liming's repositories
Active-Directory-Pentest-Notes
个人域渗透学习笔记
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
awesome-bug-bounty
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
awesome-cloud-security
awesome cloud security || 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
BokuLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
collection-document
Collection of quality safety articles. Awesome articles.
Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
facebook-bug-bounty-writeups
Facebook Bug Bounties
Fastjson
Fastjson姿势技巧集合
feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Library-POC
漏洞poc&exp存档
Mind-Maps
Mind-Maps of Several Things
mysql-magic
dump mysql client password from memory
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Pentest_Note
渗透测试常规操作记录
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
RedTeamTools
记录自己编写、修改的部分工具
reGeorgX
reGeorgX is a project that seeks to aggressively refactor reGeorg - reGeorg重构计划
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
spyhunt
recon for bug hunters
vulbase
各大漏洞文库合集
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
Yasso
强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp,ssh,redis,postgres,mongodb,mssql,mysql,winrm等服务爆破,快速的端口扫描,强大的web指纹识别,各种内置服务的一键利用(包括ssh完全交互式登陆,mssql提权,redis一键利用,mysql数据库查询,winrm横向利用,多种服务利用支持socks5代理执行)