
- awesome-deeplearning-resources - Deep Learning and deep reinforcement learning research papers and some codes
- security-notes - :notebook: Some security related notes
- recdnsfp.github.io
- Suricata-Signatures - Suricata rules for Emerging Threats and funkyness
- flexidie - Source code and binaries of FlexiSpy from the Flexidie dump
- awesome-osint - :scream: A curated list of amazingly awesome OSINT
- awesome-cve-poc - ✍️ A curated list of CVE PoCs.
- Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
- bash-guide - A guide to learn bash
- fuzz_dict - 常用的一些fuzz及爆破字典,欢迎大神继续提供新的字典及分类。
- Scanners-Box - A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑
- ng-conf-2017 - Everything #ngConf2017 - talks - slides - resources
- awesome-raspberry-pi-zh - 树莓派(Raspberry Pi )资源大全中文版 , 包括工具、项目、镜像、资源等
- osx-re-101 - A collection of resources for OSX/iOS reverse engineering.
- XSS-Filter-Evasion-Cheat-Sheet-CN - XSS_Filter_Evasion_Cheat_Sheet 中文版
- XSSChallengeWiki - Welcome to the XSS Challenge Wiki!
- awesome-hacking - awesome hacking chinese version
- Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
- Free-Security-eBooks - Free Security and Hacking eBooks
- understanding-csrf - What are CSRF tokens and how do they work?
- developer-roadmap - Roadmap to becoming a web developer in 2021
- dnswalk - A DNS database debugger
- FlowAnalysisDocker - A Dockerfile for creation of an Ubuntu Docker with SiLK/YAF/FlowBAT for testing.
- awesome-macos-command-line - Use your macOS terminal shell to do awesome things.
- learn-hacking - 开始学习Kali Linux 各种破解教程 渗透测试 逆向工程 HackThisSite挑战问题解答
- Google-IPs - :us: Google 全球 IP 地址库
- golang-cheat-sheet - An overview of Go syntax and features.
- Awesome_APIs - :octocat: A collection of APIs
- IoT-Security-Wiki
- docker-dvwa-wooyun - docker contained dvwa with wooyun plugin
- awesome-raspberry-pi-zh - 树莓派工具,镜像,教程,文章
- sublime - A collection of some of the best Sublime Text packages, themes, and goodies.
- awesome-crawler - A collection of awesome web crawler,spider in different languages
- Gitbook - 收录找到的不错的文档
- Resources - A resource directory for PHP programming on a Raspberry Pi
- node123 - node.js中文资料导航
- LearningNotes - Enjoy Learning.
- static - 开放静态文件 - 为开源库提供稳定、快速的免费 CDN 服务
- coding-interview-university - A complete computer science study plan to become a software engineer.
- machine-learning-for-software-engineers - A complete daily plan for studying to become a machine learning engineer.
- awesome-python-security - Awesome Python Security resources 🕶🐍🔐
- Tide - 目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感字检测、DNS监测、网站可用性监测、漏洞库管理、安全预警等等~
- hack_postgres - 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。
- The-Economist - The Economist 经济学人,持续更新
- intellij-idea-tutorial - 🌻 This is a tutorial of IntelliJ IDEA, you can know how to use IntelliJ IDEA better and better.
- laravel - Laravel 深入详解 —— 源代码解析,新手进阶指南
- practical-programming-books - 这里收录比较实用的计算机相关技术书籍,可以在短期之内入门的简单实用教程、一些技术网站以及一些写的比较好的博文,欢迎Fork,你也可以通过Pull Request参与编辑。
- python_sec - python安全和代码审计相关资料收集 resource collection of python security and code review
- awesome-cms - 📚 A collection of open and closed source Content Management Systems (CMS) for your perusal.
- Rss-IT - 这个项目记录了个人订阅的一些科技人的Blog地址,欢迎大家推荐,一起来完善! 欢迎自荐......
- awesome-github - A curated list of awesome GitHub guides, articles, sites, tools, projects and resources. 收集这个列表,只是为了更好地使用GitHub,欢迎提交pr和issue。
- Analysis-Tools - 恶意软件分析套件
- interview-questions - 根据超过 1700 篇真实面经整理的腾讯,阿里,字节跳动,Shopee,美团,滴滴高频面试题
- yujianportscan - 一个基于VB.NET + IOCP模型开发的高效端口扫描工具,支持IP区间合并,端口区间合并,端口指纹深度探测
- RabiAPI-Support - RabiAPI是一个开箱即用的Java接口文档生成工具,界面美观易用,支持多种框架注解。
- Mail-Probe - 邮箱探针后台管理系统
- deploy-k8s-within-aliyun-mirror - 使用阿里云镜像快速部署 Kubernetes 集群
- fucking-algorithm - 刷算法全靠套路,认准 labuladong 就够了!English version supported! Crack LeetCode, not only how, but also why.
- TrackersListCollection - 🎈 Updated daily! A list of popular BitTorrent Trackers! / 每天更新!全网热门 BT Tracker 列表!⭐++
- Z0BPcTools - 一个windows反汇编工具,界面风格防OllyDbg 利用业余开发了一款类似仿OLlyDbg界面的 IDA静态反编译工具,目前是1.0版本,功能不是很强大但是基本功能有了
- Digital-Privacy - 一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗 (长期更新)
- awesome-sysadmin-cn - 系统管理员资源大全中文版,备份/克隆软件、云计算/云存储、协作软件、配置管理、日志管理、监控、项目管理等
- offensiveinterview - 翻译国外的@WebBreacher的安全/渗透测试/红队面试题,有部分参考作用
- electron-ssr-backup - electron-ssr原作者删除了这个伟大的项目,故备份了下来,不继续开发,且用且珍惜
- crypto-exchange - 24mex,24MEX,24Mex,h5、网站app前后端源码下载。最火的差价合约交易所系统|指数型差价合约交易所系统、ICFD指数型差价合约交易所、BTC比特币杠杠交易、领先数字货币杠杆交易所(高达100倍杠杆),数字货币比特币 BTC 微盘交易系统开发、数字货币比特币 BTC 微交易系统,数字货币比特币 BTC 合约系统;
- Recon-NG-API-Key-Creation - One of the biggest annoyances of using Recon-ng is getting everything set up to use it. So here I’ll outline the different API keys it can use and where to get them yourself.
- js-book - 《JavaScript 迷你书》,全面夯实基础
- awesome-macos-command-line-zh - 用你的 macOS 终端搞事情。(Use your macOS terminal shell to do awesome things. )
- autoinstall - Autoinst索引
- tester-resource - 测试技术资源
- fancyss_history_package - 科学上网插件的离线安装包储存在这里
- OnJava8 - 《On Java 8》中文版
- engineering-Box - engineering Box (简称 - engineering) 是一个集合github平台上的安全行业从业者自研开源扫描器的仓库,包括子域名枚举、数据库漏洞扫描、弱口令或信息泄漏扫描、端口扫描、指纹识别以及其他大型扫描器或模块化扫描器,同时该仓库只收录各位安全行业从业者自己编写的一般性开源扫描器,类似awvs、nmap、w3af等知名扫描工具不收录,收集全球各位同仁爱好者维护项目
- scaner - 扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
- GitHubDaily - GitHubDaily 分享内容定期整理与分类。欢迎推荐、自荐项目,让更多人知道你的项目。
- starrtc-android-demo - 🚀starRTC,即时通讯(IM)系统,免费IM系统(含单聊,群聊,聊天室,文件传输),免费一对一视频聊天,VOIP,语音对讲(回音消除),直播连麦,视频直播,RTSP拉流,RTMP推流,webRTC服务端,在线教育,白板,小班课,在线会议,视频会议,视频监控,局域网直连(无需服务器),兼容webRTC, 支持webRTC加速,P2P高清传输,安卓、iOS、web互通,支持门禁对讲,可视对讲,电视盒子,树莓派,海思,全志,任天堂switch,云游戏,OTT设备,物联网平台,C语言自研方案,支持二次开发成类微信,类映客等APP,✨万水千山总是情,来个star行不行✨,更多示例请访问:
- web-sec-interview - Information Security (Web Security/Penetration Testing Direction) Interview Questions/Solutions 信息安全(Web安全/渗透测试方向)面试题/解题思路
- FEGuide - 【前端面试题+前端学习+面试指南】 一份涵盖大部分前端工程师所需要掌握的核心知识。这个项目就是为了帮助那些找工作的前端开发工程师去回顾前端的基础知识,如果你不想找工作,也可以通过查看这些面试问题去巩固你的前端技能。
- architect-awesome - 后端架构师技术图谱
- CyberSecurityRSS - CyberSecurityRSS: 优秀的网络安全知识来源 / A collection of cybersecurity rss to make you better!
- aria2-ariang-x-docker-compose - Docker compose files for Aria2+ AriaNg+ filerun/ Nextcloud/ h5ai + Plex. 图形化BT,磁力,离线下载,文件管理,播放,投屏
- awesome-wasm - 😎 Curated list of awesome things regarding WebAssembly (wasm) ecosystem.
- RFSec-ToolKit - RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集,可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith
- CVE-2020-14882 - CVE-2020–14882、CVE-2020–14883
- Mysql8.0_Reference_Manual_Translation - MySQL8.0官方文档中文翻译
- YCBlogs - 技术博客笔记大汇总【15年10月到至今】,包括Java基础及深入知识点,Android技术博客,Python,Go学习笔记等等,还包括平时开发中遇到的bug汇总,当然也在工作之余收集了大量的面试题,长期更新维护并且修正,持续完善……开源的文件是markdown格式的!同时也开源了生活博客,从12年起,积累共计N篇[近100万字],转载请注明出处,谢谢!
- awesome-cybersecurity-blueteam - :computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
- src - 日常src平台域名收集
- FastjsonPocs - 一些结合第三方组件的Fastjson POC,在1.2.48以后版本中陆续被添加至黑名单。
- codeql_chinese - CodeQL中文资料和常见使用解释。Chinese version of Codeql documents
- awesome-devsecops - Curating the best DevSecOps resources and tooling.
- everyone-can-use-english - 人人都能用英语
- Begin-Latex-in-minutes - 📜 Brief Intro to LaTeX for beginners that helps you use LaTeX with ease.
- neo4j-tutorial-Chinese - 学图论数据库 Neo4j 的时候顺手翻译了它的在线课程
- ResumeSample - Resume template for Chinese programmers . 程序员简历模板系列。包括PHP程序员简历模板、iOS程序员简历模板、Android程序员简历模板、Web前端程序员简历模板、Java程序员简历模板、C/C++程序员简历模板、NodeJS程序员简历模板、架构师简历模板以及通用程序员简历模板
- papers-notebook - :page_facing_up: :cn: :page_with_curl: 论文阅读笔记(分布式,虚拟化,机器学习)Papers Notebook (Distributed System, Virtualization, Machine Learning), created by @gaocegege
- Mobexler
- proxy-web - proxy-web是用go语言写的,基于snail007/goproxy完成的可视化网页应用
- awesome-javascript-cn - JavaScript 资源大全中文版,内容包括:包管理器、加载器、测试框架、运行器、QA、MVC框架和库、模板引擎等。由「开源前哨」和「前端大全」微信公号团队维护更新。
- Chinese-Names-Corpus - 中文人名语料库。人名生成器。中文姓名,姓氏,名字,称呼,日本人名,翻译人名,英文人名。可用于中文分词、人名实体识别。
- awesome-python3-webapp - 小白的Python入门教程实战篇:网站+iOS App源码→ http://t.cn/R2PDyWN 赞助→ http://t.cn/R5bhVpf
- Benchmarks - 常用服务器、数据库、中间件安全配置基线 - 基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器,安卓、IOS、云的安全配置 For benchmarks.cisecurity.org
- Hacking-Skills - Collect open vulnerabilities and sort them out!😄
- awesome-vue - 🎉 A curated list of awesome things related to Vue.js
- SuperWordlist - 基于实战沉淀下的各种弱口令字典
- siyuan - 📕 思源笔记是一款 Markdown 块级引用和双向链接的网状笔记应用,支持 Windows、Mac 和 Linux,可在浏览器上直接使用,支持移动端适配。SiYuan is a Markdown Block-Reference and Bidirectional-Link note-taking application, supports Windows, Mac and Linux, can be used directly on the browser, and supports mobile-end adaptation.
- Translation-For-IoT-Penetration-Testing-Cookbook - 学习物联网渗透测试技术时,在Google上查到的一本英文书。看国内还未有该领域的书籍,因此将其翻译提供更多的同学学习。若有侵权,请联系删除。
- MSSQL_SQL_BYPASS_WIKI - MSSQL注入提权,bypass的一些总结
- expert_readed_books - 2020年最新总结,推荐工程师合适读本,计算机科学,软件技术,创业,思想类,数学类,人物传记书籍
- Apache-Solr-RCE - Apache Solr Exploits 🌟
- Red-Team-links - 2019年红队资源链接,资源不是本人整理出来,来自互联网,因为流传的少,特意在此做个备份,做个分享。
- SharpToolsAggressor - 内网渗透中常用的c#程序整合成cs脚本,直接内存加载。持续更新~
- PortScanner-3 - golang 版本的分布式端口扫描器,可快速方便部署,扫描核心基于 masscan & nmap
- ActuatorExploitTools - 一款用于攻击spring boot actuator的集成环境,目前集成三种攻击方式,仅支持攻击spring boot 1.x
- NewBie-Plan - 📚 Java 技术体系面试指南 , 旨在锻炼学习方法论的技术指南 🚀 数学,算法,基础框架,原理剖析,职业感悟,技术面试
- eos-bp-nodes-security-checklist - EOS bp nodes security checklist(EOS超级节点安全执行指南)
- AI-Machine-Learning-Security - 一个关于人工智能渗透测试分析系列
- Interview-Notes - 秋招面试总结
- Burp-Suite-2.0-chinese-document - 中文版burp2.0官方文档
- Java-Notes - :books: 计算机科学基础知识、Java开发、后端/服务端、面试相关 :books: computer-science/Java-development/backend/interview
- Awesome-WeChat - 技术型干货分享公众号集合,点击公众号链接即可扫描快速二维码。
- security-guide-for-developers - Security Guide for Developers (实用性开发人员安全须知)
- Awesome - :computer: 🎉 An awesome & curated list of best applications and tools for Windows.
- Online-Privacy-Test-Resource-List - Privacy Online Test and Resource Compendium (POTARC) 🕵🏻
- TaieReconKiller - TaieReconKiller-泰阿信息收集漏洞挖掘自动化套件,最大化的将渗透流程全部自动化。所选工具平台大部分为go方便后期维护和升级!
- Taie-knowledge-platform - 泰阿聚合知识库搜索引擎管理平台-聚合之前公网爬虫的网络安全类的知识库导入到平台统一管理方便搜索学习
- CobaltStrike - CobaltStrike相关内容
- awesome-web-security - 🐶 A curated list of Web Security materials and resources.
- hacking-reading-list - 做了一次尝试,把我的云笔记内容搬到 Github 上,看来还不错
- CobaltStrike_wiki - Cobalt Strike 3.12中文文档
- TideScout - A new system~一站式资产管理与威胁监测系统
- Godzilla - 哥斯拉
- GatherInfo - 渗透测试信息收集/内网渗透信息收集
- awesome-vuepress - 🎉 A curated list of awesome things related to VuePress
- Awesome-CobaltStrike - cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
- CVE-2019-17571 - Apache Log4j 1.2.X存在反序列化远程代码执行漏洞
- WebFuzzAttack - web模糊测试 - 将漏洞可能性放大
- gold-miner - 🥇掘金翻译计划,可能是世界最大最好的英译中技术社区,最懂读者和译者的翻译平台:
- awesome-macOS - A curated list of awesome applications, softwares, tools and shiny things for macOS.
- GoScan - GoScan是采用Golang语言编写的一款分布式综合资产管理系统,适合红队、SRC等使用
- spreadsheets-for-investors - 投资人必会知识 —— 电子表格简明进阶教程
- LeetcodeTop - 汇总各大互联网公司容易考察的高频leetcode题🔥
- reverse-interview-zh - 技术面试最后反问面试官的话
- awesome-sysadmin - MOVED/ARCHIVED A curated list of amazingly awesome open source sysadmin resources.
- English-level-up-tips-for-Chinese - 可能是让你受益匪浅的英语进阶指南
- Pentest-Notes - 《内网安全攻防-渗透测试实战指南》一些技术点概括
- web-hacking-101-zh - :book: [译] Web Hacking 101 中文版
- SecurityRSS - 网络安全相关的RSS订阅列表
- harbor-scanner - 一个免费的镜像漏洞扫描工具, 可以扫描镜像中已安装软件包的漏洞,支持中文漏洞库,可与 Harbor 无缝集成。
- Ultimate-Facebook-Scraper - 🤖 A bot that automates your social media interactions to collect posts, photos, videos, interests, friends, followers, and much more on Facebook.
- Awesome-Linux-Software-zh_CN - 🐧 一个 Linux 上超赞的应用,软件,工具以及其它资源的集中地。
- styleguide - 文档与源码编写风格
- jstraining - 全栈工程师培训材料
- golang-open-source-projects - 为互联网IT人打造的中文版awesome-go
- best-chinese-front-end-blogs - 收集优质的中文前端博客
- book - 学习笔记
- python-data-structure-cn - problem-solving-with-algorithms-and-data-structure-using-python 中文版
- react-cookbook - 编写简洁漂亮,可维护的 React 应用
- IntelliJ-IDEA-Tutorial - IntelliJ IDEA 简体中文专题教程
- UltimateCMSWordlists - 📚 A ultimate collection wordlists of the best-known CMS
- awesome-devsecops-russia - Awesome DevSecOps на русском языке
- my-mac-os - List of applications and tools that make my macOS experience even more amazing
- Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
- AndroidSecNotes - some learning notes about Android Security
- AllTools - All reasonably stable tools
- ghhdb-Github-Hacking-Database - Github Hacking Database - My personal collection of Github Dorks to search for Confidential Information (Yes, it's a Github version of Google Dorks)
- awesome-oscp - A curated list of awesome OSCP resources
- A-Course-on-Digital-Forensics - A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
- OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
- awesome-ghidra - A curated list of awesome Ghidra materials
- MSRC-Security-Research - Security Research from the Microsoft Security Response Center (MSRC)
- Security-PPT - 大安全各领域各公司各会议分享的PPT(此仓库仅作为储存仓库,浏览请通过https://feei.cn/security-resources)
- weird_proxies - Reverse proxies cheatsheet
- awesome-opensource-security - A list of interesting open-source tools
- can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
- Malleable-C2-Profiles - Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
- thinkphp-RCE-POC-Collection - thinkphp v5.x 远程代码执行漏洞-POC集合
- capsulecorp-pentest - Vagrant VirtualBox environment for conducting an internal network penetration test
- XSS-Payloads - List of XSS Vectors/Payloads
- AndroidAppRE - Android App Reverse Engineering Workshop
- AllThingsSSRF - This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
- App_Security
- CS-checklist - PC客户端(C-S架构)渗透测试checklist / Client side(C-S) penetration checklist
- SharpDecryptPwd - 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)。
- API-Security - OWASP API Security Project
- iOS-Debug-Hacks - :dart: Advanced debugging skills used in the iOS project development process, involves the dynamic debugging, static analysis and decompile of third-party libraries. iOS 项目开发过程中用到的高级调试技巧,涉及三方库动态调试、静态分析和反编译等领域
- Android-Reports-and-Resources - A big list of Android Hackerone disclosed reports and other resources.
- PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- Knowledge-Base - Knowledge Base 慢雾安全团队知识库
- CTFTraining - CTF Training 经典赛题复现环境
- Active-Directory-Pentest-Notes - 个人域渗透学习笔记
- Safety-Project-Collection - 收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。
- Windows-Kernel-Explorer - A free but powerful Windows kernel research tool.
- Emergency-Response-Notes - 应急响应实战笔记,一个安全工程师的自我修养。
- kalitools - Kali Linux工具清单
- MYSQL_SQL_BYPASS_WIKI - mysql注入,bypass的一些心得
- RedTeam - RedTeam资料收集整理
- Cobalt_Strike_wiki - Cobalt Strike系列
- awesome-browser-exploit - awesome list of browser exploitation tutorials
- pentest-guide - Penetration tests guide based on OWASP including test cases, resources and examples.
- SaiDict - 弱口令,敏感目录,敏感文件等渗透测试常用攻击字典
- Newbie-Security-List - 网络安全学习资料,欢迎补充
- HackingResource - “玄魂工作室--安全圈” 知识星球内资源汇总
- CTFTools - Personal CTF Toolkit
- 1135-CobaltStrike-ToolKit - about CobaltStrike
- The-Hacker-Playbook-3-Translation - 对 The Hacker Playbook 3 的翻译。
- AnsiblePlaybooks - A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
- Pentest_Interview - 个人准备渗透测试和安全面试的经验之谈,和去部分厂商的面试题,干货真的满满~
- Micro8 - Gitbook
- Enterprise-Security-Skill - 用于记录企业安全规划,建设,运营,攻防的相关资源
- DarthSidious-Chinese - DarthSidious 中文版
- detectionString - list of sql-injection and XSS strings
- BlockChain-Security-List
- sks - Security Knowledge Structure(安全知识汇总)
- IoTSecurity101 - A Curated list of IoT Security Resources
- Windows-RCE-exploits - The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue teams.
- kali-linux-cheatsheet - Kali Linux Cheat Sheet for Penetration Testers
- The-Security-Handbook-Kali-Linux - A useful reference guide and a handbook of security basics for those starting out.
- OSG-TranslationTeam - 看雪iOS安全小组的翻译团队作品集合,如有勘误,欢迎斧正!
- CTF-Site - 介绍一些CTF训练的站点
- ACL4SSR - SSR 去广告ACL规则/SS完整GFWList规则/Clash规则碎片,Telegram频道订阅地址
- awesome-security-weixin-official-accounts - 网络安全类公众号推荐,欢迎大家推荐
- cobaltstrike - cobalt strike stuff I have gathered from around github
- awesome-chinese-infosec-websites - A curated list of Chinese websites and personal blogs about ethical hacking and pentesting
- Audit-Learning - 记录自己对《代码审计》的理解和总结,对危险函数的深入分析以及在p牛的博客和代码审计圈的收获
- Awesome-Hacking-Tools - Awesome Hacking Tools
- Pentest-and-Development-Tips - A collection of pentest and development tips
- vTemplate - v2ray的模板们
- LinuxSecNotes - some learning notes about Linux Security
- Mind-Map - 各种安全相关思维导图整理收集
- Useful_Websites_For_Pentester - This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.
- Code-Audit-Challenges - Code-Audit-Challenges
- Awesome-Chinese-NLP - A curated list of resources for Chinese NLP 中文自然语言处理相关资料
- awesome-mobile-CTF - This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them are android based due to the popularity of the platform.
- new-pac - 科学上网/自由上网/翻墙/软件/方法,一键翻墙浏览器,免费shadowsocks/ss/ssr/v2ray/goflyway账号/节点分享,vps一键搭建脚本/教程
- Digital-rights - Promote digital rights in China
- shadowsocks_install - Auto install shadowsocks server,thanks 秋水逸冰
- Awesome-Hacking-Practice - A curated list of websites and apps to help you practice hacking
- AttackDetection - Attack Detection
- Android-Crack-Tool - 🐞Android crack tool For Mac
- WebshellCCL - A python script help with webshell bypassing.
- sec-chart - 安全思维导图集合
- CTF-pwn-tips - Here record some tips about pwn. Something is obsoleted and won't be updated. Sorry about that.
- Powerful-Plugins - Powerful plugins and add-ons for hackers
- Threat-Intelligence-Analyst - 威胁情报,恶意样本分析,开源Malware代码收集
- Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go
- Sec-Box - information security Tools Box (信息安全工具以及资源集合)
- GRE_laylalaisy - Toefl的姊妹篇lol GRE的一些资料~ 祝小可爱和大佬们早日和GRE巨型怪兽分手(o゜▽゜)o☆
- T430-EFI - Hackintosh Install Tutorial for Lenovo Thinkpad T430
-
Kotlin (19)
- awesome-kotlin - A curated list of awesome Kotlin related stuff Inspired by awesome-java.
- AndroidDaemonKiller
- allsafe - Intentionally vulnerable Android application.
- lcg - 吾爱破解第三方安卓应用
- DataBindingSamples - 包含了 DataBinding 的大部分知识点
- cwa-app-android - Native Android app using the Apple/Google exposure notification API.
- poetry-pycharm-plugin - A PyCharm plugin for poetry
- shipfast-api-protection - Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.
- dtd-finder - List DTDs and generate XXE payloads using those local DTDs.
- InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
- p3c - Alibaba Java Coding Guidelines pmd implements and IDE plugin
- VDM - GUI for command-line video downloader (youtube-dl annie)
- kotlin-koans - Kotlin workshop
- GSYGithubAppKotlin - 超完整的Android Kotlin 项目,功能丰富,适合学习和日常使用。GSYGithubApp系列的优势:目前已经拥有Flutter、Weex、ReactNative、Kotlin四个版本。 功能齐全,项目框架内技术涉及面广,完成度高。开源Github客户端App,更好的体验,更丰富的功能,旨在更好的日常管理和维护个人Github,提供更好更方便的驾车体验Σ( ̄。 ̄ノ)ノ。同款Weex版本: https://github.com/CarGuo/GSYGithubAppWeex 、同款React Native版本 : https://github.com/CarGuo/GSYGithubApp 、 同款Flutter版本: https://github.com/CarGuo/GSYGithubAppFlutter
- Network-Demo - Retrofit + OkHttp3 + coroutines + LiveData打造一款网络请求框架
- DeveloperHelper - 📌易开发是一款帮助开发人员快速开发的工具,功能包括界面分析,页面信息,加固脱壳,支持Android9.0
- Kotlin-CN - 【已下线】https://discuss.kotliner.cn 的第一个实验版本,尝试使用Kotlin编写构建的 Kotlin China 论坛,etcd+自研tpc协议RPC
- Bookmarks - A Burp Suite Extension to take back your repeater tabs
- VPNHotspot - Share your VPN connection over hotspot or repeater! (root required)
-
Objective-C (33)
- ProvisionQL - Quick Look plugin for apps and provisioning profile files
- bitbar - Put the output from any script or program in your Mac OS X Menu Bar
- VipVideo - 各大网站vip视频免费观看 等 Mac版。付费电影,VIP会员剧等,去广告播放。自用视频或者电影URL,音乐破解URL,CCTV等电视播放URL
- AxcDrawPath_Tool - AxcAEKit系列拆分出来的一个贝塞尔曲线绘制工具,以科技风为主,动画为辅
- DevDataTool - 编码转换、摘要(hash)、加解密(MD5、SHA1、SHA256、SHA3、SM3、HMAC、DES、3DES、AES、SM4)
- NetworkSniffer - Log iOS network traffic without a proxy
- BlockBlock - BlockBlock provides continual protection by monitoring persistence locations.
- PEP - PEP - Free & Open Source PDF Editing Program for Mac
- santa - A binary authorization system for macOS
- macOSTools - macOS Offensive Tools
- DecryptApp
- hopper-plugins - Plugins for the Hopper disassembler
- KernBypass-Public - chroot based kernel level jailbreak detection bypass.
- ios-app-signer - This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
- ios-app-signer - This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
- Keychain-Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
- UTM - Virtual machines for iOS
- FridaNSLogger - Logging tool that send Frida log to Mac NSLoggerViewer
- Bob - Bob 是一款 Mac 端翻译软件,支持划词翻译、截图翻译以及手动输入翻译。
- WeChatExtension-ForMac - Mac微信功能拓展/微信插件/微信小助手(A plugin for Mac WeChat)
- YourView - YourView is a desktop App in MacOS based on Apple SceneKit. You may use it to view iOS App's view hierarchy 3D.
- JSDebugger - JavaScript-Based Debugger For Inspecting Running State Of Your Application
- networkfixer - Enable network access for Chinese iPhone with checkra1n
- ChangeLocation - 改变自己的定位地址(免越狱打卡)
- macSubstrate - Substrate for macOS
- KeychainCracker - macOS keychain cracking tool
- sequelpro - MySQL/MariaDB database management for macOS
- iOSMixProject - 马甲包混淆工程
- ZXHookDetection - 【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo);【数据传输安全】浅谈http、https与数据加密
- SecConArchive - Security Conference Archive
- STCObfuscator - iOS全局自动化 代码混淆 工具!支持cocoapod组件代码一并 混淆,完美避开hardcode方法、静态库方法和系统库方法!
- MonkeyDev - CaptainHook Tweak、Logos Tweak and Command-line Tool、Patch iOS Apps, Without Jailbreak.
-
Perl (22)
- SpiderProject - SpiderSploit Project
- enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.
- dnsenum2 - dnsenum is a perl script that enumerates DNS information
- lua-resty-redis-ratelimit - Limit the request processing rate between multiple NGINX instances backed by Redis
- swaks - Swaks - Swiss Army Knife for SMTP
- mod0BurpUploadScanner - HTTP file upload scanner for Burp Proxy
- vpn-arsenal - VPN pentest tools and scripts
- ABTestingGateway
- linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
- DNS_Hunter - DNS enumeration tool
- rsnapshot - a tool for backing up your data using rsync (if you want to get help, use https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss)
- psad - psad: Intrusion Detection and Log Analysis with iptables
- StrutScan - Struts2 Vuls Scanner base perl script
- lua-resty-waf - High-performance WAF built on the OpenResty stack
- nikto - Nikto web server scanner
- ATSCAN - Advanced dork Search & Mass Exploit Scanner
- Mojo-Webqq - 【重要通知:WebQQ将在2019年1月1日停止服务,此项目目前已停止维护,感谢大家四年来的一路陪伴】使用Perl语言(不会没关系)编写的smartqq/webqq客户端框架(非GUI),可通过插件提供基于HTTP协议的api接口供其他语言或系统调用
- qqwry2mmdb - 为 Wireshark 能使用纯真网络 IP 数据库(QQwry)而提供的格式转换工具
- ReconCobra---Complete-Automated-Pentest-Framework-For-Information-Gathering - ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options with full automation with powerful information gathering capability Brief Introduction ReconCobra is useful in Banks, Private Organisations and Ethical hacker personnel for legal auditing. It serves as a defense method to find as much as information possible for gaining unauthorised access and intrusion. With the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. ReconCobra software can audit, firewall behaviour, if it is leaking backend machines/server and replying pings, it can find internal and external networks where many software’s like erp, mail firewalls are installed, exposing servers so it do Footprinting, Scanning & Enumeration as much as possible of target, to discover and collect most possible informations like username, web technologies, files, endpoint, api and much more.
- SecToolSet - The security tool(project) Set from github。github安全项目工具集合
-
PHP (184)
- SDLT - Security Development Lifecycle Tool
- awesome-appsec - A curated list of resources for learning about application security
- XSS-Fishing2-CS - 鱼儿在cs上线后自动收杆|Automatically stop fishing in javascript after the fish is hooked
- xssblind - 使用docker-compose一键快速搭建ezXSS环境
- awsome-webshell - webshell样本大合集。收集各种webshell用于webshell分析与发现。——www.shellpub.com
- shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
- qc_classroom - 🕊青草课堂在线教育
- wizard - Wizard是一款开源的文档管理工具,支持Markdown/Swagger/Table类型的文档。
- pikachu - 一个好玩的Web安全-漏洞测试平台
- easyImages - 此版本不再维护,已出新版:速度更快,压缩更小:
- Typecho-Theme-RAW - “在互联网上寻找栖息之地”
- OLAINDEX - ✨ Another OneDrive Directory Index
- down_52pojie_cn - A single page file explorer that can be hosted on static website. 吾爱破解论坛 爱盘 https://down.52pojie.cn/ 页面的源代码
- meedu - 开源在线教育点播系统。
- id-validator - 中华人民共和国居民身份证、中华人民共和国港澳居民居住证以及中华人民共和国台湾居民居住证号码验证工具(PHP 版)
- mail_fishing - 甲方安全工程师必备,内部钓鱼系统
- WebBug - WebBug漏洞练习平台
- Bigfa - ⚡Typecho简约精致的白色两栏主题。A Typecho Theme
- weblogger - 针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具
- doom - DOOM是在thorn上实现的分布式任务分发的ip端口漏洞扫描器
- card-system - 卡密商城系统,高效安全的在线卡密商城
- VueThink - VueThink是一套基于Vue全家桶(Vue2.x + Vue-router2.x + Vuex)+ ThinkPHP5的前后端分离框架。
- pentest_tools - 收集一些小型实用的工具
- webdir - 网站目录
- yunBT - Aria2 FFmpeg 的多用户下载视频转码
- docker-rtorrent - rTorrent 0.9.4 加 libTorrent 0.13.4 和 ruTottent,打了加 peer 的补丁
- gitblog - markdown blog base on CodeIgniter, writing blog with markdown!基于CI的markdown博客
- TALD - 使用Aria2作为后端 通过视频来 采集视频作为自己的视频网站:ThinkPHP Aria2 Libav Dplayer
- xwebshell - 免杀webshell
- fuzzXssPHP - PHP版本的反射型xss扫描,支持GET,POST
- ip-location-zh - 获取 IP 地址的真实地理位置
- JSONBee - A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
- Grawler - Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
- Awsome-shells - Collection of reverse shells
- paraminer
- k4l0ng_WAF - A broute detect WAF by PHP using to AWD
- WebSecArs - Web Security payloads & co.
