whojeff

followers

following

stars

fishmumu's starred repositories

secguide

面向开发人员梳理的代码安全指南

NOASSERTION13228 211 51

ffuf

Fast web fuzzer written in Go

Language:GoMIT12183 156 513

404StarLink

404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目

fuzzdb

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Language:PHP8131 366 153

YoutubeDownloader

Downloads videos and playlists from YouTube

Language:C#MIT8129 176 301

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Language:PythonNOASSERTION8045 216 73

SpringBootVulExploit

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Language:Java5713 100 8

ARL

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Language:PythonNOASSERTION4918 64 710

Godzilla

哥斯拉

icmptunnel

Transparently tunnel your IP traffic through ICMP echo and reply packets.

Language:C3080 106 27

HaE

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

Language:JavaApache-2.02769 34 200

AttackSurfaceAnalyzer

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

Language:C#MIT2682 70 330

ASVS

Application Security Verification Standard

Language:HTMLCC-BY-SA-4.02668 147 1187

Web-Fuzzing-Box

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

Language:HTML2104 33 1

MDUT

MDUT - Multiple Database Utilization Tools

Language:JavaAGPL-3.01925 39 58

icmpsh

Simple reverse ICMP shell

Language:C1548 59 11

Goby

Attack surface mapping

pystinger

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

Language:PythonBSD-3-Clause1359 21 10

CobaltStrike

CobaltStrike's source code

Language:Java135000

BypassAV

Cobalt Strike插件，用于快速生成免杀的可执行文件

CobaltStrikeScan

Scan files or process memory for CobaltStrike beacons and parse their configuration

Language:C#MIT891 27 13

yjdirscan

御剑目录扫描专业版，简单实用的命令行网站目录扫描工具，支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫描控速等功能。

webshell

免杀webshell生成工具

Language:Python710 21 10

Unexpected_information

Unexpected information 是用于标记请求包中的一些敏感信息、JS接口和一些特殊字段的BurpSuite 插件。

Language:JavaMIT566 4 6

icmptunnel

Tunnel IP over ICMP.

Language:CMIT444 17 6

SharpNetCheck

Language:C#288 5 1

Security_Learning

Security Learning For All~

SimpleShellcodeInjector

SimpleShellcodeInjector receives as an argument a shellcode in hex and executes it. It DOES NOT inject the shellcode in a third party application.

Language:C255 10 4

MSSQL-Fileless-Rootkit-WarSQLKit

WarSQLKit is a fileless rootkit and attack tool I developed for MS-SQL. With this tool you can rootkit the SQL service that uses CLR on MS-SQL servers. Thus, malicious code can be executed in the process memory of the SQL service without creating a malicious function

Language:C#MIT247 40

DiscoverTarget

前渗透信息探测工具集-URL采集

Language:Python163 8 2