Cy95

个人信息
地址
China Xiamen
粉丝
202
210
2015-02-07
项目信息

NagaScan Python 84

NagaScan is a distributed passive scanner for Web application.

weblogic_cmd Java 53

weblogic t3 deserialization rce

Dayu Java 14

一款开源指纹识别工具。

httpscan * Python 8

一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR

Teemo Python 6

A Domain Collection Tool

Feigong * PHP 5

Feigong,针对各种情况自由变化的mysql注入脚本,In view of the different things freely change the mysql injection script

dirmap * Python 3

一个高级web目录扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑

Awesome-Asset-Discovery * 2

List of Awesome Asset Discovery Resources

go-exploitdb * Go 1

vtest * Python 1

用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。

cmsprint * 1

CMS和中间件指纹库

educn-sqlScan * Python 1

对全国edu域名以及其二级域名进行的一次Sql注入,预计花费时间为三天,结束时候将提交至漏洞平台

nps * Go 1

一款轻量级、功能强大的内网穿透代理服务器。支持tcp、udp流量转发,支持内网http代理、内网socks5代理,同时支持snappy压缩、站点保护、加密传输、多路复用、header修改等。支持web图形化管理,集成多用户模式。

GyoiThonLight Python 1

GyoiThon for intelligence gatering.

BurpCollector * Python 1

通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。

x-patrol * HTML 1

github泄露扫描系统

Awvs_Nessus_Scanner_API * Python 1

扫描器Awvs 11和Nessus 7 Api利用脚本

xsec-ip-database * Go 1

xsec-ip-database为一个恶意IP和域名库(Malicious ip database)

foxpwn * JavaScript 1

Exploit code for CVE-2016-9066

javaopenrasp * Java 1

A Java Rasp Demo

tplmap * Python 1

Automatic Server-Side Template Injection Detection and Exploitation Tool

AwvScan * PHP 1

New On Live Web Vul Scan

wydomain * Python 1

目标系统信息收集组件

hackingLibrary * 1

‪APT,‬ ‪Cyber warfare,‬ ‪Penetration testing,‬ ‪Zero-day,Exploiting,‬Fuzzing,Privilege-Escalation,browser-security‪,Spyware,Malwres evade anti-virus detection,‬ ‪Rookit CYPTER,‬ ‪Antiviruses Bypassing-av,‬ social engineering,WORMS,Sandbox-Escape,‬ ‪Memory-injection,‬ ‪Ethical,Gray,White,RedTeam,Bugbounty,bug hunter,Cheat Sheet‬...

The-Hacker-Playbook-3-Translation * 1

对 The Hacker Playbook 3 的翻译。

Micro8 * 1

K8tools * Perl 1

K8工具(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)

vagrant-libvirt * Ruby 1

Vagrant provider for libvirt.

Perun * Python 1

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

FinancialSupportForOpenSource * 1

开源项目挣钱实用手册

WindowsRuntimeSecurityDemos * C# 1

Demos for Presentation on Windows Runtime Security

0day-mikrotik * Python 1

evilginx2 * Go 1

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, alowing to bypass 2-factor authentication.

CVE-2018-2893 * Python 1

CVE-2018-2893 PoC

Fuxi-Scanner * Python 1

Network Security Vulnerability Scanner

Logpara * Python 1

一个对常见的web日志进行解析处理的粗糙DEMO

S7scan * Python 1

a pentest scanner, To make excellent tools / 一个集七种功能的漏洞综合检测利用工具, 希望可以打造出一款优秀的渗透工具

insight * JavaScript 1

洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。

DNSLog * Python 1

DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。

awesome-spider * 1

爬虫集合

AngelSword * Python 1

Python3编写的CMS漏洞检测框架

teye_scanner_for_book * Python 1

《白帽子讲Web扫描》书籍参考代码

gophish * HTML 1

Open-Source Phishing Toolkit

Security-Data-Analysis-and-Visualization * 0

2018-2020青年安全圈-活跃技术博主/博客

passivedns * 0

A network sniffer that logs all DNS server replies for use in a passive DNS setup

blockchain * 0

go编写的区块链入门级项目

HTMLSimilarity * 0

网页相似度判断:根据网页结构判断页面相似性 ,可用于相似度计算、越权检测等(Determine page similarity based on HTML page structure)

SUDO_KILLER * 0

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo

ac-1 * 0

golang Aho-Corasick for byte strings

qnsm * 0

QNSM is network security monitoring framework based on DPDK.

pb * 0

Console progress bar for Golang

trochilus * 0

A Fast & free Windows remote administration tool.

Biu-framework * Python 0

Biu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)

DrSemu * 0

DrSemu - Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]

Windows-Exploit-Suggester * Python 0

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

Safety-Project-Collection * 0

收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。

HackerTools * 0

使用MFC编写的病毒技术合集

giligili * 0

gin+gorm开发的视频网站示例

exploits-2 * 0

Pwn stuff.

penetration * Python 0

渗透 超全面的渗透资料💯 包含:0day,xss,sql注入,提权……

blockchain-tutorial * Go 0

Write and publish your own blockchain in less than 200 lines of Go

Lime-RAT * 0

LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)

K8CScan * 0

Cscan 5.0 & Cobalt Strike 大型内网渗透自定义插件化扫描器(附C#/VC/Delphi/Python插件Demo源码) 程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本

ProcessMonitor * 0

Process Monitor Library (based on Apple's new Endpoint Security Framework)

http_inspect * 0

HTTP/HTTPS/DNS inspector (windows driver)

scripts-2 * 0

脚本工具

PortTran * 0

PortTran (.NET版端口转发工具 支持任意权限下转发)

IIS_backdoor * 0

backdoor

Active-Directory-Pentest-Notes * 0

个人域渗透学习笔记

MiniDump * 0

alternative to procdump

ATT-CK-CN * 0

ATT&CK实操

bannerscanner * 0

simple tcp port scanner + banner grabber

dnscrypt-proxy * Go 0

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

Web-Security-Attack * 0

Web安全相关内容

NetTracer * 0

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

oracleShell * 0

oracle 数据库命令执行

Hosts_scan * Python 0

这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

secscan-authcheck * 0

越权检测工具

C3 * C++ 0

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

JSFinder * Python 0

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

tgwechat * 0

一款采用Telegram类似的安全加密方案实现的保护个人隐私安全的微信聊天插件。

gopher-os * Go 0

A proof of concept OS written in Go

JustTrustMe Java 0

JustTrustMe的二次开发版本,用于禁用SSL证书校验,扩展了原来程序的功能。

go-masscan * Go 0

go-masscan is a golang library to run masscan scans, parse scan results.

ptrace * C 0

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志

RedTeam-BCS * 0

BCS(北京网络安全大会)2019 红队行动会议重点内容

clash * Go 0

A rule-based tunnel in Go.

UAC_bypass_windows_store * C 0

Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe)

findomain * Rust 0

The fastest and cross-platform subdomain enumerator, don't waste your time.

M1S2_PNL_4I402 C 0

[4I402] PNL : Programmation Noyau Linux

OneForAll * Python 0

OneForAll是一款强大的子域收集神器

GetWindowsKernelExploitsKB * C# 0

获取系统KB补丁对于的MS号

hackertarget * Python 0

🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯

Anti-DDOS * Shell 0

Anti DDOS | Bash Script

command-injection-payload-list * 0

🎯 Command Injection Payload List

jon * C 0

jon 是一款LINUX系统攻防工具箱,包含扫描,入侵,痕迹清理,木马,网站测试等各种黑客工具。

HollowProcess * Python 0

Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python

HollowFind * Python 0

Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.

TikiTorch * C# 0

Process Hollowing

webanalyzer * Python 0

webanalyzer wip

social_attacker * Python 0

An Open Source Multi Site Automated Social Media Phishing Framework

fuzzDicts * Python 0

Web Pentesting Fuzz 字典,一个就够了。

webshell-venom * Python 0

免杀webshell无限生成工具(免杀一句话生成|免杀D盾|免杀安全狗护卫神河马查杀等一切waf)

rdp-tunnel * C 0

Pre-compiled tools to tunnel TCP over RDP Connections

JDSRC-Small-Classroom * 0

京东SRC小课堂系列文章

MBRFilter * C 0

Cisco Talos MBR Filter Driver

TorBot * Python 0

Dark Web OSINT Tool

vulcan * Python 0

A gevent spider ,support webkit for dom parsing.

awesome-vm-exploit * 0

share some useful archives about vm and qemu escape exploit.

golang-tcp-port-reuse * Go 0

go-reuseport * Go 0

reuse tcp/udp ports in golang

AgentSmith-HIDS * C 0

Low performance loss and by LKM technology HIDS tool.from Dianrong InfoSEC team.

RedTeamCSharpScripts * C# 0

C# Script used for Red Team

30dayMakeOS * C 0

《30天自制操作系统》源码中文版。自己制作一个操作系统(OSASK)的过程

tencent_mail_weak_brute Python 0

requests-html * HTML 0

Pythonic HTML Parsing for Humans™

0xsp-Mongoose * PHP 0

Privilege Escalation Enumeration Toolkit (ELF 64/32 ) , fast , intelligent enumeration with Web API integration . Mastering Your Own Finding

FastjsonExploit * Java 0

fastjson漏洞快速利用框架

php-extension-backdoor * C 0

Simple php backdoor based on extension

evalhook-1 * C 0

Decoding a User Space Encoded PHP Script

gonotifyav * Go 0

Resident (inotify) Anti-Malware Scanner using rules from Linux Malware Detect project

Kernel_Rootkit * C 0

Linux Kernel Rootkit - To hide modules and ssh service

linux_io_hook * C 0

class project to replace 'the' with 'she' for files named 'unix.txt' as a kernel module intercepting sys_read

Kayak * Java 0

Kayak is a CAN bus analysis tool based on SocketCAN

ScDetective * C 0

A kernel level anti-rootkit tool which runs on the windows platform.

RF.go * Go 0

Random Forest implemtation in GoLang

bcrpscan * Python 0

Base on crawler result web path scanner.

go_mini_lfi * Go 0

Golang Mini LFI (Local File Inclusion) Tester

Dytan * C++ 0

Dytan Taint Analysis Framework on Linux 64-bit

SearchEngine * HTML 0

A Sample SearchEngine

KernelRootkit * C 0

Linux kernel rootkit to hide certain files and processes.

Zeus-1 * C 0

NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. I have created this repository to make the access for study as easy as possible.

sentinel-1 * C++ 0

Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. It can protect your programs against 0-day attacks or publicly known bugs.

netcat * C 0

NetCat for Windows

prevoty-nodejs * JavaScript 0

Prevoty node.js bindings

linux-kernel-test * Batchfile 0

pyAhocorasick * Python 0

a pure python Aho-corasick algorithm implementation

godigraph * Go 0

Directed graph or "digraph" implementation, written in Go. MIT Licensed.

ysec-waf-nginx-module * C 0

A lightweight web application firewall module for nginx, which is already used in the production environment.

mysqlproxy * Python 0

MySQL proxy with hook system written in python 2

pylibinjection * Python 0

minemu * C 0

Minemu is a minimal emulator for dynamic taint analysis ( this is a mirror of https://minemu.org/code/minemu.git )

BackdoorLinux * Batchfile 0

Small Backdoor/rootkit for linux kernel

SKANDA * Python 0

XssScaner * Python 0

Xss Scaner

linux-syscall-hooker * C 0

A Linux kernel module that locates the system call table in memory and hooks uname. Contributions welcome!

witness * C 0

A PHP Extension for trace/debug/monitor

sandbox * C 0

The sandbox libraries (libsandbox & pysandbox) are an open-source suite of software components for C/C++ and Python developers to create automated profiling tools and watchdog programs. The API's are designed for executing and instrumenting simple (single process) tasks, featuring policy-based behavioral auditing, resource quota, and statistics collecting.

golog * Go 0

A high-performant Logging Foundation for Go Applications. X3 faster than the rest leveled loggers.

gohbase * Go 0

Pure-Go HBase client

firehttp Go 0

一个专门用于安全工具开发的HTTP类库.

hosttool JavaScript 0

A pretty chrome extension for altering host headers.

go-spectre Go 0

POC of spectre in Golang

go-nmap Go 0

go-nmap is a golang library to run nmap scans, parse scan results.

php-httpsqs-client C 0

Automatically exported from code.google.com/p/php-httpsqs-client

hackpool Go 0

优雅的go协程库,轻松控制并发数

noodles Go 0

Noodles(面条)是一款超轻量级分布式任务调度类库(太轻量级了,谈不上框架),类似于python的celery,大量参考benmanns的goworker.

safing-ui JavaScript 0

Safing UI

httpsqs HTML 0

Automatically exported from code.google.com/p/httpsqs

legion * Python 0

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

Penetration-Testing * 0

List of awesome penetration testing resources, tools and other shiny things

vulnerability-assessment-tool * Java 0

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://sap.github.io/vulnerability-assessment-tool/

DarkNet_ChineseTrading * Python 0

🚇暗网中文网监控爬虫

slim * Go 0

Unbelievably space efficient data structures in Golang.

wesng * Python 0

Windows Exploit Suggester - Next Generation

cve-2018-1273 * Python 0

Spring Data Commons RCE 远程命令执行漏洞

TNSR_IDS * Go 0

IDS using a port mirror, Snort and an alert -> RESTCONF utility

WSPIH * Python 0

Website Sensitive Personal Information Hunter 网站个人敏感信息文件扫描器

Sysmon * Batchfile 0

MsfWrapper * Python 0

Asynchronous MSF RPC API wrapper

go-cpulimit-1 * Go 0

Throttle the CPU usage to a maximum

WMImplant * PowerShell 0

This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.

BrowserSecurity * HTML 0

我在学习浏览器安全过程中整理的漏洞分析笔记与相关的学习资料

suricata-rules * 0

平时抓包写的suricata规则,会慢慢更新

slither * Python 0

Static Analyzer for Solidity

nopowershell * C# 0

PowerShell rebuilt in C# for Red Teaming purposes

FDsploit * Python 0

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

diesel * Rust 0

A safe, extensible ORM and Query Builder for Rust

perceptor * Go 0

An open source, cloud native toolkit for threat detection and mitigation

PHP_imap_open_exploit * PHP 0

Bypassing disabled exec functions in PHP via imap_open

sysmon-modular * PowerShell 0

A repository of sysmon configuration modules

requests * Go 0

A golang HTTP client library. Salute to python requests.

exchange_proxy * Go 0

Security proxy server for Exchange server

MSRC-Security-Research * 0

Security Research from the Microsoft Security Response Center (MSRC)

webtty * Go 0

Share a terminal session over WebRTC

prvd * PHP 0

PHP Runtime Vulnerability Detection

An-English-Guide-for-Programmers * 0

专为程序员编写的英语学习指南。v1.0

red-team-scripts * PowerShell 0

A collection of Red Team focused tools, scripts, and notes

ProcInfo * Objective-C 0

process info/monitoring library for macOS

homemade-machine-learning * Jupyter Notebook 0

🤖 Python examples of popular machine learning algorithms with interactive Jupyter demos and math being explained

kerbrute * Go 0

A tool to perform Kerberos pre-auth bruteforcing

micromdm * Go 0

Mobile Device Management server

CORScanner * Python 0

🍻 Fast CORS misconfiguration vulnerabilities scanner

syscall_intercept * C 0

The system call intercepting library

scantron * Python 0

A distributed nmap scanning framework

SharpSploit * C# 0

SharpSploit is a .NET post-exploitation library written in C#

SNETCracker * C# 0

超级弱口令检查工具是一款Windows平台的弱口令审计工具,支持批量多线程检查,可快速发现弱密码、弱口令账号,密码支持和用户名结合进行检查,大大提高成功率,支持自定义服务端口和字典。

download * 0

chipsec * Python 0

Platform Security Assessment Framework

DarthSidious * 0

Building an Active Directory domain and hacking it

Windows-Secure-Host-Baseline * HTML 0

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

process-inject * C 0

在Windows环境下的进程注入方法:远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入

bitcracker * C 0

BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker

SharpDump * C# 0

SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.

Hawk-I * Python 0

Automatic extract anomalious Web attack Payloads with Unsupervised Machine Learning algorithms

usercorn * Go 0

dynamic binary analysis via platform emulation

Melkor_ELF_Fuzzer * C 0

Melkor is a very intuitive and easy-to-use ELF file format fuzzer to find functional and security bugs in ELF parsers.

tr1pd * Rust 0

tamper resistant audit log

vechain-core-nodes-security-checklist * 0

VeChain core nodes security checklist(唯链核心节点安全执行指南)

Profit * PowerShell 0

Simple PowerShell enumeration script to look for interesting files

zgrab * Go 0

Application layer scanner that operates with ZMap

phpext_phpjiami_decode * C 0

An ext for php to decode some phpjiami

DPoSDemo * Go 0

Go语言实现DPoS共识算法

nishang * PowerShell 0

Nishang - Offensive PowerShell for penetration testing and offensive security.

freddy * Java 0

Resilient-ML-Research-Platform * Python 0

DockerSecurityPlayground * JavaScript 0

A Microservices-based framework for the study of network security

ROP-detection-in-VM * C 0

kubeaudit * Go 0

kubeaudit helps you audit your Kubernetes clusters against common security controls

GOSINT-1 * JavaScript 0

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).

python-iptables * Python 0

Python bindings for iptables

LDAPPER * Python 0

AD LDAP Command Line Searching that doesn't suck.

RedTips * 0

Red Team Tips as posted by @vysecurity on Twitter

burp_collaborator_http_api * Java 0

Burp Suite Collaborator HTTP API

nlp * Python 0

兜哥出品 <一本开源的NLP入门书籍>

yamot * HTML 0

Yet Another MOnitoring Tool

Phantom-Evasion * Python 0

Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)

CVE-2018-8174-msf * Ruby 0

CVE-2018-8174 - VBScript memory corruption exploit.

diffy * Python 0

DB_BaseLine * Python 0

数据库基线检查工具

os * Go 0

Tiny Linux distro that runs the entire OS as Docker containers

saruman * C 0

ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)

DVIA-v2 * Swift 0

Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.