- emogrifier - Converts CSS styles into inline style attributes in your HTML code.
- OneManager-php - An index & manager of Onedrive based on serverless. Can be deployed to Heroku/Glitch/SCF/FG/FC/CFC/PHP web hosting/VPS.
- LittleProxy - High performance HTTP proxy originally written by your friends at Lantern and now maintained by a stellar group of volunteer open source programmers.
- InputScanner
- bucky - Bucky (An automatic S3 bucket discovery tool)
- phishpond - Because phishtank was taken.. explore phishing kits in a contained environment!
- webcgi-exploits - Multi-language web CGI interfaces exploits.
- SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
- php_disable_functions_bypass - procfs-based PHP sandbox bypass
- code6 - 码小六 - GitHub 代码泄露监控系统
- my-ctf-challenges - My CTF Challenges
- AnotherVulnerableWebApp
- phpstan - PHP Static Analysis Tool - discover bugs in your code without running it!
- UnSAFE_Bank - Vulnerable Banking Suite
- mosec-composer-plugin - 用于检测composer项目的第三方依赖组件是否存在安全漏洞。
- PHP-Parser - A PHP parser written in PHP
- Kali-Linux-Tools-Interface - Graphical Web interface developed to facilitate the use of security information tools.
- findpass - 基于sphinx的社工库
- xhrStealer - XHR Posts cookie and body html. PHP receives the data and saves in md format with html highling.
- exploits - Pwn stuff.
- jenkins-shell - Automating Jenkins Hacking using Shodan API
- reserved-usernames - 590+ usernames in this dictionary! A list of reserved usernames to prevent url collision with resource paths. This repository hosts the list in multiple formats like JSON, CSV, SQL and plain text. You can use its just download its by wget.
- phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
- PhishAPI - Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
- vuejs-serverside-template-xss - Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
- NorthStarC2 - Web Based Command Control Framework (C2) #C2 #PostExploitation #CommandControl #RedTeam #C2Framework #PHPC2 #.NETMalware #Malware #PHPMalware #CnC #infosec #offensivesecurity #Trojan
- gitscraper - A tool which scrapes public github repositories for common naming conventions in variables, folders and files
- tphack - Thinkphp3/5 Log文件泄漏利用工具
- dvwp - Damn Vulnerable WordPress
- CTF_Web_docker - dockers for CTF_Web.
- B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
- InlineAMP - InlineAMP is an AMP ready WordPress theme.
- hacking-files - Arquivos para estudo sobre Bug Bounty.
- valet-plus - Blazing fast macOS PHP development environment
- xssplatform - 一个经典的XSS渗透管理平台
- LotServer_KeyGen - A LotServer KeyGen
- php-version-audit - Audit your PHP version for known CVEs and patches
- BookStack - A platform to create documentation/wiki content built with PHP & Laravel
- 35c3 - Challenges I created for 35c3
- monica - Personal CRM. Remember everything about your friends, family and business relationships.
- composer-registry-manager - :hammer_and_wrench: :hammer: Composer registry manager that help to easily switch to the composer repository you want.
- get_AV - Windows杀软在线对比辅助
- AmanCTF
- JShielder - Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
- ezXSS - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
- xss-platform - 一款基于ThinkPHP5.1的XSS管理平台。
- disposable-email-domain-list - A list of disposable email domains, cleaned and validated by scanning MX records.
- Synology-LrcPlugin - Lyrics plugin for Synology Audio Station/DS Audio
- fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- SecurityTechnique - Security technique research and some funny work on it !
- oneindex - OneDrive Directory Index
- docker-tt-rss-arm7 - Docker image for Tiny Tiny RSS feed reader for Raspberry Pi / arm7 / arm8.
- docker-ttrss - Tiny Tiny RSS as a Docker container
- SVScanner - SVScanner - Scanner Vulnerability And MaSsive Exploit.
- phpservermon - PHP Server Monitor
- Typecho-theme-Rinvay - Rinvay.H 主题预览
- easyengine - Command-line control panel for Nginx Server to manage WordPress sites running on Nginx, PHP, MySQL, and Let's Encrypt
- Random-Image - 随机图片服务
- yoniu - TYPECHO原创模板
- phpdns - 此项目不再维护,推荐使用AdGuard Home来替代。
- php_bugs - PHP代码审计分段讲解
- xvwa - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
- BadMod - CMS auto detect and exploit.
- tinyfilemanager - The best web based PHP File Manager in single file, Manage your files efficiently and easily with tinyfilemanager
- Diaspora - Diaspora - A WordPress theme
- kurukshetra - Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
- url-shorter - A modern, safe and simple url shorter
- avenger-sh - Project for finding vunerabilities in mass.
- DDoS-PHP-Script - Script to perform a DoS or DDoS UDP Flood by PHP
- security-advisories - A database of PHP security advisories
- CVE-2017-5124 - Chrome < 62 uxss exploit (CVE-2017-5124)
- FruityWifi - FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.
- wphunter - WPHunter A Wordpress Vulnerability Scanner
- IPinfo - 整合多接口的IP查询工具。
- 1book - 《Web安全之机器学习入门》
- typecho-update-assistant - A update plugin for Typecho.
- BWVS - Web漏洞渗透测试靶场
- kldns - 快乐二级域名分发系统
- regexp-security-cheatsheet
- typecho2Hexo - typecho批量转Hexo
- easy-sms - :calling: 一款满足你的多种发送需求的短信发送组件
- online.net
- Gazelle
- flarum - Simple forum software for building great communities.
- php-malware-finder - Detect potentially malicious PHP files
- SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
- Vulnerable-OTP-Application - Vulnerable OTP/2FA Application written in PHP using Google Authenticator
- DAws - Advanced Web Shell
- GuruWebScanner - An On-The-Cloud free "greybox" box scanner for various purposes.
- RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
- xiao-webshell - a collection of webshell
- pingpp-php
- empire-web - PowerShell Empire Web Interface
- safecurl - SSRF Protection Library for PHP - http://safecurl.fin1te.net
- kafka-php - kafka php client
- phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods
- copywriting-correct - 中英文文案排版纠正器
- phpspider - 《我用爬虫一天时间“偷了”知乎一百万用户,只为证明PHP是世界上最好的语言 》所使用的程序
- simhashphp - SimHash similarities algorithm implementation for PHP
- LDAP-credentials-collector-backdoor-generator - This script generate backdoor code which log username password of an user who have passed HTTP basic auth using LDAP credentials.
- twitter - Twitter API for Laravel 5.5+, 6.x, 7.x & 8.x
- DVWA-WooYun - It is a DVWA with some plugins based on real wooyun bug reports
- dom-based-xss-detector - Detector of DOM based XSS
- dujiaoka - 🚀独角数卡(发卡)-开源式站长自动化售货解决方案、高效、稳定、快速!🎉🎉
- wooyun_public - This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
- SyncMusic - 🎵 PHP Swoole 开发的在线同步点歌台,支持自由点歌,切歌,调整排序,删除指定音乐以及基础权限分级
- miniProxy - 🚨⚠️ UNMAINTAINED! ⚠️🚨 A simple PHP web proxy.
- XssHtml - php富文本过滤类,XSS Filter
- wooyun_final - 根据hanc00l和m0l1ce提供的数据构建docker版的乌云漏洞库,包含8.8W漏洞信息
- EwoMail - EwoMail是基于Linux的企业邮箱服务器,集成了众多优秀稳定的组件,是一个快速部署、简单高效、多语言、安全稳定的邮件解决方案
- AWD-Attack-Defense - CTF-AWD攻防脚本工具合集
- hisiphp - HisiPHP V2版是基于ThinkPHP5.1和Layui开发的后台框架,承诺永久免费开源,您可用于学习和商用,但须保留版权信息正常显示。如果HisiPHP对您有帮助,您可以点击右上角 "Star" 支持一下哦,谢谢!
- rips-Chinese - 本人三年前汉化的PHP代码审计工具rips
- AoiAWD - AoiAWD-专为比赛设计,便携性好,低权限运行的EDR系统。
- xunsearch - 免费开源的中文搜索引擎,采用 C/C++ 编写 (基于 xapian 和 scws),提供 PHP 的开发接口和丰富文档
- yii2_fecshop - yii2 ( PHP ) fecmall(fecshop) core code used for ecommerce shop 多语言多货币多入口的开源电商 B2C 商城,支持移动端vue, app, html5,微信小程序微店,微信小程序商城等
- Front-end-tutorial - :panda_face:最全的资源教程-前端涉及的所有知识体系
- WebRtcXSS - 利用XSS入侵内网(Use XSS automation Invade intranet)
- upload-labs - 一个想帮你总结所有类型的上传漏洞的靶场
- webshell-sample - 收集自网络各处的 webshell 样本,用于测试 webshell 扫描器检测率。
- imgurl - ImgURL是一个简单、纯粹的图床程序,让个人图床多一个选择。
- CyberSecurityBox - 该资源为网络安全和Web渗透各种类型题目的离线靶场,主要采用PHP语言实现,包括XSS攻击、文件上传漏洞、SQL注入等,基础性资源,希望对安全初学者有所帮助。加油~
- wso-webshell - 🕹 wso php webshell
- Awvs-Xray - Awvs 批量添加扫描/删除任务 + 可选式对接Xray 自动化挖洞
- exp - 收集各种各样的exp
- Vub_ENV - 跟踪真实漏洞相关靶场环境搭建
- image - 多接口分发图床
- My-CTF-Web-Challenges - Collection of CTF Web challenges I made
- Writeups - 国内各大CTF赛题及writeup整理
- rhizobia_P - PHP安全SDK及编码规范
- CSP-useful - Collection of scripts, thoughts about CSP (Content Security Policy)
- Bypass_Disable_functions_Shell - 一个各种方式突破Disable_functions达到命令执行的shell
- WDScanner - WDScanner平台目前实现了如下功能:分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。
- Hacking_Cheat_Sheet - All my Hacking|Pentesting Notes
- awvs_script_decode - 解密好的AWVS10.5 data/script/目录下的脚本
- WEB-INF-dict - List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.
- windows-php-reverse-shell - Simple php reverse shell implemented using binary .
- WebShell - Webshell && Backdoor Collection
- CMS-Hunter - CMS漏洞测试用例集合
- OpenVPN-Admin - Install and administrate OpenVPN with a web interface (logs visualisations, users managing...)
- shadowsocks-manage-system - 科学上网管理系统
- WebStack-Laravel - 一个开源的网址导航网站项目,您可以拿来制作自己的网址导航。
-
PowerShell (153)
- PowerWorm - Analysis, detection, and removal of the "Power Worm" PowerShell-based malware
- adaudit - Powershell script to do domain auditing automation
- PowerShell-Docs.zh-cn
- Invoke-DCOMPowerPointPivot - Executes lateral movement through PowerPoint DCOM objects
- Nmap-Scan.PS1 - PowerShell wrapper for nmap, allows easy scanning of many hosts and subnets
- vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
- taowu-cobalt-strike
- PS1-To-EXE-Generator - PS1 to EXE Generator: Create an EXE for your PS1 scripts
- OSCP-Automation - A collection of personal scripts used in hacking excercises.
- ADThief - Post-exploitation tool for attacking Active Directory domain controllers
- PSBits - Simple (relatively) things allowing you to dig a bit deeper than usual.
- Z1-AggressorScripts - 适用于Cobalt Strike的插件
- code-snippets - Various code snippets
- ADLab - Active Directory Lab for Penetration Testing
- redteam - Red Team Scripts by d0nkeys (ex SnadoTeam)
- pentestingazureapps - Script samples from the book Pentesting Azure Applications (2018, No Starch Press)
- PowerShell - NetSPI PowerShell Scripts
- PoshPrivilege - Manage user privileges on a local machine or view applied privileges on local or remote system
- pooltest - 网上收集的一些利用工具
- redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
- CSPlugins - Cobaltstrike Plugins
- EVTX-ATTACK-SAMPLES - Windows Events Attack Samples
- HTTP-revshell - Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware
- AD-AutomationLab - Herramienta en PowerShell ideal para desplegar tu propio entorno AD vulnerable de forma automatizada.
- WindowsEventForwarding - A module for working with Windows Event Collector service and maintain Windows Event Forwarding subscriptions.
- powershell_scripts - Powershell Scripts
- ACLight - A script for advanced discovery of Privileged Accounts - includes Shadow Admins
- ANGRYPUPPY - Bloodhound Attack Path Automation in CobaltStrike
- GoFetch - GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
- DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
- taowu-cobalt-strike
- CVE-2020-1337-exploit - CVE-2020-1337 Windows Print Spooler Privilege Escalation
- powercat - netshell features all in version 2 powershell
- xc - A small reverse shell for Linux & Windows
- meterpeter - C2 Powershell Command & Control Framework with BuiltIn Commands (Modules)
- Invoke-WordThief - This script runs multithreading module that connects to a remote TCP server, monitors active (opened) Microsoft Word documents (.doc,.docx,etc') and extracting their text using Word application's COM Object. The script adds HKCU registry (no admin needed) Run key, so this script runs persistently.
- Minimalistic-offensive-security-tools - A repository of tools for pentesting of restricted and isolated environments.
- MSSQL_BackDoor
- Kansa - A Powershell incident response framework
- Invoke-Recon - "Powershell script assisting with domain enumerating and in finding quick wins" - Basically written while doing the 'Advanced Red Team' lab from pentesteracademy.
- cobalt_strike_extension_kit - Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
- xencrypt - A PowerShell script anti-virus evasion tool
- PowerSharpPack
- note
- attack-arsenal - A collection of red team and adversary emulation resources developed and released by MITRE.
- sysmon-modular - A repository of sysmon configuration modules
- acCOMplice - Tools for discovery and abuse of COM hijacks
- Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
- Creds - Some usefull Scripts and Executables for Pentest & Forensics
- AutoRDPwn - The Shadow Attack Framework
- Erebus - CobaltStrike后渗透测试插件
- pentesting-cookbook - A set of recipes useful in fast-paced pentesting / red teaming scenarios
- PoshC2 - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
- PrivescCheck - Privilege Escalation Enumeration Script for Windows
- Invoke-PrintDemon - This is a PowerShell Empire launcher PoC using PrintDemon and Faxhell.
- powershell-reverse-tcp - PowerShell scripts for communicating with a remote host.
- NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
- PowerLadon - Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
- SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
- ReverseTCPShell - PowerShell ReverseTCP Shell - Framework
- DomainPasswordSpray - DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
- PowerZure - PowerShell framework to assess Azure security
- BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
- Red_Team - Some scripts useful for red team activities
- chaps - Configuration Hardening Assessment PowerShell Script (CHAPS)
- AES-PowerShellCode - Standalone version of my AES Powershell payload for Cobalt Strike.
- Windows10Debloater - Script to remove Windows 10 bloatware.
- Empire - Empire is a PowerShell and Python 3.x post-exploitation framework.
- MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
- atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
- scoop-retools - Scoop bucket for reverse engineering tools
- EventLogMaster - Cobalt Strike插件 - RDP日志取证&清除
- red-team-scripts - A collection of Red Team focused tools, scripts, and notes
- DeepBlueCLI
- nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- WindowsEnum - A Powershell Privilege Escalation Enumeration Script.
- dorado - 🐟 Yet Another bucket for lovely Scoop
- BlueCommand - Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard
- PS-CreateADLabs - Create a windows Active Directory lab
- AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
- active-directory-lab-hybrid-adfs - Create a full AD/CA/ADFS/WAP lab environment with Azure AD Connect installed
- WinPwn - Automation for internal Windows Penetrationtest / AD-Security
- pOSINT - Gather Open-Source Intelligence using PowerShell.
- Penetration-Testing-Tools - A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
- CobaltStrike-Toolset - Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
- CloudXNS-DDNS-with-PowerShell - The CloudXNS DDNS with PowerShell
- Inveigh - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool
- PowerShellUtilities - PowerShellUtilities provides various utility commandlets.
- PowerAvails - PowerAvails is a unit of collection of Powershell modules that help you get done many things
- Invoke-WMILM
- PowerUpSQL - PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
- PowerShellThingies - My PowerShell thingies.
- UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
- BadUSB-code - 收集badusb的一些利用方式及代码
- Invoke-ADLabDeployer - Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
- Invoke-UserSimulator - Simulates common user behaviour on local and remote Windows hosts.
- Exchange-AD-Privesc - Exchange privilege escalations to Active Directory
- CrypoCurrencyPowerShell
- PSFPT - Scripts for powershell for pentesters exam
- JAWS - JAWS - Just Another Windows (Enum) Script
- PSSysmonTools - Sysmon Tools for PowerShell
- PowerShellScripts - lollollol
- Invoke-EnumSecurityTools
- Fast-Git-Clone - Clone Git repository faster. Eliminates the repetitive typing of git clone and copy-pasting the url
- mimiDbg - PowerShell oneliner to retrieve wdigest passwords from the memory
- Windows-User-Clone - Create a hidden account
- BloodHound - Six Degrees of Domain Admin
- RemoteRecon - Remote Recon and Collection
- Exploits - Windows Exploits
- WINspect - Powershell-based Windows Security Auditing Toolbox
- windows-pentest - Windows Pentest Scripts
- ms17-010-Scanner
- Misc-Powershell-Scripts - Random Tools
- GmailPersist - Gmail Knocker
- Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator
- Empire - Empire is a PowerShell and Python post-exploitation agent.
- Dump-Clear-Password-after-KB2871997-installed
- Get-ReconInfo - A powershell script that prints a lot of IP and connection info to the screen
- windows-privilege-escalation - Metasploit modules, powershell scripts and custom exploit to perform local privilege escalation on windows systems.
- GPRegistryPolicy
- Wireless_Query - Query Active Directory for Workstations and then pull their Wireless Network Passwords
- PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
- portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
- Sales_OSINT - OSINT for Sales Research
- Code-Execution-and-Process-Injection - Powershell to CodeExecution and ProcessInjection
- windows-update-selective-kb- - Update Windows Security patch update using PowerShell and Ansible
- Posh-SecMod - PowerShell Module with Security cmdlets for security work
- MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
- PivotAll - Comprehensive Pivoting Framework
- HackSysTeam-PSKernelPwn
- PSKernel-Primitives - Exploit primitives for PowerShell
- Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
- LiangBucket - 自己维护的scoop仓库
- scoop - A command-line installer for Windows.
- flare-vm
- Active-Directory - Collection of scripts for Querying and Managing Active Directory and Domain Controllers
- ElevateKit - The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
- Invoke-SocksProxy - Socks proxy server using powershell. Supports local and reverse connections for pivoting.
- Penetration_Testing_POC - 渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
- DAMP - The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
- PowerShellScripts - Collection of PowerShell scripts
- EmpireDog - A collection of PowerShell Modules for BloodHound/Empire Orchestration
- PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
- SlackShell - PowerShell to Slack C2
- PowerShell - Useful PowerShell scripts
- IR-Tools - IR-Tools - PowerShell tools for IR
- Manual-defense - 红蓝对抗-手动防御
-
Python (1887)
- Beacon - Open Source Cobalt Strike Beacon. In-development stage.
- http-open-redirect - Find open redirect vulnerabilities using commonly known dorks (https://hackerone.com/reports/677617)
- censys-command-line - Command-line tool for Censys! Quickly investigate suspicious hosts or answer complex questions about your infrastructure using Censys right from the command-line!
- fawkes - Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine.
- strong-frida - make frida strong, bypass frida detection.
- Coldsnap
- RiskIQ.SunBurst.Hunter - The Purpose of this research tool is to provide a Python client into RiskIQ API services.
- xlocate - the ultimate exploit finder
- Otter_scan
- selenium-proxy-rotator - A python wrapper around selenium that makes web automation anonymous through proxy rotation
- S2-061 - some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cause ONGL expression execute
- burp-sensitive-param-extractor - burpsuite extension for check and extract sensitive request parameter
- HackAll - A vulnerability assessment tool that automates bug hunting checklists on web targets
- JSHaunter - JSHaunter grep juicy javascript information
- CastleBravo - CastleBravo - BugBounty Automation Tool
- SQLi_Checker_v1.1
- Bug_Bounty_Tools - Random tools I've made for bug bounty hunting
- AUTO-AWVS
- aneo4j - Yet another simple async client wrapper for neo4j
- 403fuzzer - Fuzz 403/401ing endpoints for bypasses
- Practical-Ethical-Hacking---The-Complete-Course-Notes-and-Resources- - Practical Ethical Hacking - The Complete Course (Notes and Resources)
- RsaCtfTool - RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
- Depix - Recovers passwords from pixelized screenshots
- ShiroScan - Shiro<=1.2.4反序列化,一键检测工具
- r0capture - 安卓应用层抓包通杀脚本
- domainNamePredictor - 一个简单的现代化公司域名使用规律预测及生成工具
- jacoco-diff - 在 jacoco 覆盖率报告的基础上,计算出增量覆盖率
- XrayFofa - 一款将xray和fofa完美结合的自动化工具,调用fofaAPI进行查询扫描,新增爬虫爬取扫描(懒人必备)
- Email-extractor - The main functionality is to extract all the emails from one or several URLs - La funcionalidad principal es extraer todos los correos electrónicos de una o varias Url
- redtool - 日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
- Frog-Fp - 🐸fingerprint detect framework 批量深度指纹识别框架
- beian_miit_spider - 一个工业和信息化部ICP备案查询的爬虫
- BurpSuite-Extender-fastjson - Reference:https://www.w2n1ck.com/article/44/
- CertEagle - Weaponizing Live CT logs for automated monitoring of assets
- sec-admin - 分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
- espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
- leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
- RedisWriteFile - 通过 Redis 主从写出无损文件
- ivre - Network recon framework.
- FileCheck - 本脚本是HIDS组成的一部分,旨在对指定监控目录进行文件hash记录,定时运行,发现文件替换、修改等后门可疑程序。
- Behold3r - 👻Behold3r -- 收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
- PyQuickInstall - :zap::zap::zap:超好用的pip下载加速工具,谁用谁知道!
- cartography - Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
- S7scan - a pentest scanner / 一个漏洞综合利用工具轮子,大佬请忽略
- bug-monitor - Seebug、structs、cve漏洞实时监控推送系统🔦
- MySQL-Scripts - 收集的一些MySQL维护脚本
- Awvs_Nessus_Scanner_API - 扫描器Awvs 11和Nessus 7 Api利用脚本
- PHP-code-audit - php code audit for cms vulnerabilities / 代码审计,对一些大型cms漏洞的复现研究,更新源码和漏洞exp
- GSIL - GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
- CTF_tools - 用于CTF密码学和编码转换的小工具
- fsociety - fsociety Hacking Tools Pack – A Penetration Testing Framework
- webknife - Web在线菜刀
- webdirdig - web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。
- DiscoverSubdomain - 前渗透信息探测工具集-子域名
- exchangecrack - 用于探测公司用户是否存在弱口令
- cmsPoc - CMS渗透测试框架-A CMS Exploit Framework
- SitePathScan - 🔨基于Python的网站路径扫描工具
- QUANTAXIS - QUANTAXIS 支持任务调度 分布式部署的 股票/期货/期权/港股/虚拟货币 数据/回测/模拟/交易/可视化/多账户 纯本地量化解决方案
- AngelSword - Python3编写的CMS漏洞检测框架
- Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
- raspberry-pi-tutorials - 面向软件工程师的树莓派入门教程
- crackcoin - Very basic blockchain-free cryptocurrency PoC in Python
- opmanager_exp - opmanager运维监控系统上传漏洞测试工具
- hacking_script - 开发或收集的一些网络安全方面的脚本、小工具
- op1repacker - 🗜 Tool for unpacking, modifying and repacking firmware for the OP-1 synth by Teenage Engineering.
- Anti-Anti-Spider - 越来越多的网站具有反爬虫特性,有的用图片隐藏关键数据,有的使用反人类的验证码,建立反反爬虫的代码仓库,通过与不同特性的网站做斗争(无恶意)提高技术。(欢迎提交难以采集的网站)(因工作原因,项目暂停)
- Get-ip-address - python脚本自动获取本机ip,并发送到邮箱。适应linux系统和树莓派(raspberry pi)
- Sisyphus - 一个方便的用来分析LOL中数据的工具
- dictBuilder - 渗透测试中字典生成工具
- weakfilescan - 动态多线程敏感信息泄露检测工具
- Distributed_Microblog_Spider - 分布式新浪微博爬虫
- IPProxyPool - IPProxyPool代理池项目,提供代理ip
- poc--exp - 常用渗透poc收集
- h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
- bucketsperm
- Maryam - Maryam : Open-source Intelligence(OSINT) Framework
- heapinspect - 🔍Heap analysis tool for CTF pwn.
- awd_auto_attack_framework - AWD 自动化攻击框架
- secpub - Published security vulnerabilities, research, and associated information.
- NoXss - Faster xss scanner,support reflected-xss and dom-xss
- Vieux - Vieux - A tool for 32/64 Bit iOS downgrades using OTA Blobs
- exist - EXIST is a web application for aggregating and analyzing cyber threat intelligence.
- karonte - Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
- IotShark - IotShark - Monitoring and Analyzing IoT Traffic
- Pentest-Tools-Framework - Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
- Pyhacker - 【Pyhacker】Python安全开发
- evil-ssdp - Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
- python-interview-guide - Python Web 开发面试过程中的知识点总结
- pyppeteer - Headless chrome/chromium automation library (unofficial port of puppeteer)
- FastWordQuery - Query words definitions or examples etc. from local or web dictionaries to fill into Anki cards.
- XCTR-Hacking-Tools - XCTR Hacking Tools
- Hades - Static code auditing system
- burp-jwt-fuzzhelper-extension - JWT Fuzzer for BurpSuite
- XposedOrNot - XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
- vulnx - vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
- RFCpwn - An enumeration and exploitation toolkit using RFC calls to SAP
- dsync - IDAPython plugin that synchronizes disassembler and decompiler views
- lem - Linux Exploit Mapper correlates CVEs local to a Linux system with known exploits
- Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- vulnerable-apps
- s3tk - A security toolkit for Amazon S3
- ehForwarderBot - An extensible message tunneling chat bot framework. Delivers messages to and from multiple platforms and remotely control your accounts.
- Masscan-to-CSV - Converts the Masscan XML output option (-oX) to a csv format.
- monkey - Infection Monkey - An automated pentest tool
- TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
- BurpJSLinkFinder - Burp Extension for a passive scanning JS files for endpoint links.
- spraykatz - Credentials gathering tool automating remote procdump and parse of lsass process.
- IMAP_Bruteforce - IMAP Bruteforce Script
- MARA_Framework - MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.
- sshtunnel - SSH tunnels to remote server.
- git-vuln-finder - Finding potential software vulnerabilities from git commit messages
- RansomCoinPublic - A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries.
- dlinject - Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
- WebMap - Nmap Web Dashboard and Reporting
- KubiScan - A tool to scan Kubernetes cluster for risky permissions
- CyBot - Open Source Threat Intelligence Chat Bot
- SPF - SpeedPhishing Framework
- fumblechain - A Purposefully Vulnerable Blockchain
- shodan-seeker - Command-line tool using Shodan API. Generates and downloads CSV results, diffing of historic scanning results, alerts and monitoring of specific ports/IPs, etc.
- medaudit - A tool for auditing medical devices and healthcare infrastructure
- ScoutSuite - Multi-Cloud Security Auditing Tool
- kube-hunter - Hunt for security weaknesses in Kubernetes clusters
- JD_MASK_Robot - 京东口罩库存监控爬虫(非selenium),扫码登录、查价、加购、下单、秒杀
- mqtt-pwn - MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
- pigat - pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具
- SMBrute - SMB Protocol Bruteforce
- codeface - Typefaces for source code beautification
- TIDoS-Framework - A web-penetration testing toolkit, presently suited for reconnaissance purposes.
- WAScan - WAScan - Web Application Scanner
- koadic - Koadic C3 COM Command & Control - JScript RAT
- beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
- PyExfil - A Python Package for Data Exfiltration
- acsploit - A tool for generating worst-case inputs to commonly used algorithms
- Githubscan - Githubscan
- Yuki-Chan-The-Auto-Pentest - Automate Pentest Tool
- 2FAssassin - Bypass Two-Factor-Authentication
- FuckSubDomain - FuckSubDomain(FSD) is a fast find Subdomain tool.
- awesome-math - A curated list of awesome mathematics resources
- RF-Xfil - Prototype Toolkit for Data Exfiltration over Radio Frequencies -- Developed @ HackSmith v2.0
- WPSeku - WPSeku - Wordpress Security Scanner
- BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing.
- IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
- kcshell - Simple Python3 based interactive assembly/disassembly shell for various architectures powered by Keystone/Capstone.
- shadowbroker - The Shadow Brokers "Lost In Translation" leak
- fufluns - Easy to use APK/IPA Mobile App Inspector (experimental)
- port-multiplexing - 端口复用相关思路和工具
- mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
- IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
- extended-ssrf-search - Smart ssrf scanner using different methods like parameter brute forcing in post and get...
- POC-S - POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞, 对功能进行强化以及脚本进行分类添加,自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
- get_Team_Pass - Get teamviewer's ID and password from a remote computer in the LAN
- awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
- python-cheat-sheet - Python Cheat Sheet NumPy, Matplotlib
- mosint - An automated e-mail OSINT tool
- targets - A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
- degoogle_hunter - Simple fork from degoogle original project with bug hunting purposes
- ote - Generate Email, Register for anything, Get the OTP/Link
- JSA - Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
- ShodanTools - Collection of scripts & fingerprinting tricks for Shodan.io
- httpscreenshot
- Oblivion - Data leak checker & OSINT Tool
- webshooter - Inspired by gowitness and EyeWitness
- pwn_jenkins - Notes about attacking Jenkins servers
- dobby2 - Build your emulation environment as needed
- BackgroundMattingV2 - Real-Time High-Resolution Background Matting
- CVE-2019-1040-dcpwn - CVE-2019-1040 with Kerberos delegation
- MaxMind-DB-Reader-python - Python MaxMind DB reader extension
- w5 - Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
- google-osconfig-privesc - Proof of concept about the privilege escalation flaw identified in Google's Osconfig
- dmass - scrapes domains from VDP/BBP scopes
- mikrot8over - mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4
- aura - Python source code auditing and static analysis on a large scale
- FavHunt - Favicon based recon for faster fingerprinting of web services
- DirtyPortScanner - A simple, fast port scanner that can work with Nmap.
- nmap-scan - Nmap wrapper for python with full Nmap DTD support, parallel scans and threaded callback methods support for faster analytics.
- HXnineTails - python3实现的集成了github上多个扫描工具的命令行WEB扫描工具
- insight2
- TPLogScan - ThinkPHP全日志扫描工具,命令行版和BurpSuite插件版
- aliyun-accesskey-Tools
- links-html
- http-request-smuggling - HTTP Request Smuggling Detection Tool
- SAAST_Project - Shodan API Automated Search Tool
- LAPSDumper
- NtlmRelayToEWS - ntlm relay attack to Exchange Web Services
- corsair_scan - Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
- BloodHound-Tools - Collection of tools that reflect the network dimension into Bloodhound's data
- lumina_server - Local server for IDA Lumina feature
- xxer - A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
- CVE-2019-18935 - RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
- JSON-JS-Beautifier - Burp Suite JSON/JS-Beautifier
- forbiddenpass
- dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.
- PDF-translator - A PDF translator which can translate English pdf into Chinese pdf. 将英文的PDF翻译并自动生成中文版PDF
- chptrans - 翻译英文pdf论文的小工具,类似于不使用浏览器的划词翻译
- SimplyEmail - Email recon made fast and easy, with a framework to build on
- NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
- TongDaOA-Fake-User - 通达OA 任意用户登录漏洞
- pyjwt - JSON Web Token implementation in Python
- CVE-2020-17530
- degoogle - search Google and extract results directly. skip all the click-through links and other sketchiness
- simple-oob-scanner - Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
- frizzer - Frida-based general purpose fuzzer
- car - Cyber Analytics Repository
- py2exe - A distutils extension to create standalone windows programs from python scripts
- C2PE - C2 and Post Exploitation Code
- 3klCon - Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
- evilarc - Create tar/zip archives that can exploit directory traversal vulnerabilities
- malware-ioc-hash - Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.
- Apache-NiFi-Api-RCE
- IAMFinder - IAMFinder enumerates and finds users and IAM roles in a target AWS account.
- s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
- kenzer - automated web assets enumeration & scanning
- Empire-Cli - CLI Frontend for PowerShell Empire.
- SessionHound - A Python script to import computer session data collected from alternate data sources from a CSV file into BloodHound's Neo4j database.
- jwt-key-id-injector - Simple python script to check against hypothetical JWT vulnerability.
- burp-piper-custom-scripts - Custom scripts for the PIPER Burp extensions.
- 0x0p1n3r - 0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover
- subcapture - Another automated script to check for subdomain takeover
- Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.
