ne0ke718's repositories
HackReport
渗透测试报告/资料文档/渗透经验文档/安全书籍
veinmind-tools
veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
AppInfoScanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
ARL-backup
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
box
TVbox开源版(空壳-自行配置)
btrace
BTrace - a safe, dynamic tracing tool for the Java platform
CatTails
Raw socket library/framework for red team events
CHAOS
:fire: CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
DarkAngel
DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、企业微信通知。
Dirscan
Dirscan是一款由go编写的高并发的目录扫描器,现在已经支持GET、HEAD、递归扫描、代理等功能功能,后续努力实现更多功能。
dns-over-https
High performance DNS over HTTPS client & server
InjectLib
基于Ruby编写的命令行注入版本
ip2region
Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming languages
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
LinuxCheck
Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查
Loki
Loki - Simple IOC and YARA Scanner
ngx_lua_waf
ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
openscap
NIST Certified SCAP 1.2 toolkit
openvpn-install
OpenVPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora and Amazon Linux 2
proxy_pool
Python爬虫代理IP池(proxy pool)
QQFlacMusicDownloader
[秋城落叶] QQ 音乐源无损歌曲下载
S-BlastingDictionary
自己搜集的爆破字典,包括常用用户名、密码弱口令、SQL万能密码等
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Sign-Sacker
Sign-Sacker(签名掠夺者):一款数字签名复制器,可将其他官方exe中数字签名,图标,详细信息复制到没有签名的exe中,作为免杀,权限维持,伪装的一种小手段。
SysmonCommon
The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.
Vulmap
Vulmap Online Local Vulnerability Scanners Project
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1