DockerXScan * Go 0

DockerXScan——Docker镜像漏洞扫描器

php-ffi * C 0

PHP Foreign Function Interface

pcileech * C 0

Direct Memory Access (DMA) Attack Software

php-reverse-shell * PHP 0

nDPI * C 0

Open Source Deep Packet Inspection Software Toolkit

carbonbeat * Go 0

event shipper for Carbon Black Defense notifications

SubOver * Go 0

A Powerful Subdomain Takeover Tool

FastWin32 * C# 0

MemoryReadWrite InlineAsm Managed/UnmanagedInject

icmpsh * C 0

Simple reverse ICMP shell

Yuki-Chan-The-Auto-Pentest * Python 0

Automate Pentest Tool

4book * Lua 0

《企业安全建设入门:基于开源软件打造企业网络安全》

LaZagneForensic * Python 0

Windows passwords decryption from dump files

ant * Shell 0

Linux服务器信息收集脚本

awesome-exploit-development * 0

A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development

linux-kernel-defence-map * 0

Linux Kernel Defence Map

brakeman * Ruby 0

A static analysis security vulnerability scanner for Ruby on Rails applications

BugBountySubdomains * Python 0

Tools to gather subdomains from Bug Bounty programs

gOSINT * Go 0

OSINT framework in Go

muescheli * Go 0

A simple AntiVirus-as-a-Service implementation using ClamAV

Linux-0.01 * C 0

Linux 0.01源码及注释

CTFDefense * Python 0

Some tools for CTF off line

skeksi_virus * C 0

Devestating and awesome Linux X86_64 ELF Virus

CVE-2018-2380 * Python 0

PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM

CVE-2018-6546-Exploit * Python 0

CVE-2018-6546-Exploit

go-deliver * Go 0

Go-deliver is a payload delivery tool coded in Go.

fastjson * Go 0

exploit-code-by-me * PHP 0

Exploit code developed by me to check few famous vulnerabilities

math * 0

麻省理工公开课-线性代数-完整笔记

nginxparser * Python 0

use python to parse nginx

DomainPasswordSpray * PowerShell 0

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

Distributed-Systems * Go 0

MIT课程《Distributed Systems 》学习和翻译

List-RDP-Connections-History * PowerShell 0

Use powershell to list the RDP Connections History of logged-in users or all users

honeytrap * Go 0

Advanced Honeypot framework.

godirwalk * Go 0

Fast directory traversal for Golang

go-apachelog * Go 0

Go package for parsing Apache logs.

dnsjit * C 0

Engine for capturing, parsing and replaying DNS

odat * Python 0

ODAT: Oracle Database Attacking Tool

CVE-2018-4878 * Python 0

CVE-2018-4878 样本

ESD * Python 0

Enumeration sub domains(枚举子域名)

exploits * Python 0

some exploits

TIDoS-Framework * Python 0

This is a web-penetration testing toolkit, presently suited for reconnaissance purposes.

dstat * Python 0

Versatile resource statistics tool

clicktail * Go 0

mythril * Python 0

以太坊智能合约检查

php-internals-extended-development-course * Roff 0

PHP底层内核源码分析和扩展开发

dnsbrute * Go 0

a fast domain brute tool

harpoon * Python 0

CLI tool for open source and threat intelligence

MalwareScan.AMSI * C# 0

PS4-5.01-WebKit-Exploit-PoC * JavaScript 0

PS4 5.01 WebKit Exploit PoC

porn_fiction_classify * HTML 0

一个色情小说检测项目

php-nsq * C 0

a php nsq client write by c extension,the fastest nsq client

NtlmSocks * Go 0

a pass-the-hash tool

RamFuzz * C++ 0

Combining Unit Tests, Fuzzing, and AI

php-parser-2 * Go 0

A Parser for PHP written in Go

Memory-Scanner * C 0

Scanning process memory

CSS-Keylogging * CSS 0

Chrome extension and Express server that exploits keylogging abilities of CSS.

wafid * Python 0

Wafid identify and fingerprint Web Application Firewall (WAF) products.

FinSpyVM * Python 0

Static unpacker for FinSpy VM

bettercap * Go 0

The state of the art network attack and monitoring framework.

cuckoo * JavaScript 0

Cuckoo Sandbox is an automated dynamic malware analysis system

GoodbyeDPI * C 0

GoodbyeDPI—Passive Deep Packet Inspection blocker and Active DPI circumvention utility (for Windows)

golang-design-pattern * Go 0

设计模式 Golang实现-《研磨设计模式》读书笔记

go-colorable * Go 0

AttackFilter * Ruby 0

Logstash 日志安全攻击分析插件

yulong-hids * Go 0

一款由 YSRC 开源的主机入侵检测系统

APTSimulator * Java 0

A toolset to make a system look as if it was the victim of an APT attack

golismero * Python 0

GoLismero - The Web Knife

hacker101 * HTML 0

Hacker101

archerysec * JavaScript 0

Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.

ketshash * PowerShell 0

A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.

ksm * C 0

A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.

bro-pdns * Go 0

Passive DNS collection using Bro

LuLu * Objective-C 0

LuLu is the free open-source macOS firewall that aims to block unauthorized (outgoing) network traffic 开源macOS防火墙

WiFi-Miner-Detector * Python 0

Detecting malicious WiFi with mining cryptocurrency.

chkrootkit * Shell 0

This program locally checks for signs of a rootkit. 'Forked' to fix false-positive for SucKIT rootkit

cssInjection * HTML 0

Stealing CSRF tokens with CSS injection (without iFrames)

CVE-2017-10271 * Python 0

WebLogic Exploit

CVE-2017-4878-Samples * 0

CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html

pritunl-zero * Go 0

Zero trust system

EasyHook * C 0

EasyHook - The reinvention of Windows API Hooking

egressbuster * Python 0

Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.

EvilURL * Python 0

Generate unicode evil domains for IDN Homograph Attack and detect them.

scripts-1 * Python 0

Generic scripts for public consumption

ssl-kill-switch2 * C 0

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps

jackson-rce-via-two-new-gadgets * Java 0

Two different gadgets to bypass the blacklist in jackson-databind for RCE

ladon * Go 0

A SDK for access control policies: authorization for the microservice and IoT age. Inspired by AWS IAM policies. Written for Go.

Wappalyzer * JavaScript 0

Cross-platform utility that uncovers the technologies used on websites.

metasploit-cn-wiki * 0

metasploit中文wiki

svnExploit * Python 0

svn>1.7时,dump源码工具

mini-docker * Python 0

A tiny container

One-Lin3r * Python 0

Gives you one-liners that aids in penetration testing operations

hershell * Go 0

jackson-rce-via-spel * Java 0

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions

ac * Go 0

Aho-Corasick Automaton with Double Array Trie (Multi-pattern substitute in go)

pyHIDS * Python 0

pyHIDS is a HIDS (host-based intrusion detection system) for verifying the integrity of a system. It uses an RSA signature to check the integrity of its database. Alerts are written in the logs of the system and can be sent via email to a list of users. You can define rules to specify files to be checked periodically.

Halcyon * Java 0

First IDE for Nmap Script (NSE) Development.

KPTI-PoC-Collection * C++ 0

Meltdown/Spectre PoC src collection.

demo-agent * Java 0

java agent demo

data-visualization * JavaScript 0

数据可视化

gopsutil * Go 0

psutil for golang

flightsim * Go 0

A utility to generate malicious network traffic and evaluate controls

web-analytics * JavaScript 0

监测分析、异常监测、广告验证、访客唯一标识

office-exploit-case-study * Visual Basic 0

oathkeeper * Go 0

A BeyondCorp/Zero Trust Identity & Access Proxy (IAP) built on top of OAuth2 and ORY Hydra.

rsocks * Go 0

Tiny little reverse socks5 client & server

OWASP-Nettacker * Python 0

Automated Penetration Testing Framework

re_sysdiag * C 0

逆向火绒安全软件驱动——sysdiag

ngrok * Go 0

Introspected tunnels to localhost

Vegile * Shell 0

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

nullinux * Python 0

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

pulsar * Python 0

Protocol Learning and Stateful Fuzzing

enumdb * Python 0

MySQL and MSSQL brute force and post exploitation tool to search through databases and extract sensitive information.

yeti * Python 0

Your Everyday Threat Intelligence

gortcp * Go 0

内网穿透、远程文件上传下载、命令执行

Struts-S2-xxx * 0

整理收集Struts2漏洞环境

Monitoring-Systems-Cheat-Sheet * 0

A cheat sheet for pentesters and researchers about vulnerabilities in well-known monitoring systems.

GTScan * Python 0

The Nmap Scanner for Telco

msf * Go 0

MFS (Minio Federation Service) is a namespace, identity and access management server for Minio Servers

mod_auth_accessfabric * Shell 0

An Apache 2.4.x module for authenticating requests from the ScaleFT Access Fabric

bta * Python 0

Open source Active Directory security audit framework.

capsule8 * Go 0

Capsule8: open-source cloud-native behavioral security monitoring

ssrf_proxy * Ruby 0

SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.

POC-Collect * Java 0

各种开源CMS 各种版本的漏洞以及EXP 该项目将不断更新

chiron-elk * Python 0

x-crack * Go 0

x-crack - Weak password scanner, Support: FTP/SSH/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB

syslog * Go 0

Golang - 获取Windows & Linux登录日志并正则解析

230-OOB * Python 0

An Out-of-Band XXE server for retrieving file contents over FTP.

portknob * Go 0

Port knocking daemon with web interface

blacksheepwall * Go 0

blacksheepwall is a hostname reconnaissance tool子域名爆破工具

suricata * C 0

Suricata git repository maintained by the OISF

dirsearch * Python 0

Web path scanner

docker-security * 0

docker 安全基线规范

libdetection * C 0

用于检测攻击的第三方库

libfacedetection * C++ 0

人脸识别库

lexmachine * Go 0

Lex machinary for go.

go-qemu * Go 0

Go packages to interact with QEMU using the QEMU Machine Protocol (QMP). Apache 2.0 Licensed.

Empire * PowerShell 0

Empire is a PowerShell and Python post-exploitation agent.

gogs * Go 0

Gogs is a painless self-hosted Git service.

alerting-detection-strategy-framework * 0

A framework for developing alerting and detection strategies for incident response.

gohs-ladon * Go 0

A service for thousands regex finder with Intel's hyperscan.(海量正则快速匹配,给定一行字符串,能够从海量的正则里快速匹配到是否有符合条件的正则)

DGA-Domain-Predict * Python 0

使用LSTM模型检测DGA域名

goproxy * Go 0

proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持正向代理和内网穿透.程序本身可以作为一级代理,如果设置了上级代理那么可以作为二级代理,乃至N级代理.如果程序不是一级代理,而且上级代理也是本程序,那么可以加密和上级代理之间的通讯,采用底层tls高强度加密,安全无特征.代理时会自动判断访问的网站是否屏蔽,如果被屏蔽那么就会使用上级代理(前提是配置了上级代理)访问网站;如果访问的网站没有被屏蔽,为了加速访问,代理会直接访问网站,不使用上级代理.另外可以设置域名黑白名单,更加自由的控制网站的访问方式。下载地址:https://github.com/snail007/goproxy/releases 官方QQ交流群:189618940

NetSafe_Frontend * Vue 0

网络安全态势感知新闻平台(前台)

XAttacker * Perl 0

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

WhatWaf * Python 0

Detect and bypass web application firewalls and protection systems

Alesense-Antivirus * C 0

一款拥有完整交互界面与驱动级拦截能力的开源杀毒软件

SiteBroker * Python 0

A cross-platform python based utility to penetrate websites and test them with approximately every angle.

PassGAN * Python 0

A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)

LinuxTool * 0

Linux下常用工具及其命令介绍

dns_tunnel_dectect_with_CNN * Python 0

dns tunnel dectect with CNN

xsec-traffic * Go 0

恶意流量分析程序

webconsole * JavaScript 0

基于Golang、WebSocket、xTermJS 的 Web SSH 远程终端

reposcanner * Python 0

Python script to scan Git repos for interesting strings

repo-security-scanner * Go 0

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

demo-spark-analytics * Python 0

Demo about realtime analytics of user behavior using elk stack/apache spark streaming+mllib/redis/slamdata用户行为分析

blind-sql-bitshifting * Python 0

SQL注入工具

XDiFF * Python 0

Extended Differential Fuzzing Framework

xsec-webspy * Go 0

golang版的dsinff-webspy

kiwi * Python 0

kiwi:安全源码审计工具

cmsPoc * Python 0

CMS渗透测试框架-A CMS Exploit Framework

SELKS * Shell 0

A Suricata based IDS/IPS distro

study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095 * Java 0

Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告

wee * C 0

BruteX * Shell 0

Automatically brute force all services running on a target.

brutesubs * Shell 0

An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose

Reverse-Shell-Manager * Python 0

gotty * Go 0

Share your terminal as a web application

LockWebPageDriver * C 0

锁主页驱动

ytrace * C 0

Another php debug tool.

blackhat-arsenal-tools * 0

Official Black Hat Arsenal Security Tools Repository

signature-base * Python 0

Signature base for my scanner tools

Anubis * Python 0

Subdomain enumeration and information gathering tool

DBScanner * Python 0

自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch),包含未授权访问及常规弱口令检测

superhide * C 0

Example of hooking a linux systemcall

Hook-PasswordChangeNotify * PowerShell 0

Fastjson-Payload * 0

Fastjson 反序列化漏洞利用工具

multi-criteria-cws * Python 0

Simple Solution for Multi-Criteria Chinese Word Segmentation

go-ntdll * Go 0

Go interface to NTDLL functions

evidenceSample * Java 0

区块链存证

Nosql-Exploitation-Framework * Python 0

A Python Framework For NoSQL Scanning and Exploitation

DNSSniffer * Go 0

DNSQuery Sniffer in Golang

dvna * CSS 0

Damn Vulnerable NodeJS Application

psad * Perl 0

psad: Intrusion Detection and Log Analysis with iptables

CVE-2017-0199 * Python 0

Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.

JavaID * Python 0

java source code danger function identify prog

koadic * Python 0

Koadic C3 COM Command & Control - JScript RAT

awvs_script_decode * PHP 0

解密好的AWVS10.5 data/script/目录下的脚本

malcom * Python 0

Malcom - Malware Communications Analyzer

re_avkmgr * C 0

逆向小红伞杀毒软件驱动——avkmgr

AhMyth-Android-RAT * Smali 0

Android Remote Administration Tool

mimikittenz * PowerShell 0

A post-exploitation powershell tool for extracting juicy info from memory.

patchkit * C 0

binary patching from Python

php7-opcache-override * Python 0

Security-related PHP7 OPcache abuse tools and demo

ndpi-netfilter-1 * C 0

kjackal * C 0

Linux Rootkit Scanner

Dshell * Python 0

Dshell is a network forensic analysis framework.

sec-scan-agent_v1.0 * Python 0

Web scan foundation framework

pipe * Go 0

Network traffic sniffer, decoder and mirror

go-dpi * Go 0

go-iforest * Go 0

Isolation forest implementation in Go

gopherci * Go 0

bssh * Python 0

BeyondCorp-style SSH ProxyCommand, allowing for federated SSH clients

Tensorflow- * 0

Tensorflow实战学习笔记

MyMiniEncrypt * C 0

使用minifilter编写的透明加解密驱动。

unicorn * C 0

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)

payloads * Shell 0

Git All the Payloads! A collection of web attack payloads.

CeWL * Ruby 0

CeWL is a Custom Word List Generator

domain_analyzer * Python 0

Analyze the security of any domain by finding all the information possible. Made in python.

goworker * Go 0

goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.

Blasting_dictionary * Python 0

爆破字典

goscan * Go 0

goscan is a simple and efficient IPv4 network scanner that discovers all active devices on local subnet.

samm * XSLT 0

meshbird * Go 0

Distributed private networking

security-research-pocs * PHP 0

Proof-of-concept codes created as part of security research done by Google Security Team.

DNS-Shell * Python 0

DNS-Shell is an interactive Shell over DNS channel

s3-fuzzer * Go 0

🔐 A concurrent, command-line AWS S3 Fuzzer. Written in Go.

dfwfw * Perl 0

Docker Firewall Framework

FirewallEventMonitor * C++ 0

Listens for Firewall rule match events generated by Microsoft Hyper-V Virtual Filter Protocol (VFP) extension.

reflector * Java 0

Burp plugin able to find reflected XSS on page in real-time while browsing on site

DetectLM * Python 0

Detecting Lateral Movement with Machine Learning

Reptile * C 0

LKM Linux rootkit

2book * PHP 0

《Web安全之深度学习与实战》

PHP-WebShell-Bypass-WAF * PHP 0

记录与分享PHP WebShell 绕过WAF 的一些经验 Share some experience about PHP WebShell bypass WAF

joes-sandbox * C 0

libinjection-fuzzer * Python 0

This tool was written as PoC to article https://waf.ninja/libinjection-fuzz-to-bypass/

subjack * Go 0

Hostile Subdomain Takeover tool written in Go

tencent_exmail * Python 0

获取腾讯企业邮箱通讯录

como-lang-ng * C 0

A programming language prototype implemented in C with an AST, Compiler, and Virtual Machine \@TODO Garbage Collection

NATBypass * Go 0

一款lcx在golang下的实现

yasca * PHP 0

Yet Another Source Code Analyzer

FOCA * C# 0

PDFTear * C++ 0

Malicious PDF document parsing tool

Linux-baseline-scan * Shell 0

Linux baseline scan,make sure the host security

fuxploider * Python 0

File upload vulnerability scanner and exploitation tool.

lets-build-a-blockchain * Ruby 0

A mini cryptocurrency in Ruby

lmsensors * Go 0

Package lmsensors provides access to Linux monitoring sensors data, such as temperatures, voltage, and fan speeds. MIT Licensed.

docker-onion-nmap * Shell 0

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

ml-for-humans-zh * CSS 0

:book: [译] 写给人类的机器学习

go-audit * Go 0

go-audit is an alternative to the auditd daemon that ships with many distros

reCAPTCHA * Java 0

A burp extender that reconginze CAPTCHA and use for intruder payload

bandit * Python 0

Python AST-based static analyzer from OpenStack Security Group

nebula * Python 0

"星云"业务风控系统

hook_syscall_of_linux64 * C 0

BaRMIe * Java 0

Java RMI enumeration and attack tool.

phpsploit * Python 0

Stealth post-exploitation framework

MemScan-1.0 * C 0

Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory

Switcher * Go 0

端口复用工具,能让HTTP/HTTPS/SSH/RDP/SOCKS5/HTTPProxy/Other跑在同一个端口上,支持复用本地或远程端口

domato * Python 0

DOM fuzzer

ysoserial.net * C# 0

Deserialization payload generator for a variety of .NET formatters

PyJFuzz * Python 0

PyJFuzz - Python JSON Fuzzer

burplay * Java 0

Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.

cgroups * Go 0

cgroups package for Go

CIA-Hacking-Tools * HTML 0

WikiLeaks Vault 7 CIA Hacking Tools

HuntingWithPowershell * 0

Windows log and threat hunting with powershell

SQLiScanner * Python 0

Automatic SQL injection with Charles and sqlmap api

netbyte * Python 0

Netbyte is a Netcat-style tool that facilitates probing proprietary TCP and UDP services. It is lightweight, fully interactive and provides formatted output in both hexadecimal and ASCII.

osprey * Python 0

php-1 * Go 0

Parser for PHP written in Go

gitem * Python 0

A Github organization reconnaissance tool.

nzyme * Java 0

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

SSRF-Testing * Python 0

SSRF (Server Side Request Forgery) testing resources

BurpCollaboratorDNSTunnel * Java 0

A DNS tunnel utilizing the Burp Collaborator

pbscan * C 0

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

browser-sec-whitepaper * 0

DamnWebScanner * Python 0

Another web vulnerabilities scanner, this extension works on Chrome and Opera

Blisqy * Python 0

Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

SecGen * Ruby 0

Create randomly insecure VMs

GitMiner * Python 0

Tool for advanced mining for content on Github

rancher * Shell 0

Complete container management platform

vlany * C 0

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

aaaaaaa * PLSQL 0

bbqsql * Python 0

SQL Injection Exploitation Tool

c-jwt-cracker * C 0

JWT brute force cracker written in C

D0xk1t * Python 0

Web-based OSINT and active reconaissance suite

go-queue * Go 0

High-performance lock-free queue (Disruptor 1400/s)

kernel-exploits * C 0

A bunch of proof-of-concept exploits for the Linux kernel

linux-kernel-exploits * C 0

linux-kernel-exploits Linux平台提权漏洞集合

safing-notify * Go 0

Safing Notify

SecLists * PHP 0

SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

Tiny-URL-Fuzzer * Python 0

A tiny and cute URL fuzzer

webshell-2 * PHP 0

This is a webshell open source project

goagain * Go 0

Zero-downtime restarts in Go

WFPFirewall * C++ 0

基于WFP(Windows Filter Platform)的个人防火墙系统

wafw00f * Python 0

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Spaghetti * Python 0

Spaghetti - Web Application Security Scanner

SDN-Intrusion-Prevention-System-Honeypot * Python 0

Intrusion Prevention System to dynamically add firewall rules to block malicious traffic detected by IDS system implemented on Software Defined Networl (SDN). Alternatively, the malicious traffic can be redirected to a Honeypot Server. OpenFlow protocol used for SDN. Snort used for IDS (Intrusion Detection System).

regexp-security-cheatsheet * PHP 0

db_security * PLSQL 0

HUNT * Python 0

humpback-web * TypeScript 0

Docker management website

huey * Python 0

a little task queue for python

gobotnet * Go 0

Pure HTTP and DNS Botnet written in Golang for Windows.

free-programming-books-zh_CN * JavaScript 0

:books: 免费的计算机编程类中文书籍,欢迎投稿

faraday * Python 0

Collaborative Penetration Test and Vulnerability Management Platform

fail2ban * Python 0

Daemon to ban hosts that cause multiple authentication errors

DBC2 * PowerShell 0

DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication.

IntroductionToMachineLearningForSecurityPros * Python 0

Example code for our book Introduction to Artificial Intelligence for Security Professionals

SENSS * Python 0

Software Defined Security Service

SAMLRaider * Java 0

SAML2 Burp Extension

katakana.js * JavaScript 0

Write JavaScript alert(1) with Katakana characters only

Triton * C++ 0

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings.

truffleHog * Python 0

Searches through git repositories for high entropy strings, digging deep into commit history

JSParser * Python 0

goHackTools * Go 0

Hacker tools on Go (Golang)

psychoPATH * Java 0

psychoPATH - hunting file uploads & LFI in the dark. This tool is a highly configurable payload generator detecting LFI & web root file uploads. Involves advanced path traversal evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator. Now available in the Burp App Store!

timing_attack * Ruby 0

Perform timing attacks against web applications

domain_hunter * Java 0

A Burp Suite extender that search sub domain and similar domain from sitemap

parameth * Python 0

This tool can be used to brute discover GET and POST parameters

FOS_Demo_Vulnerable_App * CSS 0

[FOS:RASP-PHP] PHP Demo Vulnerable Application to test SQL injection vulnerability and patch it using RASP (Runtime Application Self-Protection)

MS17-010 * Python 0

MS17-010

yams * Python 0

A collection of Ansible roles for automating infosec builds.

SourceLeakHacker * Python 0

一个多线程WEB源码泄漏检测工具

Fuzzing-ImageMagick * Mask 0

OpenSource My ImageMagick Fuzzer ..

fwknop * Perl 0

Client and Gateway Modules for Software Defined Perimeter (SDP)

pyrebox * Python 0

talking-with-cars * Python 0

CAN analysis - Use your car as a gamepad!

sssniff * Python 0

ShadowSocks(SS) traffic sniffer

netflowAnalyser * Go 0

netflowAnalyser

babel-sf * PowerShell 0

Babel Scripting Framework

broken-link-checker * JavaScript 0

Find broken links, missing images, etc in your HTML.

Recon * Python 0

Bug Hunting Recon Script

bugcrowd-levelup-subdomain-enumeration * Python 0

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference

burp-vulners-scanner * Java 0

Vulnerability scanner based on vulners.com search API

subtakeover * Python 0

hackability * PHP 0

Perform a variety of tests to discover what an unknown rendering engine supports

collaborator-everywhere * Java 0

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator

linux-malware-detect * Shell 0

Linux Malware Detection (LMD)

massdns * C 0

A high-performance DNS stub resolver for bulk lookups

php-parser * JavaScript 0

:herb: NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)

multiscanner * Python 0

Modular file scanning/analysis framework

fshell * Python 0

基于机器学习的分布式webshell检测系统

apollo * C++ 0

An open autonomous driving platform

ReconDog * Python 0

Recon Dog is an all in one tool for all your basic information gathering needs.

php7-internal * 0

PHP7内核剖析

dnsmon-go * Go 0

A golang DNS monitor inspired by https://github.com/gamelinux/passivedns

httpparse * Go 0

Capture and parse http traffics

Android_Kernel_CVE_POCs * C 0

A list of my CVE's with POCs

LFISuite * Python 0

本地文件包含利用工具

deeplearningbook-chinese * TeX 0

Deep Learning Book Chinese Translation

V1D0m * Python 0

Enumerate subdomains through Virustotal

pupy * Python 0

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

tko-subs * Go 0

A tool that can help detect and takeover subdomains with dead DNS records

AV_Kernel_Vulns * C++ 0

Pocs for Antivirus Software‘s Kernel Vulnerabilities

Struts2Shell * Python 0

MalwareAnalysis * 0

A curated list of awesome malware analysis tools and resources

Bypassing-Web-Application-Firewalls * Python 0

A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers

XSStrike * Python 0

XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.

domain-scan * Python 0

A pipeline for scanning domains to measure things like speed, accessibility, and HTTPS.

phpggc * PHP 0

exchangecrack * Python 0

用于探测公司用户是否存在弱口令

x86emulator * Go 0

x86 emulator by Golang

CloudFail * Python 0

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

portmap * Go 0

:traffic_light: Port mapping library for Go supporting NAT-PMP and UPnP

malware-samples * 0

A collection of malware samples caught by several honeypots i manage

dll_hook-rs * Rust 0

Rust code to show how hooking in rust with a dll works.

pinpoint * Java 0

Pinpoint is an open source APM (Application Performance Management) tool for large-scale distributed systems written in Java.

EyeWitness * Python 0

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

SerialBrute * Python 0

Java serialization brute force attack tool.

paper-1 * 0

Web&Browser Security

nitro-1 * Python 0

KVM-based Virtual Machine Introspection

BruteSploit * Shell 0

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

goreplay * Go 0

GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.

php_mt_seed * C 0

Mirror of http://www.openwall.com/php_mt_seed/

PHP-Internals-Book * Python 0

PHP Internals Book

WPSeku-1 * Python 0

WPSeku - Wordpress Security Scanner

ftw * Python 0

Framework for Testing WAFs (FTW!)

DistributedTracingSystem * 0

分布式系统的跟踪系统 |Open Source APM (application performance management)

malicious-wordpress-plugin * Python 0

Simply generates a wordpress plugin that will grant you a reverse shell once uploaded. I reccomend installing Kali Linux, as msfvenom is used to generate the payload.

go.netflow * Go 0

grab.js * Shell 0

fast TCP banner grabbing with node.js

backslash-powered-scanner * Java 0

Finds unknown classes of injection vulnerabilities

gixy * Python 0

Nginx configuration static analyzer

XSS-Radar * JavaScript 0

wordpress-exploit-framework * Ruby 0

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

massExpConsole * Python 0

adding more exploits and tools

marshalsec * Java 0

LinkFinder * Python 0

A python script that finds endpoints in JavaScript files

Benchmarks * 0

常用服务器、数据库、中间件安全配置基线 - 基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器,安卓、IOS、云的安全配置 For benchmarks.cisecurity.org

libnids * C 0

libnids

Invoke-ProcessScan * PowerShell 0

Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.

domainhunter * HTML 0

Checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names

appsensor * JavaScript 0

Build self-defending applications through real-time event detection and response

malsub * Python 0

A Python RESTful API framework for online malware and URL analysis services.

hack * Python 0

crawl hackerone reports

cyberbot * Python 0

A lightweight batch scanning framework based on gevent.

PCShare * C++ 0

PCShare是一款强大的远程控制软件,可以监视目标机器屏幕、注册表、文件系统等。

brutespray * Python 0

Brute-Forcing from Nmap output - Automatically attempts default creds on found services.

PHP-Rootkit * C 0

Your interpreter isn’t safe anymore  —  The PHP module rootkit

tamperchrome * JavaScript 0

Tamper Chrome is a Chrome extension that allows you to modify HTTP requests on the fly and aid on web security testing. Tamper Chrome works across all operating systems (including Chrome OS).

check_py * Python 0

中国网络安全技术对抗赛代码

pyekaboo * Python 0

Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable

mimipenguin * Python 0

A tool to dump the login password from the current linux user

RootKits-List-Download * 0

This is the list of all rootkits found so far on github and othersites.

vulscan * Lua 0

Advanced vulnerability scanning with Nmap NSE

Paper * 0

security technology documents

sobelow * Elixir 0

Security-focused static analysis for the Phoenix Framework

nShield * Python 0

An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices

Airachnid-Burp-Extension * Java 0

A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

awesome-web-security * 0

🐶 A curated list of Web Security materials and resources.

Bypass_Disable_functions_Shell * PHP 0

一个各种方式突破Disable_functions达到命令执行的shell

subDomainsBrute * Python 0

A simple and fast sub domain brute tool for pentesters

MalAnalyzer * Python 0

基于docker虚拟化的恶意代码沙箱

EQGRP * Perl 0

Decrypted content of eqgrp-auction-file.tar.xz

tpotce * Shell 0

T-Pot Image Creator

Advocate * Python 0

An SSRF-preventing wrapper around Python's requests library

WindowsExploits * Python 0

Windows exploits, mostly precompiled.

BlueOx * Python 0

A library for python-based application logging and data collection

WPSeku * Python 0

Simple Wordpress Security Scanner

doublepulsar-detection-script * Python 0

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Sn1per * PHP 0

Automated Pentest Recon Scanner

CS558 * Batchfile 0

filterbypass * 0

nitro * C 0

KVM-based virtual machine introspection for malware analysis

ffmpeg-avi-m3u-xbin * Python 0

cvechecker * C 0

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data

rust-iptables * Rust 0

Rust bindings for iptables

flexidie * Objective-C 0

Source code and binaries of FlexiSpy from the Flexidie dump

dawnscanner * Ruby 0

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

grr * Python 0

GRR Rapid Response: remote live forensics for incident response

TinyAntivirus * C++ 0

TinyAntivirus is an open source antivirus engine designed for detecting polymorphic virus and disinfecting it.

TSpider * Python 0

Yet Another Web Spider

Burp-Non-HTTP-Extension * Java 0

Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

docker_fetch * Python 0

Data extraction tool for Docker Registry API

screw-plus * C 0

开源php加密运行扩展,基于screw二次开发,暂时只能在linux下运行

drool * C 0

DNS Replay Tool

Veil-Evasion * Python 0

Veil Evasion is no longer supported, use Veil 3.0!

pymultitor * Python 0

PyMultitor - Python Multi Threaded Tor Proxy

AI-Driven-WAF * Python 0

Artificial intelligence-driven Web Firewall

CVE-2017-7269-Echo-PoC * Python 0

CVE-2017-7269 回显PoC ,用于远程漏洞检测..

scff * Python 0

softScheck Cloud Fuzzing Framework

OCIFT * Python 0

一个半自动化命令注入漏洞Fuzz工具(One Semi-automation command injection vulnerability Fuzz tool)

serianalyzer * Java 0

A static byte code analyzer for Java deserialization gadget research

ZEROScan * Python 0

Just a scan by Z3r0yu

linux-inject * C 0

Tool for injecting a shared object into a Linux process

Chinese-Names-Corpus * 0

中文人名语料库

cheetah * Python 0

a very fast brute force webshell password tool

azazel * C 0

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

rim * Go 0

Agentless network interfaces monitor for GNU/Linux firewalls/servers

unfixed-security-bugs * 0

A list of publicly known but unfixed security bugs

fuzzbunch * Python 0

NSA finest tool

focuson * Python 0

A tool to surface security issues in python code

ip2region * C 0

准确率99.9%的ip地址定位库,0.0x毫秒级查询,数据库文件大小只有1.5M,提供了java,php,c,python,nodejs,golang查询绑定和Binary,B树,内存三种查询算法,妈妈再也不用担心我的ip地址定位!

tomcat-weak-password-scanner * Python 0

醉考拉tomcat后台弱口令扫描器,命令行版+图形界面版。

WikiLeaks-Marble-CIA * C++ 0

Clone repository for Source Code secret anti-forensic tools Marble Framework CIA, Leaked by WikiLeaks.

qqbot * Ruby 0

基于SmartQQ(WebQQ)的QQ机器人 / a qq robot based on smartqq(webqq) api

netfilter_http * C 0

funfuzz * JavaScript 0

JavaScript engine & DOM fuzzers

oniongateway * Go 0

End-to-End encrypted Tor2Web gateway

IPAPatch * Objective-C 0

Patch iOS Apps, The Easy Way, Without Jailbreak.

dind * Shell 0

Docker in Docker

Cisco-Adaptive-Security-appliances-shellcode * Python 0

Complete Cisco Adaptive Security Appliances shellcode support versions 8.0 through version 8.4 PLEASE USE RESPONSIBLY

HatCloud * Ruby 0

Bypass CloudFlare with Ruby

GithubLeakAlert * Python 0

HostileSubBruteforcer * Ruby 0

Java-Deserialization-Cheat-Sheet * 0

The cheat sheet about Java Deserialization vulnerabilities

word_cloud * Python 0

A little word cloud generator in Python

libfuzzer-workshop * C++ 0

Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

EaST * Python 0

Exploits and Security Tools Framework 1.0.3

weevely3 * Python 0

Weaponized web shell

SuperSQLInjectionV1 * C# 0

超级SQL注入工具 简介:   超级SQL注入工具(SSQLInjection)是一款基于HTTP协议自组包的SQL注入工具,采用C#开发,程序采用自写代码来操作HTTP交互,支持出现在HTTP协议任意位置的SQL注入,支持各种类型的SQL注入,支持HTTPS模式注入;支持以盲注、错误显示、Union注入等方式来获取数据;支持Access/MySQL/SQLServer/Oracle等数据库;支持手动灵活的进行SQL注入绕过,可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计,需要使用人员对SQL注入有一定了解。 工具特点: 1.支持任意地点出现的任意SQL注入 2.支持全自动识别注入标记,也可人工识别注入并标记。 3.支持各种语言环境。大多数注入工具在盲注下,无法获取中文等多字节编码字符内容,本工具可完美解决。 4.支持注入数据发包记录。让你了解程序是如何注入,有助于快速学习和找出注入问题。 5.依靠关键字/时间等进行盲注,可通过HTTP相应状态码判断,还可以通过关键字取反功能,反过来取关键字。 6.程序采用自编码操作HTTP请求,HTTP发包和获取速度较快。

HaboMalHunter * Python 0

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

lua-ffi-libinjection * Lua 0

LuaJIT FFI bindings for libinjection

src_edu * Python 0

为各位出色的渗透工程师提供攻击目标。

Belle * Java 0

Belle (Burp Suite 非公式日本語化ツール)

GoBot2 * Go 0

Second Version of The GoBot Botnet, But more advanced.

NetFuzzer * Python 0

GitHack * Python 0

.git 泄漏利用工具,可还原历史版本

kokkuri * Python 0

Kokkuri

HttpPwnly * HTML 0

httponly下的xss利用

pack * Python 0

PACK (Password Analysis and Cracking Kit)

TBDEx * Python 0

security-101-for-saas-startups-zh_CN * 0

security-101-for-saas-startups 的中文翻译,原仓库 https://github.com/forter/security-101-for-saas-startups

droopescan * Python 0

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

smbmap * Python 0

SMBMap is a handy SMB enumeration tool

Teemo-1 * Python 0

A Domain Name Collection Tool

alibaba_safe_code * 0

阿里聚安全算法挑战赛

BAF * Python 0

Blind Attacking Framework

rust-inet-diag * Rust 0

netlink inet_diag in rust

ALISQLI * Java 0

阿里聚安全算法挑战赛 赛题二:《SQL注入检测》

java_deserialization_exploits * Python 0

A collection of Java Deserialization Exploits

Node.Js-Security-Course * JavaScript 0

Contents for Node.Js Security Course

Fwaf-Machine-Learning-driven-Web-Application-Firewall * Python 0

Machine learning driven web application firewall to detect malicious queries with high accuracy.

XSSYA-V-2.0 * Python 0

NodeJsScan * Python 0

NodeJsScan is a static security code scanner for Node.js applications.

fssb * C 0

A filesystem sandbox for Linux using syscall intercepts.

Mobile-Security-Framework-MobSF * Python 0

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

goscan-1 * Go 0

golang的扫描框架, 支持协程池和自动调节协程个数.

subdomain3 * Python 0

proxy_pool * Python 0

简易爬虫代理池

scout_apm_ruby * Ruby 0

Scout Ruby Application Monitoring Agent

probesc * Python 0

dirtycow.github.io * HTML 0

Dirty COW

liffy * Python 0

Local File Inclusion Exploitation Tool (mirror)

WebshellManager * JavaScript 0

w8ay 一句话WEB端管理工具

POC-T * Python 0

渗透测试插件化并发框架

PayloadsAllTheThings * Python 0

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

rust.ko * Rust 0

使用rust开发lkm

electronic-wechat * JavaScript 0

:speech_balloon: A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.

wafpass * Python 0

Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.

BVED * HTML 0

Browser Vulnerability Exploit DB(浏览器漏洞PoC数据库)

find-sec-bugs * Java 0

The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala projects)

sqlite-lab * PHP 0

This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/

machine-learning * Jupyter Notebook 0

Content for Udacity's Machine Learning curriculum

subbrute * Python 0

A DNS meta-query spider that enumerates DNS records, and subdomains.

Stitch * Python 0

Python Remote Administration Tool (RAT)

bugscan-1 * Python 0

w8ay专属扫描器

DGADetection * Python 0

Exploring the use of decision trees to detect domain names generated by domain generation algorithms (DGA)

KernelHooksDetection_x64 * C 0

x64 Kernel Hooks Detection

server-status_PWN * Python 0

A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.

datasploit * JavaScript 0

A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

ngx_php7_tracker * C 0

The branch of ngx_php7, Track php7 script, opcode, function stack for nginx-module.

Netfilter-HTTP-Modify * C 0

linux netfilter下修改网关,劫持404页面

bash-autoinstaller-active-syslog * Shell 0

Bash autoinstaller (any versions 4) + all patches + syslog module (with real username)

Web-Application-Firewall * C 0

Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.

jdwp-shellifier * Python 0

bypass_waf * Python 0

waf自动爆破(绕过)工具

lcyscan * Python 0

V3n0M-Scanner * Python 0

Popular Pentesting scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns

dvcs-ripper * Perl 0

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

AssetsView * PHP 0

Assets View资产发现、网络拓扑管理系统

pam * Go 0

PAM layer for implementing your own pam library

Hypro * C 0

VMI on BitVisor to detect hidden rootkits.

cryptostalker * Go 0

Detect and prevent crypto malware as it encrypts files

rtf_exploit_extractor * Python 0

Script to extract malicious payload and decoy document from CVE-2015-1641 exploit documents

3xp10it * JavaScript 0

H5SC * JavaScript 0

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

commix * Python 0

Automated All-in-One OS command injection and exploitation tool.

RouterExploitScan * Python 0

RouterExploit

autoSubTakeover * Python 0

A tool used to check if a CNAME resolves to the scope adress. If the CNAME resolves to a non-scope adress it might be worth checking out if subdomain takeover is possible.

DBShield * Go 0

Database firewall written in Go

thesis2016 * Groff 0

My Thesis dealing with detecting Evolutionary Algorithms for Application-Layer Web Attacks

magento-malware-scanner * HTML 0

A collection of rules and samples to detect Magento malware

Mirai-Source-Code * C 0

Leaked Mirai Source Code for Research/IoC Development Purposes

Liudao * Java 0

“六道”实时业务风控系统

elf_reader * Go 0

A Go library for reading and parsing ELF files

service-go * Go 0

Service management for Linux (systemd, upstart, sys-v), Darwin (launchd) and Windows. Forked from https://bitbucket.org/kardianos/service/

malheur * C 0

自动化恶意软件分析

multiple_burst * Python 0

分布式弱口令扫描

sshesame * Go 0

A fake SSH server that lets everyone in and logs their activity

MemorySharp * C# 0

A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.

lightbulb-framework * Python 0

Tools for auditing WAFS

Decryptonite * C 0

Ransomware Detection and Mitigation Software

wooyun-wiki * HTML 0

wiki.wooyun.org的部分快照网页

injection-php * C 0

libinjection PHP wrapper

ssrf_scan * Python 0

多线程批量扫描ssrf漏洞

ssrfDetector * JavaScript 0

Server-side request forgery detector

SecurityRSS * 0

网络安全相关的RSS订阅列表

cuckoo-linux * Python 0

Linux malware analysis based on Cuckoo Sandbox.

cppphp * C++ 0

C++ learning project to write a dummy PHP AST builder

codewarrior * C 0

code-searching tool and static analysis - Beta, at construction

Mirai-1 * C 0

Source code for the Mirai botnet - Not going anywhere anytime soon

leanengine-nodejs-apm * JavaScript 0

LeanEngine performance monitoring for Node.js application

GitPrey * Python 0

Searching sensitive files and contents in GitHub associated to company name or other key words

geoip-attack-map * Python 0

Cyber security geoip attack map that follows syslog and parses IPs/port numbers to visualize attackers in real time.

F-Scrack * 0

F-Scrack is a single file bruteforcer supports multi-protocol

go-stf * Go 0

minicap, minitouch, UIAutomator etc... wraps

DigitalOcean * Go 0

Port scanner, written in golang

awesome-machine-learning-cn * 0

机器学习资源大全中文版,包括机器学习领域的框架、库以及软件

remoteShell * C 0

Direct shell in C. Reverse shell in C. Both over TCP.

ysoserial * Java 0

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

OpenDoor * Python 0

OWASP Directory Access scanner

raptor_waf * C 0

Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta

icmptunnel * C 0

Tunnel IP over ICMP.

RubySVMVirusScanner * Ruby 0

Virus scanner (PE classifier) based on rb-libsvm and pedump

rkduck * C 0

Linux v4.x.x Rootkit

OWASP-Xenotix-XSS-Exploit-Framework * Python 0

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

sshhipot * Go 0

High-interaction MitM SSH honeypot

DNFWAH * HTML 0

It's an ezine: DO NOT FUCK WITH A HACKER

syscall-rootkit * C 0

Just a proof of concept Linux rootkit that reads from syscalls.

ProxyBroker * Python 0

Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS

research * Python 0

comma.ai for the people to experiment with

Some-PoC-oR-ExP * Python 0

各种漏洞poc、Exp的收集或编写

genetics * Python 0

A python library for genetic algorithms

scanrs * Rust 0

A port scanner written in Rust, as an exercise to learn more about Rust! MIT Licensed.

WEF_ADSecuirtyLogs * PowerShell 0

Windows Event Forwarding for Active Directory Security Logs

Libinjection-1 * Java 0

Libinjection in Java

ActiveDefense * C++ 0

小型主动防御引擎

PhantomjsFetcher * JavaScript 0

A python web fetcher using phantomjs to mock browser

redis-protocol * Go 0

Redis protocol parser in golang

next * Go 0

A robust, reliable, easy-configure virtual private network (linux/macOS)

weblogic_unserialize_exploit * Python 0

java unserialize vul for weblogic exploit

uberlogger * C 0

Linux honeypot system

poc * Python 0

poc from bugscan beebeeto

CodeIgniterXor * Python 0

CodeIgniter <=2.1.4 session cookie decryption vulnerability

scantastic-tool * Python 0

It's bloody scantastic

process-hiding * C 0

linux下实现进程隐藏

LISET * Batchfile 0

Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident response (either forensic or malware oriented).

Dionaea * JavaScript 0

基于Docker的蜜罐系统

MobileSF * Python 0

HackingLab定制版Mobile Safe Framework

Firewall * Python 0

美国国家安全局NSA下属方程式黑客组织(Equation Group)被The Shadow Brokers(影子经纪人)hack出来的并免费分享的源码

local-nsq * Go 0

NSQ Local and Simple Version

smartdns * Python 0

基于Twisted实现的智能dns系统

HellRaiser * Ruby 0

Vulnerability Scanner

detect_preload * C 0

Small C application designed to detect LD_PRELOAD malware via the libdl library functions.

ssh2go * Go 0

go wrapper for libssh (both client and server side)

php-5.3.3 * C 0

php

tbhm * 0

The Bug Hunters Methodology

aiohttp_spider * Python 0

An example of web spider using aiohttp

VCG * Visual Basic 0

VisualCodeGrepper - Code security scanning tool.

Kadimus-1 * C 0

本地文件包含利用工具

HighRiskPort * Python 0

总结一些渗透中值得关注的默认端口

acunetix_0day * Python 0

Acunetix 0day RCE

Limon * Python 0

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools

docker_api_vul * Python 0

docker 未授权访问漏洞利用脚本

rtb * Go 0

Proof of concept real time bidding library.

SerialKillerBypassGadgetCollection * Java 0

Collection of bypass gadgets to extend and wrap ysoserial payloads

duncan * Python 0

Duncan - Blind SQL injector skeleton

cub3 * C 0

基于LD_PRELOAD的ring3 rootkit

go-mimikatz * Go 0

A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.

crawler * Python 0

a web crawler

foolav * C 0

Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host

Shell-Detector * Python 0

Shell Detector – is a application that helps you find and identify php/cgi(perl)/asp/aspx shells. Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

chess * Go 0

基于Go语言的棋牌游戏框架

d-sole * Go 0

Docker security hole, allow to execute a script on the host from a container.

Nodejs-APM * PHP 0

A sample apm system

AutoLocalPrivilegeEscalation * Python 0

An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically

Spark_Movie_recsys * Python 0

在Spark环境下,利用Flask框架,采用Mongodb设计的一个在线电影推荐系统的演示demo

dpdk-go * Go 0

Go bindings for dpdk (http://dpdk.org/).

HQLi-playground * Java 0

burp-ysoserial * Java 0

YSOSERIAL Integration with burp suite

CMSFuzz * Ruby 0

spy * Go 0

Spy - Watches for file changes, restarts stuff

BkScanner * Python 0

BkScanner 分布式、插件化web漏洞扫描器

assetnote * JavaScript 0

Push notifications for passive DNS data

awvspy * Python 0

awvs python library

apm-python-agent-principle * Python 0

Python 探针实现原理

BBScan * Python 0

A tiny Batch weB vulnerability Scanner

LAN-Behavior_MIS * JavaScript 0

This is an Internet Behavior Management System.

rootkit-1 * C 0

XSS.png * 0

A XSS mind map ;)

Beyond.APM * C++ 0

Beyond APM is a .Net CLR Profiler dedicated to .Net Application Performance Monitor and offering AOP and Tracing capabilities to your code without modification of original source codes

bashistdb * Go 0

Bashistdb saves and retrieves your bash history into a local or remote SQLite database.

isip * Python 0

Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks.

simple-rootkit * C 0

A simple attack against gcc and Python via kernel module, with highly detailed comments.

JavaUnserializePOC * Python 0

php-apm * C 0

PHP APM (Alternative PHP Monitor)

mod_sqli * C++ 0

A simple Apache module with implementation of LibInjection

ds_store * Go 0

GO - Minimal parser for .DS_Store files

SimpleCLRProfiler * C++ 0

Getting started with CLR Profiling API

mimic * C 0

A tool for covert execution in Linux.

clamav-yara * Go 0

Converts the Clamav Virus Database definitions to YARA rules [GOLANG]

PenTools * Shell 0

This is a bundle of python and bash penetration testing tools for recon and information gathering.

phantomjs_hide_and_seek * HTML 0

Some ideas around spoofing and detecting user agents.

linux-kernel-security-suite * C 0

:penguin: A collection of linux kernel modules that harden the kernel

wechat-deleted-friends * Python 0

查看被删的微信好友

lstm_dga * Lua 0

This repository based on Andrej Karpathy char-rnn https://github.com/karpathy/char-rnn. Developed to research the possibility of applying LSTM neural network to detect and classify malicious domains.

Remote * C++ 0

远程控制项目

pentest_study * PowerShell 0

从零开始内网渗透学习

netlink-3 * Rust 0

Rust bindings for libnetlink

LKM_KeyLogs * C 0

A simple kernel-land keylogger

DylibHijack * Python 0

python utilities related to dylib hijacking on OS X

otpknock * Go 0

port knocking by otp auth

fcgi_exp * Go 0

go-netfilter-queue * Go 0

Go bindings for libnetfilter_queue

mixer * Go 0

a MySQL proxy powered by Go

bugspots * Ruby 0

Implementation of simple bug prediction hotspot heuristic

passcheck * Go 0

Linux user password expiration check

WVS_Patcher * Python 0

Script to run wvs in queue, and send mails to you on ending.

winfirewall * C++ 0

Control the Windows Firewall from Go, supports Windows XP API and Advanced Security COM API

acapulco * JavaScript 0

Attack Community Graphs through Event Clustering

go-mysql-replay * Go 0

Replay MySQL Traffic

ToyMalwareClassification * Python 0

browspy * JavaScript 0

浏览器用户全部信息收集js

byzantine * Python 0

The Byzantine General Problem

modshell * C 0

Linux kernel module netfilter backdoor demo

Bugscan * PHP 0

Bugscan Web Vulnerability Scaner Online System

sqlparser * Go 0

SQL Parser from https://github.com/youtube/vitess/tree/master/go/vt/sqlparser

sqlchop * Python 0

A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis.

lcxl-shadow * C 0

LCXL影子系统

rust-php-ext * C 0

Rust library integrated into a PHP extension

node-apm * JavaScript 0

Nodejs Application Monitor

WMI_Backdoor * PowerShell 0

A PoC WMI backdoor presented at Black Hat 2015

socketcand * C 0

snuck * Java 0

Automatic XSS filter bypass

SNMP-Brute * Python 0

Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.

php-ext * Shell 0

php扩展开发笔记

Reverse_DNS_Shell * Python 0

A python reverse shell that uses DNS as the c2 channel

docker-iptables * Go 0

Docker firewall manager

PHP-Shell-Detector * PHP 0

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

xfr_scanner * Python 0

a dns zone transfer vulnerability scanner

svn_git_scanner * Python 0

用于扫描git,svn泄露

XSeleniumS * Python 0

Automatic XSS Reflected Scan

jsprime * JavaScript 0

a javascript static security analysis tool

pecker * PHP 0

A scanner named pecker, written in php,It can check dangerous functions with lexical analysis.

Virus-and-Windows-API-Programing * C 0

中科大13级计算机病毒分析与WindowsAPI编程 授课老师:郭大侠

banti * C 0

Kernel Based Root ToolKit Samples

php-monitor * C 0

内部函数监控扩展

phpvulhunter * PHP 0

A tool that can scan php vulnerabilities automatically using static analysis methods

myctf * Python 0

A ctf competition program.

htpwdScan * Python 0

A python HTTP weak pass scanner

TeamTalk * Objective-C 0

TeamTalk is a solution for enterprise IM

YOF * CSS 0

最好的 YAF 入门 DEMO, 看过就会用 !

evilarc * Python 0

Create tar/zip archives that can exploit directory traversal vulnerabilities

ivre * Python 0

A Python network recon framework, based on Nmap, Bro & p0f with MongoDB backend.

SIEM * JavaScript 0

Security information and event management, masters's diploma

portguard * Go 0

port scan detection

reenix * Rust 0

A Rust version of the Weenix OS

kprobe_rootkit * C 0

Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)

SRCMS * PHP 0

SRCMS(轻响应)企业应急响应中心开发框架模版

mysql-proxy-python * C 0

Automatically exported from code.google.com/p/mysql-proxy-python

kaggle_Microsoft_Malware * Python 0

code for kaggle competition Microsoft malware classification

lorispack * Shell 0

Network Microsegmentation for Docker container deployments

golang-libinjection * Go 0

Golang bindings for libinjection

php-security-scanner * PHP 0

A static security scanner for PHP

x64emu * C 0

x86_x64 emulator

dirb * C 0

Web Fuzzer

Security-Data-Analysis * Jupyter Notebook 0

A series of labs that will help users apply various data science techniques to security related data.

ruby-libinjection * Ruby 0

Ruby wrapper around Client9's libinjection

swoole-yaf * PHP 0

结合swoole扩展和Yaf框架,使用swoole的内置http_server

Splunk-Web-Shell * JavaScript 0

Splunk Web Shell

php-webim * JavaScript 0

使用PHP+Swoole实现的网页即时聊天工具

lsof * Go 0

a pure go lsof

hmm * Go 0

A hidden Markov model implementation

igo * Go 0

A simple interactive Go interpreter built on go-eval with some readline-like refinements

MachineLearning * Python 0

Basic MachineLearning algorithm

thrift_unix_domain * Go 0

thrift golang unix domain socket

wispy * Python 0

AST parser and inference engine for PowerShell language

mcpulimit * Go 0

CPULimit for multiple processes (limits ALL of them, not just the first)

gscan * Go 0

vipas * Go 0

Vipasyin Webshell detector (golang)

Kadimus * C 0

LFI Scan & Exploit Tool

MysqlAudit * Go 0

Mysql test sniffer to audit simple queries

elasticsearch-river-nsq * Java 0

Elasticsearch River for NSQ

DLLRunner * Python 0

Smart DLL execution for malware analysis in sandbox systems

php-apm-web * JavaScript 0

APM (Alternative PHP Monitor) web frontend

psnotify * Go 0

stoke * JavaScript 0

:evergreen_tree: Generate the Abstract Syntax Tree (AST) of a Bash command.

Nscan * Python 0

Nscan: Fast internet-wide scanner

Static-DOM-XSS-Scanner * Python 0

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.

XSSChallengeWiki * 0

Welcome to the XSS Challenge Wiki!

SimpleZoomeye * PHP 0

A simple Zoomeye written by python,more details click this link: http://blog.csdn.net/u011721501/article/details/41967847

dll_hijack_detect * C++ 0

Detects DLL hijacking in running processes on Windows systems

python_netlink * Python 0

python native library for network device.

xsschef * JavaScript 0

Chrome extension Exploitation Framework

AxisInvoker * Java 0

Minimal AXIS2 webshell

bannerscan * Python 0

http://x0day.me/archives/bannerscan-py.html

isapiguard * C++ 0

Basic implementation of web request filtering under IIS 7.0+; capable of stopping sql injection and file incursion attacks

mst * Python 0

A Platform for Web Pentest From China

lin.rootkit * C 0

DOMinator * C++ 0

ninja * C 0

a privilege escalation detection and prevention system for GNU/Linux hosts

SDBF * Python 0

Smart DNS Brute Forcer

phpml * PHP 0

PHP Markup Language

Linux_Hook_Detection * C 0

Linux Hook Detection

grace * PHP 0

一款支持HMVC、数据库主从分离、多项目的PHP框架

pvt * C 0

PHP extension for web-application dynamic analysis.

aspis * PHP 0

A PHP code transformer to provide protection against injection attacks

go-alpm * Go 0

go bindings to pacman's libalpm

gethooks * C 0

GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.

sqlassie * C++ 0

database firewall

yaranids * C 0

NIDS based around hooking yara into callbacks

codeword * C# 0

Fork of Codeword from http://code.google.com/p/codeword/

webhandler * Python 0

webhandler

lib_mysqludf_sys * HTML 0

A UDF library with functions to interact with the operating system. These functions allow you to interact with the execution environment in which MySQL runs.

python-webshell * Python 0

webshell writen in python

mysql_proxy * Python 0

skipfish * C 0

Web application security scanner created by lcamtuf for google - Unofficial Mirror

OpenDPI * C 0

OpenDPI v.3.10

ML_Malware_detect * Python 0

阿里云安全恶意程序检测比赛

fastjson-rce-exploit * Java 0

exploit for fastjson remote code execution vulnerability

awesome-mitre-attack * 0

A curated list of awesome resources related to Mitre ATT&CK™ Framework

sonar.js * JavaScript 0

A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.

GithubMonitor * Python 0

根据关键字与 hosts 生成的关键词,利用 github 提供的 api,监控 git 泄漏。

beyondauth * Go 0

a traefik / nginx companion to create an identity aware proxy like beyondcorp

jsspider * Python 0

A js infomation dig tool.

redis-rce * Python 0

Redis 4.x/5.x RCE

urlooker * 0

企业级url监控

Cheating-Plugin-Program * C++ 0

从零开始研究外挂设计原理

gowap * Go 0

Wappalyzer implementation in Go

procmon * C 0

Log all none root Linux kernel EXEC calls. pid, uid, host and cmdline are written with rsyslog in JSON format.

Vxscan * Python 0

python3写的综合扫描工具,主要用来敏感文件探测(目录扫描与js泄露接口),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,弱口令探测,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。

Amsi-Bypass-Powershell * 0

This repo contains some Amsi Bypass methods i found on different Blog Posts.

