XTTF's starred repositories
Ladon
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息,高危漏洞检测16个含MS17010、Zimbra、Exchange
CPython-Internals
Dive into CPython internals, trying to illustrate every detail of CPython implementation
31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
TideFinger
TideFinger——指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确。
Bug-bounty
Ressources for bug bounty hunting
xxexploiter
Tool to help exploit XXE vulnerabilities
Firefox-Security-Toolkit
A tool that transforms Firefox browsers into a penetration testing suite
vmware_vcenter_cve_2020_3952
Exploit for CVE-2020-3952 in vCenter 6.7
Print-My-Shell
Python script wrote to automate the process of generating various reverse shells.
android_application_analyzer
The tool is used to analyze the content of the android application in local storage.
Pentest-Wiki
规范渗透测试报告中的漏洞名称以及修复建议
Top-Port-Slicer
Python script to give you subsets of the nmap "top-ports". For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan
wappalyzer-api
Simple wrap of [Wappalyzer](https://github.com/AliasIO/Wappalyzer) to use instead of subscription wappalyzer API.