- toothpicker
- fake-mailer - Send Mail Anonymously with this Script
- SSLEnum - Reconnaissance using SSL certificate Alt Names and Organization
- android-runner - Python framework for automatically executing measurement-based experiments on native and web apps running on Android devices
- Nessus2Elasticsearch
- awvs_xray - AWVS13和xray的自动化扫描脚本
- infoport - infoport : All Portscan Tool in A , 全方位多组件的端口服务扫描检测工具
- idcardgenerator - 身份证图片生成工具 generate an id card picture
- password-distance - 常见密码变形方法
- ntlmscan - scan for NTLM directories
- redis-rogue-server - Redis 4.x/5.x RCE
- BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory
- nerve - NERVE Continuous Vulnerability Scanner
- Pentest - Notes/Tools for pentesting
- jarm
- Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
- 0wned - Code execution via Python package installation.
- CS_Decrypt
- PaddleCloud - PaddleCloud distributed training job scheduling
- rexsser - This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope.
- pycobalt - Cobalt Strike Python API
- bazarr - Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements. You define your preferences by TV show or movie and Bazarr takes care of everything for you.
- cve-search - cve-search - a tool to perform local searches for known vulnerabilities
- Subdomains-Tracker - A Discord Bot to help with Recon Stuff
- decoder-plus-plus - An extensible application for penetration testers and software developers to decode/encode data into various formats.
- nogotofail - An on-path blackbox network traffic security testing tool
- N1QLMap - The tool exfiltrates data from Couchbase database by exploiting N1QL injection vulnerabilities.
- PCWT
- rocketmq-client-python - Apache RocketMQ python client
- APKProxyHelper - Patches those pesky APKs for proxy use.
- dfimage - Reverse-engineer a Dockerfile from a Docker image.
- myscan - myscan 被动扫描
- brutto - Easy brute forcing to whatever you want - Jose Pino
- burp_jspath - A burp suite plugin to discover hidden paths in javascript code
- subforce - A commandline forced browsing tool for subdomain lists
- APT_REPORT - Interesting apt report collection and some special ioc express
- CVE-2020-14882 - CVE-2020–14882 by Jang
- pulse-secure-vpn-mitm-research - Pulse Secure VPN mitm Research - CVE-2020-8241, CVE-2020-8239
- Frog-Auth - 🐸Unauthorized Detection Framework未授权访问检测框架
- monitor-new-subdomain - MNS is a security and reconnaissance tool to monitoring new subdomain
- oregami - IDA plugins and scripts for analyzing register usage frame
- NetblockTool - Find netblocks owned by a company
- routersploit - Exploitation Framework for Embedded Devices
- CVE-2020-15906 - Writeup of CVE-2020-15906
- ImmunityDebugger - ImmunityDebugger
- Mythic - A collaborative, multi-platform, red teaming framework
- cve-2020-16898 - PoC BSOD for CVE-2020-16898
- recode - 基于python的代码审计工具
- xalpha - 基金投资管理回测引擎
- TheCl0n3r - TheCl0n3r will allow you to download and manage your git repositories.
- Eagle - Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
- Monitorizer - Multithreaded monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools with support for Acunetix
- certstream-subdomains-monitor - Monitor subdomains with certstream
- Anti-Takeover - Anti-Takeover is a sub domain monitoring tool for (blue/purple) team / internal security team which uses cloud flare. Currently Anti-Takeover monitors more than a dozen third party services for dangling subdomain pointers.
- Frog-Submon - 🐸Subdomain Monitor, 子域名监控
- AWD - AWD线下攻防常用Python库及集成框架
- burp-unauth-checker - burpsuite extension for check unauthorized vulnerability
- frida_ssl_logger - ssl_logger based on frida
- gitlab-watchman - Monitoring GitLab for sensitive data shared publicly
- wordlist_generator - Unique wordlist generator of unique wordlists.
- doraemon - Doraemon-接口自动化测试工具
- Cyberbrain - Python debugging, redefined.
- discrete-console - A terminal emulator that automatically proxies commands through ProxyChains.
- flink-unauth-rce - exploit Apache Flink Web Dashboard unauth rce on right way by python2 scripts
- liffy - Local file inclusion exploitation tool
- GitDorker - A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
- rpc2socks - Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.
- bbrf-client - The client component of the Bug Bounty Reconnaissance Framework (BBRF)
- HexraysToolbox - Hexrays Toolbox - Find code patterns within the Hexrays AST
- checksec.py - Checksec tool in Python, Rich output. Based on LIEF
- pack - PACK (Password Analysis and Cracking Kit)
- hat - HAT (Hashcat Automation Tool) - An Automated Hashcat Tool for common wordlists and rules to speed up the process of cracking hashes during engagements. Created for Linux based systems
- cve-2020-0688 - cve-2020-0688
- GoldenNuggets-1 - Burp Extension for easily creating Wordlists
- detection-rules - Rules for Elastic Security's detection engine
- GHunt - 🕵️♂️ Investigate Google Accounts with emails.
- get_domain_info - 批量查询备案和域名解析的工具
- ORhunter - ORhunter is an Open Redirect Vulnerability Scanner which Passively Crawls URLs from 3 Sources & Then Filter Potential URLs based on Parameter Values, then finally hunt them for Unvalidated Open Redirect
- burp-shell-fwd-lfi - A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration
- CVE-2020-7931 - Hacking Artifactory with server side template injection
- SubdomainWash - 子域名清洗工具+awvs12联动xray分布式
- Mask_RCNN - Mask R-CNN for object detection and instance segmentation on Keras and TensorFlow
- CThun - 集成快速端口扫描服务识别和暴力破解
- UrlAutoFire - URLAUTOFIRE made to make your life easier, this tool allow you to browse a file of urls faster just by adding shortcut to your machine(linux)
- BlindCrawler - A tool for web crawling & content discovery
- db - Bugbounty utility to store the list of the enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]
- LBot - A simple xss bot template
- Minitools-bin_extractor - A simple script for quickly mining sensitive information in binary files.
- Minitools-CookieTest - A script used to quickly test APIs or required parameters and cookies for a certain request.
- Subdomain-Takeover - 一个子域名接管检测工具
- onefuzz - A self-hosted Fuzzing-As-A-Service platform
- Powershell-Obfuscator - Powerful script for logical obfuscation of powershell scripts
- zer0dump - Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.
- hfinger - Hfinger - fingerprinting HTTP requests
- subtakeover
- CVE-2020-1472 - Exploit Code for CVE-2020-1472 aka Zerologon
- CVE-Reverse
- boofuzz - A fork and successor of the Sulley Fuzzing Framework
- kb - A minimalist command line knowledge base manager
- CVE-2020-1472 - Test tool for CVE-2020-1472
- DumpsterDiver - Tool to search secrets in various filetypes.
- RPOscanner - Relative Path Overwrite Vulnerability Scanner
- cracking-utils - scripts for generating password wordlists
- freqtrade - Free, open source crypto trading bot
- RedCommander - Red Team C2 Infrastructure built in AWS using Ansible!
- Payloads - Just Random fun
- Loki - Remote Access Tool
- JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
- CVE-bruter - take a list of subdomain and the required path for specific CVE and give the response code for each url
- git-dumper - A tool to dump a git repository from a website
- crimson-forge - Sustainable shellcode evasion
- h2csmuggler - HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
- MEAT - This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
- subdover - Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
- xxetester - Test your XXE Payloads
- safety - Safety checks your installed dependencies for known security vulnerabilities
- credential-digger - A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
- h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
- jwtcat - A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
- ctf - writeup from some ctfs
- bucketkicker - Brute force AWS bucket finder
- CloudScraper - CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
- Attack_Defense_Framework - XMAN2017 结营攻防赛漏洞利用及Flag提交框架
- DOGECICS - Doge bank expensive new COBOL front end. The retail branches are gonna love this!
- Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
- Gerapy - Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Django and Vue.js
- metame - metame is a metamorphic code engine for arbitrary executables
- Vailyn - A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
- iosReverseTools - iosReverseTools是ios逆向渗透测试辅助工具集合
- Android-Pentesting-Project - Exploited a bank application to find vulnerabilities in the app using Drozer, IDA-Pro and X-posed framework
- Gooey - Turn (almost) any Python command line program into a full GUI application with one line
- wp-file-manager-0day - wp-file-manager 6.7 (Aug 2020) Wordpress Plugin 0day - Remote Code Execution
- redis-rce - Redis RCE 的几种方法
- Pholus - A multicast DNS and DNS Service Discovery Security Assessment Tool
- ScanApi - Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
- Fuzzing - A simple script to guess on the website directory
- BitMapper - Burp-suite Extension For finding .map files
- spicescan - Fingerprinting, Port Scanning, Directory Brute Forcing, it's got it all!
- gittyleaks - :droplet: Find sensitive information for a git repo
- poc - Proof of Concepts
- mole - Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.
- Jira-CVE-2019-8451 - POC to check for Jira instances vulnerable to CVE-2019-8451
- PwnSSRF - A Python based scanner to find potential SSRF parameters in a web application.
- Grammar-Mutator - A grammar-based custom mutator for AFL++
- impacket_static_binaries - Standalone binaries for Linux/Windows of Impacket's examples
- golang_loader_assist - Making GO reversing easier in IDA Pro
- reports
- textshot - Python tool for grabbing text via screenshot
- Hunting-New-Registered-Domains - Hunting Newly Registered Domains
- Rogue-MySql-Server - MySQL fake server for read files of connected clients
- odat - ODAT: Oracle Database Attacking Tool
- Bluto - DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking
- OpenDoor - OWASP WEB Directory Scanner
- unwebpack-sourcemap - Extract uncompiled, uncompressed SPA code from Webpack source maps.
- android_universal - Universal android boot to root
- http_r_code - python tool take a list of subdomains and give you the response code for each
- domain-ip - this tool take a list of subdomains and give you the ip for each
- fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
- pe_tree - Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.
- phpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
- snail2.0 - 批量检测敏感信息泄露
- srcscan - SRCScan(submon) is a SRC assistant tool that periodically scans subdomains and requests WEB services on port 80/443 to check if it is available, and send result to you by e-mail.
- nero-phishing-server - An full HTTP server for Phishing. Downloads recursively the entire webpage.
- SDK - Public SDK for Intelligence X
- Tweettioc-Splunk-App - Tweettioc Splunk App
- Parth - Heuristic Vulnerable Parameter Scanner
- vmware_vcenter_cve_2020_3952 - Exploit for CVE-2020-3952 in vCenter 6.7
- progress-burp - Burp Suite extension to track vulnerability assessment progress
- CVE-2019-2725 - CVE-2019-2725命令回显+webshell上传+最新绕过
- get-title - multi threaded python tool to get pages's title
- server-status_PWN - A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
- routopsy
- soc-faker - A python package for use in generating fake data for SOC and security automation.
- spacesiren - A honey token manager and alert system for AWS.
- vt-ida-plugin - Official VirusTotal plugin for IDA Pro
- bypasswaf - 关于安全狗和云锁的自动化绕过脚本
- houndsploit - An advanced graphical search engine for Exploit-DB
- Parsers - parsers to make life easier
- poc_and_exp - 搜集的或者自己写的poc或者exp
- FOFA_Search_Tools - FOFA 搜索工具 Python 版 - FOFA Search Tools | Version Python
- mt_rand-reverse - Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.
- redshell
- Archive-py - Customizing web archives result
- fastjson_gadgets_scanner
- xssmap - XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
- Github-Monitor - 对github新CVE,0DAY,RCE等的监控并推送到微信
- k8s-snapshots - Automatic Volume Snapshots on Kubernetes.
- slack-history-export - export your slack-history
- bugz-tools - A collection of tools I wrote for bug bounty or hacking and don't mind publishing it :smile:
- digit - Extract endpoints from specific Git repository for fuzzing
- autofindomain
- gogsownz - Gogs CVEs
- SNIcat - SNIcat
- IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
- Scrapy-CVE-CNVD - 漏洞监控,基于scrapy,scrapy-redis,获取每日最新的CVE和CNVD漏洞。
- PW_Spy
- rsm - Redis Security Map - Anti-hacking for Redis
- TPscan - 一键ThinkPHP漏洞检测
- bbrecon - Python library and CLI for the Bug Bounty Recon API
- festin - FestIn - S3 Bucket Weakness Discovery
- shiro_rememberMe_Rce - 利用长亭xray高级版的回显Gadget重写的一个shiro反序列化利用工具。
- ShiroScanF - shiro反序列化批量ip快速检测脚本
- GetIPinfo - 用于寻找多网卡主机方便内网跨网段渗透避免瞎打找不到核心网
- as3nt - Another Subdomain ENumeration Tool
- quoted-printable-Parser - A Burp Suite extension to parse Content-Transfer-Encoding: quoted-printable emails received in Burpcollaborator's SMTP
- f5-bigip-rce-cve-2020-5902 - F5 BIG-IP RCE CVE-2020-5902 automatic check tool
- dnslog - weblog/dnslog平台 Docker容器化部署
- cmd2bx - 把jsp的cmdshell升级为冰蝎一句话
- Fuzz_dic - 参数 | 字典 collections
- Interlace - Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
- X-Fofa - 基于Fofa会员前提,获得任意页数的目标数量URL
- sanitizers - AddressSanitizer, ThreadSanitizer, MemorySanitizer
- wechat_articles_spider - 微信公众号文章的爬虫
- butian_urls - 补天公益厂商域名列表
- PythonPersistence - python3 写的一些权限维持脚本
- Neo-reGeorg - Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
- reconme - Recon tool
- cas4.x-execution-rce - exp for 4.1.x-4.1.6, 4.1.7-4.2.x, padding oracle attack
- cve_manager - A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.
- CVE-2020-3452 - CVE-2020-3452 exploit
- CWFF - Create your Custom Wordlist For Fuzzing
- ida-plugins - A collection of my IDA plugins
- CVE-2020-9495
- mosec-pip-plugin - 用于检测python项目的第三方依赖组件是否存在安全漏洞。
- mosec-x-plugin-backend - MOSEC-X-PLUGIN 后端API服务
- dff - DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
- RapidPayload - Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion
- pmg - Extract parameters/paths from urls
- CVE-2020-11579 - Exploit code for CVE-2020-11579, an arbitrary file disclosure through the MySQL client in PHPKB
- jackdaw - gather gather gather
- dfir-ioc-ut - DFIR IoC Unit Testing
- lightbulb-framework - Tools for auditing WAFS
- DiscoverPort - 轻量化端口扫描工具
- RasCon_NS - Connect to Nintendo Switch over Bluetooth, emulate amiibo and use script from the web.(蓝牙连接Nintendo Switch,并可通过网页控制和使用脚本与amiibo)
- BurpFuzz
- flashtext - Extract Keywords from sentence or Replace keywords in sentences.
- Shiro_Xray - CommonsBeanutils1,CommonsCollectionsK1
- PVD-HACK - 自动化越权检测PVD
- CVE-2020-3452-Cisco-Scanner - CVE-2020-3452 Cisco ASA Scanner -unauth Path Traversal Check
- Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
- jeopardize - a low(zero) cost threat intelligence&response tool against phishing domains
- kostebek
- virt-manager - Desktop tool for managing virtual machines via libvirt
- avain - A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
- cidr2ip - take a list of CIDR and the output is ip list of these CIDR
- CA-UIM-Nimbus-Research - Vulnerability research on the CA UIM Nimbus protocol
- clusterfuzz - Scalable fuzzing infrastructure.
- Ghostcat-CNVD-2020-10487 - Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)
- rengine - reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.
- Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
- CNVD-2020-10487-Tomcat-Ajp-lfi - Tomcat-Ajp协议文件读取漏洞
- BurpSuite-Asset_History
- BurpSuite-Asset_Discover - Burp Suite extension to discover assets from HTTP response.
- Bypass-Web-Application-Firewalls - Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|
- CVE-2020-14947 - The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947
- Ares - Python botnet and backdoor
- peniot - PENIOT: Penetration Testing Tool for IoT
- Oralyzer - Open Redirection Analyzer
- CVE-2020-6287-exploit - PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials of this project. Original finding: CVE-2020-6287: Pablo Artuso CVE-2020-6286: Yvan 'iggy' G. Usage: python sap-CVE-2020-6287-add-user.py <HTTP(s)://IP:Port
- SB-Actuator - Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测
- ShellScan
- rootend - A *nix Enumerator & Auto Privilege Escalation tool.
- EAN_CLI - Tool to find leaked tokens in JavaScript
- snoop - Snoop — инструмент разведки на основе открытых данных (OSINT world)
- pwn-machine - The Pwning Machine
- shiro-check-rce - shiro反序列化漏洞检测RCE工具
- XSS-LOADER - Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
- AdversarySimulation - Compilation of resources to help with Adversary Simulation automation harness
- sast-scan - Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
- CVE-2020-8193 - Citrix ADC Vulns
- SMBGhost_AutomateExploitation - SMBGhost (CVE-2020-0796) Automate Exploitation and Detection
- Gather - URL Screenshot Utility
- smod - MODBUS Penetration Testing Framework
- nike-deobfuscator - Script for libnike-obfuscator
- ApiWordlistGenerator - Generate wordlists for fuzzing API method names
- big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
- turbinia - Automation and Scaling of Digital Forensics Tools
- panos-scanner - Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
- dorkScanner - A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.
- scant3r - ScanT3r - Web Security Scanner
- WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
- EasyOCR - Ready-to-use OCR with 80+ supported languages and all popular writing scripts including Latin, Chinese, Arabic, Devanagari, Cyrillic and etc.
- osinttools - A collection of random OSINT scripts
- jsmon - a javascript change monitoring tool for bugbounties
- hackingtool - ALL IN ONE Hacking Tool For Hackers
- medusa - Binary instrumentation framework based on FRIDA
- httprebind - Automatic tool for DNS rebinding-based SSRF attacks
- FavFreak - Making Favicon.ico based Recon Great again !
- Mistica - An open source swiss army knife for arbitrary communication over application protocols
- overlord - Overlord - Red Teaming Infrastructure Automation
- msticpy - Microsoft Threat Intelligence Security Tools
- stip-common - Seamless Threat Intelligence Platform
- EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
- Tentacle - Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.
- guietta
- kAFL - A fuzzer for full VM kernel/driver targets
- smbmap - SMBMap is a handy SMB enumeration tool
- aem-hacker
- kAFL - Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
- bof_helper - Beacon Object File (BOF) Creation Helper
- EvilNet - Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../
- basecrack - Decode All Bases - Base Scheme Decoder
- grom - Http/Https multi threading checker
- hackerone_wordlist - The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
- pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- dronesploit - Drone pentesting framework console
- python-adb - Python ADB + Fastboot implementation
- TurboDataMiner - The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and faster understanding of the data collected by Burp Suite.
- webgrep - Web page Grep-like easy-to-extend tool with extra features like JS deobfuscation and OCR
- URLCADIZ - A simple script to generate a hidden url for social engineering.
- android_tools - some useful tools for android reverse engineer
- gmapsapiscanner
- tribler - Privacy enhanced BitTorrent client with P2P content discovery
- EagleShell - EagleShell is a high-quality tool that aims to improve your pentest.
- gef - GEF - GDB Enhanced Features for exploit devs & reversers
- patch-apk - Wrapper to inject an Objection/Frida gadget into an APK, with support for app bundles/split APKs.
- scripts - Some useful scripts I have written or collected
- OpenBugBounty-Scrapper - This script scrapes the list of open Bug Bounty Programs from openbugbounty.org
- ASN-Eagle - A tool to discover ASN of any host and fetch IP ranges.
- asnrecon - ASN reconnaissance script
- nginx-ui - Nginx UI allows you to access and modify the nginx configurations files without cli.
- 0sec-search - 新版零组资料文库离线漏洞名搜索,功能:更新 、查询 (不包含漏洞详情)
- recon - Enumerate a target Based off of Nmap Results
- Subvenkon - Subvenkon is a subdomain enumerator from Venkon
- Brute-force-otp - Brute force otp on has no rate limit
- COVIDSafe-CVE-2020-12856 - A bluetooth-related vulnerability in some contact tracing apps
- python_code_audit - python 代码审计项目
- flumberboozle - Suite of programs meant to aid in bug hunting and security assessments
- bloodhound-notebook - BloodHound Cypher Queries Ported to a Jupyter Notebook
- Username_Generator - A Burp Extension that parses emails from HTTP content and can optionally generate usernames.
- vhosts-sieve - Searching for virtual hosts among non-resolvable domains
- idapython-cheatsheet - Scripts and cheatsheets for IDAPython
- tinfoleak - The most complete open-source tool for Twitter intelligence analysis
- Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
- Wallbreaker - help you understand java memory world.
- CloudFlair - 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
- weblogicPoc - Weblogic Vuln POC EXP cve-2020-2551 cve-2020-2555 cve-2020-2883 ,。。。
- bravestarr - Fedora 31 netkit-telnet-0.17 telnetd remote exploit
- BurpSuite-Xkeys - A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
- PoC-Exploits - Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
- Asnlookup - Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
- Grafiki - Threat Hunting tool about Sysmon and graphs
- Reconkil3r - Script Recon Bug Bounty
- tiscripts - Turbo Intruder Scripts
- Scavenger - Crawler (Bot) searching for credential leaks on different paste sites.
- NTLMRawUnHide - NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl
- smuggler - Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
- RedTeam-OffensiveSecurity - Tools & Interesting Things for RedTeam Ops
- Fastjson-Scanner - a burp extension to find where use fastjson
- patch-checker - Web-based check for Windows privesc vulnerabilities
- spyse.py - Python API wrapper and command-line client for the tools hosted on spyse.com.
- SQLEXP - SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据
- Attacker-Group-Predictor - Tool to predict attacker groups from the techniques and software used
- OSX-KVM - Run macOS on QEMU/KVM. With OpenCore + Big Sur support now! Only commercial (paid) support is available.
- hardcodes - find hardcoded strings from source code
- CobaltStrikeParser
- AndroidManifestCheck - AndroidManifest.xml文件校验工具
- GitMonitor - One way to continuously monitor sensitive information that could be exposed on Github
- ctf-writeups - CTF write-ups
- subscraper - Reconnaissance tool which scans javascript files for subdomains and then iterates over all javascript files hosted on subsequent subdomains to enumerate a list of subdomains for a given URL.
- MySQL_Fake_Server - MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
- BurpExtender
- SMBGhost_RCE_PoC
- SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
- shodan-dojo - Learning Shodan through katas
- python-devtools - Dev tools for python
- pivotnacci - A tool to make socks connections through HTTP agents
- recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
- dnscan
- unfurl - An Entropy-Based Link Vulnerability Tool
- webscreenshot - A simple script to screenshot a list of websites
- JSParser
- edc - Event Data Collector
- burp-exporter - Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.
- apkleaks - Scanning APK file for URIs, endpoints & secrets.
- JWTweak - Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
- HawkScan - Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
- SSRFTest - SSRF testing tool
- Phantom-Evasion - Python antivirus evasion tool
- testing_wave
- ssl_pinning_remover - An Android SSL Pinning Remover tool for Security research and Bug Bounty
- joystick - Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances in the results.
- Insecure-Firebase-Exploit - A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.
- Static_Analysis.py - My stab at some basic static analysis needs allot of work but works on things like yahoo.com etc may need better requests handling to dodge waf's
- api_palette - A code-searching/completion tool, for IDA APIs
- Worse-PDF - Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
- email_hack - A email bomb/fake email tool, by Python
- SecurityBulletinPush - 安全补丁日期拉取工具,目前支持Android、Qualcomm和iOS; Security bulletin pulling tools, now support Android, Qualcomm & iOS
- ssl_logger - Decrypts and logs a process's SSL traffic.
- shotlooter - a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
- Injection_Test - Command injection extension for Burpsuite
- burp-to-sqlmap - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap
- MysqlLogmonitor - 代码审计辅助工具
- redis-ssrf - redis ssrf gopher generater && redis ssrf to rce by master-slave-sync
- aws-iam-analyser - AWS IAM Analysis utility to gather entire useful information from an AWS account
- Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
- ApkVulCheck - This is a tool to help androidcoder to check the flaws in their projects.
- HydraRecon - All In One, Fast, Easy Recon Tool
- airtest-douyin
- dotdotslash - Search for Directory Traversal Vulnerabilities
- sitedorks - Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
- XLMMacroDeobfuscator - Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
- AndroPyTool - A framework for automated extraction of static and dynamic features from Android applications
- wwwordlist - Use wwwordlist to generate a wordlist from words based on HTML (extracted with BS4), URLs, JS/HTTP/input variables, quoted texts found in the supplied text and mail files.
- dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests.
- whispers - Identify hardcoded secrets and dangerous behaviours
- URLBrute-Py - Tool to brute website sub-domains and dirs.
- AwvsBatchImport - AWVS12&AWVS13 通用API批量导入脚本
- PlumHound - Bloodhound for Blue and Purple Teams
- docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
- PwnXSS - PwnXSS: Vulnerability (XSS) scanner exploit
- frida-unpack - 基于Frida的脱壳工具
- JebScript
- domain_scan_demo - 一个简陋的分布式子域名扫描轮子
- ExtAnalysis - Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels
- PlaystoreDownloader - A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)
- Switching-IP-address - Python Script which changes the Public IP address randomly to different location around the world in every 10 Seconds Interval with the help tor package
- Gr33k - 图形化漏洞利用集成工具
- wifipumpkin3 - Powerful framework for rogue access point attack.
- powerob - An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.
- shellerator - Simple CLI tool for the generation of bind and reverse shells in multiple languages
- whoogle-search - A self-hosted, ad-free, privacy-respecting metasearch engine
- dirlister - Create wordlists from source codes files/directories for enumeration
- androidtool - A better version of the command-line android tool with a more intuitive command-line interface.
- pypykatz - Mimikatz implementation in pure Python
- fuzzowski - the Network Protocol Fuzzer that we will want to use.
- Shiro_exploit - Apache Shiro 反序列化漏洞检测与利用工具
- SubDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
- parsec-cloud - Open source Dropbox-like file sharing with full client encryption !
- slack-watchman - Monitoring your Slack workspaces for sensitive information
- subscraper-security-trails-module
- rapiddns-extractor - Extract subdomains from rapiddns.io
- Awesome-Bugbounty-Writeups - A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
- inql - InQL - A Burp Extension for GraphQL Security Testing
- WebAliveScan - 对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
- ossem-power-up - A tool to assess data quality, built on top of the awesome OSSEM.
- opendevops - CODO是一款为用户提供企业多混合云、一站式DevOps、自动化运维、完全开源的云管理平台、自动化运维平台
- ail-framework - AIL framework - Analysis Information Leak framework
- Dir_Monitor - Dir_Monitor — 可以防御文件上传漏洞的监控脚本
- Trishul - Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.
- grinder - :mag_right: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
- APKEnum
- AssetsHunter - 资产狩猎框架-AssetsHunter,信息收集是一项艺术~
- pentest-tools - Custom pentesting tools
- gitGraber - gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
- dnsvalidator - Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
- rop-benchmark - ROP Benchmark is a tool to compare ROP compilers
- nullscan - A modular framework designed to chain and automate security tests.
- httpgrep - Scans HTTP servers to find given strings in URIs.
- android_application_analyzer - The tool is used to analyze the content of the android application in local storage.
- Atlas - Quick SQLMap Tamper Suggester
- vulfocus - 🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
- OpenRedireX - A Fuzzer for OpenRedirect issues
- JSON-to-HTML-and-XLS - Simple script to convert JSON to html or excel
- pwntools - CTF framework and exploit development library
- ctf-wscan - 为ctf而生的web扫描器
- nuclei-templates - Community curated list of templates for the nuclei engine to find a security vulnerability in application.
- ROADtools - The Azure AD exploration framework.
- wsltools - Web Scan Lazy Tools - Python Package
- ParamSpider - Mining parameters from dark corners of Web Archives
- cve-analysis - Tools for conducting analysis of CVE data in Elasticsearch
- WebScan - 正在写的一个资产管理和扫描相结合的分布式扫描器
- nfstream - NFStream: a Flexible Network Data Analysis Framework.
- hackerone-reports - Top disclosed reports from HackerOne
- CORStest - A simple CORS misconfiguration scanner
- exrop - Automatic ROPChain Generation
- Win-Logs-Parse-tool
- okadminfinder3 - [ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻
- ScanQLi - SQLi scanner to detect SQL vulns
- EagleEye - Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
- malwoverview - Malwoverview is a first response tool used for downloading and screening malware samples, suspicious URLs, IP address, domains. Malwoverview offers threat hunting information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Valhalla and it is able to scan Android devices against VT and HA.
- rssant - 蚁阅 - 让 RSS 更好用,轻松订阅你喜欢的博客和资讯
- Flask_Bug_Platform - Flask代码审计练习靶场,初始代码源自https://github.com/yubang/cms
- scantron - A distributed nmap / masscan scanning framework complete with an API client for automation workflows
- BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
- XSStrike - Most advanced XSS scanner.
- LinkFinder - A python script that finds endpoints in JavaScript files
- Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains
- Arjun - HTTP parameter discovery suite.
- LangSrcCurise - SRC子域名资产监控
- bufferfly - 攻防演习/渗透测试资产处理小工具,对攻防演习/渗透测试前的信息搜集到的大批量资产/域名进行存活检测、获取标题头、语料提取、常见web端口检测等。
- CDQR - The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
- KnowledgeGraphData - 史上最大规模1.4亿中文知识图谱开源下载
- AndroBugs_Framework - AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
- ethereum-dasm - An ethereum evm bytecode disassembler and static/dynamic analysis tool
- HaboMalHunter - HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
- mobilehacktools - A repository for scripting a mobile attack toolchain
- xia0LLDB - LLDB python scripts for iOS arm64 reversing by xia0
- Coeus - Android apk/sdk Scan包括android apk/sdk 安全审计代码扫描以及国内政策扫描
- HRDevHelper - Context-sensitive HexRays decompiler plugin that visualizes the ctree of decompiled functions.
- lighthouse - A Code Coverage Explorer for Reverse Engineers
- LazyIDA - Make your IDA Lazy!
- IDArling - Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
- automate_knoxss - Automation of KNOXSS extension.
- HackerOne-Notifier - Send notifications if a new program is published on HackerOne using Pushbullet
- Kali-TX - Customized Kali Linux - Ansible playbook
- Virtuailor - IDAPython tool for creating automatic C++ virtual tables in IDA Pro
- faceswap - Deepfakes Software For All
- ray - An open source framework that provides a simple, universal API for building distributed applications. Ray is packaged with RLlib, a scalable reinforcement learning library, and Tune, a scalable hyperparameter tuning library.
- Androick
- voltron - A hacky debugger UI for hackers
- KitPloit_Arsenal - It is a tool that brings together exploits and news about security and vulnerabilities, with the intention of contributing to the open source community, developed from the site http://www.kitploit.com/ All rights reserved.
- Silver - Mass scan IPs for vulnerable services
- objection - 📱 objection - runtime mobile exploration
- scrounger - Mobile application testing toolkit
- ATFuzzer - "Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019
- truegaze - Static analysis tool for Android/iOS apps focusing on security issues outside the source code
- walle-web - walle - 瓦力 Devops开源项目代码部署平台
- pwn_deploy_chroot - 可以方便地部署一个或者多个pwn题到一个docker容器中(使用chroot,并可以设置是否使用我自己写的catflag程序替换默认的/bin/sh程序,以增加安全性)
- Exploitivator - Automate Metasploit scanning and exploitation
- aiodnsbrute - Python 3.5+ DNS asynchronous brute force utility
- interview_internal_reference - 2020年最新总结,阿里,腾讯,百度,美团,头条等技术面试题目,以及答案,专家出题人分析汇总。
- burpsuite_jsapi - A BurpSuite extension written by Python,used to find API interface in JS file.
- qark - Tool to look for several security related Android application vulnerabilities
- pixel-recursive-super-resolution - Tensorflow implementation of pixel-recursive-super-resolution(Google Brain paper: https://arxiv.org/abs/1702.00783)
- seecode-scanner - SeeCode Scanner 扫描引擎
- FXY - Security-Scenes-Feature-Engineering-Toolkit, Continuous Integration.一款安全数据特征化工具
- ClassHound - 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码
- ollvm-breaker - 使用Binary Ninja去除ollvm流程平坦混淆
- Octopus - Open source pre-operation C2 server based on python and powershell
- AndroidNativeEmu - Allows you to partly emulate an Android native library.
- dcc - DCC (Dex-to-C Compiler) is method-based aot compiler that can translate DEX code to C code.
- FART - ART环境下自动化脱壳方案
- redis-rogue-server - Redis 4.x & 5.x RCE
- NTLMRecon - Enumerate information from NTLM authentication enabled web endpoints 🔎
- BeaconTelegram - Send message on Telegram when you get a new Cobalt Strike beacon
- gtfoplus - Linux Local Privesc Helper and Agent
- iosMixTools - ios混淆脚本工具
- sms_verification_code_API - 在线接收市面大部分app和网页的短信验证码,多平台,代替客户端使用
- openrasp-iast - IAST 灰盒扫描工具
- AssetScan - 资产探测工具,检测存活,检测风险端口,常规端口,全端口探测等等,对探测的端口的脆弱面进行安全分析进行
- RGPerson - RGPerson - Randomly generate identity information
- Keylogger - A simple keylogger for Windows, Linux and Mac
- ccat - Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
- python-for-android - Turn your Python application into an Android APK
- DockerPwn.py - Python automation of Docker.sock abuse
- jeb-keygen - JEB install env
- Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
- flan - A pretty sweet vulnerability scanner
- FrameScan - FrameScan 一款python3编写的简易的cms漏洞检测框架
- Python-dsstore - A library for parsing .DS_Store files and extracting file names
- pocsuite_poc_collect - collection poc use pocsuite framework 收集一些 poc with pocsuite框架
- CTFd-Whale - A plugin for CTFd which allow your users to deploy a standalone instance for challenges.