GScan-1 * Python 0

本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。

aswan * Python 0

陌陌风控系统静态规则引擎,零基础简易便捷的配置多种复杂规则,实时高效管控用户异常行为。

AdvBox * Python 0

An adversarial examples toolbox for constructing attacks, building defenses, and Measuring robustness of AI model

risk-management-note * 0

风险控制笔记,适用于互联网企业

DLLSpy * C++ 0

DLL Hijacking Detection Tool

datacon_2019_DNS * 0

https://www.cdxy.me/?p=806

datacon * 0

datacon比赛方向三-攻击源与攻击者分析writeup

SaiDict * 0

弱口令,敏感目录,敏感文件等渗透测试常用攻击字典

AI-for-Security-Testing-Database * Jupyter Notebook 0

复现过的AI安全检测的项目集合

dive-to-gosync-workshop * Go 0

深入Go并发编程研讨课

yurita * Scala 0

Anomaly detection framework @ PayPal

hack_tools_for_me * Shell 0

自己为了方便收集的小工具

m3u8-Downloader-Go * Go 0

m3u8 downloader with golang

CVE-2019-0708 * C 0

Scanner PoC for CVE-2019-0708 RDP RCE vuln

CVE-2018-14729 * 0

Discuz backend getshell

gocelery * Go 0

Celery Distributed Task Queue in Go

memconn * Go 0

MemConn is an in-memory network stack for Go.

linux * Shell 0

linux安全检查

wfuzz * Python 0

Web application fuzzer

ffuf * Go 0

Fast web fuzzer written in Go

Awesome-WAF * 0

🔥 A curated list of awesome web-app firewall (WAF) stuff.

chromium_for_spider * HTML 0

为漏扫动态爬虫定制的浏览器

Seccubus * JavaScript 0

Easy automated vulnerability scanning, reporting and analysis

java_rasp_example * Java 0

w12scan * CSS 0

🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)

MalwareTrainingSets * Python 0

Free Malware Training Datasets for Machine Learning

fireELF * Python 0

Fileless Linux Malware Framework

auditd-attack * 0

A Linux Auditd rule set mapped to MITRE's Attack Framework

AsyncRAT-C-Sharp * C# 0

Remote Administration Tool For Windows C# (RAT)

netmap.js * JavaScript 0

Fast browser-based network discovery module

pbscan-1 * Python 0

基于burpsuite headless 的代理式被动扫描系统

ptf * Python 0

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Finder * Go 0

一款Go语言实现的端口扫描器.

arpZebra * Go 0

ARP+DNS欺骗工具,网络安全第三次实验,课堂演示用,严禁非法用途。ARPSpoof,wifi hijack,dns spoof

fusee-launcher * Python 0

ReSwitched's work-in-progress launcher for one of the Tegra X1 bootROM exploits(switch root)

godfs * Go 0

A simple fast, easy use distributed file system written by golang.

go-fastdfs * Go 0

A simple fast, easy use distributed file system written by golang(similar fastdfs).go-fastdfs 是一个简单的分布式文件存储,具有高性能,高可靠,免维护等优点,支持断点续传,分块上传,小文件合并,自动同步,自动修复。

30-days-of-vue * CSS 0

30 Days of Vue

goSkylar * Go 0

基于Golang开发的企业级外网端口资产扫描

Code-audit * 0

代码审计入坑

sqlflow * Go 0

Brings SQL and AI together.

linux_rat * JavaScript 0

LINUX集群控制(LINUX反弹式远控) LINUX反向链接运维 BY:QQ:879301117

tangscan * Python 0

乌云tangscan扫描器插件

Tentacle * Python 0

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zooeyem, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.

Awesome-Advanced-Windows-Exploitation-References * 0

List of Awesome Advanced Windows Exploitation References

go-querystring * Go 0

go-querystring is Go library for encoding structs into URL query parameters.

WordSteal * Python 0

This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.

windows-docker-machine * PowerShell 0

Work with Windows containers and LCOW on Mac/Linux/Windows

gameboy.live * Go 0

🕹️ A basic gameboy emulator with terminal "Cloud Gaming" support

TP1 * 0

Linux Basics for Hackers

whatweb-1 * Go 0

WEB指纹识别 - gowap基础上修改的golang版本

yujianrdpcrack * 0

御剑RDP爆破工具

goscan-2 * Go 0

Interactive Network Scanner

navicat-keygen * C 0

A keygen for Navicat

fracker * PHP 0

PHP function tracker

WMI_Monitor * PowerShell 0

Log newly created WMI consumers and processes to the Windows Application event log

ScanQLi * Python 0

SQLi scanner to detect SQL vulns

android-vuln * C 0

安卓内核提权漏洞分析

Cobalt_Strike_wiki * 0

Cobalt Strike系列

vulscan-1 * Python 0

vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

MYSQL_SQL_BYPASS_WIKI * 0

mysql注入,bypass的一些心得

termshark * Go 0

A terminal UI for tshark, inspired by Wireshark

GoMet * Go 0

Multi-platform agent written in Golang. TCP forwarding, socks5, tunneling, pivoting, shell, download, exec

golang-uacbypasser * Go 0

UAC bypass techniques implemented and written in Go

wmifilter * C 0

驱动层拦截web访问源码

sudo_inject * C 0

[Linux] Two Privilege Escalation techniques abusing sudo token

gogsownz * Python 0

Gogs CVEs

KWP * Python 0

Keyboard Weak Password

uilive * Go 0

uilive is a go library for updating terminal output in realtime

mysql-magic * C 0

dump mysql client password from memory

awesome-pentest * 0

A collection of awesome penetration testing resources, tools and other shiny things

windows-privesc-check * Python 0

Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems

BlueHive * PowerShell 0

PowerShell based Active Directory Honey User Account Management with Universal Dashboards

SCADA-Rules * 0

Snort rules

icstools * Lua 0

ics security tools

dnsmasq-china-list * Python 0

Chinese-specific configuration to improve your favorite DNS server. Best partner for chnroutes.

commando-vm * PowerShell 0

RW_Password * Python 0

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

WebShellCheck * Python 0

Webshell Detection Based on Deep Learning

process-packet-filter * C 0

Capture packet by process info in Windows System

analog * Python 0

一款基于机器学习的Web日志统计分析与异常检测命令行工具

everyone-can-use-english * 0

人人都能用英语

selenium * Go 0

Selenium/Webdriver client for Go

graudit * Shell 0

grep rough audit - source code auditing tool

sniffer-1 * Go 0

sniffer http data by go

QilinBaoleiji * C 0

堡垒机-麒麟堡垒机,集堡垒机、SSLVPN-堡垒机内置、动态口令-堡垒机内置、应用审计-堡垒机内置、数据库审计-堡垒机内置、CA证书-堡垒机内置-堡垒机内置、云桌面-堡垒机内置、密码自动修改为一体的堡垒机系统

pown-recon * JavaScript 0

A powerful target reconnaissance framework powered by graph theory.

beagle * Python 0

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

PowerShdll * C# 0

Run PowerShell with rundll32. Bypass software restrictions.

linux-kernel-module-cheat * Python 0

The perfect emulation setup to study and modify the Linux kernel, kernel modules, QEMU and gem5. Highly automated. Thoroughly documented. GDB step debug and KGDB just work. Automated tests. Powered by Buildroot. "Tested" in Ubuntu 18.04 host, x86_64, ARMv7 and ARMv8 guests with kernel v5.0.

SharPyShell * Python 0

SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications

SearchApp * Python 0

小型网络空间搜索引擎

Mr.SIP * Python 0

SIP-Based Audit and Attack Tool

WCnife * Python 0

Web版中国菜刀

tcpscan-1 * Python 0

python3写的一个小工具,主要用于端口扫描,服务识别。

golang_c2 * Go 0

Boilerplate C2 written in Go for red teams

sublert * Python 0

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

mail_fishing * PHP 0

甲方安全工程师必备,内部钓鱼系统

xray * Go 0

XRay is a tool for recon, mapping and OSINT gathering from public networks.

ChunkedHTTPAdapter * Python 0

参考《利用分块传输吊打所有WAF》修改的requests的Adapter

MySQLMonitor * Python 0

MySQL实时监控工具(黑盒测试辅助工具)

AI-Machine-Learning-Security * 0

一个关于人工智能渗透测试分析系列

Java-Unserialization-Study * Java 0

QAQ Just study unserialize vulnerabilities in Java :)

dashboards * HTML 0

Responsive dashboard templates for Bootstrap 📊✨

HiddenEye * HTML 0

Modern phishing tool with advanced functionality [ Termux-Support Available ]

pyevmasm * Python 0

Ethereum Virtual Machine (EVM) disassembler and assembler

go-fastping * Go 0

ICMP ping library for Go inspired by AnyEvent::FastPing Perl module

ml-antivirus * Python 0

This is repo of antivirus which uses machine learning to classify viruses from legitimate files.

awesome-linux-rootkits * 0

awesome-linux-rootkits

win10-secure-baseline-gpo * Go 0

Windows 10 and Server 2016 Secure Baseline Group Policy

VulDeePecker * C 0

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

LuWu * Shell 0

红队基础设施自动化部署工具

Pass-the-Hash-Guidance * PowerShell 0

Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber

ReflectiveDLLInjection * C 0

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

DNSlivery * Python 0

Easy files and payloads delivery over DNS

ghidra * 0

Offensive-Security-OSCP-Cheatsheets * PowerShell 0

ipv666 * Go 0

Golang IPv6 address enumeration

Pentest_Interview * 0

个人准备渗透测试和安全面试的经验,和部分厂商的面试题

websocket-client-go * Go 0

Reconnecting Websocket Client Golang Library

WebMap * Python 0

Nmap Web Dashboard and Reporting

webshell-find-tools * Python 0

分析web访问日志以及web目录文件属性,用于根据查找可疑后门文件的相关脚本。

Sagaan-AntiCheat-V2.0 * C 0

Anti Cheat i made in my free time. Credits to everyone who helped are in the files and some are in the code. I will definitely improve this Anti Cheat along the way, now its just beta. Enjoy.

Shared * Jupyter Notebook 0

Shared Blogs and Notebooks

winc-1 * Go 0

Common library for Go GUI apps on Windows

Venom * Go 0

Venom - A Multi-hop Proxy for Penetration Testers Written in Go

netlinkconnector * Go 0

netlink connector library for Go

firehttp-1 * Go 0

一个专门用于开发安全工具的HTTP类库.

powershellveryless * C# 0

Constrained Language Mode + AMSI bypass all in one

netlink-4 * Rust 0

low level netlink library for rust

malware-sample-library * 0

Malware sample library.

piof * HTML 0

PIOF - PHP Instrumentation Open Framework - A dynamic and modulable instrumentation framework for PHP language.

extrace * C 0

trace exec() calls system-wide

Security-with-Go * Go 0

Security with Go, published by Packt

bro-sysmon * Bro 0

How to Zeek Sysmon Logs!

falco * C++ 0

Falco: Container Native Runtime Security

jenkins_unauthenticated_remote_code_execution * Java 0

Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)

DeeDee * Python 0

Stealthy DDE Exploit Payload generator and injector for DOCX files

zgrab2 * Go 0

ZGrab 2.0 Framework

rust-headless-chrome * Rust 0

chashell * Go 0

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

app * Go 0

Package to create apps with GO, HTML and CSS. golang gui

PSHunt * PowerShell 0

Powershell Threat Hunting Module

pe * Go 0

Package pe implements access to the Portable Executable (PE) file format.

go-cluster * Go 0

k-modes and k-prototypes clustering algorithms implementation in Go

lihang_book_algorithm * Python 0

致力于将李航博士《统计学习方法》一书中所有算法实现一遍

AI-Security-Learning * 0

自身学习的安全数据科学和ai安全算法的学习资料

get_ip_by_ico * Python 0

从shodan获取使用了相同favicon.ico的网站

javaweb-codereview * Java 0

javaweb-codereview

How-To-Secure-A-Linux-Server * 0

An evolving how-to guide for securing a Linux server.

libsvm-go * Go 0

Full port of LIBSVM in the Go programming language

safeline-open-platform * Lua 0

lol-model-viewer * JavaScript 0

154个英雄联盟中的英雄和中立生物的3D模型(带动画)演示。https://tengge1.github.io/lol-model-viewer

PythonDataMining * Jupyter Notebook 0

:notebook_with_decorative_cover: 在学院的书架上发现了一本不带脑子就能看懂的书《Python数据挖掘与实战》

lysec * JavaScript 0

一个基于docker的安全培训系统

Mastering_Go_ZH_CN * Go 0

《Mastering GO》中文译本,暂时命名为《玩转 GO》。阅读本书之前,您应该阅读有关Go的介绍性书籍,或者已经完成了Go By Example。本书的内容包括但不限于并发、网络编程、垃圾回收、组合、GO UNIX系统编程、基本数据类型(Array,Slice,Map)、GO源码、反射,接口,类型方法等高级概念。阅读本书需要一定的编程经验。如果你在工作中使用Go或者业余时间爱好GO,那么这本书一定会让你对GO的理解更上一层楼。

http-netfilter * C 0

Linux kernel HTTP filtering netfilter module

CyBot * Python 0

Open Source Threat Intelligence Chat Bot

dnsbin * JavaScript 0

The request.bin of DNS request

w11scan * CSS 0

分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform

kunpeng * Go 0

kunpeng是一个Golang编写的开源POC检测框架,以动态链接库的形式提供各种语言调用,通过此项目可快速对目标进行安全漏洞检测,比攻击者快一步发现风险漏洞。

go-cgroup * Go 0

bindings for libcgroup

Intranet_Penetration_Tips * 0

2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~

go-cpulimit * Go 0

Channel-based CPU usage limiter

bbscan_rules * 0

My BBScan rules

RedTeam * 0

RedTeam资料收集整理

nWatch * Python 0

NetNTLMtoSilverTicket * PowerShell 0

SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

scanproxy * Go 0

scanproxy is auto scan IP & port,and check that is proxy if port is open...(scanproxy是一个自动扫描端口,并且检测是否是代理服务器的程序)

synflood * Go 0

A tcp syn flood attack tool

SocialEngineeringPayloads * CSS 0

This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.

100-Days-Of-ML-Code-1 * Jupyter Notebook 0

100-Days-Of-ML-Code中文版

mitre-collection * 0

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)

elasticsql * Go 0

convert sql to elasticsearch DSL in golang(go)

ElasticHD * Go 0

Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索,Index template快捷替换修改,索引列表信息查看, SQL converts to DSL等

dga_detector * Python 0

DGA Domains detection

web-log-parser * Python 0

web日志分析工具

go-shellcode * Go 0

Load shellcode into a new process

hookjs * JavaScript 0

javascript function hook

MachineLearning-2 * Python 0

Basic Machine Learning and Deep Learning

student * Python 0

个人学习

python-evtx * Python 0

Pure Python parser for recent Windows Event Log files (.evtx)

x-deeplearning * C++ 0

An industrial deep learning framework for high-dimension sparse data

AI-for-Security-Testing * Jupyter Notebook 0

My AI security testing project

DarthSidious-Chinese * 0

DarthSidious 中文版

p0wnedShell * C# 0

PowerShell Runspace Post Exploitation Toolkit

DccwBypassUAC * C++ 0

Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".

dzscan * Python 0

Dzscan

IsolationForest * Python 0

IsolationForest wiht Sk-learn

AV-Killer * C++ 0

Antivirus Killer

Github-Monitor * JavaScript 0

Github信息泄漏监控系统

SharpLogger * C# 0

Keylogger written in C#

sploitfun-linux-x86-exp-tut-zh * CSS 0

:book: [译] SploitFun Linux x86 Exploit 开发系列教程

Base-Learning-for-Security-Offers * 0

404notfound的知识体系

LinuxCheck * Shell 0

Responder * Python 0

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

dga_classifier * Python 0

Sample DGA classifier

SubDomainizer * Python 0

A tool to find subdomains and interesting things hidden inside and external Javascript files of page.

miaosha * Java 0

😮😮秒杀系统设计与实现.互联网工程师进阶与分析🙋🐓

sklearn * Go 0

bits of sklearn ported to Go #golang

CVE-2018-15982_EXP * Python 0

exp of CVE-2018-15982

evilginx * Python 0

PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2

PPTHub * 0

大安全各领域各公司各会议分享的PPT及行业合规、安全认证、安全书籍汇总

How-to-Read-Source-and-Fuzzing * 0

一些阅读源码和Fuzzing 的经验..

Allscanner * Python 0

数据库和其他服务的弱端口的弱口令检测以及未授权访问的集成检测工具。 Weak password blasting of weak ports and integrated detection tools for unauthorized access.

Seth * Python 0

Perform a MitM attack and extract clear text credentials from RDP connections

SharpClipboard * C# 0

C# Clipboard Monitor

it-chain * Go 0

私有区块链

webshellgg * PHP 0

ml webshellgg project

Windows-AD-environment-related * Ruby 0

This Repository contains the stuff related to windows Active directory environment exploitation

Vba2Graph * Python 0

Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.

webborer * Go 0

WebBorer is a directory-enumeration tool written in Go.

aclpwn.py * Python 0

Active Directory ACL exploitation with BloodHound

linikatz * C 0

linikatz is a tool to attack AD on UNIX

Geetest3-Crack * Python 0

🤖 Geetest3 Distributed Cracking Platform 极验3代分布式破解平台

Windows-universal-samples * JavaScript 0

API samples for the Universal Windows Platform.

ThreatHunting * Python 0

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

github-desktop-poc * Python 0

Github Desktop PoC

koding * Go 0

The Simplest Way to Manage Your Entire Dev Infrastructure!

openzaly * Java 0

openzaly 是 Akaxin 的服务器源代码,用以搭建私有聊天服务器。 服务器安装教程:https://www.akaxin.com/docs/install/index.html QQ群: 655249600

getpass * C++ 0

a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz

atomic-red-team * PowerShell 0

Small and highly portable detection tests based on MITRE's ATT&CK.

MaliciousMacroMSBuild * Python 0

Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.

MaliciousMacroGenerator * Visual Basic 0

Malicious Macro Generator

GoldenTicketDetection * HTML 0

mimikatz_detection * HTML 0

tyton * C 0

Kernel-Mode Rootkit Hunter

GTRS * Shell 0

GTRS - Google Translator Reverse Shell

data_hacking * Jupyter Notebook 0

Click Security Data Hacking Project

Anti-Hook- * C 0

SuperWeChatPC * C++ 0

微信电脑客户端多开工具,支持防消息撤销

RSA-reverse-shell * Python 0

Python implementation of RSA reverse shell.

gowindows * Go 0

go windows 库,主要实现 "golang.org/x/sys/windows" 库未包含的api。

WhatWeb * Ruby 0

Next generation web scanner

fuzz.txt * 0

Potentially dangerous files

xsshell * Go 0

An XSS reverse shell framework

mcreator * Python 0

Encoded Reverse Shell Generator With Techniques To Bypass AV's

strace-docker * Shell 0

Trace system calls from Docker containers running on the system

rhids * Java 0

Host-based Intrusion Detection System for Linux Containers

aa-tools * Python 0

Artifact analysis tools by JPCERT/CC Analysis Center

SecurityManageFramwork * Python 0

SecurityManageFramwork是一款适用于企业内网安全管理平台,包含资产管理,漏洞管理,账号管理,知识库管、安全扫描自动化功能模块,可用于企业内部的安全管理。 本平台旨在帮助安全人员少,业务线繁杂,周期巡检困难,自动化程度低的甲方,更好的实现企业内部的安全管理。

pdns * Python 0

PDNS Monitors network for malicious activities domain

VulInfo * 0

These are the vulnerabilities discovered by Galaxy Lab.

awesome-crawler * 0

A collection of awesome web crawler,spider in different languages

detect_kerberos_attacks * Shell 0

Detect kerberos attacks in pcap files

msf-elf-in-memory-execution * Ruby 0

Post module for Metasploit to execute ELF in memory

EmpireAMSI * PowerShell 0

processhacker-1 * C 0

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

ishell * Go 0

Library for creating interactive cli applications.

AI-for-Security-Learning * 0

安全场景、基于AI的安全算法和安全数据分析学习资料整理

pocsuite_poc_collect * Python 0

collection poc use pocsuite framework 收集一些 poc with pocsuite框架

wechatcmd * Go 0

提供微信终端版本、微信命令行版本聊天功能、微信机器人

gosoap * Go 0

🦉SOAP package for Go

golearn * Go 0

Machine Learning for Go

LinuxFlaw * C 0

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

AD-Attack-Defense * 0

Active Directory Security For Red & Blue Team

ChineseDarkWebCrawler * HTML 0

中文暗网爬虫

HiddenPowerShellDll * Batchfile 0

dpos * Go 0

基于DPoS算法、P2P对等网络的简易区块链Go语言实现。

RedTeamScripts * Python 0

Repo with various Red Team scripts

teamviewer-dumper * Python 0

Dump TeamViewer ID and password from memory. Works much better than other tools.

