eylity Goto Github PK

aggressor

Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password

atents-classf-c

behinder

“冰蝎”动态二进制加密网站管理客户端

blasting_dictionary

爆破字典

bypassantivirus

远控免杀系列文章及配套工具，搜集汇总了互联网上的几十种免杀工具和免杀方法，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

cvebase.com

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

exphub

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，优先更新高危且易利用的漏洞利用脚本，最新添加CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

exploitdb

The official Exploit Database repository

frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

fuzzdb

Automatically exported from code.google.com/p/fuzzdb

fuzzdicts

Web Pentesting Fuzz 字典,一个就够了。

k8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

malleable-c2-profiles

Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

malleable-c2-profiles-1

Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.

mimipenguin

A tool to dump the login password from the current linux user

nishang

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

penetration_testing_poc

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

pikachu

一个好玩的Web安全-漏洞测试平台

powersploit

PowerSploit - A PowerShell Post-Exploitation Framework

regeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

rw_password

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

shadowbroker

The Shadow Brokers "Lost In Translation" leak

ssrf-lab

Lab for exploring SSRF vulnerabilities

test

test

upload-labs-writeup

upload-labs writeup

vulapps

快速搭建各种漏洞环境(Various vulnerability environment)

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

vulnx

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

vulscan

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

web-security-learning

Web-Security-Learning