MuQi's repositories
HowToHunt
Tutorials and Things to Do while Hunting Vulnerability.
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
ReconNote
Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
wpscan
WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.
ripgrep
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
ShiroScan
Shiro<=1.2.4反序列化,一键检测工具
360SafeBrowsergetpass
这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本,用于节省红队人员工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
WinPwn
Automation for internal Windows Penetrationtest / AD-Security
CobaltStrike
CobaltStrike's source code
redtool
日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
XSS-Payloads-1
List of XSS Vectors/Payloads
ksubdomain
无状态子域名爆破工具
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Learn-Web-Hacking
Study Notes For Web Hacking / Web安全学习笔记
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
redis_exporter
Prometheus Exporter for Redis Metrics. Supports Redis 2.x, 3.x, 4.x, 5.x and 6.x
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
XrayFofa
一款将xray和fofa完美结合的自动化工具,调用fofaAPI进行查询扫描,新增爬虫爬取扫描
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Egress-Assess
Egress-Assess is a tool used to test egress data detection capabilities
ctf-wiki
CTF Wiki Online. Come and join us, we need you!
tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Shr3dKit
Red Team Tool Kit