CACTUSTORCH * Visual Basic 0

CACTUSTORCH: Payload Generation for Adversary Simulations

flint * Python 0

The python client of passivedns.cn

Webcrawle * HTML 0

Awesome-Red-Teaming * 0

List of Awesome Red Teaming Resources

Sreg * HTML 0

Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。

jiebago * Go 0

Jieba 分词 Go 语言版

python-girlfriend-mood * Python 0

:kissing_closed_eyes::kissing_closed_eyes: 通过与女朋友聊天获取她的实时情绪波动图谱。 Analyze her mood through her girlfriend's words ·

nodejs-runtime-agent * JavaScript 0

Snyk Node Runtime Agent

Ethereum-Smart-Contracts-Security-CheckList * 0

Ethereum Smart Contracts Security CheckList From Knownsec 404 Team

htcap * Python 0

htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes.

PcapXray * Python 0

:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

UsbKeyboardDataHacker * Python 0

USB键盘流量包取证工具 , 用于恢复用户的击键信息

weblogic-scan * Python 0

weblogic 漏洞扫描工具

pwn2own2018 * C 0

A Pwn2Own exploit chain

dotNetFuzz * Python 0

A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.

BlockChain-Security-List * 0

BlockChain-Security-List

Managed-code-injection * C++ 0

Inject a .NET assembly into a native process using the CLR Hosting API

ATTACK * 0

MITRE ATT&CK Windows Logging Cheat Sheets

httpmq * Go 0

A simple HTTP message queue written in Go with goleveldb, just like httpsqs written in C with Tokyo Cabinet.

php-go * C 0

Write PHP extension using go/golang. Zend API wrapper for go/golang.

goleveldb * Go 0

LevelDB key/value database in Go.

dnscat2-powershell * PowerShell 0

A Powershell client for dnscat2, an encrypted DNS command and control tool.

netelf * C 0

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

UnmanagedPowerShell * C 0

Executes PowerShell from an unmanaged process

bscan * Python 0

an asynchronous target enumeration tool

goflow * Go 0

The high-scalability sFlow/NetFlow/IPFIX collector used internally at Cloudflare.

BFuzz * HTML 0

Fuzzing Browsers

ProcDump-for-Linux * C 0

A Linux version of the ProcDump Sysinternals tool

seesaw * Python 0

Automatic reversed shell detacting and defensing

sandbox-1 * JavaScript 0

Sandbox to execute php or bash code

grmon * Go 0

Command line monitoring for goroutines

dtgo * Go 0

Decision tree in Go based on @random-forests example

goboy * Go 0

Multi-platform Nintendo Game Boy Color emulator written in go

linux-re-101 * 0

A collection of resources for linux reverse engineering

CobaltStrike_Hanization * Java 0

CobaltStrike 2.5中文汉化版

Cobaltstrike-Trial * 0

leaves * Go 0

pure Go implementation of prediction part for GBRT (Gradient Boosting Regression Trees) models from popular frameworks

sslsplit * C 0

Transparent SSL/TLS interception

serviceFu * C 0

Automates credential skimming from service accounts in Windows Registry

anomalous * Go 0

Anomaly detection in Go with isolation forests.

imylu * Python 0

Pure Python implementation of machine learning algorithms

malwaregan * Python 0

Visualizing malware behavior, and proactive protection using GANs against zero-day attacks.

ghw * Go 0

Golang hardware discovery/inspection library

PIE * PowerShell 0

:mailbox: The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365

DeepCreamPy * Python 0

Decensoring Hentai with Deep Neural Networks

face_recognition * Python 0

The world's simplest facial recognition api for Python and the command line

openface * Lua 0

Face recognition with deep neural networks.

FaceDetectionServer * Go 0

基于 SeetaFace 的人脸识别服务, By and For Golang

AutoSploit * Python 0

Automated Mass Exploiter

ransomware * Go 0

A POC Windows crypto-ransomware (Academic)

gotop * Go 0

A terminal based graphical activity monitor inspired by gtop and vtop

gochain * Go 0

A simple Blockchain implementation in Go

powershell-reverse-http * Go 0

:innocent: A Powershell exploit, windows native service with no virus signature that open a reverse http connection via meterpreter

linux-insides * Python 0

A little bit about a linux kernel

anti-ransomware-minifilter * C 0

jass * Go 0

a tool to facilitate sharing of secrets using SSH keys

machine_learning_security * Python 0

Source code about machine learning and security.

SAIVS * Python 0

SAIVS (Spider Artificial Intelligence Vulnerability Scanner).

macOS-Security-and-Privacy-Guide * Python 0

A practical guide to securing macOS.

ReShellAAS * Python 0

Reverse Shell as a Service

Platypus * Go 0

:hammer: A modern multiple reverse shell sessions manager written in go

sourcegraph * Go 0

Code search and intelligence, self-hosted and scalable

fuse * Go 0

FUSE library for Go.  go get bazil.org/fuse  

unserchain * PHP 0

BadKernel * HTML 0

Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016

gocryptfs * Go 0

Encrypted overlay filesystem written in Go.

Windows-User-Action-Hook * C# 0

A .NET library to subscribe for Windows operating system global user actions such mouse, keyboard, clipboard & print events

android_vuln_poc-exp * C 0

This project contains pocs and exploits for android vulneribilities

tableflip * Go 0

Graceful process restarts in Go

arbitrary-php-extension * C 0

这是一个实验性的PHP扩展,加载这个扩展后,每次请求将可以执行一段自己的PHP代码。

jiacrontab * Go 0

提供可视化界面的任务调度工具

linux_exploit_development * Python 0

Linux Exploit Development Techniques

libSSH-Authentication-Bypass * Python 0

Spawn to shell without any credentials by using CVE-2018-10933

Malware_Detection_API_Graphs * Python 0

Predicting malicious behaviour in programs by studying patterns of API Call graphs

awesome-incident-response * 0

A curated list of tools for incident response

LiME * C 0

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

shd * C 0

Ssdt Hook Detection tool

re_avdevprot * C 0

逆向小红伞杀毒软件驱动——avdevprot

windows-syscall-table * Assembly 0

windows syscall table from xp ~ 10 rs4

SSRFmap-1 * Python 0

Automatic SSRF fuzzer and exploitation tool

Windows-via-C- * C++ 0

Windows核心编程(第5版中文版)

minhook-rs * Rust 0

A function hooking library for the Rust programming language

go-hook * Go 0

`go-hook`provides low level keyboard and mouse hook for Windows.

hinako * Go 0

x86 WinAPI hook written in pure Go

Auto-Root-Exploit * Shell 0

Auto Root Exploit Tool

pywerview * Python 0

A (partial) Python rewriting of PowerSploit's PowerView

dpapilab * Python 0

Windows DPAPI laboratory

memorpy * Python 0

Python library using ctypes to search/edit windows / linux / macOS / SunOS programs memory

LaZagne * Python 0

Credentials recovery project

Windows-KeyLogger * Go 0

go-sniffer * Go 0

🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。

WinboxPoC * Python 0

Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)

impacket * Python 0

Impacket is a collection of Python classes for working with network protocols.

whids * Go 0

Powershell-Attack-Guide * PowerShell 0

Powershell攻击指南----黑客后渗透之道

multiOTPCredentialProvider * PHP 0

multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support

Alibaba-3rd-Security-Algorithm-Challenge * Jupyter Notebook 0

第三届阿里云安全算法挑战赛冠军代码

ptyshell * C 0

A reverse PTY shell in C

protravel * Python 0

Recursively exploit path traversal vulnerability

libelfmaster * C 0

Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools

ecfs_exec * C 0

Be able to execute memory snapshots so they can start running where they left off.

avu32 * C 0

anti virus 32bit. my first attempt (in 2008) to write prototype for detecting/disinfecting unix ELF viruses

arch-audit * Rust 0

An utility like pkg-audit for Arch Linux. Based on Arch Security Team data

clair-scanner * Go 0

Docker containers vulnerability scan

subscraper * Python 0

External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.

Aron * Go 0

Aron is a GO script for finding hidden GET & POST parameters

Ransomware-Guard * C 0

Anti-ransomware in linux, Decoy, Protect file, Protect drectory, Auto backup

awesome-forensics * 0

A curated list of awesome forensic analysis tools and resources

AES-Killer * Java 0

Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly

kemon * C 0

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.

osxcollector * Python 0

A forensic evidence collection & analysis toolkit for OS X

BIOS_Rootkit * Assembly 0

来自Freebuf评论区,一个UEFI马.

rekall-agent-server * Python 0

Rekall is an endpoint security solution.

rekall * Python 0

Rekall Memory Forensic Framework

rvmi * C 0

rVMI - A New Paradigm For Full System Analysis

goiptables * Go 0

Wouldn't the world be better with more iptables wrappers? WIP

dnscap * C 0

Network capture utility designed specifically for DNS traffic

lynis * Shell 0

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

securitybot * Python 0

Distributed alerting for the masses!

nodexp * Python 0

NodeXP - A Server Side Javascript Injection tool capable of detecting and exploiting Node.js vulnerabilities

rop_detector * C 0

Experimental tool for ROP-shellcode detection

RopGun * C 0

RopGun is a Linux implementation of a transparent ROP mitigation technique based on runtime detection of abnormal control transfers using hardware performance counters.

VMI-as-a-Service * C 0

safetrend-echarts * JavaScript 0

大数据威胁态势感知,图标实时展示攻击状态

vmi-rs * Rust 0

A simple Rust wrapper around LibVMI for virtual machine introspection (very incomplete)

teleport * Go 0

Teleport is a versatile, high-performance and flexible socket framework. It can be used for RPC, micro services, peer-peer, push services, game services and so on.

IP-security-analysis * PHP 0

Log malicious IP security analysis

Vibe * Python 0

A framework for stealthy domain reconnaissance

futures-rs * Rust 0

Zero-cost asynchronous programming in Rust

ct-exposer * Python 0

An OSINT tool that discovers sub-domains by searching Certificate Transparency logs

VeraCrypt * C 0

Disk encryption with strong security based on TrueCrypt

winipt * C 0

The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and a command-line tool.

IoTSecurity101 * 0

From IoT Pentesting to IoT Security

cloudwalker * Go 0

CloudWalker Platform

pam_abl * C 0

pam_abl auto blacklisting PAM module

pkg-audit * Python 0

audit installed packages on Arch Linux against known vulnerabilities

go-crypt * Go 0

Golang wrappers for glibc crypt(3)

duo_unix * C 0

Duo two-factor authentication for Unix systems

flinux * C 0

Foreign LINUX - Run unmodified Linux applications inside Windows.

shellz * Go 0

Shellz is a small utility to keep track of your SSH identities, servers and run commands on multiple machines at once.

PrivilegeGuard * 0

Privilege guard blocks common local privilege escalation in Linux Kernel

CVE-2018-17182 * C 0

Linux 内核VMA-UAF 提权漏洞(CVE-2018-17182),0day

brootkit * Shell 0

Lightweight rootkit implemented by bash shell scripts v0.10

netlink-rs * Rust 0

Rust bindings for netlink communication

rust-psutil * Rust 0

A process monitoring library for rust

netlink-2 * Go 0

Golang netlink implementation

MS-DOS * Assembly 0

The original sources of MS-DOS 1.25 and 2.0, for reference purposes

ZeroAccess * C 0

ZeroAccess v3 toolkit

WebRange * CSS 0

一个Web版的docker管理程序,可以用来运行各种docker漏洞环境和CTF环境。

byob * Python 0

BYOB (Build Your Own Botnet)

weui-wxss * JavaScript 0

A UI library by WeChat official design team, includes the most useful widgets/modules.

WINspect * PowerShell 0

Powershell-based Windows Security Auditing Toolbox

openvas-scanner * C 0

OpenVAS remote network security scanner

linux-insides-zh * 0

Linux 内核揭密

pwcracker * Python 0

一款插件化的密码爆破框架

google-authenticator-libpam * C 0

google-authenticator * Java 0

Open source version of Google Authenticator (except the Android app)

moloch * JavaScript 0

Moloch is an open source, large scale, full packet capturing, indexing, and database system.

OSTrICa * Python 0

SocialBox * Shell 0

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi

go-lib * Go 0

mirrored from https://cr.deepin.io/#/admin/projects/go-lib

csharp * C# 0

Various C# projects for offensive security

polymorph * Python 0

Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols

bpfd * Go 0

Framework for running BPF programs with rules on Linux as a daemon. Container aware.

DeepBlueCLI * PowerShell 0

Aurora * Go 0

Aurora Remote Administration Tool

jsEncrypter * Java 0

一个用于加密传输爆破的Burp Suite插件

sec_check * Go 0

Cross platform security detection tool

PortScanner * Python 0

目标tcp端口快速扫描、banner识别、cdn检测

logkit * Go 0

Very powerful server agent for collecting & sending logs & metrics with an easy-to-use web console.

windows-Credential-Provider-library * C++ 0

This repository will be updated with all the examples and links that I can find with relevant knowledge & information about CP in MS Windows vista up to version 10.

windows-credentials-provider * C# 0

An example implementation of a windows credential provider that is tightly connected with logon system

CredProvider.NET * C# 0

A Windows Credential Provider written in C#

pgina * C# 0

pGina: Open Source Windows Authentication

MacPatch * Objective-C 0

Software & Patch management for Mac OS X

doorman * Python 0

an osquery fleet manager

metta * Python 0

An information security preparedness tool to do adversarial simulation.

windows_ad_dos_poc * Python 0

PoC code for crashing windows active directory

erays * Python 0

Ethereum smart contract reverse engineering

cat * JavaScript 0

Central Application Tracking

knock-1 * C 0

A port-knocking daemon

xmark * C 0

一个能够 Hook 绝大多数函数/类、部分 opcode 的 PHP7 扩展

pam-ussh * Go 0

uber's ssh certificate pam module

Windows-driver-samples * C 0

This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.

pefile * Python 0

pefile is a Python module to read and work with PE (Portable Executable) files

Threat-Intelligence-Analyst * 0

威胁情报,恶意样本分析,开源Malware代码收集

httptools * Python 0

Fast HTTP parser

TTLScan * Python 0

一款简易的插件化的漏洞扫描器框架

go-systemd * Go 0

Go bindings to systemd socket activation, journal, D-Bus, and unit files

Scanr * Python 0

Detect x86 shellcode in files and traffic.

cisco-snmp-rce * Python 0

Cisco IOS SNMP RCE PoC

Lilith * C++ 0

Lilith, The Open Source C++ Remote Administration Tool (RAT)

zeroday-powershell * PowerShell 0

A PowerShell example of the Windows zero day priv esc

CovenantSQL * Go 0

a SQL Database on Blockchain

http-parser * C 0

http request/response parser for c

SecurityManagement * 0

分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴

getshell * C 0

各大平台提权工具

geoip2-golang * Go 0

Unofficial MaxMind GeoIP2 Reader for Go

pacu * Python 0

Rhino Security Labs' AWS penetration testing toolkit

drltrace * HTML 0

Drltrace is a library calls tracer for Windows and Linux applications.

Oriana * Python 0

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Reverse-Shell-Manager-1 * Python 0

:hammer: A multiple reverse shell session/client manager via terminal

hostscan-bypass * Go 0

Generate OpenConnect CSD files to bypass Cisco AnyConnect hostscan requirements

SSRFmap * Ruby 0

Server Side Request Forgery services enumeration tool.

Exploits-1 * Perl 0

Containing Self Made Perl Reproducers / PoC Codes

ReDoS-vulnerabilities * JavaScript 0

A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.

MiningGitlog * Python 0

A script to mine email addresses in the Github repository.

cowrie * Python 0

Cowrie SSH/Telnet Honeypot

JWT_Hacking * Python 0

Collection of scripts that aid in penetration testing of JSON Web Tokens

MacOS-Security-Baseline * Shell 0

Baseline Security Configuration For MacOS

ssdeep * Go 0

SSDEEP hash lib in Golang

Oops-Webshell * Python 0

Oops, It's funny to detect a webshell

awesome-rust * Rust 0

A curated list of Rust code and resources.

bytebuf * Go 0

Replacement for bytes.Buffer that you can use in a performace-sensitive parts or your Go programs

guardian-agent * Go 0

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH

EGESPLOIT * Go 0

EGESPLOIT is a golang library for malware development

GoldenEye * Python 0

GoldenEye Layer 7 (KeepAlive+NoCache) DoS Test Tool

prometheus * Go 0

The Prometheus monitoring system and time series database.

win * Go 0

A Windows API wrapper package for the Go Programming Language

libnids-1 * C 0

Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.

PE-Linux * Shell 0

Linux Privilege Escalation Tool By WazeHell

wmi * Go 0

WMI for Go

opencanary_web * Vue 0

基于opencanary的蜜罐web服务端|The Web App of opencanary secondary development

conntrack * Go 0

Go module to monitor TCP connections using linux's ip_conntrack kernel module

botnets * C++ 0

This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

kraken * Go 0

Cross-platform Yara scanner written in Go

zabbix-threat-control * Python 0

Zabbix vulnerability assessment plugin

go-autoruns * Go 0

Collect autorun records from running system

grumpy * Go 0

Grumpy is a Python to Go source code transcompiler and runtime.

ASWCrypter * Shell 0

An Bash&Python Script For Generating Payloads that Bypasses All Antivirus so far [FUD]

Linux_Exploit_Suggester * Perl 0

Linux Exploit Suggester; based on operating system release number

Amass-1 * Go 0

In-Depth DNS Enumeration written in Go

osquery-configuration * 0

A repository for using osquery for incident detection and response

sysmon-config * 0

Sysmon configuration file template with default high-quality event tracing

baidu-netdisk-downloaderx * Go 0

:zap: 百度网盘不限速下载器 BND,支持 Windows、Mac 和 Linux。

machma * Go 0

Easy parallel execution of commands with live feedback

rules * 0

Public rules and samples for various automations through LimaCharlie.io

hmmlearn * Python 0

Hidden Markov Models in Python, with scikit-learn like API

GitHacker * Python 0

一个 Git 源码泄露利用工具 , 可恢复整个 Git 仓库 , 用于白盒审计以及分析开发者的思维

malicious_dynamic_behavior_detection_by_cnn * Python 0

Machine-Learning-Based-Botnet-Detection * Python 0

Machine Learning Based Botnet Detection is a tool to classify network traffic as being botnet affected or not based on the network traffic flows. It involves various classifiers including Neural Networks, Decision Tree, SVM, Naive Bayes, Logistic Regression, k-Nearest Neighbours.

gordp * Go 0

Rdp client on pure GoLang

docker_ssh_honeypot * Go 0

安全开发教学 - 用Docker制作一个高交互ssh蜜罐

BillCipher * Python 0

Information Gathering tool for a Website or IP address

Ducky-Exploit * Python 0

Arduino Rubber Ducky Framework

badKarma * Python 0

advanced network reconnaissance toolkit

imaginaryC2 * Python 0

Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.

