gdft2112's repositories
cariddi
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
mynuclei_templates
my nuclei templates
sloth
资产收集扫描脚本
goSubsWordlist
Generate wordlist from already collected subdomains for bruteforcing purposes.
LangSrcCurise
SRC子域名资产监控
inventory
Asset inventory on public bug bounty programs.
JSINFO-SCAN
递归式寻找域名和api。
xia_sql
xia SQL (瞎注) burp 插件 ,在每个参数后面填加一个单引号,两个单引号,一个简单的判断注入小插件。
Security-PPT
Security-related Slide Presentation(大安全各领域各公司各会议分享的PPT)
AttackWebFrameworkTools
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。上传getshell。sql注入等高危漏洞直接就可以拿权限出数据。其次对一些构造复杂exp漏洞进行检测。傻瓜式导入url即可实现批量测试,能一键getshell检测绝不sql注入或者不是只检测。其中thinkphp 集成所有rce Exp Struts2漏洞集成了shack2 和k8 漏洞利用工具所有Exp并对他们的exp进行优化和修复此工具的所集成漏洞全部是基于平时实战中所得到的经验从而写入到工具里。例如:通达oA一键getshell实战测试 struts2一键getshell 等等
allxss
xss templates
Log4j2-RCE-Scanner
BurpSuite Extension: Log4j2 RCE Scanner
OneForAll
OneForAll是一款功能强大的子域收集工具
BBTz
BBT - Bug Bounty Tools
CobaltStrikeDetected
40行代码检测到大部分CobaltStrike的shellcode
KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
InCloud
运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程,可以自己根据喜好定制功能,InCloud已经为您定制好了八种针对网段和域名的不同场景的信息收集与漏洞扫描流程。
pd-actions
Continuous recon and vulnerability assessment using Github Actions.
Pentest-Ansible
Ansible playbooks for Penetration Testing tooling installation
teemo
A Domain Name & Email Address Collection Tool
Vulnerability
此项目将不定期从棱角社区对外进行公布一些最新漏洞。
tabby
A CAT called tabby ( Code Analysis Tool )
123
123