MMM's repositories
0day-1
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
3vilGu4rd
This is a daemon process which make a programe runing all time.
ApolloScanner
自动化巡航扫描框架(可用于红队打点评估)
command
红队常用命令速查
cube
内网渗透测试工具,弱密码爆破、信息收集和漏洞扫描
fofa_viewer
一个简单实用的FOFA客户端 By flashine
FofaMap
FofaMap是一款基于Python3开发的跨平台FOFA数据采集器,支持网站图标查询、批量查询和自定义查询FOFA数据,能够根据查询结果自动去重并生成对应的Excel表格。另外春节特别版还可以调用Nuclei对目标进行漏洞扫描,让你在挖洞路上快人一步。
fofax
fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!
Fvuln
F-vuln(全称:Find-Vulnerability)是为了自己工作方便专门编写的一款自动化工具,主要适用于日常安全服务、渗透测试人员和RedTeam红队人员,它集合的功能包括:存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。
GBByPass
冰蝎 哥斯拉 WebShell bypass
goblin
一款适用于红蓝对抗中的仿真钓鱼系统
Jbin-website-secret-scraper
Jbin will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, API secrets, API tokens and many other juicy information.
jerry_springer
Spring4shell PoC
ksubdomain
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
Library-POC
放自己写的漏洞poc&exp
NimShellCodeLoader
使用nim编写的shellcode加载器
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
PentestDB
各种数据库的利用姿势
RedisEXP
Redis 漏洞利用工具
RedTeamNotes
红队笔记
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
SecOpsDev
自己闲来无事所写以及工作中抽取的安全/运维/开发方面的小脚本
SpringExploit
一款为了学习go而诞生的漏洞利用工具
tig
Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
twiki
T Wiki 云安全知识文库,可能是国内首个云安全知识文库?
weaverOA_sql_injection
泛微OA某版本的SQL注入漏洞
Windows-exploits
🎯 Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time.