jack1024z's repositories
feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
dictionaries
Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks
impacket
Impacket is a collection of Python classes for working with network protocols.
secrets-patterns-db
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
ExploitHunter
常用漏洞脚本
naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
SpringBoot-Scan
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
wordlists
Real-world infosec wordlists, updated regularly
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
sigma
Main Sigma Rule Repository
afrog
A Security Tool for Bug Bounty, Pentest and Red Teaming.
BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
Nuclei-Templates-Collection
Nuclei Templates Collection
PocOrExp_in_Github
聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
NucleiTP
自动整合全网Nuclei的漏洞POC,实时同步更新最新POC!
CVE-2023-46747-RCE
exploit for f5-big-ip RCE cve-2023-46747
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache
VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
POC
2023HW漏洞整理,收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了100多个poc/exp
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
Awesome-Redteam
一个攻防知识仓库
Vulhub-Reproduce
一个Vulhub漏洞复现知识库