liming's repositories
Active-Directory-Pentest-Notes
个人域渗透学习笔记
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
awesome-bug-bounty
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
awesome-cloud-security
awesome cloud security || 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
BokuLoader
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p
bug-bounty-reference
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
collection-document
Collection of quality safety articles. Awesome articles.
Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
facebook-bug-bounty-writeups
Facebook Bug Bounties
Fastjson
Fastjson姿势技巧集合
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Library-POC
漏洞poc&exp存档
Mind-Maps
Mind-Maps of Several Things
mysql-magic
dump mysql client password from memory
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Pentest_Note
渗透测试常规操作记录
pentest_tools
收集一些小型实用的工具
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
RedTeamTools
记录自己编写、修改的部分工具
reGeorgX
reGeorgX is a project that seeks to aggressively refactor reGeorg - reGeorg重构计划
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
SRC-experience
工欲善其事,必先利其器
TheFatRat
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
vulbase
各大漏洞文库合集
vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例:https://gh0st.cn/archives/2019-11-11/1
Yasso
强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp,ssh,redis,postgres,mongodb,mssql,mysql,winrm等服务爆破,快速的端口扫描,强大的web指纹识别,各种内置服务的一键利用(包括ssh完全交互式登陆,mssql提权,redis一键利用,mysql数据库查询,winrm横向利用,多种服务利用支持socks5代理执行)