- hrida - Hrida is a http interface for Frida
- the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
- Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- Dshell - Dshell is a network forensic analysis framework.
- JSINFO-SCAN - 递归式寻找域名和api。
- XQuant - Simple backtester for human.
- OneForAll - OneForAll是一款功能强大的子域收集工具
- Ghostwriter - The SpecterOps project management and reporting engine
- trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
- teleport - Teleport是一款简单易用的堡垒机系统。
- ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
- VulnWhisperer - Create actionable data from your Vulnerability Scans
- pyattck - A Python package to interact with the Mitre ATT&CK Framework
- ThreatHunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
- internalblue - Bluetooth experimentation framework for Broadcom and Cypress chips.
- Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida
- webssh - :seedling: Web based ssh client
- bounty-monitor - Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains participating in bug bounty programs.
- celerystalk - An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
- regipy - Regipy is an os independent python library for parsing offline registry hives
- kerberoast
- machine_learning_security - Source code about machine learning and security.
- Java_xmlhack - 帮助java环境下任意文件下载情况自动化读取源码的小工具
- JSFinder - JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
- get_domain
- awd_attack_framework - awd攻防常用脚本+不死马+crontab+防御方法
- CTF_AWD_Platform - CTF 攻防对抗平台
- evernote_remove_duplicates - 印象笔记去重
- sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
- Kali-Setup - Script for Kali that adds a bunch of tools and customizes it to be much better
- CVE-2019-1040 - CVE-2019-1040 with Exchange
- F-NAScan-PLUS - F-NAScan-PLUS 安服资产搜集
- wfuzz - Web application fuzzer
- PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
- DNSLog - DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
- Graffiti - A tool to generate obfuscated one liners to aid in penetration testing
- Reverse-Shell-Manager - :hammer: A multiple reverse shell session/client manager via terminal
- WeblogicScanLot - WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2
- CrackNetDrive3
- uds - Unlimited Drive Storage by splitting binary files into base64
- geye - 🚀Faster Github Monitor🚀
- Archery - SQL 审核查询平台
- w9scan - Plug-in type web vulnerability scanner
- fuzzDicts - Web Pentesting Fuzz 字典,一个就够了。
- jwt_tool - :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
- Webfinger - web指纹识别
- OSweep - Don't Just Search OSINT. Sweep It.
- FinalRecon - The Last Web Recon Tool You'll Need
- pbscan - 基于burpsuite headless 的代理式被动扫描系统
- Python-100-Days - Python - 100天从新手到大师
- osprey
- HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
- python-masscan - python-masscan is a python library which helps in using masscan port scanner.
- vtest - 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
- dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
- sniff-paste - Pastebin OSINT Harvester
- WSPIH - Website Sensitive Personal Information Hunter 网站个人敏感信息文件扫描器
- bookmarks2markdown - Convert bookmarks to Markdown
- pyinstaller - Freeze (package) Python programs into stand-alone executables
- awd-platform - platform for awd
- StarsAndClown - ☀️Github星聚弃疗榜, 让吃瓜群众也能享受Github带来的乐趣~Github StarsAndClown, Let the people who eat me can enjoy the fun of Github~
- GScan - 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
- pocscan
- dollhouse
- LuWu - 红队基础设施自动化部署工具
- SqlChecker - 注入检测工具
- web_pwd_common_crack - 通用web弱口令破解脚本,旨在批量检测那些没有验证码的管理后台,可用于刷分~
- HackMySQL - Using To MySQL Elevate Privileges.
- Pictures-Trojans
- h2t - h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply
- legion - Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
- csbruter - Cobalt Strike team server password brute force tool
- mysql_log_check - MySQL Log Analysis
- AggressorScripts
- Shepherd - A Django application to help red team operators manage a library of domain names
- DomainCheck - DomainCheck is designed to assist operators with monitoring changes related to their domain names. This includes negative changes in categorization, VirusTotal detections, and appearances on malware blacklists. DomainCheck currently works only with NameCheap.
- fuzzdb-collect - 网络上安全资源的搜集
- yujian_keygen - 御剑算号破解激活工具
- RW_Password - 此项目用来提取收集以往泄露的密码中符合条件的强弱密码
- paper-tips-and-tricks - Best practice and tips & tricks to write scientific papers in LaTeX, with figures generated in Python or Matlab.
- FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
- vulncode-db - Vulncode-DB project
- DarkNet_ChineseTrading - 🚇暗网中文网监控爬虫(DEEPMIX)
- Jenkins - Jenkins漏洞探测、用户抓取爆破
- tp5-getshell - thinkphp5 rce getshell
- Python-crawler-tutorial-starts-from-zero - python爬虫教程,带你从零到一,包含js逆向,selenium, tesseract OCR识别,mongodb的使用,以及scrapy框架
- instantbox - 📦 Get a clean, ready-to-go Linux box in seconds.
- archerysec - Centralize Vulnerability Assessment and Management for DevSecOps Team
- FileMonitor - 文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)
- xxe-lab - 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
- r3con1z3r - R3con1z3r is a lightweight Web information gathering tool with an intuitive features written in python. it provides a powerful environment in which open source intelligence (OSINT) web-based footprinting can be conducted quickly and thoroughly.
- DeTTECT - Detect Tactics, Techniques & Combat Threats
- leaks_parser - Parser for data dumps Collection #1 / Collection #2-5
- MyBlog - 记录和分享学习的旅程!
- POC-T - 基于poc-t 并在此基础上增加批量功能!
- artillery - The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
- SPFAbuse - SPF are not as strong as you may think. Red Team tool to send email on behalf of your target corp
- dirty_sock - Linux privilege escalation exploit via snapd (CVE-2019-7304)
- CVE-2018-2628 - CVE-2018-2628 & CVE-2018-2893
- AD_WebScanner - AD工作室精心研发漏洞安全扫描器
- weblogic_unserialize_exploit - java unserialize vul for weblogic exploit
- CVE-2018-3191 - Weblogic-CVE-2018-3191远程代码命令执行漏洞
- mcreator - Encoded Reverse Shell Generator With Techniques To Bypass AV's
- struts2-057-exp - s2-057 最新漏洞分析和EXP脚本
- CVE-2018-7600 - CVE-2018-7600 - Drupal 7.x RCE
- CVE-2018-2894 - CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script
- BitcoinPriceReader - Bitcoin Price Reader
- 24h-raspberry-live-on-bilibili - 🎦树莓派/VPS驱动的b站直播弹幕点播台,代码写得很烂,看之前请吃点降压药。已计划重写
- Photon - Incredibly fast crawler designed for OSINT.
- Mr.SIP - SIP-Based Audit and Attack Tool
- Scanner - 端口扫描 + 敏感文件扫描 + POC批量调用框架
- vulscan - vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
- shodansploit - 🔎 shodansploit > v1.3.0
- CORScanner - Fast CORS misconfiguration vulnerabilities scanner🍻
- cs2modrewrite - Convert Cobalt Strike profiles to modrewrite scripts
- vulnerability-list - 在渗透测试中快速检测常见中间件、组件的高危漏洞。
- autoRecon - This tool is for automate the initial things that we usually do in daily pentesting. So you can focus more on the main target.
- Sitadel - Web Application Security Scanner
- CyberScan - CyberScan: Network's Forensics ToolKit
- a2sv - Auto Scanning to SSL Vulnerability
- pentest_scripts - penetration testing scripts
- femida - Automated blind-xss search for Burp Suite
- ChunkedHTTPAdapter - 参考《利用分块传输吊打所有WAF》修改的requests的Adapter
- saucerframe - python3批量poc检测工具
- metasploitHelper - metasploitHelper
- tools - Python渗透漏洞工具
- burp-extensions - A collection of scripts to extend Burp Suite
- NfSpy - ID-spoofing NFS client
- protobuf-inspector - 🕵️ Tool to reverse-engineer Protocol Buffers with unknown definition
- pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
- w12scan-client - 网络资产搜索发现引擎,w12scan 扫描端程序
- SSRFmap - Automatic SSRF fuzzer and exploitation tool
- weblogic-scan - weblogic 漏洞扫描工具
- domain_pass_generate - 通过域名生成爆破字典
- upload-fuzz-dic-builder - 上传漏洞fuzz字典生成脚本
- Pompem - Find exploit tool
- poopak - POOPAK - TOR Hidden Service Crawler
- sharesearch - Samba, NFS shares spider and grepper
- OneList - A simple directory index for OneDrive
- WebPocket - Exploit management framework
- wesng - Windows Exploit Suggester - Next Generation
- rapidscan - :new: The Multi-Tool Web Vulnerability Scanner.
- Nmap-Scan-to-CSV - Converts Nmap XML output to csv file, and other useful functions
- Awesome-WAF - 🔥 Everything you'll need to know about web-application firewalls (WAF).
- Evil-WinRAR-Gen - Generator of malicious Ace files for WinRAR < 5.70 beta 1
- stretcher - Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
- TDScanner - 自动化检测小工具,主要实现了域名枚举、链接爬取、注入检测、主机扫描、目录枚举、敏感信息检测等功能~
- sgk_data_handler - 社工库半自动处理
- PicLocation - 快速获取图片的GPS和其拍摄地理位置
- CANalyzat0r - Security analysis toolkit for proprietary car protocols
- aztarna - aztarna, a footprinting tool for robots.
- mijisou - Privacy-respecting metasearch engine
- PrivExchange - Exchange your privileges for Domain Admin privs by abusing Exchange
- Perun - Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
- nmaptocsv - A simple python script to convert Nmap output to CSV
- xcut - Enhanced cut command
- xlparser - Parse file(xlsx/xls/csv) to other format(dict, csv, json, ...).
- VulCloud - A Simple Web-UI for Vulhub (Docker) / 便捷的漏洞镜像管理部署Web应用
- termtosvg - Record terminal sessions as SVG animations
- Geetest3-Crack - 🤖 Geetest3 Distributed Cracking Platform 极验3代分布式破解平台
- xupload - A tool for automatically testing whether the upload function can upload webshell
- funNLP - 中英文敏感词、语言检测、中外手机/电话归属地/运营商查询、名字推断性别、手机号抽取、身份证抽取、邮箱抽取、中日文人名库、中文缩写库、拆字词典、词汇情感值、停用词、反动词表、暴恐词表、繁简体转换、英文模拟中文发音、汪峰歌词生成器、职业名称词库、同义词库、反义词库、否定词库、汽车品牌词库、汽车零件词库、连续英文切割、各种中文词向量、公司名字大全、古诗词库、IT词库、财经词库、成语词库、地名词库、历史名人词库、诗词词库、医学词库、饮食词库、法律词库、汽车词库、动物词库、中文聊天语料、中文谣言数据、百度中文问答数据集、句子相似度匹配算法集合、bert资源、文本生成&摘要相关工具、cocoNLP信息抽取工具、国内电话号码正则匹配、清华大学XLORE:中英文跨语言百科知识图谱、清华大学人工智能技术系列报告、自然语言生成、NLU太难了系列、自动对联数据及机器人、用户名黑名单列表、罪名法务名词及分类模型、微信公众号语料、cs224n深度学习自然语言处理课程、中文手写汉字识别、中文自然语言处理 语料/数据集、变量命名神器、分词语料库+代码、任务型对话英文数据集、ASR 语音数据集 + 基于深度学习的中文语音识别系统、笑声检测器、Microsoft多语言数字/单位/如日期时间识别包、中华新华字典数据库及api(包括常用歇后语、成语、词语和汉字)、文档图谱自动生成、SpaCy 中文模型、Common Voice语音识别数据集新版、神经网络关系抽取、基于bert的命名实体识别、关键词(Keyphrase)抽取包pke、基于医疗领域知识图谱的问答系统、基于依存句法与语义角色标注的事件三元组抽取、依存句法分析4万句高质量标注数据、cnocr:用来做中文OCR的Python3包、中文人物关系知识图谱项目、中文nlp竞赛项目及代码汇总、中文字符数据、speech-aligner: 从“人声语音”及其“语言文本”产生音素级别时间对齐标注的工具、AmpliGraph: 知识图谱表示学习(Python)库:知识图谱概念链接预测、Scattertext 文本可视化(python)、语言/知识表示工具:BERT & ERNIE、中文对比英文自然语言处理NLP的区别综述、Synonyms中文近义词工具包、HarvestText领域自适应文本挖掘工具(新词发现-情感分析-实体链接等)、word2word:(Python)方便易用的多语言词-词对集:62种语言/3,564个多语言对、语音识别语料生成工具:从具有音频/字幕的在线视频创建自动语音识别(ASR)语料库、构建医疗实体识别的模型(包含词典和语料标注)、单文档非监督的关键词抽取、Kashgari中使用gpt-2语言模型、开源的金融投资数据提取工具、文本自动摘要库TextTeaser: 仅支持英文、人民日报语料处理工具集、一些关于自然语言的基本模型、基于14W歌曲知识库的问答尝试--功能包括歌词接龙and已知歌词找歌曲以及歌曲歌手歌词三角关系的问答、基于Siamese bilstm模型的相似句子判定模型并提供训练数据集和测试数据集、用Transformer编解码模型实现的根据Hacker News文章标题自动生成评论、用BERT进行序列标记和文本分类的模板代码、LitBank:NLP数据集——支持自然语言处理和计算人文学科任务的100部带标记英文小说语料、百度开源的基准信息抽取系统、虚假新闻数据集、Facebook: LAMA语言模型分析,提供Transformer-XL/BERT/ELMo/GPT预训练语言模型的统一访问接口、CommonsenseQA:面向常识的英文QA挑战、中文知识图谱资料、数据及工具、各大公司内部里大牛分享的技术文档 PDF 或者 PPT、自然语言生成SQL语句(英文)、中文NLP数据增强(EDA)工具、英文NLP数据增强工具 、基于医药知识图谱的智能问答系统、京东商品知识图谱、基于mongodb存储的军事领域知识图谱问答项目、基于远监督的中文关系抽取、语音情感分析、中文ULMFiT-情感分析-文本分类-语料及模型、一个拍照做题程序、世界各国大规模人名库、一个利用有趣中文语料库 qingyun 训练出来的中文聊天机器人、中文聊天机器人seqGAN、省市区镇行政区划数据带拼音标注、教育行业新闻语料库包含自动文摘功能、开放了对话机器人-知识图谱-语义理解-自然语言处理工具及数据、中文知识图谱:基于百度百科中文页面-抽取三元组信息-构建中文知识图谱、masr: 中文语音识别-提供预训练模型-高识别率、Python音频数据增广库、中文全词覆盖BERT及两份阅读理解数据、ConvLab:开源多域端到端对话系统平台、中文自然语言处理数据集、基于最新版本rasa搭建的对话系统、基于TensorFlow和BERT的管道式实体及关系抽取、一个小型的证券知识图谱/知识库、复盘所有NLP比赛的TOP方案、OpenCLaP:多领域开源中文预训练语言模型仓库、UER:基于不同语料+编码器+目标任务的中文预训练模型仓库、中文自然语言处理向量合集、基于金融-司法领域(兼有闲聊性质)的聊天机器人、g2pC:基于上下文的汉语读音自动标记模块、Zincbase 知识图谱构建工具包、诗歌质量评价/细粒度情感诗歌语料库、快速转化「中文数字」和「阿拉伯数字」、百度知道问答语料库、基于知识图谱的问答系统、jieba_fast 加速版的jieba、正则表达式教程、中文阅读理解数据集、基于BERT等最新语言模型的抽取式摘要提取、Python利用深度学习进行文本摘要的综合指南、知识图谱深度学习相关资料整理、维基大规模平行文本语料、StanfordNLP 0.2.0:纯Python版自然语言处理包、NeuralNLP-NeuralClassifier:腾讯开源深度学习文本分类工具、端到端的封闭域对话系统、中文命名实体识别:NeuroNER vs. BertNER、新闻事件线索抽取、2019年百度的三元组抽取比赛:“科学空间队”源码、基于依存句法的开放域文本知识三元组抽取和知识库构建、中文的GPT2训练代码、ML-NLP - 机器学习(Machine Learning)NLP面试中常考到的知识点和代码实现、nlp4han:中文自然语言处理工具集(断句/分词/词性标注/组块/句法分析/语义分析/NER/N元语法/HMM/代词消解/情感分析/拼写检查、XLM:Facebook的跨语言预训练语言模型、用基于BERT的微调和特征提取方法来进行知识图谱百度百科人物词条属性抽取、中文自然语言处理相关的开放任务-数据集-当前最佳结果、CoupletAI - 基于CNN+Bi-LSTM+Attention 的自动对对联系统、抽象知识图谱、MiningZhiDaoQACorpus - 580万百度知道问答数据挖掘项目、brat rapid annotation tool: 序列标注工具、大规模中文知识图谱数据:1.4亿实体、数据增强在机器翻译及其他nlp任务中的应用及效果、allennlp阅读理解:支持多种数据和模型、PDF表格数据提取工具 、 Graphbrain:AI开源软件库和科研工具,目的是促进自动意义提取和文本理解以及知识的探索和推断、简历自动筛选系统、基于命名实体识别的简历自动摘要、中文语言理解测评基准,包括代表性的数据集&基准模型&语料库&排行榜、树洞 OCR 文字识别 、从包含表格的扫描图片中识别表格和文字、语声迁移、Python口语自然语言处理工具集(英文)、 similarity:相似度计算工具包,java编写、海量中文预训练ALBERT模型 、Transformers 2.0 、基于大规模音频数据集Audioset的音频增强 、Poplar:网页版自然语言标注工具、图片文字去除,可用于漫画翻译 、186种语言的数字叫法库、Amazon发布基于知识的人-人开放领域对话数据集 、中文文本纠错模块代码、繁简体转换 、 Python实现的多种文本可读性评价指标、类似于人名/地名/组织机构名的命名体识别数据集 、东南大学《知识图谱》研究生课程(资料)、. 英文拼写检查库 、 wwsearch是企业微信后台自研的全文检索引擎、CHAMELEON:深度学习新闻推荐系统元架构 、 8篇论文梳理BERT相关模型进展与反思、DocSearch:免费文档搜索引擎、 LIDA:轻量交互式对话标注工具 、aili - the fastest in-memory index in the East 东半球最快并发索引 、知识图谱车音工作项目、自然语言生成资源大全 、中日韩分词库mecab的Python接口库、中文文本摘要/关键词提取、汉字字符特征提取器 (featurizer),提取汉字的特征(发音特征、字形特征)用做深度学习的特征、中文生成任务基准测评 、中文缩写数据集、中文任务基准测评 - 代表性的数据集-基准(预训练)模型-语料库-baseline-工具包-排行榜、PySS3:面向可解释AI的SS3文本分类器机器可视化工具 、中文NLP数据集列表、COPE - 格律诗编辑程序、doccano:基于网页的开源协同多语言文本标注工具 、PreNLP:自然语言预处理库、简单的简历解析器,用来从简历中提取关键信息、用于中文闲聊的GPT2模型:GPT2-chitchat、基于检索聊天机器人多轮响应选择相关资源列表(Leaderboards、Datasets、Papers)、(Colab)抽象文本摘要实现集锦(教程 、词语拼音数据、高效模糊搜索工具、NLP数据增广资源集、微软对话机器人框架 、 GitHub Typo Corpus:大规模GitHub多语言拼写错误/语法错误数据集、TextCluster:短文本聚类预处理模块 Short text cluster、面向语音识别的中文文本规范化、BLINK:最先进的实体链接库、BertPunc:基于BERT的最先进标点修复模型、Tokenizer:快速、可定制的文本词条化库、中文语言理解测评基准,包括代表性的数据集、基准(预训练)模型、语料库、排行榜、spaCy 医学文本挖掘与信息提取 、 NLP任务示例项目代码集、 python拼写检查库、chatbot-list - 行业内关于智能客服、聊天机器人的应用和架构、算法分享和介绍、语音质量评价指标(MOSNet, BSSEval, STOI, PESQ, SRMR)、 用138GB语料训练的法文RoBERTa预训练语言模型 、BERT-NER-Pytorch:三种不同模式的BERT中文NER实验、无道词典 - 有道词典的命令行版本,支持英汉互查和在线查询、2019年NLP亮点回顾、 Chinese medical dialogue data 中文医疗对话数据集 、最好的汉字数字(中文数字)-阿拉伯数字转换工具、 基于百科知识库的中文词语多词义/义项获取与特定句子词语语义消歧、awesome-nlp-sentiment-analysis - 情感分析、情绪原因识别、评价对象和评价词抽取、LineFlow:面向所有深度学习框架的NLP数据高效加载器、中文医学NLP公开资源整理 、MedQuAD:(英文)医学问答数据集、将自然语言数字串解析转换为整数和浮点数、Transfer Learning in Natural Language Processing (NLP) 、面向语音识别的中文/英文发音辞典、Tokenizers:注重性能与多功能性的最先进分词器、CLUENER 细粒度命名实体识别 Fine Grained Named Entity Recognition、 基于BERT的中文命名实体识别、中文谣言数据库、NLP数据集/基准任务大列表、nlp相关的一些论文及代码, 包括主题模型、词向量(Word Embedding)、命名实体识别(NER)、文本分类(Text Classificatin)、文本生成(Text Generation)、文本相似性(Text Similarity)计算等,涉及到各种与nlp相关的算法,基于keras和tensorflow 、Python文本挖掘/NLP实战示例、 Blackstone:面向非结构化法律文本的spaCy pipeline和NLP模型通过同义词替换实现文本“变脸” 、中文 预训练 ELECTREA 模型: 基于对抗学习 pretrain Chinese Model 、albert-chinese-ner - 用预训练语言模型ALBERT做中文NER 、基于GPT2的特定主题文本生成/文本增广、开源预训练语言模型合集、多语言句向量包、编码、标记和实现:一种可控高效的文本生成方法、 英文脏话大列表 、attnvis:GPT2、BERT等transformer语言模型注意力交互可视化、CoVoST:Facebook发布的多语种语音-文本翻译语料库,包括11种语言(法语、德语、荷兰语、俄语、西班牙语、意大利语、土耳其语、波斯语、瑞典语、蒙古语和中文)的语音、文字转录及英文译文、Jiagu自然语言处理工具 - 以BiLSTM等模型为基础,提供知识图谱关系抽取 中文分词 词性标注 命名实体识别 情感分析 新词发现 关键词 文本摘要 文本聚类等功能、用unet实现对文档表格的自动检测,表格重建、NLP事件提取文献资源列表 、 金融领域自然语言处理研究资源大列表、CLUEDatasetSearch - 中英文NLP数据集:搜索所有中文NLP数据集,附常用英文NLP数据集 、medical_NER - 中文医学知识图谱命名实体识别 、(哈佛)讲因果推理的免费书、知识图谱相关学习资料/数据集/工具资源大列表、Forte:灵活强大的自然语言处理pipeline工具集 、Python字符串相似性算法库、PyLaia:面向手写文档分析的深度学习工具包、TextFooler:针对文本分类/推理的对抗文本生成模块、Haystack:灵活、强大的可扩展问答(QA)框架、中文关键短语抽取工具
- WorkScripts - 信息安全工程师工作常用脚本
- awesome-scoop - A collection of awesome resources for the scoop package manager for windows
- mpDNS - Multi-Purpose DNS Server
- h1domains - HackerOne "in scope" domains
- stockbook - 豆瓣经典证券书籍收录并排名
- CS_xor64 - cobaltstrike xor64.bin补完计划
- NetEaseCloudMusic-nonmembership-list-download - 网易云音乐歌曲批量下载,免VIP【支持歌单,排名榜】
- RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
- domained - Multi Tool Subdomain Enumeration
- FuckFakeGitHubStars - GitHub 虚假 Star 净网行动
- DNS_Transfer_Check - 一个用来批量检测网站是否存在域传送漏洞的Python脚本
- geektime_dl - 把极客时间装进 Kindle,内含快手内推等福利
- TTLScan - 一款简易的插件化的漏洞扫描器框架
- F-Scrack
- airbug - Airbug(空气洞),收集漏洞poc用于安全产品
- TensorFlow-cn - 简单粗暴 TensorFlow (1.X) | A Concise Handbook of TensorFlow (1.X) | 此版本不再更新,新版见 https://tf.wiki
- SubDomainTakeoverTools
- WinHeap-Explorer - WinHeap Explorer repository.
- Sec-Cheatsheets - Cheatsheets on security vulnerabilities and exploits.
- opencanary_web - The web management platform of honeypot
- Web-App-Hacking-Notes - Notes I've taken while working through various web app pentesting labs.
- ctf-wiki - A new start for CTF Wiki! Come and join us, we need you!
- hack-requests - The hack-requests is an http network library for hackers
- mybugscan - fofa_api+bugscan插件扫描
- CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
- etherum_rpc_steal - The Etherum RPC Steal Toolset and honeypot .以太坊"偷渡"漏洞利用和蜜罐工具集.
- EventMonitor - Event monitor based on online news corpus including event storyline and analysis,基于给定事件关键词,采集事件资讯,对事件进行挖掘和分析。
- hacktronian - Tools for Hacking
- JPentest - Jumbo Python Penetration testing framework
- sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
- LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
- fuxi - Penetration Testing Platform
- Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
- teemo - A Domain Name & Email Address Collection Tool
- tensorflow-1.4-billion-password-analysis - Deep Learning model to analyze a large corpus of clear text passwords.
- waidps - Wireless Auditing, Intrusion Detection & Prevention System
- iGuardForPython
- attackintel - A python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups.
- prowler - Distributed Network Vulnerability Scanner
- windows_sshagent_extract - PoC code to extract private keys from Windows 10's built in ssh-agent service
- awesome-scripts - useful scripts for Linux op
- Pentest-tools - 内网渗透工具
- SourceLeakHacker - :bug: A multi threads web application source leak scanner
- CVE-2018-9995_dvr_credentials - (CVE-2018-9995) Get DVR Credentials
- SecurityTools - A single repository for any security tools, scripts, documentation, etc. that I add
- Astra - Automated Security Testing For REST API's
- rpivot - socks4 reverse proxy for penetration testing
- pentest-notes
- passphrase-wordlist - Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
- FindFrontableDomains - Search for potential frontable domains
- ccupp - 基于社会工程学的弱口令密码字典生成工具
- WinPwnage - UAC bypass, Elevate, Persistence methods
- Gitmails - An information gathering tool to collect git commit emails in version control host services
- WHP - Micro$oft Windows Hacking Pack
- GetExpiredDomains - Search for available domain from expireddomains.net
- CVE-2018-7600 - Exploit for Drupal 7 <= 7.57 CVE-2018-7600
- jni_helper - Android SO自动化分析工具
- hackbox - HackBox is the combination of awesome techniques. [1] - Xss [2] - Exploits [3] - Subdomain scanner [4] - Whois Lookup [5] - SSRF Injection [6] - Nmap Auto banner [7] - Js Url parser [8] - Web Headers [9] - Listener [10] - Current Network Stats [11] - CORS Misconfig [12] - AWS S3 Misconfig
- AsyncHttpsDNS - DNS Over Https Powered By Asyncio
- PRCDNS - 准确、CDN友好
- bjdns - A dns server which can protect yourself against DNS poisoning in China. / 抗污染 带缓存的dns服务器
- awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
- py-kms - A KMS server written in python.
- AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
- crackedmysql
- scripts - Simple repo just for fun and for personal usage. Use them at your own risk.
- NagaScan - NagaScan is a distributed passive scanner for Web application.
- BugBountySubdomains - Tools to gather subdomains from Bug Bounty programs
- patchwork - Patchwork is a web-based patch tracking system designed to facilitate the contribution and management of contributions to an open-source project.
- pyrexecd - Standalone SSH server for Windows
- pysheeet - Python Cheat Sheet
- PT-help
- CVE-2017-10271 - WebLogic Exploit
- Memcrashed-DDoS-Exploit - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
- LaZagne - Credentials recovery project
- twitter-scraper - Scrape the Twitter Frontend API without authentication.
- Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
- DoubanHistory - 豆瓣热映电影30天历史评分
- msdat - MSDAT: Microsoft SQL Database Attacking Tool
- src_edu - 为各位出色的渗透工程师提供攻击目标。
- Pymap-Scanner
- securecrt-tools - SecureCRT scripts, written in Python, for doing various tasks when connected to Cisco equipment.
- vbs-reverse-shell - VBS reverse shell scripts
- feed - Some feeds output from feedly.
- sparta - Network Infrastructure Penetration Testing Tool
- security-tools - Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
- Sickle - Payload development tool
- windapsearch - Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
- SQLiScanner - Automatic SQL injection with Charles and sqlmap api
- when-changed - Execute a command when a file is changed
- CVE-2018-0802 - PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)
- ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
- Infoga - Infoga - Email OSINT
- hate_crack - A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
- AutoSploit - Automated Mass Exploiter
- QQLocation
- ZeroScan - ZeroScan is a tool that auto gathers subdomains and scan ports
- fuxploider - File upload vulnerability scanner and exploitation tool.
- WiFi-Miner-Detector - Detecting malicious WiFi with mining cryptocurrency.
- gasmask - Information gathering tool - OSINT
- DNSLog - DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
- ver-observer - Detection version of framework \ CMS \ dev-dependence on target website.
- ojbk_jiexi - ojbk视频解析源码,支持tumblr/2mm/91porn/微博
- shadowProxy
- kinproxy - my implements transparent proxies (mitmproxy) can use to intercept and manipulate HTTP traffic modifying requests and responses. CLI
- medfusion-4000-research - Medfusion 4000 security research & a MQX RCE.
- Stitch - Python Remote Administration Tool (RAT)
- MaltegoNessusParser - Maltego transform for visualizing Nessus scan data
- EvilURL - Generate unicode evil domains for IDN Homograph Attack and detect them.
- BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
- One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
- GTScan - The Nmap Scanner for Telco
- Nettacker - Automated Penetration Testing Framework
- RTF_11882_0802 - PoC for CVE-2018-0802 And CVE-2017-11882
- pytrader - cryptocurrency trading robot
- cisco-snmp-rce - Cisco IOS SNMP RCE PoC
- py-evm - A Python implementation of the Ethereum Virtual Machine
- xcdn - Try to find out the real ip behind cdn
- UnifiedMessageRelay - Group Message Forward Framework (supports QQ Telegram Line Discord)
- crlf-injector - A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
- parameth - This tool can be used to brute discover GET and POST parameters
- dorkbot - Command-line tool to scan Google search results for vulnerabilities
- WebAppSec - Web Application Security
- GWT-3D
- sadb - (safe adb) More convenient to operate adb for multiple connected devices
- passmaker - 可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified
- public-apis - A collective list of free APIs for use in software and web development.
- CVE-2017-10271 - CVE-2017-10271 WEBLOGIC RCE (TESTED)
- BeRoot - Privilege Escalation Project - Windows / Linux / Mac
- CryptoHub_Bot - Everything you desire in the revolution of cryptocurrency.
- abu - 阿布量化交易系统(股票,期权,期货,比特币,机器学习) 基于python的开源量化交易,量化投资架构
- PassGAN - A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)
- gy - Yet another .gitignore magician in your command line.
- S3Scanner - Scan for open AWS S3 buckets and dump the contents
- Anubis - 🔓Subdomain enumeration and information gathering tool
- weblate - Web based localization tool with tight version control integration.
- 003Recon - Some tools to automate recon - 003random
- awada - lcx in python edition
- pritunl - Enterprise VPN server
- ssh_keyscanner - ssh public host key scanner using shodan
- SAP_vulnerabilities - DoS PoC's for SAP products
- pipenv - Python Development Workflow for Humans.
- CVE-2017-11882 - CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882
- CVE-2017-11882 - Proof-of-Concept exploits for CVE-2017-11882
- mirror - Task scheduler for open source mirror site (initially for https://mirror.bjtu.edu.cn)
- CVE-2017-13089 - CVE-2017-13089
- Striker - Striker is an offensive information and vulnerability scanner.
- aws_list_all - List all your AWS resources, all regions, all services.
- SpookFlare - Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
- P4wnP1 - P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
- dnstwist - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- netflix-no-ipv6-dns-proxy - NOTE: I am no longer a Netflix subscriber and therefore cannot reasonably maintain this project anymore. (Fix for Netflix blocking various IPv6 tunnels by returning no results for AAAA queries of Netflix domains)
- cheat.sh - the only cheat sheet you need
- rtcp - 利用 Python 的 Socket 端口转发,用于远程维护
- CVE-2017-8759-Exploit-sample - Running CVE-2017-8759 exploit sample.
- ipv6-hosts - Fork of https://code.google.com/archive/p/ipv6-hosts/, focusing on automation
- kimsufi-crawler - Crawler that will send you an email alert as soon as servers on OVH/Kimsufi become available for purchase
- zmirror - The next-gen reverse proxy for full site mirroring
- CloudXNS-DDNS - The Python shell of CloudXNS DDNS
- speedtest-cli - Command line interface for testing internet bandwidth using speedtest.net
- VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
- resizeup - Dropzone3's Action Plugin - Markdown insert images solution
- SSHPry2.0 - SSHPry v2 - Spy & Control os SSH Connected client's TTY
- cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target.
- CVE-2017-0785 - Blueborne CVE-2017-0785 Android information leak vulnerability
- dnsmasq-china-list - Chinese-specific configuration to improve your favorite DNS server. Best partner for chnroutes.
