darknight-666's repositories
MYSQL_SQL_BYPASS_WIKI
mysql注入,bypass的一些心得
CVE-2019-3396_EXP
CVE-2019-3396 confluence SSTI RCE
RW_Password
此项目用来提取收集以往泄露的密码中符合条件的强弱密码
Pentest_Interview
个人准备渗透测试和安全面试的经验,和部分厂商的面试题
Awesome-WAF
🔥 A curated list of awesome web-app firewall (WAF) stuff.
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
VulBoxSpider
漏洞盒子入驻企业列表爬虫
src
日常src平台域名收集
SecurityTechnique
Security technique research and some funny work on it !
web-sec-interview
信息安全(Web安全/渗透测试方向)面试题/解题思路
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
CVE-2018-3191
CVE-2018-3191-PoC
xl7dev.github.io
it's my blog
scaner
扫描器是来自GitHub平台的开源扫描器的集合,包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具,如:awvs、nmap,w3af将不包含在集合范围内。
webshell-detect-bypass
绕过专业工具检测的Webshell研究文章和免杀的Webshell
Mind-Map
各种安全相关思维导图整理收集
web-log-parser
web日志分析工具
fuzzdb
Web Fuzzing Discovery and Attack Pattern Database
xxe-lab
一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
UnionPay
1.1
genpAss
**特色的弱口令生成器
scripts
Utils
nowater_web
"zhikanlz.com" for baidu, douban, tianya (web part, by web.py)