liming's starred repositories
Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
top25-parameter
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Azure-Red-Team
Azure Security Resources and Notes
Hosts_scanV2
这是一个用于IP和域名碰撞匹配访问的小工具优化版,能减少碰撞中出来的误报,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
Active-Directory-Pentest-Notes
个人域渗透学习笔记
Hunting-Active-Directory
个人整理的一些域渗透Tricks,可能有一些错误。
domainTools
内网域渗透小工具
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
RedTeam_BlueTeam_HW
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
FastjsonExploit
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
RedTeamTools
记录自己编写、修改的部分工具
HackMe-SQL-Injection-Challenges
Pen test your "friend's" online MMORPG game - specific focus, sql injection opportunities
HelloGitHub
:octocat: 分享 GitHub 上有趣、入门级的开源项目。Share interesting, entry-level open source projects on GitHub.
facebook-bug-bounties
Hacking Facebook for fun and profit: It’s not that hard, apparently (exclusive)
JavaLearnVulnerability
Java漏洞学习笔记 Deserialization Vulnerability