takeboy

https-github.com-Lucifer1993-0day

https-github.com-necreas1ng-VLANPWN

learnjavabug

Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

AttackWebFrameworkTools-5.0

本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.

awesome-spider

爬虫集合

BLEN

漏洞批量验证框架

CVE-2021-4034

CVE-2021-4034 1day

easyexcel

快速、简单避免OOM的java处理Excel工具

File-Download-Generator

文件下载命令快捷生成器,单文件版

hide_execute_memory

隐藏可执行内存

hongduiziliao

红队渗透测试|攻防|学习|工具|分析|研究资料汇总

https-github.com-abatchy17-WindowsExploits

https-github.com-dr0op-bufferfly

https-github.com-taomujian-linbing

https-github.com-veo-vscan

https-github.com-White-hua-Apt_t00ls-

lamda

⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化辅助框架，你的工作从未如此简单快捷。

linux-command

Linux命令大全搜索工具，内容包含Linux命令手册、详解、学习、搜集。https://git.io/linux

linux-exploit-suggester

Linux privilege escalation auditing tool

logbackRceDemo

The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.

marshalsec

nali

An offline tool for querying IP geographic information and CDN provider.一个查询IP地理信息和CDN服务提供商的离线终端工具.

name-fuzz

针对目标已知信息的字典生成工具

Pentest101

每周(也许不)分享一些关于渗透测试的知识点

POChouse

POC&EXP仓库、hvv弹药库、Nday、1day

proxy_pool

Python爬虫代理IP池(proxy pool)

scripts

拿来练手的油猴脚本

secguide

面向开发人员梳理的代码安全指南

ThunderSearch

【信息搜集】闪电搜索器；GUI图形化渗透测试信息搜集工具

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose