TEag1e

zombie

The most powerful bruteforcer / password sprayer TOOL

gogo

面向红队的, 高度可控可拓展的自动化引擎

NCTOOls

一款针对用友NC综合漏洞利用工具

CVE-2024-21683-RCE

CVE-2024-21683 Confluence Post Auth RCE

POC

收集整理漏洞EXp/POC,大部分漏洞来源网络，目前收集整理了700多个poc/exp，长期更新。

OctoMation

OctoMation是一款免费的，具有可视化拖拽功能的编排与自动化产品。通过精心编排的Playbook，OctoMation能够联动数百款安全、网络、IT和SaaS等产品的基础能力。其主要特点包括低代码剧本编排、自动化事件响应、标准化流程操作以及可视化过程监控。 借助OctoMation，运营团队能够开展7x24小时自动化事件响应，不仅可以大幅减少对人员的过度依赖，还能确保团队工作质量始终维持在较高的水准上，最终实现“极速降本增效”。

command

红队常用命令速查

joern

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

security-paper

（与本人兴趣强相关的）各种安全or计算机资料收集

ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

jwt_tool

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

drawio-desktop

Official electron build of draw.io

GDA-android-reversing-Tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

jar-analyzer

Jar Analyzer - 一个JAR包分析工具，批量分析JAR包搜索，方法调用关系搜索，字符串搜索，Spring组件分析，CFG分析，JVM Stack Frame分析，远程分析Tomcat，进阶表达式搜索，自定义SQL查询，字节码查看，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码

fernflower

Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)

fastjson-blacklist

fastjson-bypass-autotype-1.2.68

fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.

JavaSecurityLearning

记录一下 Java 安全学习历程，也算是半条学习路线了

shiro_rce_tool

shiro 反序列 命令执行辅助检测工具

jndi_tool

JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行 漏洞检测辅助工具

watchvuln

一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it

mybatis-plus_vul

SQL injection vulnerability exists in Mybatis-Plus

Yi

A series of large language models trained from scratch by developers @01-ai

opa

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

CVE-2022-42889-PoC

Proof of Concept for the Apache commons-text vulnerability CVE-2022-42889.

Choccy

GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)

EHole_magic

EHole(棱洞)魔改。可对路径进行指纹识别；支持识别出来的重点资产进行漏洞检测(支持从hunter和fofa中提取资产)支持对ftp服务识别及爆破

EZ

EZ是一款集信息收集、端口扫描、服务暴破、URL爬虫、指纹识别、被动扫描为一体的跨平台漏洞扫描器。

MoonBox

月光宝盒：无侵入的流量录制与回放平台 A server-side traffic capture and replay platform with noninvasive

gg

一个支持节点与订阅链接的 Linux 命令行代理工具 | A command-line tool for one-click proxy in your research and development without installing v2ray or anything else (only for linux)