r35tart

RW_Password

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

Penetration_Testing_Case

用于记录分享一些有趣的案例

RedisWriteFile

通过 Redis 主从写出无损文件

GetIPinfo

用于寻找多网卡主机方便内网跨网段渗透避免瞎打找不到核心网

RedisDirScan

此脚本用于测试 Rdies 未授权访问，在没权限写ssh私钥和定时任务又不知道web绝对路径的情况下，进行WEB目录探测

onlinetools

在线cms识别|旁站|c段|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..

mail_fishing

甲方安全工程师必备，内部钓鱼系统

SQLInjectionWiki

一个专注于聚合和记录各种SQL注入方法的wiki

Cobalt_Strike_wiki

Cobalt Strike系列

upload-fuzz-dic-builder

上传漏洞fuzz字典生成脚本

redis-rogue-server

Redis(<=5.0.5) RCE

windows-kernel-exploits

windows-kernel-exploits Windows平台提权漏洞集合

CVE-2018-15982_EXP_IE

CVE-2018-15982_EXP_IE

poc_CVE-2018-1002105

PoC for CVE-2018-1002105.

Sublist3r

Fast subdomains enumeration tool for penetration testers

webshell

This is a webshell open source project

baidu-netdisk-downloaderx

:zap: 百度网盘不限速下载器 BND，支持 Windows、Mac 和 Linux。

dockerfile

some personally made dockerfile

exploits

papers

my security summit papers

reCAPTCHA

reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

shadowbroker

The Shadow Brokers "Lost In Translation" leak

Subdomain-blasting

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

xunfeng

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

EliteDaMyth

Pocsuite

This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

r35tart