harris2015's repositories
Blasting-Dictionary
网站后台、文件包含、WebShell等爆破字典!
awvs13_batch_py3
针对 AWVS扫描器开发的批量扫描脚本,支持联动xray、burp、w13scan等被动批量
bugbounty-wordlist
Real world bug bounty wordlists
bugBountyTemplates
List of reporting templates I have used since I started doing BBH.
domainNamePredictor
一个简单的现代化公司域名使用规律预测及生成工具
Frog-Auth
🐸Unauthorized Detection Framework未授权访问检测框架
GitlabVer
gitlab version index
goon
goon,是一款基于golang开发的扫描及爆破工具功能如下:扫描模式支持ip探活(ipscan)、端口扫描(portscan)、web扫描(webscan -web y)、title扫描(titlescan)、dirscan、备份文件扫描(backscan)、插件扫描(pluginscan)、自定义扫描(autoscan)。爆破模式支持ftp爆破、mssq爆破、mysql爆破、postgres爆破、redis爆破、ssh爆破。
HACK
Se37-山屿开发的python黑客工具库
hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
henggeFish
自动化批量发送钓鱼邮件(横戈安全团队出品)
ImpulsiveDLLHijack
C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
InCloud
运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程,可以自己根据喜好定制功能,InCloud已经为您定制好了十种针对网段和域名的不同场景的信息收集与漏洞扫描流程。
KingOfBugBountyTips
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..
lit-bb-hack-tools
Little Bug Bounty & Hacking Tools⚔️
log4j-payload-generator
Log4j jndi injects the Payload generator
Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
Penetration_Testing_POC
有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Serein
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
ShiroAttack2
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
ShuiZe_0x727
信息收集自动化工具
SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
tig
Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
xssfinder
XSS discovery tool