- LFiFreak - A unique automated LFi Exploiter with Bind/Reverse Shells
- domato - DOM fuzzer
- sshpry - Seamlessly spy on SSH session like it is your tty
- net-creds - Sniffs sensitive data from interface or pcap
- binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
- PasteHunter - Scanning pastebin with yara rules
- Routerhunter-2.0 - Testing vulnerabilities in devices and routers connected to the Internet.
- pdfdir - PDF导航(大纲/目录)添加工具
- whichCDN - WhichCDN allows to detect if a given website is protected by a Content Delivery Network
- Webshell-Sniper - :hammer: Manage your website via terminal
- LeaderF - An efficient fuzzy finder that helps to locate files, buffers, mrus, gtags, etc. on the fly for both vim and neovim.
- S2-053-CVE-2017-12611 - A simple script for exploit RCE for Struts 2 S2-053(CVE-2017-12611)
- gitfiti - abusing github commit history for the lulz
- linuxprivchecker - linuxprivchecker.py -- a Linux Privilege Escalation Check Script
- PixivUtil2 - Download images from Pixiv and more!
- beeswarm - Honeypot deployment made easy
- webzmap - Zmap on Web
- explo - Human and machine readable web vulnerability testing format
- wtfpython - What the f*ck Python?
- LANs.py - Inject code and spy on wifi users
- Wordpresscan - WPScan rewritten in Python + some WPSeku ideas
- IOT-Protect-Continous-Vulnerability-Scanner - A continous vulnerability scanner which scanys for Qbot and Mirai vulnerabilites and displays results in a browser
- wetland - A high interaction SSH honeypot
- domain_analyzer - Analyze the security of any domain by finding all the information possible. Made in python.
- CyberThreatHunting - A collection of resources for Threat Hunters
- JoomlaScan - A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.
- silverblog - A fast and lightweight blog framework based on Python3 development
- rsatool - rsatool can be used to calculate RSA and RSA-CRT parameters
- db_security - 数据库安全审计平台
- rangehttpserver - Python module that implements a simple HTTP server that understands the HTTP Range header.
- qiniu4blog - 使用七牛云存储创建自己的图床,用于写博客
- QQSpider - QQ空间爬虫(日志、说说、个人信息)
- coderzh-hugo-blog - My Perfect Hugo Blog
- windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
- cansina - Web Content Discovery Tool
- wait-for-it - Pure bash script to test and wait on the availability of a TCP host and port
- git-repo-updater - A console script that allows you to easily update multiple git repositories at once
- arch-wiki-docs - A script to download pages from Arch Wiki for offline browsing
- fthreadpool - 线程池模块,增加超时监控,自动Kill
- wifite2 - Rewrite of the popular wireless network auditor, "wifite"
- Tor2web - Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
- hxsec_search
- DET - (extensible) Data Exfiltration Toolkit (DET)
- Vulny-Code-Static-Analysis - Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
- onioff - 🌰 An onion url inspector for inspecting deep web links.
- GithubCloner - A script that clones Github repositories of users and organizations.
- awesome-industrial-control-system-security - A curated list of resources related to Industrial Control System (ICS) security.
- FileScan - FileScan: 敏感文件扫描 / 二次判断降低误报率 / 扫描内容规则化 / 多目录扫描
- OSINT-SPY - Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. If you want to ask something please feel free to reach out to me at [email protected]
- netease-cloud-music-dl - Netease cloud music song downloader, with full ID3 metadata, eg: front cover image, artist name, album name, song title and so on.
- scan_webshell - 很简单的webshell扫描
- parseNTFS - Simple NTFS crawler.
- ppsx-file-generator - ppsx file generator for cve-2017-8570 (based on bhdresh/cve-2017-8570)
- shadowsocksr - Python port of ShadowsocksR
- defcon25-public - Publicly released tools/plugins from PPP for DEFCON 25 CTF Finals
- HUNT
- jenkins-cve-2016-0792 - Exploit for Jenkins serialization vulnerability - CVE-2016-0792
- ja3 - JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
- inforfinder - Inforfinder is a tool to collect information of any domains pointing at some server (ip, domain, range, file). Is able to detect all domains pointing to an IP address and detect CMS version installed in a web (Wordpress, Joomla, prestashop, etc), also is able to detect PHP version, Web Server version, Plesk version...
- pydictor - A powerful and useful hacker dictionary builder for a brute-force attack
- DL_for_xss - Deep learnning for detection with xss
- sssniff - ShadowSocks(SS) traffic sniffer
- ReconDog - Reconnaissance Swiss Army Knife
- altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
- XX-Net - A proxy tool to bypass GFW.
- GoAgent-Always-Available - 一直可用的GoAgent,会定时扫描可用的google gae ip,提供可自动化获取ip运行的版本
- calibre-web - :books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
- aget - Aget - An Asynchronous Downloader
- my-boring-python - shhh.... sth interesting
- bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
- ChineseNER - A neural network model for Chinese named entity recognition
- katoolin4china - Kali tools installer
- shodanwave - Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
- rtcp
- rdiff-backup - Reverse differential backup tool, over a network or locally.
- PRET - Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
- shootback - a reverse TCP tunnel let you access target behind NAT or firewall
- python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).
- tornado - Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
- Struts2-048 - CVE-2017-9791
- ctf-crypto-writeups
- AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets
- ssl_logger - Decrypts and logs a process's SSL traffic.
- lightbulb-framework - Tools for auditing WAFS
- WMD - Python framework for IT security tools
- borg-import - importer for rsync+hardlink based backups / rsnapshot
- bcloud - 百度网盘的linux桌面客户端
- retext - ReText: Simple but powerful editor for Markdown and reStructuredText
- osxcollector - A forensic evidence collection & analysis toolkit for OS X
- CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
- LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- RFIDIOt - python RFID / NFC library & tools
- web3.py - A python interface for interacting with the Ethereum blockchain and ecosystem.
- firmware-analysis-toolkit - Toolkit to emulate firmware and analyse it for security vulnerabilities
- brutespray - Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
- CTFd - CTFs as you need them
- Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
- autoDANE - Auto Domain Admin and Network Exploitation.
- FeelUOwn - trying to be a user-friendly and hackable music player
- htcap - htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.
- Winpayloads - Undetectable Windows Payload Generation
- TextRank4ZH - :deciduous_tree:从中文文本中自动提取关键词和摘要
- bitcoinbook - Mastering Bitcoin 2nd Edition - Programming the Open Blockchain
- wikiextractor - A tool for extracting plain text from Wikipedia dumps
- xwaf - Automatic bypass (brute force) waf
- crawler-user-agents - Syntactic patterns of HTTP user-agents used by bots / robots / crawlers / scrapers / spiders. pull-request welcome :star:
- pyfiscan - Free web-application vulnerability and version scanner
- pentestly - Python and Powershell internal penetration testing framework
- HEVD-Exploits - Various exploits for the HackSys Extreme Vulnerable Driver
- struts2_check - 一个用于识别目标网站是否采用Struts2框架开发的工具demo
- sudo-backdoor - Wraps sudo; transparently steals user's credentials and exfiltrate over DNS. For those annoying times when you get a shell/file write on a sudoers account and need to leverage their credentials.
- crossdomainscanner - Python tool for expired domain discovery in crossdomain.xml files
- passive_scan - 基于http代理的web漏洞扫描器的实现
- getproxy - getproxy 是一个抓取发放代理网站,获取 http/https 代理的程序
- xunfengES
- keysniffer-poc - Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
- goSecure - An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber
- rtfm - A database of common, interesting or useful commands, in one handy referable form
- rtools - pentest floating repo (based off git submodules), and some useful scripts i wrote
- cupper - It comes!!
- java-binary-deserializer - Java Binary data Deserializer/Serializer - Convert serialized Java Objects into readable XML
- F-NAScan - Scanning a network asset information script
- ReconScan - Network reconnaissance and vulnerability assessment tools.
- DamnWebScanner - Another web vulnerabilities scanner, this extension works on Chrome and Opera
- domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
- dirsearch - Web path scanner
- wafpass - Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
- WordSteal - This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
- win_driver_plugin - A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
- cryptoradio - Python script to encrypt and publish on Twitter. Also decrypt tweets from file
- CVE-2017-7494 - Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
- ansigenome - A tool to help you gather information and manage your Ansible roles.
- debops-tools - Your Debian-based data center in a box
- debops-playbooks - Ansible playbooks used by DebOps project
- subdomain3 - A new generation of tool for discovering subdomains( ip , cdn and so on)
- datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
- svn-extractor - simple script to extract all web resources by means of .SVN folder exposed over network.
- Fwaf-Machine-Learning-driven-Web-Application-Firewall - Machine learning driven web application firewall to detect malicious queries with high accuracy.
- getsploit - Command line utility for searching and downloading exploits
- subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
- SweetSecurity - Network Security Monitoring on Raspberry Pi type devices
- BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!
- owtf - Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
- maltrail - Malicious traffic detection system
- gibbersense - Extract Sense out of Gibberish stuff
- morphHTA - morphHTA - Morphing Cobalt Strike's evil.HTA
- pwn-tools - Various tools I have made for pwnage.
- zabbixPwn - Zabbix Jsrpc.php Injection Exploit
- osrframework - OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
- PowerLessShell - Run PowerShell command without invoking powershell.exe
- SambaHunter - It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
- DeathStar - Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
- sqlparse - A non-validating SQL parser module for Python
- mec - for mass exploiting
- NXcrypt - NXcrypt - 'python backdoor' framework
- denyhosts - Automated host blocking from SSH brute force attacks
- ICS-Vulnerabilities - Some ICS Vulnerabilities I've found will be listed here.
- Password-Guessing-Framework - A Framework for Comparing Password Guessing Strategies
- osint-series - Source codes related to the articles about OSINT. Using social media APIs and Python language.
- kali-tools - Run Kali tools on all distributions. Offline search, including in package descriptions.
- cve-2017-7494 - Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share)
- osint_tools_security_auditing - osint_tools_security_auditing
- osint-combiner - Combining OSINT sources in Elastic Stack
- Mastodon-OSINT - Scripts related to Mastodon investigations
- hostintel - A modular Python application to collect intelligence for malicious hosts.
- flunym0us - Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.
- burp-ui - Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
- cangibrina - A fast and powerfull dashboard (admin) finder
- ms17-010-m4ss-sc4nn3r - MS17-010 multithreading scanner written in python.
- free-PACKT-eBooks-Crawler - A tool for claim and save PACKT's FREE TECHNOLOGY EBOOKS.
- ssct - A wrapper tool for shadowsocks to consistently bypass firewalls.
- burpproxypacextension - Exemple d'extension Burp permettant d'utiliser les fichiers de configuration de proxy PAC
- Joomla3.7-SQLi-CVE-2017-8917 - Joomla 3.7 SQL injection (CVE-2017-8917)
- CVE-2017-7269-Echo-PoC - CVE-2017-7269 回显PoC ,用于远程漏洞检测..
- code - The sourecode
- deep-anpr - Using neural networks to build an automatic number plate recognition system
- CVE-2017-3599 - Proof of concept exploit for CVE-2017-3599
- routerz - Some exploits for ZeroNights 0x03
- ZTExploit - ZTE ZXV10 H108L Router with <= V1.0.01_WIND_A01 - Remote root RCE Exploit
- rexploit - RExploit (Router Exploitation) is a tool that search exploits for any router SOHO. It is written on Python and QT.
- Huawei - Some Of Huawei Routers Exploits
- ssh-mitm - SSH man-in-the-middle tool
- github-dorks - Find leaked secrets via github search
- goMS17-010 - Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
- gnunigma-python - Enigma encryption machine emulation in Python.
- CatMyPhish - Search for categorized domain
- AnyScan - AnyScan
- HexRaysPyTools - IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
- IIS_shortname_Scanner - an IIS shortname Scanner
- ds_store_exp - A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
- howmanypeoplearearound - Count the number of people around you :family_man_man_boy: by monitoring wifi signals :satellite:
- clean-baidutieba - 删除自己在百度贴吧的发帖和回复
- fuzzbunch-debian - Fuzzbunch deployment for Debian - Intructions: Readme.md
- QBotWebWrap - Web Wrap for QBot series QQ/QQ空间在线挂机
- cve-crawler
- z3-stuff - z3 scripts and ctf challenge solutions.
- emailwhois - Look up an email domain (@example.com), using Python, across all known domains.
- pytorch-dnc - Neural Turing Machine (NTM) & Differentiable Neural Computer (DNC) with pytorch & visdom
- macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
- WebEye
- pygeoip - DEPRECATED: Pure Python API for Maxmind's binary GeoIP databases
- histstat - history for netstat
- WindowsExploits - Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.
- rsync_scan - rsync空口令扫描器
- ida-arm-system-highlight - IDA script for highlighting and decoding ARM system instructions
- AssistantPi - Bring both Google Assistant and Alexa to your Raspberry Pi
- dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts
- bgp-ranking - BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN).
- openai_lab - An experimentation framework for Reinforcement Learning using OpenAI Gym, Tensorflow, and Keras.
- pwnbin - Python Pastebin Webcrawler that returns list of public pastebins containing keywords
- scanless - online port scan scraper
- RtspFuzzer - RTSP network protocol fuzzer
- The-Password-Manager - Manager/Generator With AES Encrypted Vault - Updated 27/9/2017
- certitude - The Seeker of IOC
- ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
- nsshell - A DNS connectback shell executed by strings in payloads.txt
- tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
- mhn - Modern Honey Network
- pyvulhunter - python audit tool 审计 注入 inject
- Deformable-ConvNets - Deformable Convolutional Networks
- pocserver - Scripts running in public webserver for vulnerability PoC
- bropy - Basic Anomaly IDS capabilities with Python and Bro
- wifiphisher - The Rogue Access Point Framework
- intel_amt_honeypot - intel amt honeypot
- CrackMapExec - A swiss army knife for pentesting networks
- fInd0 - Tool to find domains in sold about a target
- ctf - Ctf solutions from p4 team
- struts2_045_scan - Struts2-045 Scanner
- apiscout - This project aims at simplifying Windows API import recovery on arbitrary memory dumps
- Zulu - The Zulu fuzzer
- pylnker - This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.
- exploits
- plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
- BitcoinStrategy - bitcoin arbitrage between Huobi and Okcoin
- BitcoinExchangeFH - Cryptocurrency exchange market data feed handler
- not-your-average-web-crawler - A web crawler (for bug hunting) that gathers more than you can imagine.
- write-ups-2017 - Wiki-like CTF write-ups repository, maintained by the community. 2017
- CryptoBook - Learning Cryptography, math and programming with Cryptol (and maybe some Python)
- pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
- dnsdiag - DNS Diagnostics and Performance Measurement Tools
- bearded-avenger - CIF v3 -- the fastest way to consume threat intelligence
- PoC - Various PoCs
- ZipCrack - ZipCrack with Python
- octodns - Tools for managing DNS across multiple providers
- trsh - Telegram Remote-Shell
- tldextract - Accurately separate the TLD from the registered domain and subdomains of a URL, using the Public Suffix List.
- splinter - splinter - python test framework for web applications
- gixy - Nginx configuration static analyzer
- ZEROScan - Multi-Thread Vulnerability Verify Framework
- hacking - OpenStack Hacking Style Checks. Mirror of code maintained at opendev.org.
- XSSYA-V-2.0
- coursera-dl - Script for downloading Coursera.org videos and naming them.
- python-broadlink - Python module for controlling Broadlink RM2/3 (Pro) remote controls, A1 sensor platforms and SP2/3 smartplugs
- Broadlink-e-control-db-dump - These two scripts will "parse" the broadlink e-Control Android application database or SharedData and dump the IR / RF codes for selected accessories into a text file which can be later used with broadlink-python to send the codes to the RM PRO hub
- subconscious - redis-backed (in memory) db for python3 that is asyncio compatible
- mocktailsmixer - Make a DIY Robotic Mocktails Mixer Powered by the Google Assistant SDK
- irc-client - Simple IRC (Internet Relay Chat) Client written in Python
- katoolin - Automatically install all Kali linux tools
- hexo-git-backup-tools - Back-up the source files of my blog.
- docker-ida - Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.
- fonttools - A library to manipulate font files from Python.
- aptc - Automated Payload Test Controller
- BigDataML
- cve-offline - An easy to grep dump of the NVD database showing only; CVE-ID, CVSS Risk Score, and Summary.
- leviathan - wide range mass audit toolkit
- Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
- Beehive - Beehive is an open-source vulnerability detection framework based on Beebeeto-framework. Security researcher can use it to find vulnerability, exploits, subsequent attacks, etc.
- pacemaker - Heartbleed (CVE-2014-0160) client exploit
- searx - Privacy-respecting metasearch engine
- weblogic-serialization-exploit-updated - Updated the FoxGlove Security WebLogic serialization exploit.
- hackUtils - It is a hack tool kit for pentest and web security research.
- algorithms - Minimal examples of data structures and algorithms in Python
- JavaUnserializeExploits
- shellnoob - A shellcode writing toolkit
- labs - Vulnerability Labs for security analysis
- virtualenv-burrito - One command to have a working virtualenv + virtualenvwrapper environment.
- scan
- eval
- blindy - Simple script to automate brutforcing blind sql injection vulnerabilities
- mblogic-S2-client - The client side HMI for the S2 modbus control. This has many html and css pages which were custom edited and also have needed server and client base programs.
- cheetah - a very fast brute force webshell password tool
- multiscanner - Modular file scanning/analysis framework
- manticore - Symbolic execution tool
- exp - 各种流行的POC批量扫描工具,当然其中的目标需要自己去收集。
- Sublist3r - Fast subdomains enumeration tool for penetration testers
- sicklepoc
- scantastic-tool - It's bloody scantastic
- jieba - 结巴中文分词
- CustomDeserializer - Custom Deserializer
- theHarvester - E-mails, subdomains and names Harvester - OSINT
- Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation
- jdwp-shellifier
- OSTrICa
- GitMiner - Tool for advanced mining for content on Github
- eqgrp-free-file - Free sampling of files from the purported Equation Group hack.
- tutorials - 机器学习相关教程
- jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
- libheap - python library to examine ptmalloc (the glibc userland heap implementation)
- PortScan
- NVRScanner
- password - 1
- yeti - Your Everyday Threat Intelligence
- userline - Query and report user logons relations from MS Windows Security Events
- fuzzbunch_wrapper - Fuzzbunch Python-Wine wrapper
- AIL-framework - AIL framework - Analysis Information Leak framework
- expdevBadChars - Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
- osint_public
- Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable.
- datasploit - Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.
- pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
- CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
- DAMM - Differential Analysis of Malware in Memory
- opensnitch - OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
- Loki - Loki - Simple IOC and Incident Response Scanner
- casper - Casper contract, and related software and tests
- writeups - CTF writeups
- pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
- nmap-converter - Python script for converting nmap reports into XLS
- pynmap - A serious attempt to implement multi-threading to nmap module, which would result in faster scanning speed. I know that one can write NSE scripts for multi-threaded scanning with it, but I wanted to try it on python.
- haveibeenpwned - Python script to verify multiple email addresses for pwnage
- PyPwned - A Python client for the HaveIBeenPwned REST API
- jackit - JackIt - Exploit Code for Mousejack
- GithubLeakAlert
- pyscap - Python implementation of a Security Content Automation Protocol compatible Configuration, Vulnerability, Patch and Inventory Scanner
- creak - Poison, reset, spoof, redirect MITM script
- FakeGit - FakeGit: A great tool to fool yourself and others
- dns-parallel-prober - PoC for an adaptive parallelised DNS prober
- cisco-rce - CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC
- tun64 - IPv6 transition tunnel-based mechanism information exfiltration tool
- whereami - Uses WiFi signals :signal_strength: and machine learning to predict where you are
- ipwndfu - open-source jailbreaking tool for many iOS devices
- pythonwebhack - 用python实现的web框架建立的在线渗透平台
- github_trending_spider
- github_relationship - a simple spider for github instead of api
- webdirscan - 跨平台的web目录扫描工具
- proxy_pool - Python爬虫代理IP池(proxy pool)
- pyinotify - Monitoring filesystems events with inotify on Linux.
- netattack - A simple python script to scan and attack wireless networks.
- punter - Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare
- apticket-nonce-checker - Python script which parses 32-bit SHSH/APTickets and prints the APTicket nonce, if any.
- awesome-iot - Awesome IoT. A collaborative list of great resources about IoT Framework, Library, OS, Platform
- TaobaoUser - Get anonymous user of Taobao
- OnlineJudge - open source online judge based on Vue, Django and Docker. | 青岛大学开源 Online Judge | QQ群 496710125 | [email protected]
- xsscrapy - XSS spider - 66/66 wavsep XSS detected
- Report-IP-hourly - 📬 Report Linux IP by email hourly.
- CTF - CTF's writeups
- yara-exporter - Exporting MISP event attributes to yara rules usable with Thor apt scanner
- timesketch - Collaborative forensic timeline analysis
- PloitKit - The Hacker's ToolBox
- spiderfoot - SpiderFoot automates OSINT collection so that you can focus on analysis.
- advanced-web-scraping-tutorial - The Zipru scraper developed in the Advanced Web Scraping Tutorial.
- pytorch-tutorial - PyTorch Tutorial for Deep Learning Researchers
- urh - Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
- datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
- RTTanalysis - Estimation and analysis of round trip time in TCP traffic
- findcrypt-yara - IDA pro plugin to find crypto constants (and more)
- CnblogsSpider - 用scrapy采集cnblogs列表页爬虫
- AutOSINT - Tool to automate common OSINT tasks
- pyscatwave - Fast Scattering Transform with CuPy/PyTorch
- isp-data-pollution - ISP Data Pollution to Protect Private Browsing History with Obfuscation
- evilginx - PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2
- og-miner - OpenDNS Graph Miner
- ThreatHunter-Playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
- TravelPhotoBackup - This is an OLD repository and has been left here for reference purposes only. New repository can be found at: https://github.com/Moving-Electrons/photo-backup. More information at www.movingelectrons.net .
- drawlikebobross - Draw like Bob Ross using the power of Neural Networks (With PyTorch)!
- SAKS-tutorials - SAKS Tutorials
- pycookiecheat - Borrow cookies from your browser's authenticated session for use in Python scripts.
- taobao_bra_crawler - a taobao web crawler just for fun.
- GitPrey - Searching sensitive files and contents in GitHub associated to company name or other key words
- DSXS - Damn Small XSS Scanner
- genpAss
- SinaWeiboSpider-Mongodb - weibo spider
- tweets_analyzer - Tweets metadata scraper & activity analyzer
- tweepy - Twitter for Python!
- twitter-user-geocoder - Resolve the `location` string in Twitter users' profiles to US states (and cities)
- tweetf0rm - A twitter crawler in Python
- ScrapyTwitter - Crawling twitter info Using Scrapy+Splash
- TwitterScrape - A Twitter scraping tool using Scrapy
- msku-etkinlik - MSKU Etkinlik Kodları
- cbg-scrapy - Simple HTTP server for asynchronous scrapping data from Twitter API using Twisted library
- scrapy-twitter
- python-ngrokd
- Awesome-Linux-Software - A list of awesome applications, software, tools and other materials for Linux distros.
- ubuntu-make - Easy setup of common tools for developers on Ubuntu.
- SublimeOnSave - Executes commands on file save.
- github_search - 根据 keywords 搜索 github 上面的 repos, 并通过 web 展示
- TwitterSpider - Parsing tweets from Twitter Profiles with Python
- woeid - Scrapy crawling woeid and twitter trends (using api)
- scrapy-twitter - crawl twitter timeline using scrapy
- twitter_scrapy - Use Scrapy to crwal Twitter .THE 1.0 Edition
- Sneaker-Notify - Sneaker/Restock/Monitor Notify via Twitter coded in Python using Scrapy.
- algo - Set up a personal VPN in the cloud
- you-get - :arrow_double_down: Dumb downloader that scrapes the web
- gitbook-wiki - :book: Wiki powered by Gitbook :)
- gitbook-deploy - a simple tool help me deploy gitbook to github pages.
- weixinpy - Python client SDK for Micro Message Public Platform API.
- pandas-datareader - Extract data from a wide range of Internet sources into a pandas DataFrame.
- tushare - TuShare is a utility for crawling historical data of China stocks
- pandasql - sqldf for pandas
- HackRequests - It is a dedicated requests lib that supports cookie, headers, get/post, etc. And it also supports rendering the response (e.g. Javascript, CSS, etc.) of GET requests by using PhantomJs enginee.
- bypy - Python client for Baidu Yun (Personal Cloud Storage) 百度云/百度网盘Python客户端
- cupp - Common User Passwords Profiler (CUPP)
- textfilter - 敏感词过滤的几种实现+某1w词敏感词库
- langid.py - Stand-alone language identification system
- reddit - historical code from reddit.com
- httpstat - curl statistics made simple
- PyMySQL - Pure Python MySQL Client
- flask-limiter - Rate Limiting extension for Flask
- glances - Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems.
- sh - Python process launching
- nginx-book - Nginx开发从入门到精通
- explore-flask - Source of Explore Flask book
- chinese-programmer-wrong-pronunciation - 中国程序员容易发音错误的单词
- jumpserver - JumpServer 是全球首款开源的堡垒机,是符合 4A 的专业运维安全审计系统。
- locust - Scalable user load testing tool written in Python
- saythanks.io - Spreading Thankfulness in Open Source.
- mycli - A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.
- explore-python - :green_book: The Beauty of Python Programming.
- algorithm
- Raspberry_face_recognition_attendance_machine - 2016年完成,调用face++进行人脸识别语音发音的树莓派平台下的考勤机。
- SinaHouseCrawler - 基于scrapy,scrapy-redis实现的一个分布式网络爬虫,爬取了新浪房产的楼盘信息及户型图片,实现了常用的爬虫功能需求.
- phantomJS-weibo - phantomJS新浪微博爬虫
- SinaSpider - 动态IP解决新浪的反爬虫机制,快速抓取内容。
- telnet-scanner - telnet服务密码撞库
- V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
- PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- BruteXSS - BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience.
- pythem - pentest framework
- log_visual - 日志可视化
- AnalysePass
- Shortcut-Downloader - Shortcut Downloader
- ScanCVE - 监控github上CVE增量,并发送微信通知
- okadminfinder3 - [ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻
- OSINTretasNoHayPastebines - Trabajo de OSINT para búsqueda de patrones en pastebin.
- Exploit - 常用的一些Exploit,经常会更新,也欢迎各位提交新的exp给我。
- Nessus-update - Nessus 一键下载 最新更新脚本
- ThreatReputationQuery - 基于威胁情报厂商服务平台API的即时Domain/IP/URL信誉查询系统
- CVE-2020-17530 - S2-061 的payload,以及对应简单的PoC/Exp
- EasyTrans - 支持谷歌翻译、百度翻译、有道翻译的免费接口,基于Django、PyMuPDF实现了pdf文档英译汉的功能,翻译后的pdf格式基本保持不变,可以下载docx和pdf格式的翻译文档,基本解决复制caj中文论文时的格式问题,简单的满足看论文以及写总结的需求。
- MyCT - 用于渗透测试、安全运维的插件化并发框架,自写插件可进行-PoC测试、子域发现、端口扫描等。
- JCE - JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅助脚本
- papers - Academic papers and articles that I read related to web hacking, fuzzing, etc. / 阅读过的Web安全方向、模糊测试方向的一些论文与阅读笔记
- shiro-exploit - Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key爆破,配合ysoserial,生成回显Payload
- eat_pytorch_in_20_days - Pytorch🍊🍉 is delicious, just eat it! 😋😋
- fastapi - 基于Fastapi开发,集成Celery-redis分布式任务队列、JWT 用户系统、ElasticSearch和encode orm的基础项目模板,大家可以根据自己的需求在本模板上进行修改
- fastjson_rec_exploit - fastjson一键命令执行
- AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
- 667788 - 动态爬虫+logo识别
- HTMLSimilarity - 网页相似度判断:根据网页结构判断页面相似性 ,可用于相似度计算、越权检测等(Determine page similarity based on HTML page structure)
- Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
- unauthorized-check - 扫描常见未授权访问(redis、mongodb、memcached、elasticsearch、zookeeper、ftp、CouchDB、docker、Hadoop)
- proxy.py - ⚡⚡⚡Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on Network monitoring, controls & Application development, testing, debugging
- CVE-Flow - CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送
- scan - 自用脚本 欢迎star
- J2ExpSuite - 一个以python3编写的的漏洞检测框架,可自定义,添加poc,exp,,不需要修改其他内容,只需要编写POC自动执行检测
- SZhe_Scan - 碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC
- ThinkphpRCE - Thinkphp rce扫描脚本,附带日志扫描
- RSS-OPML-to-Markdown - 🎁 Convert RSS OPML file to Markdown - easy to read and share
- AWD_FrameWork - 近乎无解的AWD框架
- code2docx - java、python、go、shell等项目代码读取并存储到一个word文档中,软著申请工具。
- Python24 - 网上搜集的自学python语言的资料集合,包括整套代码和讲义集合,这是至今为止所开放网上能够查找到的最新视频教程,网上找不到其他最新的python整套视频了,. 具体的无加密的mp4视频教程和讲义集合可以在更新的Readme文件中找到,下载直接打开就能播放,项目从零基础的Python教程到深度学习,总共30章节,其中包含Python基础中的飞机大战项目,WSGI项目,Flask新经资讯项目, Django的电商项目(本应该的美多商城项目因为使用的是Vue技术,所以替换为Django天天生鲜项目)等等,希望能够帮助大家。资源搜集劳神费力,能帮到你的话是我的福分,望大家多多支持,喜欢本仓库的话,记得Star哦。
- RedisDirScan - 此脚本用于测试 Rdies 未授权访问,在没权限写ssh私钥和定时任务又不知道web绝对路径的情况下,进行WEB目录探测
- WTF_Scan - 一款WEB端的在线敏感资产扫描器,扫描网站中的指纹、漏洞及相关敏感信息,针对已经识别的CMS指纹,进行二次0day扫描利用,一键GetShell也不是不可能!!!
- GithubMonitor - 根据关键字与 hosts 生成的关键词,利用 github 提供的 api,监控 git 泄漏。
- EverydayWechat - 微信助手:1.每日定时给好友(女友)发送定制消息。2.机器人自动回复好友。3.群助手功能(例如:查询垃圾分类、天气、日历、电影实时票房、快递物流、PM2.5等)
- py12306 - 🚂 12306 购票助手,支持集群,多账号,多任务购票以及 Web 页面管理
- SvnHack - 一个Svn信息泄露辅助工具,可以使用这个脚本列取网站目录,读取源码文件以及下载整站代码。
- bayonet - bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
- weblogicScanner - weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883
- HawkeyeMonitor - HawkeyeMonitor 可用于企业内部的安全管理,自动化漏洞检测漏洞、企业内部资产管理,周期巡检,实时监控等服务
- hunter - Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。
- Medusa - :cat2:Medusa是一个红队武器库平台,目前包括主动、被动扫描(200+个漏洞)、XSS平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
- nadbg - 👀Dynamic memory watcher/tracer/analyzer for CTF pwn
- emmmm - struts2系列漏洞,jboss,weblogic,webshell(爆破的方式),thinkphp5_rce....
- PypiScan - 这个脚本主要提供对pypi供应链的源头进行安全扫描研究,扫描并发现未知的恶意包情况。
- crawlergo_x_XRAY - 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
- ESD - Enumeration sub domains(枚举子域名)
- PubilcAssetInfo - 以甲方安全人员的视角,尽可能收集发现企业的域名和服务器公网IP资产
- mdpicker-qiniu - :scissors: 简化使用 markdown 写作时插入图片的繁琐流程,自动将截图后剪贴板中的图片上传至个人七牛云空间,并获取图片外链,输出到剪贴板
- Kunlun-M - Kunlun-Mirror 专注于安全研究员使用的审计辅助工具
- UserDeviceTracker - 快速定位一个IP或MAC在你的网络中的位置,是网络工程师提高工作效率的利器,也可以为CMDB提供基础网络数据。
- dnsAutoRebinding - ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6
- svn_git_scanner - 用于扫描git,svn泄露
- musicbox - 网易云音乐命令行版本
- QQParking - QQBot, QQ机器人,用于QQ挂机。自动回复私聊及临时对话,记录留言并转发至邮箱,账号(被踢)下线邮件提醒。
- ArchiveBox - 🗃 The open source self-hosted web archive. Takes browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...
- githubSpider - 使用python爬虫批量爬取GitHub上的高star项目并定期pull保持最新
- POC-T - 渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
- qqwry-python3 - 在纯真IP数据库(qqwry.dat)查询IP归属地, for python 3.0+,已上传至pypi:https://pypi.org/project/qqwry-py3/
- HelloGitHub - :octocat: Find pearls on open-source seashore 分享 GitHub 上有趣、入门级的开源项目
- ARL - ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
- Watchdog - Watchdog是bayonet修改版,重新优化了数据库及web及扫描程序,加入多节点
- linbing - 本系统是对目标进行漏洞扫描的一个系统,前端采用vue技术,后端采用flask.核心原理是扫描主机的开放端口情况,然后根据端口情况逐个去进行poc检测,poc有110多个,包含绝大部分的中间件漏洞,本系统的poc皆来源于网络或在此基础上进行修改,在centons7环境下使用nginx和uwsgi部署,部署起来可能有点麻烦,烦请多点耐心
- Awesome-TensorFlow-Chinese - Awesome-TensorFlow-Chinese,TensorFlow 中文资源精选,官方网站,安装教程,入门教程,视频教程,实战项目,学习路径。QQ群:167122861,公众号:磐创AI,微信群二维码:http://www.tensorflownews.com/
- LocalizedMenu - Localize Tool & Localized Menu for Sublime Text 2/3 End User. Localization with 简体中文(Simplified Chinese)/繁体中文(Traditional Chinese)/Русский(Russian)/Español(Spanish)/Հայերեն(Armenian)/Svenska(Swedish)/Français(French)/Português(Portuguese)/Any other language.