Revoke-Obfuscation * PowerShell 0

PowerShell Obfuscation Detection Framework

awesome-threat-detection * 0

A curated list of awesome threat detection and hunting resources

acra * Go 0

Database encryption proxy for data-driven apps: strong selective encryption, SQL injections prevention, intrusion detection, honeypots.

bsmtrace * C 0

BSM based intrusion detection system

Cloud_Integrity * C 0

Using LibVMI to detect malware

ProcessHacker * C 0

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware—mirror of https://github.com/processhacker2/processhacker.git

CyberGod-KSGMPRH * C 0

An open-source antivirus for windows

tracecorn * Python 0

Windows API tracer for malware (oldname: unitracer)

PyAna * Python 0

PyAna - Analyzing the Windows shellcode

unicorn-rs * Rust 0

Rust bindings for the unicorn CPU emulator

kicomav * Python 0

KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it.

cyberprobe * Shell 0

Capturing, analysing and responding to cyber attacks

unicorn-1 * Python 0

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

waf * Java 0

:vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)

gene * Go 0

Go Evtx sigNature Engine

NetRipper * PowerShell 0

NetRipper - Smart traffic sniffing for penetration testers

JSCPP * CoffeeScript 0

A simple C++ interpreter written in JavaScript

ueditor-getshell * Python 0

ueditor .net getshell

wam * JavaScript 0

Web App Monitor

gowin32 * Go 0

Win32 API bindings for the Go programming language.

godivert * Go 0

Bindings for WinDivert in Go

network-policy-demo-apps * TypeScript 0

This repository is a demonstration of the functionalities of kubernetes network policies together with egress network policy (open vSwitch).

docker-operator * Go 0

container crash reporting + security and reliability countermeasures

mig * Go 0

Distributed & real time digital forensics at the speed of the cloud

log4go * Go 0

a logging package for golang similar to log4j or log4c++ supporting console, file and network.

BeRoot * Python 0

Privilege Escalation Project - Windows / Linux / Mac

docker-bench-security * Shell 0

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

docker-security-scanner * Python 0

Security Scanning Utility for Twistlock and Nexus IQ for use in Codefresh Builds

Uproot * PowerShell 0

Currently not updated for WMIEvent module...

pupmod-simp-dirtycow * Ruby 0

A module for managing checks and fixes for the 'dirty cow' kernel bug

N3tstatIDS * 0

Lightweight Endpoint Detection & Response (EDR) Framework

pool * Go 0

Connection pool for Go's net.Conn interface

dalton * Python 0

Suricata and Snort IDS rule and pcap testing system

iptables-essentials * 0

Iptables Essentials: Common Firewall Rules and Commands.

vFW-demo * Shell 0

ONAP vFirewall Use Case

butterfly * C++ 0

Butterfly connects Virtual Machines and control their traffic flow

cFW-demo * Dockerfile 0

Cloud-Native Firewall Virtual Network Function

cn-infra * Go 0

A platform for developing cloud-native VNFs

IntrusionPreventionSystem * Jupyter Notebook 0

A virtual intrusion prevention system to detect and prevent DDoS/DoS attacks. Provides Firewall Options too.

DBProxy * C 0

thal * JavaScript 0

译文:Puppeteer 与 Chrome Headless —— 从入门到爬虫

proxy-web * JavaScript 0

proxy-web是用go语言写的,基于snail007/goproxy完成的可视化网页应用

graftcp * C 0

A flexible tool for redirecting a given program's TCP traffic to SOCKS5 proxy.

gopher-lua * Go 0

GopherLua: VM and compiler for Lua in Go

gowitness * Go 0

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

go-knock * Go 0

Port knocking in go

Charles-Crack * Kotlin 0

Charles 破解工具

avet * C 0

AntiVirus Evasion Tool

BurpSSOExtension * Java 0

An extension for BurpSuite that highlights SSO messages in Burp's proxy window..

boofuzz * Python 0

A fork and successor of the Sulley Fuzzing Framework

jvm.go * Go 0

A toy JVM written in Go

ruler * Go 0

A tool to abuse Exchange services

hawkeye-1 * Go 0

Hawkeye filesystem analysis tool

Gopherus * Python 0

This tool generates gopher link for doing SSRF and RCE in various servers

logrus * Go 0

Structured, pluggable logging for Go.

adversarial-robustness-toolbox * Jupyter Notebook 0

This is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attacks and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers. https://developer.ibm.com/code/open/projects/adversarial-robustness-toolbox/

Dejavu * 0

DejaVU - Open Source Deception Framework

cs-suite * Shell 0

Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.

anwi * C++ 0

ANWI - All New Wireless IDS

PowerUpSQL * PowerShell 0

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

mallet * Java 0

hideNsneak * Go 0

a CLI for ephemeral penetration testing

DependencyCheck * Java 0

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

arima_lstm * Python 0

使用arima_lstm完成容量分析预测(cpu、内存、磁盘)

SMBetray * Python 0

SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext.

Mailget * Python 0

通过脉脉用户猜测企业邮箱

Linux_kernel_exploits * C 0

I will publish some Linux kernel exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.

Sentinel * Java 0

A lightweight flow-control library providing high-available protection and monitoring (高可用防护的流量管理框架)

EventCleaner * C++ 0

A tool mainly to erase specified records from Windows event logs, with additional functionalities.

gost * Go 0

GO Simple Tunnel - a simple tunnel written in golang

VHostScan * Python 0

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

stux-DNN * Python 0

Run-time trojan attack on neural networks

Bug-Project-Framework * Python 0

漏洞利用框架模块分享仓库

dog-tunnel * Go 0

p2p tunnel,(udp mode work with kcp,https://github.com/skywind3000/kcp)

cli * Go 0

A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

TIDoS-Framework-1 * Python 0

The offensive web application penetration testing framework.

ffsend * Python 0

Python client for Firefox Send

sensitive_info_leakage_detect * Lua 0

BloodHound * PowerShell 0

Six Degrees of Domain Admin

pentestdb * Java 0

WEB渗透测试数据库

100-Days-Of-ML-Code * 0

100 Days of ML Coding

leviathan * Python 0

wide range mass audit toolkit

ndpi-netfilter * C 0

ndpi-netfilter

mimipy * Python 0

port of mimipenguin.sh in python with some additional protection features

Raccoon * Python 0

A high performance offensive security tool for reconnaissance and vulnerability scanning

UBoat * C++ 0

HTTP Botnet Project

swap_digger * Shell 0

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Camelishing * Python 0

Social Engineering Tool

cobra-1 * Go 0

A Commander for modern Go CLI interactions

rita * Go 0

Real Intelligence Threat Analytics

bruteforce-http-auth * Python 0

Bruteforce HTTP Authentication

awesome-devsecops * 0

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

xxeserv * Go 0

A mini webserver with FTP support for XXE payloads

MaiInt * Python 0

OSINT Organization Employee Profiling Tool for MaiMai

netgraph * Go 0

A cross platform http sniffer with a web UI

EvilOSX * Python 0

An evil RAT (Remote Administration Tool) for macOS / OS X.

ph0neutria * Python 0

ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability.

minions * Go 0

Distributed filesystem scanner

netstack-1 * Go 0

IPv4 and IPv6 userland network stack

gops * Go 0

A tool to list and diagnose Go processes currently running on your system

janusec * Go 0

Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing.

readhook * C 0

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

tcpscan * Go 0

A fast utility for scanning tcp ports on servers

zsocket * Go 0

Zero-copy sockets for Linux in Golang

go-sysinfo * Go 0

go-sysinfo is a library for collecting system information.

go-elasticsearch * Go 0

Official Go client library for Elasticsearch

go-libaudit * Go 0

go-libaudit is a library for communicating with the Linux Audit Framework.

go-windows * Go 0

go-windows provides Go wrappers for Windows APIs.

migfw * C++ 0

experimental support for firewall controls for MIG. unused & unsupported.

libiptc-sys * Rust 0

Rust bindings to libiptc

go-libiptc * Go 0

libiptc bindings for Go language. Object-oriented design, supports IPv6 and same wait locking mechanism as iptables/ip6tables.

go-iptables-1 * Go 0

Bindings for some functions of libiptc

onlinetools * Python 0

在线cms识别|旁站|c段|信息泄露|工控|系统|物联网安全|cms漏洞扫描|端口扫描|待续..

dirhunt * Python 0

Find web directories without bruteforce

esdp * Erlang 0

erlang software defined perimeter

libaco * C 0

A blazing fast and lightweight C asymmetric coroutine library 💎 ⛅🚀⛅🌞

linux-security-modules * C 0

A place to store my toy linux-security modules.

linux-rootkits-red-blue-teams * C 0

Linux Rootkits (4.x Kernel)

webkiller * Python 0

Tool Information Gathering Write By Python.

blackowl * Python 0

Blackowl is a simple tool to gather information, based on Operative-Framework

firecall * Python 0

Automate SSH communication with firewalls, switches, etc.

CommonServiceDefaultPort * 0

常用系统服务默认端口列表

CVE-2018-2894 * Python 0

CVE-2018-2894 WebLogic 未授权访问致任意文件上传/RCE漏洞检查脚本

synner * Rust 0

A TCP SYN flood client written in Rust, powered by libpnet

raw * Go 0

Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed.

alg * Go 0

Package alg provides access to Linux AF_ALG sockets for communication with the Linux kernel crypto API. MIT Licensed.

genetlink * Go 0

Package genetlink implements generic netlink interactions and data types. MIT Licensed.

vsock * Go 0

Package vsock provides access to Linux VM sockets (AF_VSOCK) for communication between a hypervisor and its virtual machines. MIT Licensed.

wxappUnpacker * JavaScript 0

Wechat App(微信小程序,.wxapkg)解包及相关文件(.wxss,.json,.wxs,.wxml)还原工具

CVE-2018-2628 * Python 0

CVE-2018-2628 & CVE-2018-2893

redis * Go 0

Type-safe Redis client for Golang

goim * Go 0

goim

merge-nmap-masscan * Go 0

Merge results from NMAP and Masscan into one CSV file

Invoke-PWAudit * PowerShell 0

A PowerShell tool which provides an easy way to check for shared passwords between Windows Active Directory accounts

Bluedroid * C 0

PoCs of Vulnerabilities on Bluedroid

Vub_ENV * PHP 0

跟踪真实漏洞相关靶场环境搭建

falcon-log-agent * Go 0

用于监控系统的日志采集agent,可无缝对接open-falcon

masc * Python 0

A Web Malware Scanner

ysoserial-cve-2018-2628 * Java 0

Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch

jsonp_info_leak * C# 0

jsonp隐私泄漏发现

DotNetToJScript * C# 0

A tool to create a JScript file which loads a .NET v2 assembly from memory.

CMSeeK * Python 0

CMS (Content Management Systems) Detection and Exploitation suite

thor-firewall-logger * 0

:incoming_envelope: sql based firewall event logging via nflog netlink and ulogd2 userspace daemon. improved sql scheme for space efficient storage. multi-host log aggregation using dedicated sql-users.

oyente * JavaScript 0

An Analysis Tool for Smart Contracts

aliyun-odps-python-sdk * Python 0

ODPS Python SDK and data analysis framework

router7 * Go 0

pure-Go small home internet router

dnslog-1 * Python 0

Minimalistic DNS logging tool

Audit-Go * Go 0

Linux Audit Plugin for heka written using netlink Protocol in golang and Lua

killerbee * C 0

IEEE 802.15.4/ZigBee Security Research Toolkit

pureblood * Python 0

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter

netlink-1 * Go 0

Package netlink provides low-level access to Linux netlink sockets. MIT Licensed.

CNN-SQL * Python 0

banruo * CSS 0

MalwLess * C# 0

Test Blue Team detections without running any attack.

chrome_headless_xss * Python 0

A plugin to check xss by useing chrome_headless

A_Scan_Framework * JavaScript 0

互联网漏洞管理、资产管理、任务扫描、todoLIST

qlbridge * Go 0

A golang SQL expression VM. Library to build query engine based functionality.

martini * Go 0

Classy web framework for Go

sqlmate * Python 0

A friend of SQLmap which will do what you always expected from SQLmap.

mod0BurpUploadScanner * Perl 0

HTTP file upload scanner for Burp Proxy

lasercrack * Ruby 0

Lasercrack-可扩展的Ruby暴力破解框架

Taipan * F# 0

Web application security scanner

HORSEPILL * C 0

HORSEPILL rootkit PoC

otto * Go 0

A JavaScript interpreter in Go (golang)

gosecco * Go 0

Go seccomp parser and compiler

rogue * Python 0

The Rogue Toolkit: An extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy Access Points for the purpose of conducting penetration testing and red team engagements.

gosu * Go 0

Simple Go-based setuid+setgid+setgroups+exec

EXIF * Python 0

EXIF information viewer(读取照片中隐藏的各类信息)

build-web-application-with-golang * Go 0

A golang ebook intro how to build a web with golang

cadvisor * Go 0

Analyzes resource usage and performance characteristics of running containers.

netlink_inet_diag * C 0

netlink with inet_diag

h1-search * Go 0

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

go-libvirt * Go 0

Package libvirt provides a pure Go interface for interacting with Libvirt. Apache 2.0 Licensed.

Pcap-Analyzer * JavaScript 0

Python编写的可视化的离线数据包分析器

Magic-Unicorn-Tool * Python 0

amazon-ecs-agent * Go 0

Amazon Elastic Container Service Agent

go-nfnetlink * Go 0

A library for communicating with Linux netfilter subsystems over netlink sockets.

smart-contract-honeypots * 0

This repo contains a collection of smart contract honeypots.

mass3 * Go 0

kcptun * Go 0

A Fast & Secure Tunnel Based On KCP with N:M Multiplexing

osquery-go * Go 0

Go bindings for osquery

netlink * Go 0

Simple netlink library for go.

pspy * Go 0

Monitor linux processes without root permissions

dref * JavaScript 0

DNS Rebinding Exploitation Framework

Knowledge-Base * 0

Knowledge Base

netbox * C 0

asp 应用服务器,十年前的项目,一直有用户希望开源

Red-Teaming-Toolkit * 0

A collection of open source and commercial tools that aid in red team operations.

cuckoomon * C 0

DEPRECATED - replaced with "monitor"

MBA * C 0

Malware Behavior Analyzer

x86emu * Rust 0

The beginning of a x86_64 emulator written in Rust

gomhotep * Go 0

Antivirus on-access scanning for Linux using ClamAV and Fanotify

linuxkit * Go 0

A toolkit for building secure, portable and lean operating systems for containers

scannerl * Erlang 0

The modular distributed fingerprinting engine

goproxy-1 * Go 0

An HTTP proxy library for Go

Diamorphine * C 0

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)

subfinder * Go 0

SubFinder is a subdomain discovery tool that can discover massive amounts of valid subdomains for any target. It has a simple modular architecture and has been aimed as a successor to sublist3r project.

unix-privesc-check * Shell 0

Automatically exported from code.google.com/p/unix-privesc-check

rootkit_checker * C 0

--= Xt9 - Anti - Rootkit =-- beta v0.11 by xti9er

Hash-Buster * Python 0

Hash Buster is a program which uses several APIs to perform hash lookups.

go-win64api * Go 0

GoLang Windows API wrappers for System Info / User Management

pyppeteer * Python 0

Headless chrome/chromium automation library (unofficial port of puppeteer)

yapool * Go 0

一个多功能心跳发送包,可以实现服务发现、健康监测、集群数据采集等功能

redis_lua_exploit * Python 0

dockerfile * Go 0

Parse a dockerfile into a high-level representation using the official go parser

maltrail * Python 0

Malicious traffic detection system

APT_CyberCriminal_Campagin_Collections * JavaScript 0

APT & CyberCriminal Campaign Collection

incubator-spot * Python 0

Mirror of Apache Spot

RAT-NjRat-0.7d-modded-source-code * Visual Basic 0

A very simple modify for RAT Njrat 0.7D

nikto * Perl 0

Nikto web server scanner

theftfuzzer * Python 0

ann-visualizer * Python 0

A python library for visualizing Artificial Neural Networks (ANN)

Sutekh * C 0

An example rootkit that gives a root shell

dependency-track * JavaScript 0

Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

DELTA * Java 0

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

BadMod * PHP 0

BadMod detect websites cms & auto exploit :D

ldapdomaindump * Python 0

Active Directory information dumper via LDAP

DocHub * Go 0

参考百度文库,使用Beego(Golang)开发的开源文库系统

VulApps * Shell 0

快速搭建各种漏洞环境(Various vulnerability environment)

VtopBetaCaptchaParser * Python 0

Parses the captcha in vtop beta

xxer * Python 0

A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.

Github-Hunter * Python 0

This tool is for sensitive information searching on Github.

linux-exploit-suggester * Shell 0

Linux privilege escalation auditing tool

drupwn * Python 0

Drupal enumeration & exploitation tool

PowerSploit * PowerShell 0

PowerSploit - A PowerShell Post-Exploitation Framework

libfuzzer-gv * C++ 0

enhanced fork of libFuzzer

art-of-hacking * Python 0

This repository includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

ngx-libinjection * C 0

Simple module integrating libinjection as a request filter

prowler * Python 0

Distributed Network Vulnerability Scanner

bash4-syslog-patch * 0

go-nats * Go 0

Golang client for NATS, the cloud native messaging system.

sigma * Python 0

Generic Signature Format for SIEM Systems

hacking-material-books * Ruby 0

collection of articles/books about programing

DNS-Analysis * Vue 0

非法域名挖掘与画像系统。

Tunna * Python 0

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

PwnAuth * Python 0

mandibule * C 0

linux elf injector for x86 x86_64 arm arm64

PublicMonitors * Python 0

对公网IP列表进行端口服务扫描,发现周期内的端口服务变化情况和弱口令安全风险

salt-scanner * Python 0

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

HTTPoxyScan * Python 0

HTTPoxy Exploit Scanner by 1N3 @CrowdShield

can-i-take-over-xyz * 0

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

python_data_analysis_and_mining_action * Python 0

《python数据分析与挖掘实战》的代码笔记

Bad-Pdf * Python 0

Steal Net-NTLM Hashes using Bad-PDF

Markdown-XSS-Payloads * 0

XSS payloads for exploiting Markdown syntax

tips-note * Python 0

做过的实验,踩过的坑

tail * Go 0

Go package for reading from continously updated files (tail -f)

pypykatz * Python 0

Mimikatz implementation in pure Python

upload-labs * PHP 0

一个帮你总结所有类型的上传漏洞的靶场

wildpwn * Python 0

unix wildcard attacks

Eternalblue-Doublepulsar-Metasploit * Ruby 0

dumpzilla * Python 0

Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers

Galileo * Python 0

Galileo - Web Application Audit Framework

How-to-Make-a-Computer-Operating-System * C 0

How to Make a Computer Operating System in C++

bountyplz * Shell 0

Automated security reporting from markdown templates (HackerOne is currently the platform supported)

burp_wp * Python 0

Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.

patchman * Python 0

Patchman is a Linux Patch Status Monitoring System

LogonTracer * JavaScript 0

Investigate malicious Windows logon by visualizing and analyzing Windows event log

dnsbotnet * Go 0

DNS Botnet Server and Client

GAE-RCE * Java 0

Google App Engine - Remote Code Execution bug ($36k bug bounty)

Windows-RCE-exploits * 0

The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue teams.

w8fuckcdn * Python 0

Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址

clair * Go 0

Vulnerability Static Analysis for Containers

hdiv * Java 0

Hdiv CE | Application Self-Protection

weirdAAL * Python 0

WeirdAAL (AWS Attack Library)

OWASP-Web-Checklist * 0

OWASP Web Application Security Testing Checklist

windows_sshagent_extract * Python 0

PoC code to extract private keys from Windows 10's built in ssh-agent service

Detect-It-Easy * JavaScript 0

Detect it Easy

GitPageHijack * Shell 0

OK now. Let's hijack github user's custom domain.

