xiaoQ's repositories
Awesome-Redteam
一个红队知识仓库
DNSlog-GO
DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面
FingerprintHub
侦查守卫(ObserverWard)的指纹库
FreePAC
科学上网/翻墙梯子/自由上网/SS/SSR/V2Ray/Brook 搭建教程 免费机场、VPN工具
GitHack
A `.git` folder disclosure exploit
go-rpmdb
RPM DB bindings for go
golog
A high-performant Logging Foundation for Go Applications. X3 faster than the rest leveled loggers.
grapl
Graph platform for Detection and Response
HackReport
渗透测试报告/资料文档/渗透经验文档/安全书籍
hello-algo
《Hello 算法》:动画图解、一键运行的数据结构与算法教程,支持 Java, C++, Python, Go, JS, TS, C#, Swift, Rust, Dart, Zig 等语言。
Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
jar-analyzer
A Java GUI Tool for Analyzing Jar
jupiter
Jupiter: Governance-oriented Microservice Framework.
JYso
It can be either a JNDIExploit or a ysoserial. JYso是一个可以用于 jndi 注入攻击和生成反序列化数据流的工具。
PaddleOCR
Awesome multilingual OCR toolkits based on PaddlePaddle (practical ultra lightweight OCR system, support 80+ languages recognition, provide data annotation and synthesis tools, support training and deployment among server, mobile, embedded and IoT devices)
PeiQi-WIKI-Book
面向网络安全从业者的知识文库🍃
post-hub
内网横向
pxplan
CVE-2023-2023
QingScan
一个漏洞扫描器粘合剂,添加目标后30款工具自动调用;支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证,SSH批量测试、vulmap。
Recaf
The modern Java bytecode editor
scalpel
scalpel是一款命令行扫描器,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。 原理:https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SspiUacBypass
Bypassing UAC with SSPI Datagram Contexts
vulnerability-paper
收集的文章 https://mrwq.github.io/vulnerability-paper/
Vulnerability-Wiki
一个基于 docsify 的综合漏洞知识库,目前漏洞数量 900+
watchvuln
一个高价值漏洞采集与推送服务 | A valueable vulnerability collection and push service
微信收藏的文章
WhatWaf
Detect and bypass web application firewalls and protection systems