r0cky's repositories
r0ckysec.github.io
一个游走在安全界的菜鸡
assetfinder
Find domains and subdomains related to a given domain
bayonet
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
behinder_source
Behinder3.0 Beta4 源码(Decompile and Fixed)
BurpJSLinkFinder
Burp Extension for a passive scanning JS files for endpoint links.
CrossC2-C2Profile
CrossC2通信协议API实现
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
go
The Go programming language
go-security
GO安全开发自用封装库
ja-netfilter
A javaagent framework
LangSrcCurise
SRC子域名资产监控
metasploit-framework
Metasploit Framework
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
saucerframe
python3批量poc检测工具
ShiroExploit-Deprecated
Shiro550/Shiro721 一键化利用工具,支持多种回显方式
SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
sqlmap
Automatic SQL injection and database takeover tool
webshell
This is a webshell open source project
webshell-venom
免杀webshell无限生成工具(利用随机异或无限免杀D盾)
xray
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.