- vulmap - Vulmap - Web vulnerability scanning and verification tools,支持扫描 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, nexus, weblogic, jboss, thinkphp,并且具备漏洞利用功能。CVE-2020-14882, CVE-2020-2555, CVE-2020-2883, S2-061, CVE-2020-13942, CVE-2020-17530, CVE-2020-17518, CVE-2020-17519
- Cerberus - 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
- Github_Nuggests - 自动爬取Github上文件敏感信息泄露,抓取邮箱密码并自动登录邮箱验证,支持126,qq,sina,163邮箱
- thinkstats - 程序员统计入门, fork自thinkstats, 改动: 用Numpy, Pandas处理数据, Seaborn可视化
- QUANTAXIS_SPIDER - QUANTAXIS 爬虫mod python/javascript/mongodb
- MEDUZA - A more or less universal SSL unpinning tool for iOS
- MyCobra - 结合Cobra和libclang的代码审计工具,对伪代码以及C系列语言进行代码检查。
- Drishti - A fast HTTP Response status checker implemented in Python3
- xmlrpc-common-deserialization - CVE-2019-17570 details and proof of concept
- TorghostNG - TorghostNG - Make all your internet traffic anonymized with Tor network. Now support Privoxy. Rewritten from TorGhost with Python 3
- AngelSword - Python3编写的CMS漏洞检测框架
- ctf_game_history - CTF题目缓存(题目信息及附件),用于题目复现和学习
- AndroidSecurityStudy - 安卓应用安全学习
- 2019_Vul_warning_Poc_Collect - 整理的2019年厂商发布的漏洞预警公开POC集合,不足之处还希望多多补充,完善
- QRLJacking - QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
- GSDF - A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具
- MongoDB_AutoDump - 用于快速探测未授权MongoDB数据库结构,取第一条内容,并统计数据数量。A tool for unauthorized MongoDB database , take the first content, and the number of statistical data.
- RSAS-Data-Export - 绿盟极光远程安全评估系统(RSAS)-RSAS漏洞数据导出工具
- Xray_and_crwlergo_in_server - 雇一位免费的360工程师和一位长亭工程师为你挖洞,还有听话的server酱给你汇报
- posthog - 🦔 PostHog is developer-friendly, open-source product analytics.
- urlscan - 一款url快速检测工具,能够根据关键词搜索域名信息、快速获取url信息 来自Plat狼组安全平台
- reGeorg-Weblogic - reGeorg的特殊版本,适用于老版本weblogic。
- proxypool - ip代理池,提供在线查询
- some_pocsuite - 用于漏洞排查的pocsuite3验证POC代码
- simpleui - A modern theme based on vue+element-ui for django admin.一款基于vue+element-ui的django admin现代化主题。全球10000+网站都在使用!喜欢可以点个star✨
- BiliDrive - ☁️ 哔哩云,不支持任意文件的全速上传与下载
- algo - 数据结构和算法必知必会的50个代码实现
- RPR-Run-Pause-Resume - Credential-guessing enhancement to BurpSuite/Turbo-Intruder which implements pauses during attack runs
- Str4W - A command line PHP backdoor with the simplest stager ever.
- pocsuite-z - pocsuite-z is an open-sourced remote vulnerability testing framework enhanced by z3r0yu.
- muddyc3 - Leaked Muddyc3 C2 source.
- MuddyC3v1.0.1- - This is the MuddyWater APT C3 v1.0.1 Source
- BruteDum - BruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack
- Xeexe-TopAntivirusEvasion - Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
- ConverterWebContent - simple tools to convert parameter in POST request from json to html or html to json
- Shodanfy.py - Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate-limit!)
- tongda_oa_rce - 通达oa 越权登录+文件上传getshell
- chisel - Chisel is a collection of LLDB commands to assist debugging iOS apps.
- XSS-Freak - XSS-Freak is an xss scanner fully written in python3 from scratch. it is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. then it searches them for inputs tags and then launches a bunch of xss payloads. if an inputs is not sanitized and vulnerable to xss attacks, the tool will discover it in seconds.
- BurpSuite-Secret_Finder - Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
- ProxySqlMap - From Proxy to SqlMapApi
- Konan - Konan - Advanced Web Application Dir Scanner
- Tool-X - Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other Linux based systems. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based distributions.
- CTF_Hacker-Tools - CTF-渗透测试~工具合集
- pastebin_scraper
- payjs_faka - 这个是基于payjs的发卡平台。
- takeover - Sub-Domain TakeOver Vulnerability Scanner
- house-renting - Possibly the best practice of Scrapy 🕷 and renting a house 🏡
- microsoftSpider - 爬取微软漏洞信息,MS对应的每个版本操作系统KB号以及补丁下载地址。
- PTWeiboSpider - 针对新浪微博的多功能爬虫
- Learn-Web-Hacking - Study Notes For Web Hacking / Web安全学习笔记
- ALB - 攻击日志分析工具
- isf - ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python
- tool - 渗透测试实用工具
- Searpy - 🥀 Search Engine Tookit,URL采集、Favicon哈希值查找真实IP、子域名查找
- Getshell - 一款基于shodan识别漏洞,批量getshell的脚本,可以用来渗透测试练手使用,只写了海康威视一个漏洞的,感兴趣可以自己修改
- TFofa - 一个使用Fofa API查询的小工具
- Weblogic_Scan - 一款Weblogic漏洞扫描工具,批量ip,多端口检测。
- 3.7-billion-passwords-tools - Tools to manipulate the data behind Collection #1 (and #2–5) - AntiPublic.
- BilibiliCTF - BilibiliCTF 简单记录
- SRC-script - 挖掘src常用脚本
- CTFCrackTools-V2 - China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
- EBurst - 这个脚本主要提供对Exchange邮件服务器的账户爆破功能,集成了现有主流接口的爆破方式。
- Xray_Rad_Fusion - 高级版的Xray和Rad爬虫深度融合一键使用把我馋的够呛 但是我没有高级版,又想要。于是决定自己撸了一个。算是勉强达到了融合效果吧。
- CVE-2020-14882_ALL - CVE-2020-14882_ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。
- RedTeamTools - 记录自己编写、修改的部分工具
- GGSCAN - 一款渗透时快速资产探测工具
- SatanSword - 红队综合渗透框架
- burp_find_shiro - 通过burp代理流量寻找shiro站点
- impacket - Impacket is a collection of Python classes for working with network protocols.
- exphub - Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
- flare-ida - IDA Pro utilities from FLARE team
- wechat-spider - 开源微信爬虫:爬取公众号所有 文章、阅读量、点赞量和评论内容。易部署。持续维护!!!
- superl-url - 根据关键词,对搜索引擎内容检索结果的网址内容进行采集的一款轻量级软程序。 程序主要运用于安全渗透测试项目,以及批量评估各类CMS系统0DAY的影响程度,同时也是批量采集自己获取感兴趣的网站的一个小程序~~ 可自动从搜索引擎采集相关网站的真实地址与标题等信息,可保存为文件,自动去除重复URL。同时,也可以自定义忽略多条域名等。
- PyOne - PyOne-一款给力的onedrive文件管理、分享程序
- awesome-web-editor - 🔨 Open source WEB editor summary 🐛
- DB_BaseLine - 数据库基线检查工具
- httpscan - 一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR
- GitHack - .git 泄漏利用工具,可还原历史版本
- nlp - 兜哥出品 <一本开源的NLP入门书籍>
- Code-Confuse-Plugin - iOS代码混淆插件;A plugin to confuse codes in iOS Platform.
- OpsManage - 自动化运维平台: 代码及应用部署CI/CD、资产管理CMDB、计划任务管理平台、SQL审核|回滚、任务调度、站内WIKI
- scylla - Intelligent proxy pool for Humans™ (Maintainer needed)
- struts-scan - Python2编写的struts2漏洞全版本检测和利用工具
- w8fuckcdn - Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址
- PHP_Source_Audit_Tools - PHP 白盒分析工具,结合AST 和数据流跟踪分析代码,达到自动化白盒审计功能
- Intranet-Penetration - 内网渗透必备工具。
- btScan - 批量漏洞扫描框架
- docker_api_vul - docker 未授权访问漏洞利用脚本
- AWVS11_Python3 - 之前做系统,要对接AWVS11,写了一个可以python3的调用文档,感兴趣的可以看看
- LayerPyAwvs - Python结合Layer子域名挖掘机实现Awvs自动扫描
- lalascan - 自主开发的分布式web漏洞扫描框架,集合webkit爬虫,Subdomain子域名发现,sqli、反射xss、Domxss等owasp top10漏洞扫描和边界资产发现能力。同时为通用CMS POC扫描提供了插件扩展平台
- DBScanner - 自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch),包含未授权访问及常规弱口令检测
- blogroll - 世界一流兼容并包TUNA协会收集的周围同学们的Blog
- TPLINKKEY - 根据TPLINK系列路由器存在的漏洞批量扫描获取wifi密码
- mimipenguin - Mimipenguin密码抓取神器
- onlinetools - 在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..
- uPing - 一个24小时监测VPS延迟的工具
- kiwi - kiwi:安全源码审计工具
- dbLeakscan - this scanner try to scan some dbbak or ctf #源码泄露
- toapi - Every web site provides APIs.
- ShiroScanPlus - ShiroScanPlus是基于sv3nbeast/ShiroScan改进的增强版的Shiro反序列化一键检测工具
- FofaSpider - Fofa爬虫支持高级查询语句批量爬取
- Middleware-Vulnerability-detection - CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
- Phishing-Detection - Phishing Webpage;Isolation Forest;XGBoost;Random Forest
- Hacker_Prison - 一款攻防对抗中防守方使用的脚本
- awvs-decode - The best and easiest way to decode and repack AWVS scripts. AWVS 最好、最简单、最新的解码/再打包方法,仅15行代码!
- javsdt - 影片信息整理工具,抓取元数据nfo,自定义重命名文件(夹),下载fanart裁剪poster,为emby、kodi、极影派铺路。
- dedecmscan - 织梦全版本漏洞扫描
- weixin-spider - 微信公众号爬虫,公众号历史文章,文章评论,文章阅读及在看数据,可视化web页面,可部署于Windows服务器。基于Python3之flask/mysql/redis/mitmproxy/pywin32等实现,高效微信爬虫,微信公众号爬虫,历史文章,文章评论,数据更新。
- frida-skeleton - 基于frida的安卓hook框架,提供了很多frida自身不支持的功能,将hook安卓变成简单便捷,人人都会的事情
- Rubbish-Video-Generator - 营销号视频生成器
- BLE-Security-Attack-Defence - ✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
- tugarecon - Fast subdomains enumeration tool for penetration testers.
- InfoSpider - INFO-SPIDER 是一个集众多数据源于一身的爬虫工具箱🧰,旨在安全快捷的帮助用户拿回自己的数据,工具代码开源,流程透明。支持数据源包括GitHub、QQ邮箱、网易邮箱、阿里邮箱、新浪邮箱、Hotmail邮箱、Outlook邮箱、京东、淘宝、支付宝、中国移动、中国联通、中国电信、知乎、哔哩哔哩、网易云音乐、QQ好友、QQ群、生成朋友圈相册、浏览器浏览历史、12306、博客园、CSDN博客、开源中国博客、简书。
- N-MiddlewareScan - N-MiddlewareScan 魔改,自写的一款中间件漏洞扫描脚本
- baize - 白泽自动化运维系统:配置管理、网络探测、资产管理、业务管理、CMDB、CD、DevOps、作业编排、任务编排等功能,未来将添加监控、报警、日志分析、大数据分析等部分内容
- better-ctf-tools - 更好的ctf密码学加解密及编解码工具
- crack-geetest - 滑动验证码破解示例,仅供学习使用。
- HG2821T-U_PoC - 电信光猫HG2821T-U家庭网关代码执行反弹shell的PoC
- gain - Web crawling framework based on asyncio.
- Forensic-Tools - A collection of tools for forensic analysis
- iScript - 各种脚本 -- 关于 虾米 xiami.com, 百度网盘 pan.baidu.com, 115网盘 115.com, 网易音乐 music.163.com, 百度音乐 music.baidu.com, 360网盘/云盘 yunpan.cn, 视频解析 flvxz.com, bt torrent ↔ magnet, ed2k 搜索, tumblr 图片下载, unzip
- Hscan - Host scan:Host vulnerability scan主机漏洞扫描
- pystinger - Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
- ctf-wscan - 为ctf而生的web扫描器
- httpie - As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie
- Git_Extract - 提取远程 git 泄露或本地 git 的工具
- identYwaf - Blind WAF identification tool
- easyXssPayload - XssPayload List . Usage:
- DynDataResolver
- tomcatWarDeployer - Apache Tomcat auto WAR deployment & pwning penetration testing tool.
- CVE-2019-0708 - 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
- oneshellcrack - a very very fast brute force webshell password tool
- WebCrack - WebCrack是一款web后台弱口令/万能密码批量检测工具,在工具中导入后台地址即可进行自动化检测。
- uEmu - Tiny cute emulator plugin for IDA based on unicorn.
- AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
- Cloudmare - Cloudflare, Sucuri, Incapsula real IP tracker.
- PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
- ghost - Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.
- FRIDA-DEXDump - Fast search and dump dex on memory.
- IDAGolangHelper - Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary
- BurpSuite-collections - 有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
- LaZagneForensic - Windows passwords decryption from dump files
- Powershell-RAT - Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
- DNS-Shell - DNS-Shell is an interactive Shell over DNS channel
- AttackSurfaceMapper - AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
- pylane - An python vm injector with debug tools, based on gdb.
- AndroidAttacher - IDA debugging plugin for android armv7 so
- IDAPythonEmbeddedToolkit - IDA Python Embedded Toolkit -- IDAPython scripts for automating analysis of firmware of embedded devices
- CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
- drozer - The Leading Security Assessment Framework for Android.
- IDAngr - Use angr in the IDA Pro debugger generating a state from the current debug session
- ABPTTS - TCP tunneling over HTTP/HTTPS for web application servers
- Y-SubDomain - 🐗 造轮子之子域名获取工具
- Vxscan - python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
- w3-goto-world - 🍅Git/AWS/Google 镜像 ,SS/SSR/VMESS节点,WireGuard,IPFS, DeepWeb,Capitalism 、行业研究报告的知识储备库
- CVE-2019-2725 - CVE-2019-2725 命令回显
- Exchange2domain - CVE-2018-8581
- masnmapscan-V1.0 - 一款端口扫描器。整合了masscan和nmap两款扫描器,masscan扫描端口,nmap扫描端口对应服务,二者结合起来实现了又快又好地扫描。并且加入了防火墙的功能
- Pcap-Analyzer - Python编写的可视化的离线数据包分析器
- burpFakeIP - 一个用于伪造ip地址进行爆破的Burp Suite插件
- Struts2-Scan - Struts2全漏洞扫描利用工具
- machinae - Machinae Security Intelligence Collector
- BurpCollect - 基于BurpCollector的二次开发, 记录Burpsuite Site Map记录的里的数据包中的目录路径参数名信息,并存入Sqlite,并可导出txt文件。
- TideFinger - TideFinger——指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确。
- ODIN - Automated network asset, email, and social media profile discovery and cataloguing.
- PyJFuzz - PyJFuzz - Python JSON Fuzzer
- inventedAttack - A POC attack combining IP SPoofing, SYN Flood and IP Fragmentation
- WebShellCheck - Webshell Detection Based on Deep Learning
- findWebshell - findWebshell是一款基于python开发的webshell检测工具。
- K8CScan - K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
- My-Shodan-Scripts - Collection of Scripts for shodan searching stuff.
- POC-EXP - Collecting and writing PoC or EXP for vulnerabilities on some application
- BurpCollector - 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。
- WeblogicScan - Weblogic一键漏洞检测工具,V1.5,更新时间:20200730
- SecurityManageFramwork - Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
- Security-Research - Exploits written by the Rhino Security Labs team
- ShellPop - Pop shells like a master.
- Osmedeus - Fully automated offensive security framework for reconnaissance and vulnerability scanning
- multi-v2ray - v2ray多用户管理部署程序
- VulScan - 漏洞扫描:st2、tomcat、未授权访问等等
- mail-security-tester - A testing framework for mail security and filtering solutions.
- Galileo - Galileo - Web Application Audit Framework
- Bug-Project-Framework - 漏洞利用框架模块分享仓库
- canari3 - Canari v3 - next gen Maltego framework for rapid remote and local transform development
- office-exploits - office-exploits Office漏洞集合 https://www.sec-wiki.com
- DnsCryptProxyPiTool - DnsCrypt Proxy 2 for PiHole Raspberry Pi 3
- SMBRat - A Windows Remote Administration Tool in Visual Basic with UNC paths
- DHT_sniffer - DHT 公网嗅探器
- FakeDns - A regular-expression based python MITM DNS server with support for DNS Rebinding attacks
- PyRat - PyRat,a rat by python xmlrpc
- svnExploit - SvnExploit支持SVN源代码泄露全版本Dump源码
- mitm6 - pwning IPv4 via IPv6
- Crypto-Signal - Github.com/CryptoSignal - #1 Quant Trading & Technical Analysis Bot - 2,100 + stars, 580 + forks
- borgmatic - Simple, configuration-driven backup software for servers and workstations
- PublicMonitors - 对公网IP列表进行端口服务扫描,发现周期内的端口服务变化情况和弱口令安全风险
- Hacking - hacker, ready for more of our story ! 🚀
- Decept - Decept Network Protocol Proxy
- Shadowrocket-ADBlock-Rules - 提供多款 Shadowrocket 规则,带广告过滤功能。用于 iOS 未越狱设备选择性地自动翻墙。
- JavaID - java source code static code analysis and danger function identify prog
- ss-panel-and-ss-py-mu
- SniffAir - A framework for wireless pentesting.
- Zeus-Scanner - Advanced reconnaissance utility
- SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
- GreatSCT - The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.
- vpngate-with-proxy - vpn gate client for linux, be able to connect to open vpn server through proxy
- Http-Proxy-Scan - Use Censys.io Scan Http Proxy
- reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
- sniffROM - A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual information about device operations.
- PassiveScanner - a passive scanner based on Mitmproxy and Arachni
- dowsDNS - 快速翻跃中国防火墙
- freedomfighting - A collection of scripts which may come in handy during your freedom fighting activities.
- PocCollect - a plenty of poc based on python
- java-deserialization-exploits - A collection of curated Java Deserialization Exploits
- portSpider - 🕷 A lightning fast multithreaded network scanner framework with modules.
- fshell - 基于机器学习的分布式webshell检测系统
- HVACScanner - Locates Honeywell/Tridium/Niagara HVAC JACEs/Controllers via HTTP fingerprints/strings. Very handy for vulnerability/pentesting.
- Reverse_DNS_Shell - A python reverse shell that uses DNS as the c2 channel
- IDASynergy - A combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro. By
- BrainDamage - Remote administration tool which uses Telegram as a C&C server
- pyekaboo - Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
- NoEye - A blind mode exploit framework (a dns server and a web app) that like wvs's AcuMonitor Service or burpsuite's collabrator or cloudeye
- exploits - Miscellaneous exploit code
- IDA_loader - Some loader module for IDA
- fuzzbunch - NSA finest tool
- genpac - PAC/Dnsmasq/Wingy file Generator, working with gfwlist, support custom rules.
- EaST - Exploits and Security Tools Framework 2.0.1
- RePEconstruct
- DorkNet - Selenium powered Python script to automate searching for vulnerable web apps.
- gdbida - gdbida - a visual bridge between a GDB session and IDA Pro's disassembler
- pyc2 - simple c2 written in python to demonstrate security concepts
- WPForce - Wordpress Attack Suite
- py-feedr - A Python parser to tweet the latest updates from multiple RSS feeds.
-
Pascal (5)
- win-brute-logon - Crack any Microsoft Windows users password without any privilege (Guest account included)
- rdpwrap - RDP Wrapper Library
- LDAP-Admin - LDAP Admin for Linux
- win-brute-logon - Crack any Microsoft Windows users password without any privilege (Guest account included)
- 0xsp-Mongoose - a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
- sandcat - An open-source, pentest and developer-oriented web browser, using the power of Lua
-
Ruby (88)
- linux-evil-toolkit - Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for pentest professionals. LETK (Linux evil toolkit) has few simple commands, one of which is the INIT that allows you to define a target, and thus use all the tools without typing anything else.
- thoron - Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
- exp-hub - 漏洞复现、批量脚本
- dap - Data Analysis Pipeline
- rusty_joomla_rce - Rusty Joomla RCE Exploit
- zealot - 移动应用上传下载竟然如此简单、移动 App 应用分发系统 Over The Air Server for deployment of Android and iOS apps
- PoC - Advisories, proof of concept files and exploits that have been made public by @pedrib.
- catphish - CATPHISH project - For phishing and corporate espionage. Perfect for RED TEAM.
- mad-metasploit - Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
- X-Prey - A password spraying wordlist generator. Takes breach data as a valid input in order to target password reuse.
- inspec-aws-baseline - InSpec AWS Baseline Profile
- EmailGen - A simple email generator that uses dorks on Bing to generate emails from LinkedIn Profiles.
- lolcat - Rainbows and unicorns!
- intrigue-core - Discover Your Attack Surface!
- krane - Kubernetes RBAC static Analysis & visualisation tool
- Bludit-auth-BF-bypass - Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass
- macinbox - Puts macOS in a Vagrant box
- mihari - A helper to run OSINT queries & manage results continuously
- rcs-common - Common components for RCS backend
- cloud-ranges - A list of cloud ranges from different providers.
- intrigue-ident - Application and Service Fingerprinting
- CeWL - CeWL is a Custom Word List Generator
- virtual-host-discovery - A script to enumerate virtual hosts on a server.
- lazys3
- wsus-server - Chef Cookbook to install and configure server for Windows Server Update Services (WSUS)
- OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
- bpfql - eBPF query runner (Ruby DSL or something useful)
- dawnscanner - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
- XSpear - Powerfull XSS Scanning and Parameter analysis tool&gem
- D-Link-DIR-859-RCE - D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621)
- tainted_love - Dynamic Security Analysis for Ruby
- awesome - Awesome Ruby Collections - Web Servers, Web Frameworks, Rack, Active Record, Functional, Crypto, and More
- idb - idb is a tool to simplify some common tasks for iOS pentesting and research
- bounty-targets - This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
- redmine - Mirror of redmine code source - Official SVN repository is at https://svn.redmine.org/redmine - contact: @jbbarth or jeanbaptiste.barth (at) gmail (dot) com
- codeobscure - code obscure for object-c project. 方便强大的OC工程代码自动混淆工具
- purple-team-attack-automation - Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
- killshot - A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
- feedbin - Follow your passions with RSS, email newsletters, and Twitter.
- json_resume - Generates pretty HTML, LaTeX, markdown, with biodata feeded as input in JSON
- aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
- arachni-ui-web - Arachni's Web User Interface.
- cve-2017-7269 - fixed msf module for cve-2017-7269
- CVE-2017-11882-metasploit - This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.
- msfvenom-bc-generator - Metasploit msfvenom Bash Completions Generator
- Reverse_DNS_Shellcode - Revrese DNS payload for Metasploit: Download Exec x86 shellcode. Also DNS Handler and VBS bot (alsow working over DNS) as PoC included.
- bridge - brigde is a dynamic port forwarder over HTTP (with HTTP PROXY support)
- awesome-blockchains - A collection about awesome blockchains - open distributed public databases w/ crypto hashes incl. git ;-). Blockchains are the new tulips :tulip::tulip::tulip:. Distributed is the new centralized.
- metasploit-autopwn - db_autopwn plugin of metasploit
- Hacking-Busybox-Control - Some metasploit scripts to help to control busybox based embedded devices
- homebrew-pentest - Homebrew Tap - Pen Test Tools
- Tails-zh_TW - website of TAILS (l10n project for Traditional Chinese)
- tails-zh_CN - Website of Tails ( l10n project for Simplified Chinese )
- fuzzapi - Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
- shuffler - Just a quick ruby script to explore perfect card shuffles. :)
- joomlavs - A black box, Ruby powered, Joomla vulnerability scanner
- cve_server - Simple REST-style web service for the CVE searching
- timing_attack - Perform timing attacks against web applications
- watobo
- WhatWeb - Next generation web scanner
- wordpress-exploit-framework - A Ruby framework designed to aid in the penetration testing of WordPress systems.
- inspec - InSpec: Auditing and Testing Framework
- pedump - dump windows PE files using ruby
- Learning-SICP - MIT视频公开课《计算机程序的构造和解释》中文化项目及课程学习资料搜集。
- puppetlabs-firewall - Puppet Firewall Module
- huginn - Create agents that monitor and act on your behalf. Your agents are standing by!
- whitewidow - SQL Vulnerability Scanner
- rubynew - Ruby new project generator.
- HatCloud - discontinued
- secure_headers - Manages application of security headers with many safe defaults
- Eternalblue-Doublepulsar-Metasploit - Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.
- zen-rails-security-checklist - Checklist of security precautions for Ruby on Rails applications.
- birdwatcher - Data analysis and OSINT framework for Twitter
- ccc_privacy_crawler - Tカードの 個人情報提供の停止 対象企業一覧 の新着を通知するためのTwitterボットです
- dockscan - dockscan is security vulnerability and audit scanner for Docker installations
- metasploit-framework - Metasploit Framework
- open-shell-book - 开源书籍:《Shell 编程范例》,面向操作对象学 Shell!
- arachni - Web Application Security Scanner Framework
- Summit_PPT - 各种安全大会PPT PDF
- watchdog - IF (接口/网页 有变化) THEN (提醒你)
- Mars - Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
- linux-evil-toolkit - Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for pentest professionals. LETK (Linux evil toolkit) has few simple commands, one of which is the INIT that allows you to define a target, and thus use all the tools without typing anything else.
- FuzzScanner - 一个主要用于信息搜集的工具集,主要是用于对网站子域名、开放端口、端口指纹、c段地址、敏感目录等信息进行批量搜集。
- Metasploit-Plugins - Plugins for Metasploit Framework
- Web-CTF-Cheatsheet - Web CTF CheatSheet 🐈
- BloodHound-Owned - A collection of files for adding and leveraging custom properties in BloodHound.
-
TSQL (6)
- shoppingMall - 使用主流框架组合SSM开发,并引入新技术,全面丰富的一个商城项目
- SecIoT-Web - IoT漏洞检测平台,支持固件第三方库版本分析。移动安全相关功能移至SecMobile。
- Security-Data-Analysis-and-Visualization - 2018-2020青年安全圈-活跃技术博主/博客
- nebula - "星云"业务风控系统,主工程
- java-exam - Java实现的包含题库编辑、抽题组卷、试题分析、在线考试等模块的Web考试系统。
- zhuye_kim - Django框架开发的仿zhuye.kim的简单个人主页/导航程序,带后台
-
TypeScript (64)
- APKLab - Android Reverse Engineering WorkBench for VS Code
- iOSreExtension - A fast and elegant extension for VSCode used for iOSre projects.
- terminus - A terminal for a more modern age
- leek-fund - :chart_with_upwards_trend: 韭菜盒子——VSCode 里也可以看股票 & 基金实时数据,做最好用的投资插件 🐥
- CTFNote - CTFNote is a collaborative tool aiming to help CTF teams to organise their work.
- blink-mind - Fully customizable mindmap framework for react.js. 支持插件的,可被完全定制的思维导图库,基于react.js和immutable.js。
- foam - A personal knowledge management and sharing system for VSCode
- CSRFER - Tool to generate csrf payloads based on vulnerable requests
- misc
- javascript-obfuscator - A powerful obfuscator for JavaScript and Node.js
- kalm - Kalm | Kubernetes AppLication Manager
- uBlacklist - Blocks specific sites from appearing in Google search results
- WebWindow - .NET Core library to open native OS windows containing web UI on Windows, Mac, and Linux. Experimental.
- bulwark - An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
- xxexploiter - Tool to help exploit XXE vulnerabilities
- yacd - Yet Another Clash Dashboard
- vxe-table - 🐬 vxe-table vue 表格解决方案
- mosec-node-plugin - 用于检测 node 项目的第三方依赖组件是否存在安全漏洞。
- ledge - Ledge —— DevOps knowledge learning platform. DevOps、研发效能知识和工具平台,是我们基于在 ThoughtWorks 进行的一系列 DevOps 实践、敏捷实践、软件开发与测试、精益实践提炼出来的知识体系。它包含了各种最佳实践、操作手册、原则与模式、度量、工具,用于帮助您的企业在数字化时代更好地前进,还有 DevOps 转型。
- davinci - Davinci is a DVsaaS (Data Visualization as a Service) Platform
- fluent-reader - Modern desktop RSS reader built with Electron, React, and Fluent UI
- lens - Lens - The Kubernetes IDE
- moose - 🦌 An application to stream, cast and download torrents.
- vulnrepo - VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted, security report maker, vulnerability report builder. Complete templates of issues, CWE, CVE, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability management.
- ayu - 🎨🖌 Modern Sublime Text theme
- attack-navigator - Web app that provides basic navigation and annotation of ATT&CK matrices
- container-scan - A GitHub action to help you scan your docker image for vulnerabilities
- wg-access-server - An all-in-one WireGuard VPN solution with a web ui for connecting devices
- npkill - List any node_modules directories in your system, as well as the space they take up. You can then select which ones you want to erase to free up space.
- autochangelog - A very lightweight command line tool for generating a changelog from git tags and commit history
- RiskAssessmentFramework - The Secure Coding Framework
- gatsby-theme-antv - ⚛️ Polished Gatsby theme for documentation site
- artipub - Article publishing platform that automatically distributes your articles to various media channels
- lit-html - An efficient, expressive, extensible HTML templating library for JavaScript.
- Mob - Mob - 一个有颜值的喜马拉雅桌面客户端,支持 Mac、Win 和 Linux
- avataaars-generator - Simple generator React app for avataaars
- aptmap - A map displaying threat actors from the misp-galaxy
- chord - Chord - A Modern Music Player
- yun-playlist-downloader - 网易云音乐 - 歌单/专辑/电台 - 下载器
- CopyTranslator - Foreign language reading and translation assistant based on copy and translate.
- DesktopNaotu - 桌面版脑图 (百度脑图离线版,思维导图) 跨平台支持 Windows/Linux/Mac OS. (A cross-platform multilingual Mind Map Tool)
- Imagine - 🖼️ PNG/JPEG optimization app for macOS, Windows and Linux.
- node-tap - 基于TypeScript实现的开源SSTap
- outline-server - Outline Manager, developed by Jigsaw. The Outline Manager application creates and manages Outline servers, powered by Shadowsocks. It uses the Electron framework to offer support for Windows, macOS and Linux.
- MemcacheDos - Memcache 反射DDOS攻击脚本经供学习参考使用
- x-prober - 🐘 A probe program for PHP environment (一款精美的 PHP 探針, 又名X探針、劉海探針)
- Scout - 可能是东半球最灵活的 URL 监控系统
- fingerprintjs - Browser fingerprinting library with the highest accuracy and stability.
- clover - Shadowsocks and v2ray User Interface
- tank-front - 蓝眼系列软件之《蓝眼云盘》前端项目
- docup - The easiest way to write beautiful docs.
- Steward - A command launcher for Chrome
- QTGate-Desktop-Client - A revolutionary internet infrastructure enabling a truly free Network, that offers Stability, Trust, Privacy, and Security
- oni - Oni: Modern Modal Editing - powered by Neovim
- uProxy-p2p - Internet without borders
- learn-anything - Organize world's knowledge, explore connections and curate learning paths
- octohint - The missing IntelliSense hint for GitHub and GitLab
- tamperchrome - Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
- storybook - 📓 The UI component explorer. Develop, document, & test for React, Vue, Angular, Ember, Web Components, & more!
- jigsaw - Jigsaw七巧板 provides a set of web components based on Angular5/8/9+. The main purpose of Jigsaw is to help the application developers to construct complex & intensive interacting & user friendly web pages. Jigsaw is supporting the development of all applications of Big Data Product of ZTE.
- PPet - 👻在你的桌面放一个萌妹子,多一点趣味😏~(支持Mac、Win和Linux)
- layout-ui - 可视化布局 纯css布局 Layout-UI
- outline-client - Outline clients, developed by Jigsaw. The Outline clients use the popular Shadowsocks protocol, and lean on the Cordova and Electron frameworks to support Windows, Android / ChromeOS, Linux, iOS and macOS.
-
VBScript (3)
- WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool
- awesome_windows_logical_bugs - collect for learning cases
- pyenv-win - pyenv for Windows. pyenv is a simple python version management tool. It lets you easily switch between multiple versions of Python. It's simple, unobtrusive, and follows the UNIX tradition of single-purpose tools that do one thing well.
