xiaoQ's repositories
scalpel
scalpel是一款命令行扫描器,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。 原理:https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
awesome-cloud-security
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
SMSBoom
短信轰炸/短信测压/ | 一个健壮免费的python短信轰炸程序,专门炸坏蛋蛋,百万接口,多线程全自动添加有效接口,支持异步协程百万并发,全免费的短信轰炸工具!!hongkonger开发全网首发!!
InScan
边界打点后的自动化渗透工具
bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
Awesome-POC
一个各类漏洞POC知识库
magpie-language-design
语言设计教程(献给想学语言设计的朋友)
ddddocr
带带弟弟 通用验证码识别OCR pypi版
All-Defense-Tool
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
Chinese-Security-RSS
网络安全资讯的RSS订阅,网络安全博客的RSS订阅,网络安全公众号的RSS订阅
2022-HW-POC
2022 护网行动 POC 整理
dismember
:knife: Scan memory for secrets and more. Maybe eventually a full /proc toolkit.
0day
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
kscan
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹2000+,暴力破解协议10余种。
murphysec
An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
vault_range_poc
Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution!
cve
Gather and update all available and newest CVEs with their PoC.
lute
🎼 一款结构化的 Markdown 引擎,支持 Go 和 JavaScript。A structured Markdown engine that supports Go and JavaScript.
oval-for-el
OVAL For CentOS
log4j2_vul_local_scanner
Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check weather it's affected by log4j2 remote code execution(CVE-2021-45046)
vhost_password_decrypt
vhost password decrypt
apache-log4j-poc
Apache Log4j 远程代码执行
CVE-2021-22205
CVE-2021-22205& GitLab CE/EE RCE
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Web-Security-Learning
Web-Security-Learning
Elkeid
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.