arews's repositories
AboutSecurity
字典、payload、基础设施搭建
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
be-a-professional-programmer
成为专业程序员路上用到的各种优秀资料、神器及框架
Burp-Non-HTTP-Extension
Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
burpFakeIP
一个用于伪造ip地址进行爆破的Burp Suite插件
cloud-ranges
A list of cloud ranges from different providers.
CNVD-2020-10487-Tomcat-Ajp-lfi
Tomcat-Ajp协议文件读取漏洞
CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner
CNVD-2020-10487/CVE-2020-1938,批量扫描工具
drupal
Verbatim mirror of the git.drupal.org repository for Drupal core. Changes will not be pulled, and merge requests will not be accepted, if you want to contribute, go to Drupal.org:
interview_python
关于Python的面试题
JustAuth
:100: 史上最全的整合第三方登录的开源库。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐、Gitlab、美团、饿了么和推特等第三方平台的授权登录。 Login, so easy!
learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
OneForAll
OneForAll是一款功能强大的子域收集工具
Pentest_Note
渗透测试常规操作记录
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist
SpringCloudLearning
《史上最简单的Spring Cloud教程源码》
Taie-RedTeam-OS
泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统
Trishul
Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.
wooyun-payload
从wooyun中提取的payload,以及burp插件
xray-crack
xray社区高级版证书生成,支持到 1.2.0 版本
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.