Gu4rdEr's repositories
RedTeamNotes
红队笔记
vulnerability-paper
收集的文章 https://mrwq.github.io/vulnerability-paper/
VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
awesome-cloud-security
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
URLs-IP-Address
一个实现批量URLs解析IP到查询归属地功能的小工具。
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
PLtools
整理一些内网常用渗透小工具
PocOrExp_in_Github
聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
oFx
漏洞批量扫描框架,0Day/1Day全网概念验证,~~刷洞,刷肉鸡用~~
vulbase
各大漏洞文库合集
live2d-widget
把萌萌哒的看板娘抱回家 (ノ≧∇≦)ノ | Live2D widget for web platform
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
wiki
WgpSec 公开POC WIKI文库 @PeiQi0 师傅
PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
WebHackersWeapons
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
webshell
This is a webshell open source project
php-webshells
Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
ElevateKit
The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
awesome-cve-poc
✍️ A curated list of CVE PoCs.
Medusa
:cat2:Medusa是一个漏洞扫描平台,单目标秒级探测。 http://medusa.ascotbe.com
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat的漏洞利用脚本,优先更新高危且易利用的漏洞利用脚本,最新添加CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2019-17558、CVE-2019-6340
PrivescCheck
Privilege Escalation Enumeration Script for Windows
windows-kernel-exploits
windows-kernel-exploits Windows平台提权漏洞集合
linux-kernel-exploits
linux-kernel-exploits Linux平台提权漏洞集合