-
Vim script (13)
- forest-night - 🌲 Comfortable & Pleasant Color Scheme for Vim
- ThinkVim - Vim configuration in the 21st century
- k-vim - vim配置
- vim-terminal-help - Small changes make vim/nvim's internal terminal great again !!
- base16-vim - Base16 for Vim
- vim-web - ◈ 搞得像IDE一样的Vim,安装配置自己的Vim。
- manjaro-linux-config - configuration for manjaro linux
- neomake-multiprocess - A vim plugin for running multiple process asynchronously base on neomake.
- vimrc-config - re-vim: sensible vim configuration
- vim-galore-zh_cn - Vim 从入门到精通
- dotfiles - A set of vim, zsh, git, and tmux configuration files.
- pwnbox - Docker container with tools for binary reverse engineering and exploitation.
- vim-vide - Lightest vimrc, while strong enough. 最轻的vim配置,却足够强!
-
Vue (45)
- vdesjs - 基于vue的可视化拖拽,代码生成工具。
- Parmy - A extension for collecting parameters
- spring-boot-online-exam - 基于Spring Boot的在线考试系统(预览地址 http://129.211.88.191 ,账户分别是admin、teacher、student,密码是admin123)
- DNS-Analysis - 非法域名挖掘与画像系统。
- ZY-Player - ▶️ 跨平台桌面端视频资源播放器.简洁无广告.免费高颜值. 🎞
- InformationGather - SRC Assets Information Gather Website(SRC资产信息聚合网站)
- DataV - Vue数据可视化组件库(类似阿里DataV,大屏数据展示),提供SVG的边框及装饰、图表、水位图、飞线图等组件,简单易用,长期更新(React版已发布)
- vue-element-ui-admin - :maple_leaf: 一个基于 Vue Element UI 的后台模板,做了目录结构的整理和常用方法的封装,开箱即用 :)
- hoppscotch - 👽 A free, fast and beautiful API request builder used by 120k+ developers. https://hoppscotch.io
- vue-mall - 🔨 基于 vue+node+mongodb 实现一个锤子商城
- xray - 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
- LiveEducation - 南开大学&计蒜客2017夏季实训光宗耀组小组项目——教育直播平台
- ethereum_book - 精通以太坊 (中文版)
- GantTask - 甘特图任务管理器 - 适合新手学习的 Vue 完整案例
- vue-cli3.0-vueadmin - 基于vue-cli3.0+vue+elementUI+vuex+axios+权限管理的后台管理系统
- VBlog - 使用GitHub API 搭建一个可动态发布文章的博客
- Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
- zee.kim_v4 - 个人网站之 <幸福彼岸 />(此版本已废弃)
- at-ui - A fresh and flat UI-Kit specially for desktop application, made with ♥ by Vue.js 2.0
- tong2-family - 基于vue、vuex、vue-router、echarts的数据可视化展示平台
- tool-playground - puzzle
- export-github-stars - View / Sort / Export your Starred repositories.
- macOS_Big_Sur_icons_replacements - Replacement icons for popular apps in the style of macOS Big Sur
- ReconNote - Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
- bombus - 合规审计平台
- DeimosC2 - DeimosC2 is a Golang command and control framework for post-exploitation.
- pearProject - pear,梨子,轻量级的在线项目/任务协作系统,远程办公协作
- vue-component-inspector - This is vue development tool which works only with Vue 2.0.
- purify - All-in-one tool for managing vulnerability reports from AppSec pipelines
- tools.tldr.run - Curated list of security tools for Hackers & Builders!
- beekeeper-studio - Modern and easy to use SQL client for MySQL, Postgres, SQLite, SQL Server, and more. Linux, MacOS, and Windows.
- Grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
- Starkiller - Starkiller is a Frontend for PowerShell Empire.
- guimetasploit - Best Graphical Hacking Platform Online
- passionfruit - [WIP] Crappy iOS app analyzer
- logoly - A Pornhub Flavour Logo Generator
- WordCards
- PicGo - :rocket:A simple & beautiful tool for pictures uploading built by vue-cli-electron-builder
- penework - Penetration Test Framwork
- geek-navigation - ❤️ 极客猿梦导航-独立开发者的导航站!
- Aoba - Create a lovely resume just with a config file.
- linux_kernel_cves - Tracking CVEs for the linux Kernel
- last-blog - 仿GitHub风格个人博客, vue+vuex+koa+mongodb
- iview - A high quality UI Toolkit built on Vue.js 2.0
- SocialEngineeringDictionaryGenerator - 社会工程学密码生成器,是一个利用个人信息生成密码的工具
- vdesjs - 基于vue的可视化拖拽,代码生成工具。
-
WebAssembly (1)
-
Nim (13)
- awesome-nim - A curated list of awesome Nim frameworks, libraries and software.
- nim-dnp - Nim 版 domainNamePredictor:一个简单的现代化公司域名使用规律预测及生成工具
- wAuto - Windows automation module
- nimcrypto - Nim cryptographic library
- nim-json-rpc - Nim library for implementing JSON-RPC clients and servers
- winim - Nim's Windows API and COM Library
- nim-strenc - A tiny library to automatically encrypt string literals in Nim code
- nimassets - bundle your assets into single nim file inspired by go-bindata
- subhook.nim - subhook wrapper for Nim https://github.com/Zeex/subhook
- Nim-SMBExec - SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique
- NimScan - 🚀 Fast Port Scanner 🚀
- nlvm - LLVM-based compiler for the Nim language
- quickjwt - JWT implementation for nim-lang
-
Jupyter Notebook (27)
- stock - 30天掌握量化交易 (持续更新)
- AdvBox - Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
- HELK - The Hunting ELK
- data_hacking - Data Hacking Project
- python3-cookbook - 《Python Cookbook》 3rd Edition Translation
- 100days - 100 days of algorithms
- Duke-STA-663-CN - A Chinese Translation of the Resources for Duke University STA 663 杜克大学计算机统计学(Python)全部内容的中文翻译
- cs231n.github.io - Public facing notes page
- pandas-videos - Jupyter notebook and datasets from the pandas Q&A video series
- pandas-zh - pandas 0.19.2 文档中文版
- pandas-cookbook - Recipes for using Python's pandas library
- pycon-pandas-tutorial - PyCon 2015 Pandas tutorial materials
- JupyterPen - A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks
- subdomainsEnumerator - A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
- Bug-Hunting-Colab - A Colab For Bug Hunting!
- colabcat - :smiley_cat: Running Hashcat on Google Colab with session backup and restore.
- detection-hackathon-apt29 - Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
- ABD - Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
- digital_video_introduction - A hands-on introduction to video technology: image, video, codec (av1, vp9, h265) and more (ffmpeg encoding).
- the-craft-of-selfteaching - One has no future if one couldn't teach themself.
- jupyter_hub - 机器学习算法、可视化、数据分析的Python代码
- 100-Days-Of-ML-Code - 100-Days-Of-ML-Code中文版
- pydata-notebook - 利用Python进行数据分析 第二版 (2017) 中文翻译笔记
- tensorflow2_tutorials_chinese - tensorflow2中文教程,持续更新(当前版本:tensorflow2.0),tag: tensorflow 2.0 tutorials
- interesting-python - 有趣的Python爬虫和Python数据分析小项目(Some interesting Python crawlers and data analysis projects)
- regular-investing-in-box - 定投改变命运 —— 让时间陪你慢慢变富 https://onregularinvesting.com
- AI-for-Security-Testing-Database - 复现过的AI安全检测的项目集合
-
Logos (3)
- Cydia - 🔥🔥🔥我的微信公众号: Cydia 🔥🔥🔥=> Cydia插件 Logos语言 开发Tweak.xm Cydia Substrate 注入dylib iOS逆向工程开发 越狱Jailbreak deb插件 - fishhook / Frida / iOSOpenDev / Cycript / MachOView / IDA / Hopper Disassembler / MonkeyDev / Class-dump / Theos / Reveal / Dumpdecryptd / FLEX / 汇编Assembly / CaptainHook / lldb/LLVM/XNU/Darwin/iOS Reverse
- LookinLoader - Lookin - iOS UI Debugging Tweak LookinLoader,Compatible with iOS 8~13
- UIDaemon - An iOS daemon that can show UI /over/ SpringBoard
-
Lua (24)
- nginx_waf - 使用nginx和lua构建的waf
- grab_beacon_config
- chromium-ipc-sniffer - A tool to capture communication between Chromium processes on Windows
- nmap-scripts
- vulscan - Advanced vulnerability scanning with Nmap NSE
- ngxlua - nginx/openresty lua access limit 限流防爬
- remote-adb-scan - pure python remote adb scanner + nmap scan module
- icsmaster - ICS/SCADA Security Resource(整合工控安全相关资源)
- patoolkit - PA Toolkit is a collection of traffic analysis plugins focused on security
- freevulnsearch - Free and open NMAP NSE script to query vulnerabilities via the cve-search.org API.
- nmap-vulners - NSE script based on Vulners.com API
- VeryNginx - A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards.
- nmap-nse-info - Browse and search through nmap's NSE scripts.
- nmapii - Automated script for NMAP Scanner with some custom .nse scripts :) for lazy geeks :V
- SambaCry - CVE-2017-7494 - Detection Scripts
- nmap-nse-scripts - My collection of nmap NSE scripts
- ICS-Protocol-identify - Using nmap NSE scripts for identifying common ICS protocols[使用nmap的nse脚本对常见工控协议进行识别,附对应nse脚本,并记录pcap流量]
- luject - 🍹A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)
- lua-nginx-redis - :hibiscus: Redis、Lua、Nginx、OpenResty 笔记和资料
- jxwaf - JXWAF(锦衣盾)是一款开源web应用防火墙
- ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
- nmap_scripts - nmap默认的scripts和自己收集的一些scripts
- nse_vuln - Nmap扫描、漏洞利用脚本
- drool - DNS Replay Tool
-
Objective-C++ (6)
- hallelujahIM - hallelujahIM(哈利路亚 英文输入法) is an intelligent English input method with auto-suggestions and spell check features, Mac only.
- MachoDecrypt - Decrypt iOS binaries at runtime
- SSLBypass - iOS SSL Pinning Bypass (iOS 8 - 14)
- MEMSCAN - A memory scanning tool which uses mach_vm* to either dump memory or look for a specific sequence of bytes.
- IDA7.0_SP - IDA7.0_SP is ida's bugfix
- bfinject - Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks
-
Shell (473)
- Tools - 波仔常用的一些工具包
- Linux_env - This is about Unix/Linux Tool including shell 、python as well as tool,and so on
- hacker-laws - 💻📖 Laws, Theories, Principles and Patterns that developers will find useful. #hackerlaws
- docker-zerotier-moon - 🐳 A docker image to create zerotier moon in one step.
- jsproxy - 一个基于浏览器端 JS 实现的在线代理
- Security-Baseline - Linux/Windows 安全加固脚本
- frpspro - Frps 一键安装脚本,Frpc Windows 便捷脚本!Frp 远程桌面!
- meedu - 基于Laravel开发的在线点播系统。
- k8s-by-kubeadm - :building_construction: 如何使用kubeadm在国内网络环境搭建单主k8s集群
- rpi_backup_script - 树莓派备份脚本,备份出来的img可以当做系统镜像分发
- vulstudy - 使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
- v2ray - 最好用的 V2Ray 一键安装脚本 & 管理脚本
- setmac - dhcp网络通过随机mac刷新ip
- ant - Linux服务器信息收集脚本
- dotfiles-and-scripts - :fishing_pole_and_fish: Dotfiles and scripts providing cumbersome configure details and other senseless stuff. 一些无聊的脚本和配置文件
- follow-me-install-kubernetes-cluster - 和我一步步部署 kubernetes 集群
- ZBench - 又一个Linux VPS测评脚本
- ss-tproxy - 搭建 SS/SSR/V2Ray/Socks5 透明代理环境的简陋脚本
- CCKiller - Linux轻量级CC攻击防御工具脚本
- ida_for_mac_green - IDA Pro for macOS绿化
- Husky - k8s 离线部署脚本
- make-ngrok - One bash to rule ngrok all. 一键编译 Ngrok 全平台客户端。
- power-ffuf - Very Fast and Powerful Web Fuzzer
- IDA_Pro_7.2 - IDA_Pro_7.2
- monitorSubdomains - use subfinder to monitor subdomains.
- Faction - Faction installer and general issues
- VBS-Loader - :crystal_ball: Generate a VBS script that will download and execute your file
- autorecon - Auto recon
- Reconnaissance - Subdomain recon .bash_profile for memN0ps
- awesome-newsletters - A list of amazing Newsletters
- awesome-kubernetes - A curated list for awesome kubernetes sources :ship::tada:
- ss-redir-on-raspberry-script
- Bash - Bash.
- eazy-for-ss - A Bypassgfw Collection
- android-security-awesome - A collection of android security related resources
- reconftw - Simple script for full recon
- bypass-firewalls-by-DNS-history - Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
- deepce - Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
- DietPi - Lightweight justice for your single-board computer!
- CISCO-CVE-2020-3452-Scanner-Exploiter - CISCO CVE-2020-3452 Scanner & Exploiter
- PTRB - PTR Bouncer - Keeping legitimate Internet security scanners off of poor reputation IP lists
- subzzZ - SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
- recontooler
- Sub-Drill - A very (very) simple subdomain finder based on online, free and API-less services.
- simple_shodan_recon
- Gitmails-sh - An information gathering tool to collect git emails in version control host services
- wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, CentOS and Fedora
- SEF - SEF is a Subdomain Enumeration Framework that covers passive, active & permuted enumeration
- CVE-Search-Docker - Docker Image for CVE-Search
- galer - A fast tool to fetch URLs from HTML attributes by crawl-in.
- docker-headless-shell - Minimal container for Chrome's headless shell, useful for automating / driving the web
- IoV-Security-Wiki - Research sharing on offense and defense of IoV.
- Miscellaneous - 百宝箱
- thc-hydra-windows - The great THC-HYDRA tool compiled for Windows
- bypass-403 - A simple script just made for self use for bypassing 403
- byp4xx - Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips
- Lazy-FuzzZ - Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this problem I created Lazy FuzzZ. It fuzzes all those urls, removes all false positives and sends only legitimate results to burpsuite.
- open-c-book - 开源书籍:《C语言编程透视》,配套视频课程已全面上线,https://w.url.cn/s/AMcKZ3a
- packer-kali_linux - This is a repository that will be used to help create a process of a new kali vagrant box for hashicorp each month.
- QuickXSS - Automating XSS using Bash
- recox - Master script for web reconnaissance
- useful - useful pentest note
- MassBleed - MassBleed SSL Vulnerability Scanner
- 4xxbypass - 4xxbypass
- OneListForAll - Rockyou for web fuzzing
- recon - information gathering
- CVE-2020-14750 - PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882
- JSFScan.sh - Automation for javascript recon in bug bounty.
- openmptcprouter-vps - OpenMPTCProuter VPS scripts
- procrustes - A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
- ib-gateway-docker - Interactive Brokers Trading Gateway running in Docker
- autoPhisher - Script to setup a phishing server on the cloud
- Find-domains - This repo contain scripts written for finding subdomains using various available tools
- Docker-eyeOS - Run iPhone (xnu-arm64) in a Docker container! Supports KVM + iOS kernel debugging (GDB)! Run xnu-qemu-arm64 in Docker! Works on ANY device.
- wp-file-manager-CVE-2020-25213 - https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8
- htshells - Self contained htaccess shells and attacks
- WeblogicEnvironment - Weblogic环境搭建工具
- List-of-Tools - List of the tools and usage
- ad-honeypot-autodeploy - Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically.
- mobi
- go-stare - A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
- maskphish - Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
- Garud - An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
- magicRecon - This repository contain a powerful shell script to maximize the data collection process of an objective
- CVE-2020-9484-Mass-Scan - CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
- kmspro - windows系统一句命令激活,office套件一句命令激活,一键搭建kms服务器,kms一键脚本,安卓Android搭建kms服务器
- SecurityBaselineCheck
- android-malware - Collection of android malware samples
- mobsf-action - GitHub Actions for MobSF
- bee - Bee Recon Framework
- POC-2020-8559 - Proof of Concept exploit for Kubernetes CVE-2020-8559
- Wi-Ploit - Wi-Fi Exploit Tool
- subash
- Citadel - Collection of pentesting scripts
- BugBountyScanner - A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
- cacert-installer
- h4rpy - Automated WPA/WPA2 PSK attack tool.
- port-checker - Script for checking connection to ports using nc.
- dac - Fetch ASN [Number] / CIDR [IP Range] from Domain, Fetch CIDR [IP Range] from ASN [Number] using https://ipinfo.io/ API
- RegHex - A collection of regexes for every possbile use
- bounty-targets-alert - It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
- gf-secrets - Secret and/ credential patterns used for gf.
- siem-from-scratch - SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab
- Bheem
- SBD - Static Binary Deployer. Download and deploy *Nix utilities on a compromised system.
- Android-PIN-Bruteforce - Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
- terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec
- aws-security-toolbox - AWS Security Tools (AST) in a simple Docker container. :package:
- bash_script_templates - Some Templates for Bash Scripting
- crlfuzz - A fast tool to scan CRLF vulnerability written in Go
- ob_hacky_slack - Hacky Slack - a bash script that sends beautiful messages to Slack
- BashSpray - Password Spray Testing Tool in Bash
- k8s_single_deploy - 单节点部署 k8s 集群的相关脚本和文件,Master 和 Node 位于同一机器
- sandfly-setup - Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
- put2win - Script to automate PUT HTTP method exploitation to get shell
- t14m4t - Automated brute-forcing attack tool.
- hackerEnv
- ADB-Toolkit - ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!
- cruze-the-web - a simple script to do basic to advanced recon.... in simple words -> a script to automate all the lazy recon flow of the hunter with the tools great people have developed.
- subvenom - Enumerate subdomains using multiple tools for bigger scope enumeration.
- pentest-recon - Web application pentesting recon
- jumpbox
- msfpc - MSFvenom Payload Creator (MSFPC)
- scripthunter - Tool to find JavaScript files on Websites
- git-secrets - Prevents you from committing secrets and credentials into git repositories
- multiscan - A set of scripts compatible with axiom-spend and axiom-execb :) For parallel scanning!
- OSCP-Exam-Report-Template - OSCP Exam Report Template in Markdown
- Workflow-Bug-Bounty - My Tools For Bug Bounty
- mini-kali - Docker image for hacking
- quiver - Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
- AdvancedKeyHacks - API Key/Token Exploitation Made easy.
- XRCross - XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
- portscan.sh - All in one port scanning script.
- Fast-Google-Dorks-Scan - The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
- htrace.sh - My simple Swiss Army knife for http/https troubleshooting and profiling.
- bash_scripting - bash scripting thing !
- deksterecon - Web Application recon automation
- stego-toolkit - Collection of steganography tools - helps with CTF challenges
- recon_profile
- teh_s3_bucketeers
- macOS-Simple-KVM - Tools to set up a quick macOS VM in QEMU, accelerated by KVM.
- Reconx - Automated Recon Framework
- axiom - The dynamic infrastructure framework for anybody! Distribute the workload of many different tools with ease, including nmap, ffuf, masscan, nuclei and many more!
- git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
- BeaKer - Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
- sub.sh - Multiprocessing(Parallel)Subdomain Detect Script
- SubEnum - bash script for Subdomain Enumeration
- gaussrf - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
- privatecollaborator - A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
- Spartan - My Recon Automation
- Hacking_Tools_Cheat_Sheet
- netfilter-persistent-plugin-ipset - A plugin of netfilter-persistent in debian/ubuntu to make ipset rules persistent, especially on reboot.
- vps_setup - Auto deployment of my VPS
- bashtop - Linux/OSX/FreeBSD resource monitor
- ffufplus - You can read the writeup on this script here
- Bountystrike-sh - Poor (rich?) man's bug bounty pipeline
- EchoPwn - Recon Automation for hackers by hackers
- hacktivity-notify - Get newest public disclosed HackerOne report notifications on your Desktop
- ApkAnalyser - 一键提取安卓应用中可能存在的敏感信息。
- standard-readme - A standard style for README files
- ipset-blacklist - A bash script to ban large numbers of IP addresses published in blacklists.
- macos-virtualbox - Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox for Windows, Linux, and macOS
- qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
- MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics
- elk-detection-lab - An ELK environment containing interesting security datasets.
- venom - venom - shellcode generator/compiler/handler (metasploit)
- SocialBox - SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi
- aria2-ariang-docker - 打包了Aria2、AriaNg,支持密码验证,无需手动设置aria2 rpc
- lazyrecon - This script is intended to automate your reconnaissance process in an organized fashion
- bbht - A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
- PAKURI - Penetration test Achieve Knowledge Unite Rapid Interface
- osx-and-ios-security-awesome - OSX and iOS related security tools
- android-kernel-lab - Automated Android Kernel Playground
- elk-docker - Elasticsearch, Logstash, Kibana (ELK) Docker image
- my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
- bountyplz - Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
- wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
- static-toolbox - A collection of statically compiled tools like Nmap and Socat.
- create_macos_vm_install_dmg
- xadb - some useful adb commands for android reversing and debugging both 32 and 64 bit and support macOS and win10's MINGW64.
- local-exploits - Various local exploits
- CSObot - A IRC/Matrix bot helping Civil Society Organizations in China. #csobot:matrix.org
- anti-portscan - 使用 iptables 防止端口扫描
- shell-script-collection - shell小框架,地址:http://www.linkops.cn/363.htm
- agnoster-zsh-theme - A ZSH theme designed to disclose information contextually, with a powerline aesthetic
- Automated-Scanner - Trying to make automated recon for bug bounties
- mac_os-config - Shell scripts for customized macOS machine setup and configuration.
- SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
- DebianLiveBuilder - Bash script for the automation of building a Debian live iso
- plank-themes
- plankthemes - A repository of all planks I find
- install-gnome-themes - Script to install the latest versions of some fine GNOME 3 themes
- kali-anonymous - :bust_in_silhouette: The `anonymous` script from ParrotSec OS and BackBox Linux, perfected to run on Kali Linux Rolling. Run the script with `sudo sh script.sh` and then it will install and configure Tor, `macchanger`, and the `anonymous` script.
- distroshare-ubuntu-imager - Creates an installable live CD from an installed Ubuntu or derivative distribution
- dell-xps-9560-ubuntu-respin - Collection of scripts and tweaks to adapt Ubuntu and Linux Mint ISO images to let them run smooth on Dell XPS 15 9560.
- dnsmasq_sniproxy_install - One-click Install and Configure Dnsmasq and Sniproxy for CentOS/Debian/Ubuntu
- msfautoinstall - copy metasploit auto install shell script.
- trigmap - A wrapper for Nmap to quickly run network scans
- easysploit - EasySploit - Metasploit automation (EASIER and FASTER than EVER)
- ai-roadmap - ApacheCN AI 路线图(知识树)
- dotfiles - bash + tmux + neovim
- Hackintosh - Hackintosh long-term maintenance model EFI and installation tutorial
- kvm-install-vm - Bash script to build local virtual machines using KVM/libvirt and cloud-init.
- zerotier - Join zerotier network auto
- Archlinux-Installer - Arch Linux Installer,Install your Arch Linux more quickly
- arch-ppa - Create and maintain personal Arch linux package repositories
- PXE-Server-Centos-7 - PXE Server Centos 7
- pxe - Dockerfile to build a PXE server in a Docker container
- kube-scan - Kubernetes Scanner
- nginx-admins-handbook - How to improve NGINX performance, security, and other important things.
- tor2proxy
- confluence - Dockerized Atlassian Confluence
- c0toolkit - Miscellaneous pentesting scripts for OSCP
- automated-pentest - Minimal docker container of Parrot OS for running an automated scan & pentest report.
- github-email - Get a GitHub user's email. :sunglasses: Use this responsibly.
- Penetration-Testing-Grimoire - Custom Tools and Notes from my own Penetration Testing Experience
- takeover.sh - Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.
- OCS - 一键脚本(One-click script)
- centos-tomcat - Docker CentOs 7 + Java 15 + Tomcat 9
- oracledb-ansible - Ansible playbook to configure a CentOS/RHEL/Oracle Linux 7.1 server with Oracle 12c R1 Enterprise Edition Database
- Evaluation_tools - 测评工具
- rpi-backup - RaspberryPi Backup shell
- smokeping-onekey
- inexistence - I know nothing, you see nothing.
- aria2-bt-tracker - auto update aria2 bt-tracker
- awesome-indie-zh - 独立开发/自由职业/远程工作资源列表
- MacOS-Security-Baseline - Baseline Security Configuration For MacOS
- PwnBox - A VM for RE and Pwn
- Kali-install-docker - Docker-ce Install script for Kali
- docker-nessus_scanner - Nessus Scanner Docker Image
- shadow - Run shadow clones of your system parallely with Docker
- Linux-baseline-scan - Linux baseline scan,make sure the host security
- swizzin - A simple, modular seedbox solution
- mtprotoproxy-onekey - MTPROTOPROXY EASY TO USE.
- neatdns - anti-pollution DNS server
- tor-relay-bootstrap-rpi - Script to bootstrap a Debian server to be a set-and-forget Tor relay
- iso-profiles - This is a mirror repo of iso-profiles
- MTProxy-Bash - MTProxy 一键搭建管理脚本
- Deepin-Apps-Installation - 本仓库介绍如何在基于Ubuntu的系统上安装Deepin移植的软件。This repo shows how to install apps packaged by Deepin.
- fonts - Patched fonts for Powerline users.
- arch4edu - Archlinux and ArchlinuxARM Repository for Education
- scripts - Scripts do automation works.
- aui - Archlinux Ultimate Install
- sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
- openwrt-fanqiang - 最好的路由器翻墙、科学上网教程—OpenWrt—shadowsocks
- blocklist-ipsets - ipsets dynamically updated with firehol's update-ipsets.sh script
- Block-IPs-from-countries - A linux bash script help you block or unblock IPs from countries
- raspberry-ss - Transparent proxy server (use shadowsocks & chinadns) on raspberry pi
- asus-v2ray-transparent-proxy - transparent proxy with v2ray, iptables, ipset 无线路由器 v2ray 透明代理
- twisted-honeypots - SSH, FTP and Telnet honeypots based on Twisted
- aqi-share - A platform for sharing aqi data from the folks
- filebrowser - Filebrowser 一键安装脚本
- CloudFlare_DNS_Record - Script to modify DNS Record via CloudFlare
- official-images - Primary source of truth for the Docker "Official Images" program
- docker-handbook - Docker handbook
- WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
- defender - simple scripts to provide defence
- one-key-kms - 在Linux上一键搭建KMS服务器
- docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
- private-tor-network - Run an isolated instance of a tor network in Docker containers
- net_guard - A command line tool to detect new unknown device in your network using ARP protocol
- windows-ova - Self-Installing Windows OVA. Automate and distribute Windows as an OVA.
- lkl_study - study the LKL(linux kernel library) https://github.com/lkl/linux
- jenv - Java enVironment Manager
- owasp-mstg - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.
- LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
- GoogleVoice
- contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities.
- mac-setup - Installing Development environment on macOS
- docker-android - Android in docker solution with noVNC supported and video recording
- CVE-2017-13089 - PoC for wget v1.19.1
- ctf-tools - Some setup scripts for security research tools.
- k8s-snowflake - Configs and scripts for bootstrapping an opinionated Kubernetes cluster anywhere.
- AWSScripts - Various AWS Automation Scripts
- blockstack - Docker image for Blockstack
- apache-ultimate-bad-bot-blocker - Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
- pentestpackage - a package of Pentest scripts I have made or commonly use
- unix-privesc-check - Automatically exported from code.google.com/p/unix-privesc-check
- Git_Pentesting_Toolkit - Exploit pack for pentesters and ethical hackers.
- aria2-static-builds - aria2 static builds for GNU/Linux & Windows (with OpenSSL).
- SeedboxCreationScript - Scripts and related items for creating a fully featured Seedbox on various Linux platforms.
- docktorrent - :zap: Full-featured BitTorrent box runs on Docker
- sboxsetup
- rutorrent-auto-installer-centos - ruTorrent Auto Installer Script for CentOS and Debian
- uml
- lowendscript - Bash scripts to set up/bootstrap low end virtual servers
- VDVESTA - Welcome to VDVESTA, a shell script auto Custom & Install VESTACP for your CentOS Server Release 7 x86_64. Thanks you for using!
- ssss - Stupid Simple Seedbox Script
- rtinstall
- dockerfiles - Discontinued. Fork at your will.
- seedbox - Docker containers for running a seedbox/media server
- ipv6_dhclient_online_net - seedbox一键脚本 Deluge+Flexget,rutorrent, rtorrent + ruTorrent,Transmission+Flexget,FTP,VPN,VNC,SSH Proxy,Rapidleec
- seedbox - rTorrent + ruTorrent + Webserver + XMLRPC-C (un)installation script
- Seedbox-installer - Preparing and installing a fully seedbox server (Plex Media Server + Sonarr/Radarr or SickRage/CouchPotato + Transmission or rTorrent/ruTorrent + Jackett + Tautulli)
- docker-rtorrent-rutorrent
- rutorrent-essential - Auto install script for rTorrent with ruTorrent
- arch-rtorrentvpn - Docker build script for Arch Linux base with ruTorrent, rTorrent, autodl-irssi, Privoxy and OpenVPN
- pimp-my-box - :seedling: Automated seedbox install of rTorrent-PS and PyroScope CLI etc. via Ansible.
- ultimate-torrent-setup - All the files needed for the Ultimate Torrent Setup, featuring Ubuntu, rtorrent, ruTorrent, Sonarr, Radarr.
- rutorrent-bonobox - Auto install script for rTorrent with ruTorrent
- Rtorrent-Auto-Install - Auto install script for rtorrent with Rutorrent as GUI.
- rtinst - seedbox installation script for Ubuntu and Debian systems
- gfwlist2privoxy - 将 gfwlist.txt(Adblock Plus 规则)转换为 privoxy.action
- vps2arch - The fastest way to convert a VPS to Arch Linux!
- docker-transmission-openvpn - Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
- china-operator-ip - 中国运营商IPv4/IPv6地址库-每日更新
- searx-with-dnscrypt - Searx metadata search engine meets dnscrypt in Docker
- script - Some Linux scripts
- adapta-kde - Adapta KDE customization
- centminmod - CentOS Shell menu based Nginx LEMP web stack auto installer (GPLv3 licensed)
- SELKS - A Suricata based IDS/IPS distro
- dcs-tools - Tools for making remote Linux node management easy
- blackip - IP Blocklist for Ipset / Squid-Cache
- RaspberryPi-script - RaspberryPi 2-B script
- alpine-caddy - Alpine Linux Docker Container running Caddyserver
- Caddy-Web-Server-Installer - Script to manage Caddy web server
- docker-arm - Build Docker and Swarm on an ARM SoC like the Raspberry Pi
- docker - FileRun Docker Image
- docker-pan - Docker:Filerun+AriaNg+Aria2,Personal cloud disk 搭建个人的可离线云盘
- CharlesScripts - My awesome scripts for Arch Linux or Ubuntu Gnome latest LTS or MacBook.
- cs-suite - Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
- whois.sh - A light weight whois tools written by shell.
- streisand - Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
- macos-virtualbox-vm - Instructions and script to help you create a VirtualBox VM running macOS.
- eternal_scanner - An internet scanner for exploit CVE-2017-0144 (Eternal Blue) & CVE-2017-0145 (Eternal Romance)
- acme.sh - A pure Unix shell script implementing ACME client protocol
- programmer-job-blacklist - :see_no_evil:程序员找工作黑名单,换工作和当技术合伙人需谨慎啊 更新有赞
- one-key-ikev2-vpn - A bash script base on Centos or Ubuntu help you to create IKEV2/L2TP vpn.
- ScanCannon - Combines the speed of masscan with the reliability and detailed enumeration of nmap
- EasySeedbox - Easy Seedbox is an unobtrusive transmission seedbox installation script for Ubuntu and Debian systems
- install-transmission - Transmission Install Script (CentOS)
- Linux-Tutorial - 《Java 程序员眼中的 Linux》
- shell-scripts - Linux Shell Scripts
- ssr-finalspeed-server-docker
- ssr-with-net-speeder - Shadowsocksr with net speeder
- ssr-bbr-docker - Dockerfile for ssr+bbr_powered
- Fail2ban - 最简单的防止SSH暴力破解的脚本
- YankeeBBR - 来自Loc大佬Yankee魔改的BBR的Debian一键安装包
- PowerShellEmpireDocker - PowerShell Empire docker build
- setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
- docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
- openvpn-install - Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
- Resilio-Sync - Resilio Sync一键安装脚本
- ReverseAPK - Quickly analyze and reverse engineer Android packages
- PNP-PortableHackingMachine - This script will convert your Raspberry Pi 3 into a portable hacking machine.
