kzaopa's repositories
captcha-killer-modified
captcha-killer的修改版,支持关键词识别base64编码的图片,添加免费ocr库,用于验证码爆破,适配新版Burpsuite
setup-ipsec-vpn
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
awvs13_batch_py3
针对 AWVS扫描器开发的批量扫描脚本,支持联动xray、burp、w13scan等被动批量
ctf_challenges
适用于一线安服的ctf培训题目,全docker环境一键启动
DNSlog-GO
DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面
fastjson-c3p0
fastjson不出网利用、c3p0
godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
henggeFish
自动化批量发送钓鱼邮件(横戈安全团队出品)
ksubdomain
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
Log4j2Scan
Log4j2 RCE Passive Scanner plugin for BurpSuite
mqtt-pwn
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
QingScan
一个漏洞扫描器粘合剂;支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证,SSH批量测试、vulmap。
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
xssplatform
一个经典的XSS渗透管理平台
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.