Beast code in Giters

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Language:Python407500

shellcode-bypass-go

go语言免杀shellcode

Language:Go1900

SecurityTesting

Language:Python100500

turbo-intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Language:KotlinApache-2.0144200

fscan

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

Language:GoMIT931900

AV_Bypass

Evading Anti-Virus with Unusual Technique

Language:Python20900

1earn

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

600

HowToHunt

Collection of methodology and test case for various web vulnerabilities.

GPL-3.0596900

Atlas

Quick SQLMap Tamper Suggester

Language:PythonGPL-3.0131400

CVE-2019-1458

CVE-2019-1458 Windows LPE Exploit

Language:C++MIT13600

TongDaOA-Fake-User

通达OA 任意用户登录漏洞

Language:Python35500

Tiny-PHP-Webshell

several list of simple and obfuscate PHP shell

15500

ParamSpider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Language:PythonMIT237800

jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.

Language:JavaGPL-2.0145400

jsfuck

Write any JavaScript with 6 Characters: []()!+

Language:JavaScriptWTFPL807000

Antivirus_R3_bypass_demo

分别用R3的0day与R0的0day来干掉杀毒软件

Language:C++MIT39400

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Language:BlitzBasic359400

pentest-tools

A collection of custom security tools for quick needs.

Language:Python309400

Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

1043200

AwesomeXSS

Awesome XSS stuff

Language:JavaScriptMIT471800

XSS-LOADER

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

Language:PythonCC0-1.054200

filterbypass

Browser's XSS Filter Bypass Cheat Sheet

110500

Ladon

Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange

Language:PowerShellMIT471800

weblogicScanner

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883

Language:Python196600