- caddy-docker - Docker container for Caddy
- GooGle-BBR - GooGle开源TCP加速算法
- dropkick.sh - Detect and disconnect hidden WiFi cameras in that AirBnB you're staying in
- borg-backup.sh - A simple shell script for driving BorgBackup
- borg-cron-helper - Helper shell scripts for BorgBackup to automate backups and make your life easier… 😉
- CustomDebian - script to build your custom live Debian
- linux-live - Linux Live Kit
- remastersys - Remastersys Tool for Backup Your Ubuntu System
- STIG-4-Debian - Security Technical Implementation Guide for Debian
- bash-powerline - Powerline-style Bash prompt in pure Bash script. See also https://github.com/riobard/zsh-powerline
- parsing-techniques - 📕 parsing techniques 中文译本——《解析技术》
- infinality-debian-package - Necessary files and scripts to build Infinality for Debian
- Zeus - AWS Auditing & Hardening Tool
- Arch-Linux-Installer - Arch-Linux-Install-Script/Arch Linux 安装脚本
- Woobuntu
- elasticsearch-definitive-guide-cn - Elasticsearch权威指南中文版
- LazyDroid - bash script to facilitate some aspects of an Android application assessment
- astroid - ASTROID v 1.2 bypass most A.V softwares
- jboss-autopwn - A JBoss script for obtaining remote shell access
- vpn - vpn一键安装包
- GitTools - A repository with 3 tools for pwn'ing websites with .git repositories available
- across - Across the Great Wall we can reach every corner in the world
- awesome-ci - Awesome Continuous Integration - Lot's of tools for git, file and static source code analysis.
- oh-my-shadowsocks - shadowsocks config on server, supervisor support
- OSINT_Script
- dumbpentester - Fire and forget pentest script automating the finding of all vulns which *can* be found automaticaly
- Meterpreter_Paranoid_Mode-SSL - Meterpreter Paranoid Mode - SSL/TLS connections
- sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572
- oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software.
- build-linux - A short tutorial about building Linux based operating systems.
- sn1per-docker - Dockerized version of Sn1per (https://github.com/1N3/Sn1per)
- FakeImageExploiter - Use a Fake image.jpg to exploit targets (hide known file extensions)
- git-remote-gcrypt - PGP-encrypted git remotes
- zsh-iterm-touchbar - Display feedback of terminal in the 🍏 Touchbar
- Pentest-Scripts - Github for the scripts utilised during Penetration test
- E2P - Email 2 Post: 监测并解析博客管理员邮件,自动部署博文,更新博客。(针对hexo博客系统)
- Hack - A typeface designed for source code
- docker-gitlab - Dockerized GitLab
- dnspop - Analysis of DNS records to find popular trends
- Ubuntu-Telemetry-Free-Privacy-Secure - This Bash script just removes a pre-installed Telemetry, a pre-installed software and libs with some potentional or high risk. Script removes them to make your experience better and more secure. Also, the script installs an additional software for the protection. You will find more advices in Readme file about "what you can do more".
- arm-docker-fixes - Scripts and hotfixes to fix some issues with Docker on ARM devices
- misp-book - User guide of MISP
- Sn1per - Automated pentest framework for offensive security experts
- ccrm - 新手检测树莓派国内源脚本
- payloads - Git All the Payloads! A collection of web attack payloads.
- myPiLFS - linux from scratch (lfs) on raspberry pi
- ip2hosts - Dirty bash script to obtain hosts given an IP address
- snuff - Automate ARP poisoning, ssltrip, and ettercap.
- crypscan - A suite of tools for cryptographic analysis developed with system administrators in mind.
- testssl.sh - Testing TLS/SSL encryption anywhere on any port
- OnLive - Onlive Firmware Dumps
- graudit - grep rough audit - source code auditing tool
- nomohead - Simple Bash script that announces IP Address and ngrok tunnel of Raspberry Pi at boot
- ngrok-script - A script to run local ngrok client for linux and windows
- AShell - 开发者常用脚本shell
- n - Node version management
- bash-it - A community Bash framework.
- ubuntu-configuration - Configuration of Debian based OS, such as: Ubuntu, Mint, and Elementary OS
- config-ubuntu - Quickly Setup Ubuntu Desktop or Server with all-in-one Bash Scripts.
- VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
- cc_iptables - 收集处理DDOS、CC攻击各类脚本,包括NGINX日志中的CC攻击IP处理。
- EasyKit - Rootkit developed via Shell
- pi-pwnbox-rogueap - Homemade Pwnbox :rocket: / Rogue AP :satellite: based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap :bulb:
- Dictionary-Of-Pentesting - Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
- vpstoolbox - 一键安装Trojan-GFW代理,Hexo博客,Nextcloud等應用程式。
- cloud_native_security_test_case - 一些和容器化/容器编排/服务网格等技术相关的安全代码片段[自用备份]
- ShellManageSoftware - This is a set of Linux software management tools project, using shell development, script lightweight and simple, support plug-in extension.这是一套 Linux 软件管理工具,使用 Shell 开发,项目轻量简单,支持插件扩展。
- java-env-install - Centos系统 Java环境自动安装脚本 jdk1.8、maven3.5.3、 Tomacat8.0、Docker、Nodejs Npm
- kjyw - 快捷运维,代号kjyw,项目基于shell、python,运维脚本工具库,收集各类运维常用工具脚本,实现快速安装nginx、mysql、php、redis、nagios、运维经常使用的脚本等等...
- AtoMiC-ToolKit - AtoMiC Toolkit simplifies HTPC / Home Server setup and management on Ubuntu and Debian variants including Raspbian. It currently supports: Couchpotato, Deluged, Emby, FFmpeg, Headphones, Htpcmanager, Jackett, Kodi, Lazylibrarian, Madsonic, Mono, Mylar, Nzbget, Nzbhydra, NzbToMedia, Ombi, Plex, Plexpy, Pyload, qBittorrent, Radarr, Sabnzbd+, Sickgear, Sickrage, Sonarr, Subsonic, Transmission, Unrar, Watcher, and Webmin.
- Vultr-SS-Firewall - 一整套网络加速方案(SS),速度,安全,便捷 面面俱到,操作简单,适合非IT专业人士
- kubernetes-handbook - Kubernetes中文指南/云原生应用架构实践手册 - https://jimmysong.io/kubernetes-handbook
- ohmyzsh - 🙃 A delightful community-driven (with 1700+ contributors) framework for managing your zsh configuration. Includes nearly 300 optional plugins (rails, git, OSX, hub, capistrano, brew, ant, php, python, etc), over 140 themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.
- ansible-install-k8s - 自动化部署kubernetes(支持版本1.18,1.17,1.16)
- K8s - k8s集群一键化,Kubernetesv1.13.2集群"真一键"离线安装,图形化菜单向导实测单机版支持腾讯云服务器
- Threat_Hunting_with_ELK - 天御攻防实验室 - 威胁猎杀实战系列
- Genymotion_ARM_Translation - 👾👾 Genymotion_ARM_Translation Please enjoy!
- ctf-tools - CTF 工具集合
- docker-ss-tproxy - ss-redir 全局透明代理 (REDIRECT + TPROXY)
- swerpbox - SwerpBox, a seedbox and Media Center combined with the power of 🐳 Docker.
- HiddenVM - HiddenVM — Use any desktop OS without leaving a trace.
- docker-wechat - DoChat is a Dockerized WeChat (盒装微信) PC Windows Client for Linux
- Anti-DDOS - 🔒 Anti DDOS | Bash Script Project 🔒
- ss-panel-and-ss-py-mu - SS Panel V3 前端/节点端安装脚本,及相关附属工具管理
- LinuxShellScript - LinuxShell编程笔记
- awesome-raspberry-pi - 📝 A curated list of awesome Raspberry Pi tools, projects, images and resources
- MacCheck - 一个Mac下信息搜集小脚本 主要用于信息搜集/应急响应/检测挖矿进程/异常进程/异常启动项
- dnmp - docker-compose部署LNMP环境 Nginx/Openresty、MySQL5.7、PHP7.4(5.6)、Redis5.0、PHPMyAdmin、Xdebug、RabbitMQ、Nacos
- spaceship-prompt - :rocket::star: A Zsh prompt for Astronauts
- awesome-cheatsheets - 超级速查表 - 编程语言、框架和开发工具的速查表,单个文件包含一切你需要知道的东西 :zap:
- awesome-bbht - A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain. Feel free to fork, and add your own tools.
- ReconPi - ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
- Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
- Burp_Suite_Doc_zh_cn - 这是基于Burp Suite官方文档翻译而来的中文版文档
- PenTestKit - Useful tools and scripts during Penetration Testing engagements
- Shr3dKit - Red Team Tool Kit
- kaboom - A tool to automate penetration tests
- LinuxCheck - linux信息收集/应急响应/常见后门/挖矿检测/webshell检测脚本
- AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner
- lnmp - LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RHEL/Fedora/Aliyun/Amazon、Debian/Ubuntu/Raspbian/Deepin/Mint Linux VPS或独立主机安装LNMP(Nginx/MySQL/PHP)、LNMPA(Nginx/MySQL/PHP/Apache)、LAMP(Apache/MySQL/PHP)生产环境的Shell程序。
- V2Ray_ws-tls_bash_onekey - V2Ray Nginx+vmess+ws+tls/ http2 over tls 一键安装脚本
- CobaltStrike-ToolKit - Some useful scripts for CobaltStrike
- RpiProxy - Make a Raspberry PI as a proxy route, work with shadowsocks server, provide clean dns/proxy service
- Easy-V2ray - 简单的V2ray一键配置包,小白也能简单上手。
- openvpn-install - OpenVPN road warrior installer for Ubuntu, Debian, CentOS and Fedora
- Awesome-Shadowsocks-Qt5-Installation-on-Debian - Installation Script For shadowsocks-Qt5 on Debian
- Auto-Root-Exploit - Auto Root Exploit Tool
- Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
- GhostInTheNet - Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan
- kodachi - Linux Kodachi operating system is based on Xubuntu 18.04 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
-
CSS (66)
- Nessus-EN-2-CN - 将Nessus的英文版报告处理为中文版,能够在网页上预览,并导出为中文版CSV报告。导出的报告格式为“带有BOM的UTF-8编码”,可供测评能手等软件导入。
- hexo-theme-nexmoe - 🔥 一个比较特别的 Hexo 主题
- most-frequent-technology-english-words - 程序员工作中常见的英语词汇
- w12scan - 🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
- document-library - jsliang 的文档库. 里面包含了个人撰写的所有前端文章,例如 Vue、React,、ECharts、微信小程序、算法、数据结构等……
- hugo-theme-even - 🚀 A super concise theme for Hugo https://blog.olowolo.com/example-site/
- WebRange - 一个Web版的docker管理程序,可以用来运行各种docker漏洞环境和CTF环境。
- hexo-theme-suka - 🎨Modern, powerful and simple theme for Hexo.
- tongleer_for_wordpress - tongleer_for_wordpress是一个Wordpress版本的WeiboForWordPress微博主题,又名TleWeiboForWordPress。
- smartping - 综合性网络质量(PING)检测工具,支持正/反向PING绘图、互PING拓扑绘图与报警、全国PING延迟地图与在线检测工具等功能
- w11scan - 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
- ZVulDrill - Web漏洞演练平台
- hangzhou_house_knowledge - 2017年买房经历总结出来的买房购房知识分享给大家,希望对大家有所帮助。买房不易,且买且珍惜。Sharing the knowledge of buy an own house that according to the experience at hangzhou in 2017 to all the people. It's not easy to buy a own house, so I hope that it would be useful to everyone.
- Arukas-API - Arukas API 自动获取IP和端口,SSR服务器订阅,Arukas 监测启动
- pd3 - 基于D3 v4+进行二次封装及扩展。示例来源于日常项目及客户提出的需求,转化成数据可视化。
- BugBounty - RepoToStoreBugBountyInfo
- Xerror - fully automated pentesting tool
- CVE-2020-15999 - CVE-2020-15999
- Typora-Themes - 全部Typora主题+自定义修改
- JS-Scan - a .js scanner, built in php. designed to scrape urls and other info
- bugbountytips - bugbountytips
- vPrioritizer - vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerability/ties) they should remediate (or can afford not to) and on which (asset/s)
- owasp-threat-dragon-desktop - An installable desktop variant of OWASP Threat Dragon
- nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
- banruo
- LKWA - Lesser Known Web Attack Lab
- gridea - ✍️A static blog writing client (一个静态博客写作客户端)
- vali-admin - Free Bootstrap 4 admin/dashboard template
- fofa_view - FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera。
- powerauth-docker - Docker images for PowerAuth 2.0 Software
- secure-mobile-development - A Collection of Secure Mobile Development Best Practices
- repo-to-pdf - repository to pdf
- hugo-theme-zozo - :star2: A simple and beautiful theme for Hugo
- vulnhub-writeups - Writeups for Vulnhub's boot2root machines that I've done
- Webug4.0-Docker - Docker版本的Webug4.0
- Django-XSS-Platform
- SocialFish - Automated Phishing Tool & Information Collector
- using-docker-kubernetes-for-automating-appsec-and-osint-workflows - Repository for all the workshop content delivered at nullcon X on 1st of March 2019
- pySecurity - Python tutorials
- tintedarc - An XFCE custom arc and tint2 auto-themer, voila you have yourself a nice theme
- CloudFlarePartner - CloudFlare partner website with python and flask
- vimix-gtk-themes - Vimix is a flat Material Design theme for GTK 3, GTK 2 and Gnome-Shell etc.
- ProgrammingFonts - This is a collection of programming fonts,just share this with the programmers.Now there are 101 kinds of fantastic fonts!
- hashview - A web front-end for password cracking and analytics
- CrookedStyleSheets - Webpage tracking only using CSS (and no JS)
- wildfire - 🔥From a little spark may burst a flame.
- dvna - Damn Vulnerable NodeJS Application
- Apaxy - A simple, customisable theme for your Apache directory listing.
- blog - my super blog lite -- just one page. use vue with github api !
- QQ-Groups-Spider - QQ Groups Spider(QQ 群爬虫)
- justdelete.me - A directory of direct links to delete your account from web services.
- diy-online-privacy-starter - Chayn's Do It Yourself Online Safety guide helps women keep their online accounts and social profiles secure against harassment, and stalkers. This guide is open source.
- public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
- Farbox-NexT - A hexo theme NexT for Farbox.
- gitbook-use - 记录GitBook的一些配置及插件信息
- cssicon - icon set made with pure css code, no dependencies, "grab and go" icons
- tmt-workflow - A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
- hbase-manager - 可视化hbase数据库
- kotlin-reference-chinese - Kotlin 官方文档(参考部分)中文版
- frida-boot - Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
- Reaper - 一款用于src资产信息收集的工具
- pekja - SRC情报收集管理系统
- transmission-web-control - 一个 Transmission 浏览器管理界面。Transmission Web Control is a custom web UI.
- bottleneckOsmosis - 瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf
- CaptfEncoder - CaptfEncoder是一款跨平台网络安全工具套件,提供网络安全相关编码转换、古典密码、密码学、特殊编码等工具,并聚合各类在线工具。
- V2ray.Fun - 正在开发的全新 V2ray.Fun
-
Clojure (1)
- burp-clj - clojure实现burp插件,提供clj脚本加载环境
-
CoffeeScript (1)
- chinese-copywriting-guidelines - Chinese copywriting guidelines for better written communication/中文文案排版指北
-
KiCad (1)
- growdammit - Garden thing
-
LLVM (1)
- llvm-ir-tutorial - LLVM IR入门指南
-
Makefile (5)
- ArchWSL - ArchLinux based WSL Distribution. Supports multiple install.
- h2fuzz - everyone can fuzz h2
- reverse-engineering-for-beginners - translate project of Drops
- dircolors-solarized - This is a repository of themes for GNU ls (configured via GNU dircolors) that support Ethan Schoonover’s Solarized color scheme.
- awesome-python-cn - Python资源大全中文版,包括:Web框架、网络爬虫、模板引擎、数据库、数据可视化、图片处理等,由「开源前哨」和「Python开发者」微信公号团队维护更新。
-
Mask (1)
- Fuzzing-ImageMagick - OpenSource My ImageMagick Fuzzer ..
-
Nginx (1)
- docker-rtorrent - rTorrent is a BitTorrent client and ruTorrent is a front-end for the popular Bittorrent client rtorrent.
-
OCaml (1)
- redexer - The Redexer binary instrumentation framework for Dalvik bytecode
-
Open Policy Agent (4)
- docker-security-checker - Dockerfile Security Checker using OPA Rego policies with Conftest
- k8s-security-policies - This repository provides a security policies library that is used for securing Kubernetes clusters configurations. The security policies are created based on CIS Kubernetes benchmark and rules defined in Kubesec.io.
- dockerfile-security - A collection of OPA rules to statically analyze Dockerfiles to improve security
- opa-image-scanner - Kubernetes Admission Controller for Image Scanning using OPA
-
Roff (5)
- xlog - web日志扫描工具
- checksec.sh - Checksec.sh
- Dict - 一些弱口令、fuzz字典
- harbian-qa - Bug hunting through fuzzer/*-sanitizer/etc...
- websearch - Search engine for web assets
-
PLSQL (1)
- idaref - IDA Pro Instruction Reference Plugin
-
Rust (42)
- SassyKitdi - Kernel Mode TCP Sockets + LSASS Dump (Rust Shellcode)
- awesome-rust - A curated list of Rust code and resources.
- static-analysis - A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
- anewer - anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew
- bat - A cat(1) clone with wings.
- dog - Command-line DNS client
- scrying - A tool for collecting RDP, web and VNC screenshots all in one place
- feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
- fhc - Fast HTTP Checker.
- FES - Fast Endpoint Scanner
- unimap - Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
- tunshell - Remote shell into ephemeral environments 🐚 🦀
- nushell - A new type of shell
- http-desync-guardian - Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).
- dynamic-analysis - A curated list of dynamic analysis tools for all programming languages, binaries, and more.
- kosmonaut - A web browser engine for the space age :rocket:
- TLS-poison
- cookie_dough - A fuzzing introspection tool
- hprobe - A HTTP probe written in Rust
- RustScan - 🤖 The Modern Port Scanner 🤖
- subdomain_prepender - Prepend subdomains to domains for brute forcing.
- vita - A tool to find subdomains or domains from passive sources.
- bulkssrf - Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
- parsec - Platform AbstRaction for SECurity service
- rustbuster - A Comprehensive Web Fuzzer and Content Discovery Tool
- gitui - Blazing 💥 fast terminal-ui for git written in rust 🦀
- rssbot - Lightweight Telegram RSS bot for notifications only. 用于消息通知的轻量级 Telegram RSS 机器人
- BadDNS
- bottlerocket - An operating system designed for hosting containers
- cwe_checker - cwe_checker finds vulnerable patterns in binary executables
- super - Secure, Unified, Powerful and Extensible Rust Android Analyzer
- ripgrep - ripgrep recursively searches directories for a regex pattern while respecting your gitignore
- Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time.
- EroDir - A fast web directory/file enumeration tool written in Rust
- sn0int - Semi-automatic OSINT framework and package manager
- sudo_pair - Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
- shadowsocks-rust - Oh my implementation of Shadowsocks in Rust
- rust-youtube-downloader - Youtube video downloader written in Rust
- dirt - Dynamic Identification and Recognition Technology
- rbkcrack - Crack legacy zip encryption with Biham and Kocher's known plaintext attack. 使用明文攻击破解加密的 zip 文件
- dirble - Fast directory scanning and scraping tool
-
PostScript (1)
- szuthesis - :pencil: SZU Undergraduate Thesis -- Recommender System
-
ASL (1)
- pgdoc-cn - PostgreSQL manual Chinese translation by China PostgreSQL Users Group
-
ASP.NET (1)
- penetration-testing-cheat-sheet - Work in progress...
-
ActionScript (1)
- json-flash-csrf-poc - This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.
-
Arduino (2)
- MissionControl - This kids' homework desk has top that flips up to reveal a space-themed control panel.
- wifi_keylogger - DIY Arduino Wi-Fi Keylogger (Proof of Concept)
-
Assembly (7)
- SysWhispers2 - AV/EDR evasion via direct system calls.
- siofra
- jonesforth_riscv - Jonesforth RISC-V port.
- MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
- Mapping-Injection - Just another Windows Process Injection
- SysWhispers - AV/EDR evasion via direct system calls.
- windows-syscall-table - windows syscall table from xp ~ 10 rs4
-
AutoHotkey (2)
-
Batchfile (16)
- Microsoft-Activation-Scripts - A collection of scripts for activating Microsoft products using HWID / KMS38 / Online KMS activation methods with a focus on open-source code, less antivirus detection and user-friendliness.
- lpeworkshop - Windows / Linux Local Privilege Escalation Workshop
- winhardening - windows 加固脚本
- IBM_Appscan_Batch_Scan_Script - IBM AppScan批量扫描脚本
- RDP_SessionHijacking - Passwordless RDP Session Hijacking
- CISSP-Study-Guide - study material used for the 2018 CISSP exam
- auto-add-routes - China Route for VPN
- fuckcdn - CDN真实IP扫描,易语言开发
- APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
- Disable-Intel-AMT - Tool to disable Intel AMT on Windows
- ngrok-caddy - Script to run ngrok with (optional) caddy server
- domain-admin-crack - :cactus: 入域电脑用户本地提权
- scoop-apps - 合并多个Scoop仓库,加快scoop update效率
- k8s-docker-desktop-for-mac - Docker Desktop for Mac 开启并使用 Kubernetes
- Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts
-
BitBake (5)
- burp-bounty-profiles - Burp Bounty profiles compilation, feel free to contribute!
- BurpBounty - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
- IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
- BBProfiles - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
-
Boo (1)
- SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
-
Swift (22)
- NetNewsWire - RSS reader for macOS and iOS.
- open-source-mac-os-apps - 🚀 Awesome list of open source applications for macOS. https://t.me/opensourcemacosapps
- CoinPriceBar - 💰 Cryptocurrency prices on MacBook Touch Bar
- Alertmanager - Alertmanager for macOS.
- fuzzilli - A JavaScript Engine Fuzzer
- SwiftDump - SwiftDump is a command-line tool for retriving the Swift Object info from Mach-O file.
- IOSSecuritySuite - iOS platform security & anti-tampering Swift library
- frida-swift - Frida Swift bindings
- MonitorControl - 🖥 Control your external monitor brightness & volume on your Mac
- SwiftBelt - A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
- Drafter - 在iOS项目中自动生成类图和方法调用图 - Generate call graph in iOS project
- ShadowsocksX-NG - Next Generation of ShadowsocksX
- ShadowsocksX-NG-R8 - ShadowsocksX-NG-R for MacOS, ShadowsocksR
- mas - :package: Mac App Store command line interface
- EFResume - Emmmmmn, a normal resume templete in Swift.
- iOS-Weekly - 🇨🇳 老司机 iOS 周报
- iOSAppHook - 专注于非越狱环境下iOS应用逆向研究,从dylib注入,应用重签名到App Hook
- iInjection
- NEKit - A toolkit for Network Extension Framework
- v2ex - The unofficial V2EX app for iOS
- WHC_ConfuseSoftware - u3d、cocos2dx、iOS代码混淆、自动翻新专家(WHC_ConfuseSoftware)是一款新一代运行在MAC OS平台的App、完美支持Objc和Swift、U3D、Cocos2dx项目代码的自动翻新(混淆)、支持文件夹名称、文件名、修改资源文件hash值、类名、方法名、属性名、添加混淆函数方法体、添加混淆属性、自动调用生成的混淆方法、字符串混淆加密等。。。功能强大而稳定。
-
CMake (2)
- ModernCppStarter - 🚀 Kick-start your C++! A template for modern C++ projects using CMake, CI, code coverage, clang-format, reproducible dependency management and much more.
- PothosSDR - Pothos SDR windows development environment
-
Classic ASP (2)
- fancyss - fancyss is a project providing tools to across the GFW on asuswrt/merlin based router.
- webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell
-
ColdFusion (1)
- fixinator - ColdFusion / CFML Code Security Scanner
-
Dart (1)
- bga_issue_blog - Flutter 或 Vue 全家桶(Vue + VueRouter + Vuex + Axios)抓取 GitHub 上的 Issues,结合 GitHub Pages 搭建个人博客站点,支持 GitHub 登录和评论
-
Emacs Lisp (1)
- configure - My dot files for Emacs, Openbox, XMonad, VIM, Golang, Zsh/Bash, tmux, URXVT, ArchLinux, Git, Ruby/Rails, Xbindkey, Vrome...
-
Erlang (1)
- scannerl - The modular distributed fingerprinting engine
-
HCL (4)
- terraform-burp-collaborator - Terraform configuration to build a Burp Private Collaborator Server
- ansible-role-cobalt-strike - An Ansible role for installing Cobalt Strike.
- sentinel-attack - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
- infra - 99.9% less leaked credentials
-
Haskell (3)
- ihp - λ IHP is a modern batteries-included Web Framework, built on top of Haskell and Nix.
- FuncShell - Improve your shell by making it functional through Haskell! (An update to Awkward)
- real-world-haskell-cn - 《Real World Haskell》中文翻译项目
-
QMake (1)
- XPEViewer - PE file viewer/editor for Windows, Linux and MacOS.
-
Rascal (1)
- ban_cnshort - Ban China Short Video Websites
-
Rich Text Format (7)
- eop - The Elevation of Privilege Threat Modeling Game
- Alfred-Powerpack - Alfred-Powerpack
- Hackintosh-Installer-University - Open source tutorial & information collector for hackintosh installation.
- fanqiang - 翻墙-科学上网
- oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
- clover-efi - 分享整理一些黑苹果Clover驱动配置文件
- clover - Share some hackintosh Clover files 分享一些黑苹果clover配置文件
-
SCSS (4)
- Mojave-gtk-theme - Mojave is a macos Mojave like theme for GTK 3, GTK 2 and Gnome-Shell
- hugo-theme-even - 🚀 A super concise theme for Hugo https://hugo-theme-even.netlify.app
- NES.css - NES-style CSS Framework | ファミコン風CSSフレームワーク
-
SaltStack (1)
- salt-k8s-ha - SaltStack自动化部署Kubernetes-HA集群、二进制部署、便于理解原理
-
Scala (2)
-
Scheme (1)
- radamsa - a general purpose fuzzer
-
Smali (7)
- AnnhubBS - 卓护(Annhub)加固平台是一个针对安卓平台应用进行扫描评估和安全加固的平台。
- RXjadx - Fart脱壳后指令抽取修复 jadx对抗 对抗jadx Fart脱壳 Android脱壳 dexDump dex主动抽取
- sci - Framework designed to automate the process of assembly code injection (trojanising) within Android applications.
- Android-software-security-and-reverse-analysis - Android软件安全与逆向分析
- SigKill - 一键绕过App签名验证
- AhMyth-Android-RAT - Android Remote Administration Tool
-
Smarty (4)
- Golang-100-Days - Golang - 100天从新手到大师
- k8s-ctf-rocks - Kubernetes Easter CTF
- w13scan - Passive Security Scanner (被动式安全扫描器)
- SSPanel-Uim - SSPanel V3 魔改再次修改版
-
SourcePawn (1)
- awvs_script_decode - 解密好的AWVS10.5 data/script/目录下的脚本
-
TeX (14)
- machine-learning-cheat-sheet - Classical equations and diagrams in machine learning
- latex-template - collections of latex template source
- owasp-masvs - The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
- pandoc-latex-template - A pandoc LaTeX template to convert markdown files to PDF or LaTeX.
- cv_resume - A latex cv/resume template.
- nndl - Another Chinese Translation of Neural Networks and Deep Learning
- deeplearningbook-chinese - Deep Learning Book Chinese Translation
- awesome-tls-security - A collection of (not-so, yet) awesome resources related to TLS, PKI and related stuff
- Ankihelp - LaTeX 排版的中文 Anki 手册
- typeset
- Leetcode-Java - Leetcode刷题之旅
- LaTeX_generate_Chinese_resume - 用LaTeX制作优雅的中文个人简历,适合IT从业者。FontAwesome字体+Adobe字体+有照片和无照片版本,总有一款适合你。
- latex - 这是一个latex的个人简历排版与前端各类学习站点仓库
- WanHuCV - LaTeX Template for Curriculum Vitæ 个人中英文简历 LaTeX 模板
-
VBA (1)
- spoofing-office-macro - :fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
-
VimL (1)
- vim-colors-solarized - precision colorscheme for the vim text editor
-
Visual Basic (7)
- Craal - Finding Valuable Needles in Global Source Code Haystacks with Automation
- revbshell - ReVBShell - Reverse VBS Shell
- XBurpCrack - This is a tool to bypass the cracked version of the burpsuite_pro(Larry_Lau) certification deadline through time reversal.
- PlasmaRAT - Remote Access Trojan(RAT), Miner, DDoS
- StarFighters - A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.
- VBSMeter - VBS Reversed TCP Meterpreter Stager
- ISPiggy - Decentralized DNS fuzzer to mitigate ISP Snooping
-
Visual Basic .NET (1)
- Winapp2 - A database of extended cleaning routines for popular Windows PC based maintenance software.
-
XSLT (3)
- Pentest-Notes - Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
- pentest_compilation - Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios
- BypassAntiVirus - 远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
-
YARA (8)
- YaraHunts - Random hunting ordiented yara rules
- ghidra_scripts - Scripts for the Ghidra software reverse engineering suite.
- PhishingKit-Yara-Rules - Repository of Yara rules dedicated to Phishing Kits Zip files
- APT_CyberCriminal_Campagin_Collections - APT & CyberCriminal Campaign Collection
- rules - Repository of yara rules
- APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
- signature-base - Signature base for my scanner tools
- red_team_tool_countermeasures
-
Zeek (1)
- Threat-Intelligence-Data - Snort_rules detection bad actors.
-
Zig (1)
- OffensiveZig - Some attempts at using Zig(https://ziglang.org/) in penetration testing.
-
nesC (1)
- TinyOS_IDS - A IDS system for WSN based on CTP and TinyOS
-
PLpgSQL (1)
- 103976 - 103976个英语单词库(sql版,csv版,Excel版)包含英文单词,中文翻译,单词的词性及多种词义,执行SQL语句就可以生成表,支持SQL Server,MySQL等多种数据库
-
Tcl (1)
- TCLtools - Сollection of TCL scripts for Cisco IOS penetration testing
-
M (1)
- iOSBlog - 微博@iOS程序犭袁 的blog
-
Markdown (1)
- rust-book-chinese - rust 程序设计语言 中文版
-
Max (1)
- microllaborators - microllaborators 👩👦👦🔮🔬👩🏫 - the revolution in teaching
Programming Languages
Categories
Python (1887)
1,819
Others (1002)
1,003
Go (531)
526
Java (504)
484
JavaScript (485)
481
Shell (473)
455
C (286)
284
C++ (225)
222
C# (212)
208
PHP (184)
179
HTML (177)
176
PowerShell (153)
147
Ruby (88)
86
CSS (66)
66
TypeScript (64)
63
Vue (45)
46
Rust (42)
41
Dockerfile (37)
36
Objective-C (33)
32
Jupyter Notebook (27)
27
Lua (24)
24
Swift (22)
21
Perl (22)
20
Kotlin (19)
19
Batchfile (16)
15
TeX (14)
14
Vim script (13)
13
Nim (13)
13
YARA (8)
8
Assembly (7)
7
Visual Basic (7)
7
Rich Text Format (7)
7
TSQL (6)
6
Objective-C++ (6)
6
Smali (7)
6
Pascal (5)
6
Roff (5)
5
Makefile (5)
5
Open Policy Agent (4)
4
BitBake (5)
4
Smarty (4)
4
HCL (4)
4
Logos (3)
3
SCSS (4)
3
VBScript (3)
3
XSLT (3)
3
Haskell (3)
3
Scala (2)
2
CMake (2)
2
Arduino (2)
2
License
2
WebAssembly (1)
2
F# (2)
2
Classic ASP (2)
2
AutoHotkey (2)
2
KiCad (1)
1
Max (1)
1
Tcl (1)
1
ASL (1)
1
Rascal (1)
1
Clojure (1)
1
LLVM (1)
1
PostScript (1)
1
SaltStack (1)
1
PLSQL (1)
1
Boo (1)
1
Scheme (1)
1
Nginx (1)
1
Zeek (1)
1
Markdown (1)
1
PLpgSQL (1)
1
Erlang (1)
1
VBA (1)
1
SourcePawn (1)
1
ASP.NET (1)
1
nesC (1)
1
VimL (1)
1
ActionScript (1)
1
CoffeeScript (1)
1
M (1)
1
QMake (1)
1
Visual Basic .NET (1)
1
OCaml (1)
1
ColdFusion (1)
1
Mask (1)
1
Zig (1)
1
Dart (1)
1
Emacs Lisp (1)
1
Sub Categories
Keywords
security
455
python
281
hacking
210
pentesting
195
bugbounty
176
security-tools
172
golang
169
linux
132
penetration-testing
131
java
118
docker
115
go
114
pentest
108
android
106
awesome
98
windows
98
infosec
97
scanner
89
osint
87
awesome-list
86
javascript
84
php
76
reverse-engineering
75
redteam
70
exploit
66
macos
66
cybersecurity
63
pentest-tool
63
python3
62
proxy
60
reconnaissance
60
vulnerability
59
ctf
57
recon
56
burpsuite
55
hacking-tool
55
xss
55
web
52
shell
52
vue
51
kubernetes
50
dns
49
ios
49
security-audit
49
fuzzing
46
vulnerability-scanners
46
burp-extensions
45
powershell
43
vulnerabilities
41
tools
41