Shad0wpf

DBScanner

自动扫描内网常见sql、no-sql数据库(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch)未授权访问及常规弱口令检测

SecTools

日常工作中的一些Python脚本

1earn

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

AboutSecurityPPT

安全方面的议题PPT

AVIator

Antivirus evasion project

awvs-decode

awvs script decode 最新最好的解码方法

betaseclab_tools

CNVD-2020-10487-Tomcat-Ajp-lfi

Tomcat-Ajp协议文件读取漏洞

CobaltStrike

CobaltStrike's source code

cve-2019-2618

Weblogic Upload Vuln(Need username password)-CVE-2019-2618

Dork-Admin

盘点近年来的数据泄露、供应链污染事件

ds_store_exp

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

Gitbook

Markdown Gitbook

GitMAD

Monitor, Alert, and Discover sensitive info and data leakage on Github.

GTFOBins.github.io

Curated list of Unix binaries that can be exploited to bypass system security restrictions

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

kibana-RCE

kibana < 6.6.0 未授权远程代码命令执行 (Need Timelion And Canvas),CVE-2019-7609

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

mremoteng-decrypt

mRemoteNG Config File Decrypt

redis-rogue-server

Redis(<=5.0.5) RCE

reverse-shell-generator

Web-based reverse shell generator

shadowsocks

Redirect attack on Shadowsocks stream ciphers

Struts2-Scan

Struts2全漏洞扫描利用工具

trojan

v2ray

最好用的 V2Ray 一键安装脚本 & 管理脚本

v2ray-guide

WeblogicScan

Weblogic vulnerability one-click poc detection.

webshell

This is a webshell open source project

wooyun-payload

从wooyun中提取的payload，以及burp插件

zh-style-guide

An open-source style guide for writing Chinese technical documents: https://zh-style-guide.readthedocs.io