Aur0ra-m

Aur0ra's repositories

APIKiller

API Security DAST & Oprations

Language:GoApache-2.0297 5 4

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

Language:Python2700

Security-Tools

本项目集成了全网优秀的攻防武器工具项目，包含自动化利用，子域名、目录扫描、端口扫描等信息收集工具，各大中间件、cms漏洞利用工具，爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。

2000

wechat2pdf

一键下载微信公众号文章PDF版

9 10

Subtaker

Language:GoApache-2.04 10

secguide

面向开发人员梳理的代码安全指南

NOASSERTION200

2022-HW-POC

2022 护网行动 POC 整理

Language:Go100

Bridge

无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。

Language:Java100

Aur0ra-m

profile

010

Aur0ra-m.github.io

Language:JavaScript01 1

awesome-cloud-security

awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员

Apache-2.0000

byp4xx

Pyhton script for HTTP 40X responses bypassing. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials and fuzzing.

Language:Python000

cs-self-learning

计算机自学指南

Language:HTMLMIT000

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonMIT000

blazehttp

可用于安全测试的非标准HTTP协议解析库

Language:GoGPL-3.0000

cf

Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作

Language:GoApache-2.0000

dingding-rssbot

dingding rssbot

Language:Python000

FindSomething

基于chrome、firefox插件的被动式信息泄漏检测工具

Language:JavaScriptGPL-3.0000

JNDI-Injection-Exploit

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Language:JavaMIT000

JSPKiller

基于污点分析的JSP Webshell检测工具，模拟JVM的栈帧操作进行数据流分析，可以检测出各种变形的JSP Webshell

Language:JavaApache-2.0000

my-re0-k8s-security

:atom: [WIP] 整理过去的分享，从零开始的Kubernetes攻防 ...

000

nju-software-analysis-homework

南京大学《软件分析》课程课后作业(非Bamboo) NJU's software analysis homework; ... Not official, just a reference

MIT000

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

MIT000

Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Apache-2.0000

PL-Compiler-Resource-1

程序语言与编译技术相关资料（持续更新中）

CC-BY-SA-4.0000

Safety-Project-Collection

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

000

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Language:PHPMIT000

Aur0ra-m

Aur0ra's repositories

APIKiller

Autorize

Security-Tools

wechat2pdf

Subtaker

secguide

2022-HW-POC

Bridge

Aur0ra-m

Aur0ra-m.github.io

awesome-cloud-security

byp4xx

cs-self-learning

PayloadsAllTheThings

blazehttp

cf

dingding-rssbot

FindSomething

JNDI-Injection-Exploit

JSPKiller

my-re0-k8s-security

nju-software-analysis-homework

nuclei-templates

Penetration_Testing_POC

PL-Compiler-Resource-1

Safety-Project-Collection

SecLists

SMSBoom

Static-Analysis-1

Tai-e-assignments