KK-OS

AI-Security-Learning

自身学习的安全数据科学和算法的学习资料

antSword

AntSword is a cross-platform website management toolkit.

Awesome-Asset-Discovery

List of Awesome Asset Discovery Resources

be-a-professional-programmer

成为专业程序员路上用到的各种优秀资料、神器及框架

books

catnip

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

chagpt.openai

ChatGPT镜像站点和技术交流

choco

Chocolatey - the package manager for Windows

commando-vm

Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.

CS-Notes

😋 技术面试必备基础知识

cupp

Common User Passwords Profiler (CUPP)

Emergency-Response-Notes

应急响应实战笔记，一个安全工程师的自我修养。

growing-up

程序猿成长计划

K8tools

K8工具(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)

Kage

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler

Ladon

大型内网渗透扫描器&Cobalt Strike，包含信息收集/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、Weblogic、ActiveMQ、Tomcat等，密码口令爆破含(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB)等,可高度自定义插件支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器一键生成Web漏洞POC,可快速扩展扫描或利用能力。支持Cobalt Strike插件化直接内存加载Ladon扫描快速拓展内网横向移动

loglizer

A log analysis toolkit for automated anomaly detection [ISSRE'16]

nse_vuln

Nmap扫描、漏洞利用脚本

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

penetration

渗透 超全面的渗透资料💯 包含：0day，xss，sql注入，提权……

Perun

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

scaner

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

SRC-experience

工欲善其事，必先利其器

sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

TrackRay

溯光 (TrackRay) 3 插件式渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|AWVS|NMAP|Metasploit）

URLextractor

Information gathering & website reconnaissance | https://phishstats.info/

vtest

用于辅助安全工程师漏洞挖掘、测试、复现，集合了mock、httplog、dns tools、xss，可用于测试各类无回显、无法直观判断或特定场景下的漏洞。

Vxscan

python3写的综合扫描工具，主要用来敏感文件探测(目录扫描与js泄露接口)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，弱口令探测，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

xray