清's repositories
2019_Vul_warning_Poc_Collect
整理的2019年厂商发布的漏洞预警公开POC集合,不足之处还希望多多补充,完善
Amass
In-depth Attack Surface Mapping and Asset Discovery
awesome-security-weixin-official-accounts
网络安全类公众号推荐,欢迎大家推荐
awvs_190703137
Docker Awvs
bayonet
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
cmsprint
CMS和中间件指纹库
CTFTraining
CTF Training 经典赛题复现环境
ESD
Enumeration sub domains(枚举子域名)
EyeWitness
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
fq-book
:open_book: 《这本书能让你连接互联网》科学上网Freestyle,了解网络基础知识与实践蹭网操作
fuxi
Penetration Testing Platform
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
GSIL
GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
javasec_study
java代码审计学习笔记
LinkFinder
A python script that finds endpoints in JavaScript files
nsfocus-rsas-knowledge-base
绿盟科技漏洞扫描器(RSAS)漏洞库
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pentest-Notes
《内网安全攻防-渗透测试实战指南》一些技术点概括
proxy_pool
Python爬虫代理IP池(proxy pool)
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Security_Codes
个人安全开发代码归档:包括但不限于渗透测试,资产收集,大规模漏洞扫描器,网络安全相关资料文档
SRC-script
挖掘src常用脚本
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Tentacle
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.
Tide
目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感字检测、DNS监测、网站可用性监测、漏洞库管理、安全预警等等~
TrackRay
溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
w13scan
Passive Security Scanner (被动式安全扫描器)
xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档