0day

各种开源CMS、各种系统的漏洞POC 以及EXP 该项目将不断更新

0day-1

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新

0days-in-the-wild

Repository for information about 0-days exploited in-the-wild.

1earn

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

2021cdn

49shouting

联通挂机任务积分脚本

520apkhook

把msf生成的安卓远控附加进普通的app中，并进行加固隐藏特征。可以绕过常见的手机安全管家。

88-autosignmachine

联通挂机任务积分脚本

akto

Instant, Open source API security → API discovery, automated business logic testing and runtime detection.

allaboutbugbounty

All about bug bounty (bypasses, payloads, and etc)

am0n-eye

aniya

免杀框架

apache-log4j-learning

Apache-Log4j漏洞复现笔记

arl

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

atexec-pro

Fileless atexec, no more need for port 445

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

attackwebframeworktools

本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等

auto-gpt

An experimental open-source attempt to make GPT-4 fully autonomous.

awesome-bbht

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

awesome-cobaltstrike

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

awesome-csirt

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

awesome-dorks

Dorks for Bug Bounty Hunting

awesome-hacking

A collection of various awesome lists for hackers, pentesters and security researchers

awesome-honeypot

Awesome Honeypot Resource Collection. Including 250+ Honeypot tools, and 350+ posts about Honeypot.

awesome-red-teaming

List of Awesome Red Teaming Resources

awesome-shodan-queries

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

awvs14-scan

针对 Acunetix AWVS扫描器开发的批量扫描脚本，支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项，支持联动xray、burp、w13scan等被动批量

banshee

Experimental Windows x64 Kernel Rootkit.

beescan-web

网络空间资产探测、网络测绘、Go语言、分布式、扫描、资产探测、资产测绘、红队、SRC | Cyberspace Asset Detection, Network Mapping, Go Language, Distributed, Scanning, Asset Detection, Asset Mapping, Red Team, SRC

black-angel-rootkit

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.