sie504

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Language:HTMLApache-2.06236 253 7

PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

6095 414 26

1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Language:C++5138 135 10

sql-injection-payload-list

🎯 SQL Injection Payload List

MIT4471 91 5

my-re0-k8s-security

:atom: [WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

Language:Shell2808 46 2

HaE

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

Language:JavaApache-2.02507 34 186

Safety-Project-Collection

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

2129 76 2

Bug-Bounty-Beginner-Roadmap

This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.

GPL-3.01517 29 5

Chinese-Security-RSS

网络安全资讯的RSS订阅，网络安全博客的RSS订阅，网络安全公众号的RSS订阅

1268 30 5

PocList

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE

Language:Java1079 37 3

BountyHunterInChina

重生之我在安全行业讨口子系列，分享在安全行业讨口子过程中，SRC、项目实战的有趣案例

MIT1049 30 1

Application-Gateway

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, ACME automatic HTTPS certificate, WAF (Web Application Firewall), CC defense, OAuth2 Authentication, load balancing, etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、ACME自动化HTTPS证书、WAF (Web Application Firewall)、CC防御、OAuth2身份认证、负载均衡等。

Language:GoNOASSERTION1032 39 41

MemoryShellLearn

分享几个直接可用的内存马，记录一下学习过程中看过的文章

Language:Java902 9 1

BugBountyBooks

A collection of PDF/books about the modern web application security and bug bounty.

841 280

scaninfo

fast scan for redtools

Language:GoMIT800 11 8

oFx

漏洞批量验证框架

Language:PythonGPL-3.0768 22 10

Java

关于学习java安全的一些知识,正在学习中ing,欢迎fork and star

Language:Java760 10 1

sec-interview

信息安全面试题汇总

688 9 4

EasyPen

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation

Language:JavaScript598 16 6

Fuzz_dic

参数 | 字典 collections

Language:Python560 100

Attack_Code

文章 Attack Code 的详细全文。安全和开发总是具有伴生属性，尤其是云的安全方向，本篇文章是希望能帮助到读者的云安全入门材料。Full text of the article Attack Code. Security and development always have concomitant attributes, and this is especially true with the security direction of the cloud. This article is an introduction to cloud security that I hope will help readers.

Language:Shell528 50

TerraformGoat

TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

Language:HCLApache-2.0507 8 8

book1

《数据安全架构设计与实战》：本书系统性地介绍数据安全架构的设计与实践，融入了作者多年在安全领域积累的实践经验。全书分四大部分，共20章。第一部分介绍安全架构的基础知识，内容包括安全、数据安全、安全架构、5A方法论、CIA等基本概念,为后续论述奠定基础。第二部分介绍产品安全架构，内容包括：身份认证、授权、访问控制、审计、资产保护等，讲解如何从源头设计来保障数据安全和隐私安全，防患于未然。第三部分介绍安全技术体系架构，内容包括：安全技术架构、网络和通信层安全架构、设备和主机层安全架构、应用和数据层安全架构、安全架构案例分析等。第四部分介绍数据安全与隐私保护治理，内容包括：数据安全治理、数据安全政策文件体系、隐私保护基础与增强技术、GRC治理框架、数据安全与隐私保护的统一等。

Language:Python135 5 1