SkyPoc's repositories
adblockrules
Rule settings required to develop ad blocking software
aka-XSSer
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
awesome-pentest
:computer:⚔️ A collection of awesome penetration testing resources, tools, and other shiny things.
awesome-shodan-queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
AzureGoat
AzureGoat : A Damn Vulnerable Azure Infrastructure
BloodHound
Six Degrees of Domain Admin
chatbox
Your Ultimate Copilot on the Desktop. Chatbox is a desktop app for GPT-4 / GPT-3.5 (OpenAI API) that supports Windows, Mac & Linux.
cupp
Common User Passwords Profiler (CUPP)
DarkAngel
DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。
dismap
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
Goggle
Rules written for brave Goggle
InfoHound
InfoHound is an OSINT to extract a large amount of data given a web domain name.
kscan
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
log4j2burpscanner
CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
OneForAll
OneForAll is a powerful subdomain collection tool
OSCP
OSCP Guide
Penetration-Testing-Tools
A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
redteamguides.github.io
redteamguides.com
security-plus
CompTIA Security+ SY0-601
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
super-xray
Web漏洞扫描工具XRAY的GUI启动器
wapiti
Web vulnerability scanner written in Python3
weblogicScanner
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
wesng
Windows Exploit Suggester - Next Generation
xpoc
为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergency response tool designed for supply chain vulnerability scanning.