w4n95 Goto Github PK
Name: w4n95
Type: User
Name: w4n95
Type: User
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
红队作战中比较常遇到的一些重点系统漏洞整理。
利用fofa搜索socks5开放代理进行代理池轮切的工具
弱口令,敏感目录,敏感文件等渗透测试常用攻击字典
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行spring boot敏感信息扫描以及进行spring相关漏洞的扫描与验证。 (SBSCAN is a penetration testing tool focused on the spring framework that can scan spring boot sensitive information for specified sites and scan and validate spring related vulnerabilities.)
scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。 原理:https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
记录安全方面的笔记/工具/漏洞合集
More than 21K security related open source tools, sorted by star count. Both in markdown and json format.
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Security-related Slide Presentation(大安全各领域各公司各会议分享的PPT)
一个既可以满足安服仔日常渗透工作也可以批量刷洞的工具盒子。集合了常见的域名收集、目录扫描、ip扫描、指纹扫描、PoC验证等常用工具,方便安服仔快速展开渗透测试
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
SHELLING - a comprehensive OS command injection payload generator
shiro加fastjson环境
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Fast subdomains enumeration tool for penetration testers
向日葵RCE,网段扫描/中文显示
代码审计自动化系统,底层架构为蜻蜓编排系统,墨菲SCA,fortify,SemGrep,hema
数据库综合利用工具
该资源为系统安全和逆向分析实验,包括作者从零学习恶意代码分析、病毒逆向分析的工具及样本,基础性文章,希望对您有所帮助~
A CAT called tabby ( Code Analysis Tool )
A Domain Name & Email Address Collection Tool
Real-time HTTP Intrusion Detection
天御攻防实验室 - 威胁猎杀实战系列
拿来即用的Tomcat7/8/9/10版本Listener/Filter/Servlet内存马,支持注入CMD内存马和冰蝎内存马
TrackAttacker | 追踪攻击者工具 | HW蓝队 | 溯源必备
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
一个集成的BurpSuite漏洞探测插件
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.