18260622812 Goto Github PK

-git

appinfoscanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

blasting_dictionary

爆破字典

crack

弱口令爆破工具。Weak Password Blaster Tool.

crowbar

Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.

cve-2022-1388-exp

CVE-2022-1388 F5 BIG-IP RCE 批量检测

frpcracker

一款golang编写的，批量检测frp server未授权访问、弱token的工具

fscan

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

fvuln

F-vuln（全称：Find-Vulnerability）是为了自己工作方便专门编写的一款自动化工具，主要适用于日常安全服务、渗透测试人员和RedTeam红队人员，它集合的功能包括：存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。

gscan

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

i-s00n

Anxun Shanghai (I-SOON) Data Dump Translations (PII Redacted)

jd_seckill

jsfinder

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

libprocesshider

Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

linux

linux安全检查

linuxcheck

Linux应急处置/信息搜集/漏洞检测工具，支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查

log4j-detect

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading

log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

log4jattacksurface

micro8

Gitbook

murphysec-jetbrains-plugin

MurphySec plugin for JetBrains IDEs, identify and fix open source vulnerabilities in your project. 墨菲安全推出的一款 JetBrains IDE 插件，可以用来识别并修复项目中的开源组件漏洞

orbitaldump

A simple multi-threaded distributed SSH brute-forcing tool written in Python

passworddic

2011-2019年Top100弱口令密码字典 Top1000密码字典 服务器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域名字典

penetration_testing_poc

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

pochouse

POC&EXP仓库、hvv弹药库、Nday、1day

pwlist

Password lists obtained from strangers attempting to log in to my server.

python2

python3

pycharm中的代码

reptile

LKM Linux rootkit