r0ckysec

pocframe

pocframe是一个基于python3的开源批量POC检测框架，默认使用协程异步请求，支持多线程并发，支持多种指定目标方式，可用于批量POC检测，也可根据需要扩展功能。

Cnblogs-Theme-SimpleMemory

个人博客

K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

r0ckysec.github.io

一个游走在安全界的菜鸡

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

assetfinder

Find domains and subdomains related to a given domain

bayonet

bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统

behinder_source

Behinder3.0 Beta4 源码（Decompile and Fixed）

BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

CrossC2-C2Profile

CrossC2通信协议API实现

CVE-2021-26121

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

go

The Go programming language

go-security

GO安全开发自用封装库

ja-netfilter

A javaagent framework

LangSrcCurise

SRC子域名资产监控

metasploit-framework

Metasploit Framework

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

r0ckysec

saucerframe

python3批量poc检测工具

ShiroExploit-Deprecated

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

SpringBootVulExploit

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

sqlmap

Automatic SQL injection and database takeover tool

VulApps

快速搭建各种漏洞环境(Various vulnerability environment)

vuln

webshell

This is a webshell open source project

webshell-venom

免杀webshell无限生成工具(利用随机异或无限免杀D盾)

xray

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.