BinExp * C 0

Linux Binary Exploitation

watchdog * Python 0

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

phonedata * Go 0

手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新:2018年4月

PortScan * Go 0

端口扫描器

trpl-zh-cn * HTML 0

Rust 程序设计语言(第二版)

rsg * Python 0

ReverShellGenerator - A tool to generate various ways to do a reverse shell

websocket-fuzzer * Python 0

Simple HTML5 WebSocket fuzzer

spaces-finder * Python 0

A tool to hunt for publicly accessible DigitalOcean Spaces

heap-viewer * Python 0

An IDA Pro plugin to examine the glibc heap, focused on exploit development

trust-dns * Rust 0

A Rust based DNS client, server, and resolver

scirius * Python 0

Scirius is a web application for Suricata ruleset management.

opencensus-go * Go 0

A stats collection and distributed tracing framework

GoKu-API-Gateway * Go 0

GoKu API Gateway CE,悟空API网关(开源版),是国内首个开源go语言API网关,帮助企业进行API服务治理与API性能安全维护,为企业数字化赋能。

fi6s * C 0

IPv6 network scanner designed to be fast

monkey * Python 0

Infection Monkey - An automated pentest tool

rkhunter * Shell 0

the world famous rkhunter

PHP_Source_Audit_Tools * Python 0

PHP 白盒分析工具,结合AST 和数据流跟踪分析代码,达到自动化白盒审计功能

CVE-2018-8897 * C++ 0

Arbitrary code execution with kernel privileges using CVE-2018-8897.

build-your-own-x * 0

🤓 Build your own (insert technology here)

hackersh * Python 0

A free and open source command-line shell and scripting language designed especially for security testing

CPT * Python 0

This is the native Python implementation of CPT(compact Prediction Tree)

aws_public_ips * Ruby 0

Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services

winc * Go 0

CLI tool for spawning and running containers on Windows according to the OCI specification

reverse-shell * JavaScript 0

Reverse Shell as a Service

sensitivefilescan * Python 0

adminset * Python 0

自动化运维平台:CMDB、CD、DevOps、资产管理、任务编排、持续交付、系统监控、运维管理、配置管理

lineargo * Go 0

LinearGo (Go wrapper for LIBLINEAR): A Library for Large Linear Classification

Yearning * Vue 0

基于Inception的可视化web端sql审核平台

external_c2_framework * Python 0

Python api for usage with cobalt strike's External C2 specification

codetainer * Go 0

A Docker container in your browser.

cloudfrunt * Python 0

A tool for identifying misconfigured CloudFront domains

AssassinGo * Go 0

An extenisble and concurrency pentest framework in Go

whonow * JavaScript 0

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

CVE-2018-9995_dvr_credentials * Python 0

(CVE-2018-9995) Get DVR Credentials

gvisor * Go 0

Container Runtime Sandbox

libemu * C 0

KatanaFramework * Python 0

The New Hacking Framework

TITAN * Java 0

云集分布式全链路压测军演系统

architect-awesome * 0

后端架构师技术图谱

InsectsAwake * JavaScript 0

Network Vulnerability Scanner

DomLink * Python 0

A tool to link a domain with registered organisation names and emails, to other domains.

routersploit * Python 0

路由器漏洞利用框架

infer * OCaml 0

A static analyzer for Java, C, C++, and Objective-C

go-astilectron * Go 0

Build cross platform GUI apps with GO and HTML/JS/CSS (powered by Electron)

cheetah-gui * Python 0

Cheetah GUI

jvmgo-book * Go 0

《自己动手写Java虚拟机》源代码

pcap * Rust 0

Rust language pcap library

ndpi-go * Go 0

Simple nDPI wrapper in GO

java-stack-trace * Java 0

CyberThreatHunting * Python 0

A collection of resources for Threat Hunters

freshonions-torscraper * Python 0

Fresh Onions is an open source TOR spider / hidden service onion crawler hosted at zlal32teyptf4tvi.onion

linux_information * 0

自动化收集linux信息

sysmonitor * Go 0

a monitor for getting machine system info alarming

WindowsSpyBlocker * Go 0

🛡 Block spying and tracking on Windows

tianchi-aliyun-security-competition * Java 0

第二届阿里云安全算法挑战赛 MJ_3DSUN 队解题方法

Jira-Scan * Python 0

CVE-2017-9506 - SSRF

tsh * C 0

Tiny SHell is an open-source UNIX backdoor.

Invoke-Adversary * PowerShell 0

Simulating Adversary Operations

Dayu-1 * Java 0

一款开源指纹识别工具。

casbin * Go 0

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

BugBountyTemplates * 0

A collection of templates for bug bounty reporting

IoT-Firstep * Java 0

一个物联网(IoT)开发的入门教程。涉及单片机、上位机、移动应用、服务器后台开发的知识。以及蓝牙4.0、以太网模块的使用实例。

AttackDetection * 0

Attack Detection

securedns * C# 0

Brute forcing DNS Subdomains -- a demo for DNS over HTTPS

Drupalgeddon2 * Ruby 0

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

PenTest-Tools * 0

PenTest Tools

xdump * Python 0

一句话脱裤

go-logging * Go 0

Golang logging library

GyoiThon * HTML 0

GyoiThon is a growing penetration test tool using Machine Learning.

bug-monitor * Python 0

Seebug、structs、cve漏洞实时监控推送系统

shield * 0

基于Strom的日志实时流量分析主动防御(CCFirewall)系统

trireme-lib * Go 0

Simple, scalable and secure application segmentation

netlink-go * Go 0

Netlink APIs in Go

goddi * Go 0

goddi (go dump domain info) dumps Active Directory domain information

threatseer * Go 0

efficient linux endpoint telemetry solution

php_keeper * C 0

php扩展,监视PHP服务器的运行状况,并提供后台修改,实时防护

javaweb-expression * Java 0

Java SpEL、Ognl、MVEL2表达式Hook并记录小项目

quickjack * HTML 0

Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.

ssh-auditor * Go 0

The best way to scan for weak ssh passwords on your network

yara-parser * Go 0

Tools for parsing rulesets using the exact grammar as YARA. Written in Go.

race-the-web * Go 0

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

gas * Go 0

Go AST Scanner

syzkaller * Go 0

syzkaller is an unsupervised, coverage-guided kernel fuzzer

Find-PHP-Vulnerabilities * Python 0

A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

Hacking-with-Go * Go 0

Golang for Security Professionals

jxwaf * C 0

JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙

poodle-PoC * Python 0

Poodle (Padding Oracle On Downgraded Legacy Encryption) attack

winapi-kmd-rs * Rust 0

使用rust开发windows驱动

redox * Shell 0

Redox: A Rust Operating System

flying-sandbox-monster * Rust 0

Sandboxed, Rust-based, Windows Defender Client

AppContainerSandbox * C++ 0

An example sandbox using AppContainer (Windows 8+)

sandboxfs * Go 0

A virtual file system for sandboxing

oz * Go 0

OZ: a sandboxing system targeting everyday workstation applications

Deserialize * Java 0

CVE-2018-7600 * Python 0

Exploit for CVE-2018-7600 Drupal SA-CORE-2018-002. PoC (Proof-of-Concept).

dnsrecon * Python 0

DNS Enumeration Script

shelldaddy * 0

跨平台 webshell 静态扫描器

ahocorasick * Go 0

A Golang implementation of the Aho-Corasick string matching algorithm

windows-container * C++ 0

A lightweight sandbox for Windows application

pnscan * C 0

Peter's Network Scanner

Remote_Malware_Analyzer * C 0

Sandbox d'analyse de malware pour Windows 7 avec un client TCP en mode noyau

golang-open-source-projects * 0

为互联网IT人打造的中文版awesome-go

ActiveScanPlusPlus * Python 0

ActiveScan++ Burp Suite Plugin

Decodify * Python 0

It can detect and decode encoded strings, recursively.

rfd-checker * Go 0

RFD Checker - security CLI tool to test Reflected File Download issues

ids_bypass * C 0

CVE-2018-6794 IDS Bypass PoC server

security-onion * 0

Linux distro for IDS, NSM, and Log Management

IIS_shortname_Scanner * Python 0

an IIS shortname Scanner

vuln * 0

Record some Vulnerabilities

CHAOS * Go 0

:fire: CHAOS allow generate payloads and control remote Windows systems.

colly * Go 0

Elegant Scraper and Crawler Framework for Golang

ExploitDev * Python 0

tinn * C 0

The tiny neural network library

CloudHostSecurity * Go 0

vbg * Python 0

Visual Basic GUI: A Tool to Inject Keystrokes on a SSH Client via an X11 Forwarded Session

SMBRat * Python 0

A Windows Remote Administration Tool in Visual Basic

dotnet-deserialization-scanner * Java 0

.NET Deserialization Passive Scanner

php-fpm-code-analysis * 0

php-fpm源码分析

paskto * JavaScript 0

Paskto - Passive Web Scanner

govendor * Go 0

Go vendor tool that works with the standard vendor file.

maltegogo * Go 0

Maltego library in Go

QuasarRAT * C# 0

Remote Administration Tool for Windows

klara * PHP 0

Kaspersky's GReAT KLara

shocker * C 0

Shocker / Docker Breakout PoC

mackerel-agent * Go 0

mackerel-agent is an agent program to post your hosts' metrics to mackerel.io.

bosun * Go 0

Time Series Alerting Framework

virtsock * Go 0

Go bindings for virtio and Hyper-V sockets

sshproxy * Go 0

Golang library to proxy ssh connections

netstack * Go 0

Custom network stack in Go

anam * Go 0

Mass scanning the internet (http and https) using a raw tcpstack.

Sniffer * Python 0

A Sniffer for Open-WLAN

judas * Go 0

opensnitch * Python 0

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.

FakeDns * Python 0

A regular-expression based python MITM DNS server with support for DNS Rebinding attacks

SourceCodeSniffer * Python 0

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

PowerShell-Suite * PowerShell 0

My musings with PowerShell

PyRat * Python 0

PyRat,a rat by python xmlrpc

openrasp * JavaScript 0

Open source RASP solution

S3Scanner * Python 0

Scan for open S3 buckets and dump

PyWeakPwdAudit * Python 0

Droid-Application-Fuzz-Framework * HTML 0

Android application fuzzing framework with fuzzers and crash monitor.

getaltname * Python 0

Get Subject Alt Name from SSL Certificates

go-ps * Go 0

Find, list, and inspect processes from Go (golang).

sift * Go 0

A fast and powerful alternative to grep

f5_cookieLeaks * Python 0

Decode the cookies set by balancer F5, and disclousure all pool ip

Powershell-RAT * Python 0

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

theHarvester * Python 0

E-mails, subdomains and names Harvester - OSINT

FastPhotoStyle * Python 0

Style transfer, deep learning, feature transform

Chimay-Red * Python 0

Working POC of Mikrotik exploit from Vault 7 CIA Leaks

ezXSS * HTML 0

ezXSS is an easy way to test (blind) XSS

ds_storescanner * Go 0

A tool to scan for .DS_Store files on webservers

PyMLProjects * Python 0

Random repo of machine learning ideas orchestrated in python

webshell-3 * Java 0

乙方安全,入侵分析时发现的backdoor

uxss-db * HTML 0

🔪 Universal Cross-site Scripting DB [+ other browser vulnerabilities]

merlin * Go 0

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

DockerAttack * Shell 0

Various Tools and Docker Images

Python-dsstore * 0

A library for parsing .DS_Store files and extracting file names

rop-tool * C 0

A tool to help you write binary exploits

Python-Rootkit * Python 0

Python Remote Administration Tool (RAT) to gain meterpreter session

minhook * C 0

The Minimalistic x86/x64 API Hooking Library for Windows

gitsearch * Python 0

pychrome * Python 0

A Python Package for the Google Chrome Dev Protocol [threading base]

amass * Go 0

Subdomain Enumeration in Go

Memcrashed-DDoS-Exploit * Python 0

DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API

HELK * Shell 0

The Hunting ELK

goloader * Go 0

a golang dynamic loader

t3sec-network-flow-analysis * 0

linkedin2username * Python 0

OSINT Tool: Generate username lists for companies on LinkedIn

Arjun * Python 0

Arjun is a python script for finding hidden GET & POST parameters.

ctfr * Python 0

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

DNS-Monitor * Python 0

XSS-hunter * PHP 0

XSS hunter 收集Webview 页面上存在的反射,储存型XSS ,方便应急APP 和前端页面在发布时遇到XSS 安全问题..

pyroute2 * Python 0

Python netlink library — Linux network setup and monitoring

powercat * PowerShell 0

netshell features all in version 2 powershell

btc-eclipse-sim * C 0

C language Bitcoin Network Eclipse Attack Simulator

Winpayloads * Python 0

Undetectable Windows Payload Generation

DroidSSLUnpinning * Java 0

Android certificate pinning disable tools

flare-fakenet-ng * Python 0

FakeNet-NG - Next Generation Dynamic Network Analysis Tool

nextnet * Go 0

nextnet is a pivot point discovery tool written in Go.

Network-Security-Situation-Awareness-System * Java 0

综合了资产检测,主机扫描,流量分析等技术,通过这些技术取得网络资产,脆弱性,威胁等指标,从而根据这些指标计算出当前网络的网络安全态势。

Fireaway * Python 0

Next Generation Firewall Audit and Bypass Tool

ngfw_src * Java 0

NGFW src

injectify * TypeScript 0

Perform advanced MiTM attacks on websites with ease. https://injectify.js.org

cloudmapper * JavaScript 0

CloudMapper creates network diagrams of AWS environments

Awesome-Fuzzing * 0

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

MemcacheDos * TypeScript 0

Memcache 反射攻击 nodejs ddos

Passhunt * Python 0

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

awesome-blockchain * JavaScript 0

收集所有区块链(BlockChain)技术开发相关资料,包括Fabric和Ethereum开发资料

Java-Web-Security * Java 0

Java-Web-Security - Sichere Webanwendungen mit Java entwickeln

fuzzdb * PHP 0

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

virtual-host-discovery * Ruby 0

A script to enumerate virtual hosts on a server.

mydocker * Go 0

<<自己动手写docker>> 源码

VwFirewall * C 0

微盾®VirtualWall®防火墙整套源代码

Pymap-Scanner * Python 0

SRCHunter * Python 0

SRCHunter一款基于python的开源扫描器

Toposcan * C 0

Network topology discovery uses C language by SNMP protocol and nmap(7.12) to realize network assets topology discovery!

PoT * Python 0

Phishing on Twitter

goMS17-010 * Python 0

Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)

headless-chrome-crawler * JavaScript 0

Distributed crawler powered by Headless Chrome

gitleaks * Go 0

Searches full repo history for secrets and keys 🔑

altdns * Python 0

Generates permutations, alterations and mutations of subdomains and then resolves them

gmsm * Go 0

GM SM2/3/4 library based on Golang (基于Go语言的国密SM2/SM3/SM4算法库)

ReelPhish * Python 0

双因素钓鱼

gifoeb * Python 0

exploit for ImageMagick's uninitialized memory disclosure in gif coder

vuls * Go 0

漏洞检测Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

rawhttp * Go 0

A Go library for making HTTP requests with complete control

safing-core * Go 0

The Safing Core https://safing.me 基于golang的防火墙

joomscan * Perl 0

OWASP Joomla Vulnerability Scanner Project

MLCheckWebshell * Python 0

suterusu * C 0

An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM

Wiki * 0

FISCO BCOS 知识库 区块链

web-traffic-forecasting * Python 0

Kaggle | Web Traffic Forecasting 📈

vulnerability-rating-taxonomy * Python 0

Bugcrowd’s baseline priority ratings for common security vulnerabilities

Oracle-WebLogic-CVE-2017-10271 * Java 0

WebLogic wls-wsat RCE CVE-2017-10271

awesome-nginx-security * 0

🔥 A curated list of awesome links related to application/API security in NGINX environment.

researches * PHP 0

Lengyue-Vcode * Python 0

各种滑动验证码识别 [腾讯云] [阿里云]

nginx_auth_accessfabric * C 0

Nginx module for authenticating requests from the ScaleFT Access Fabric

federated_access_proxy * CSS 0

BeyondCorp-style federated access proxy

transcend * Go 0

BeyondCorp-inspired Access Proxy in Go. Secure internal services outside your VPN/perimeter network during a zero-trust transition.

goWAPT * Go 0

Go Web Application Penetration Test

kDriver-Fuzzer * C 0

nfr * Go 0

A utility to score network traffic and identify security threats

mod_rootme * C 0

mod_rootme patched for apache 2.2

Panoptic * Python 0

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.

GoAT * Go 0

基于golang的远程控制

explo * Python 0

漏洞测试工具

Machine-Learning-Note * Python 0

机器学习笔记

nux * Go 0

*nux metric collector

medfusion-4000-research * Python 0

Medfusion 4000 Security Research

xssmap * Go 0

(DOM-)XSS fuzzer based on phantomjs and go.

EquationGroupLeak * Python 0

Archive of leaked Equation Group materials

xsec-dns-proxy * Go 0

DNS代理服务器,可以记录log到数据库中

GSIL * Python 0

Github Sensitive Information Leakage(Github敏感信息泄露)

njRAT * Visual Basic 0

njRAT SRC Extract

ssi-server * Python 0

Server Side Includes in Python's SimpleHTTPServer

NFS-scan * Python 0

NFS遍历目录探测

medusa * C 0

Medusa is a speedy, parallel, and modular, login brute-forcer.

webdirdig * Python 0

web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。

mod_uuid * C 0

Apache module which provides a random-based UUID environment variable for each request

Zeus-Scanner * Python 0

Advanced reconnaissance utility

w9scan * Python 0

一款兼容bugscan插件的扫描器

Striker * Python 0

Striker is an offensive information and vulnerability scanner.

cvssv3 * PHP 0

PHP class for the CVSS v3 (Common Vulnerability Scoring System)

go-python * Go 0

naive go bindings to the CPython C-API

Open-Redirect-Payloads * 0

Open Redirect Payloads

fastnetmon * C++ 0

FastNetMon community - very fast DDoS analyzer with sflow/netflow/mirror support

machinery * Go 0

Machinery is an asynchronous task queue/job queue based on distributed message passing.

FoolNLTK * Python 0

A Chinese Nature Language Toolkit

AuditdPy * Python 0

Linux服务器命令监控辅助脚本,ElasticSearch + Logstash + Kibana + Redis + Auditd

slurp * Go 0

S3 bucket enumerator

Exploit-Writeups * 0

A collection where my current and future writeups for exploits/CTF will go

yanff * Go 0

YANFF - Yet Another Network Function Framework

PS4-4.05-Kernel-Exploit * JavaScript 0

A fully implemented kernel exploit for the PS4 on 4.05FW

casb_tiny * Perl 0

cloud access security broker for uploads (e.g. FTP) to basic web hosting

Blackbone * C++ 0

Windows memory hacking library

cupp * Python 0

Common User Passwords Profiler (CUPP)

re2dfa * Go 0

Transform regular expressions into finite state machines and output Go source code

luna * Python 0

luna webscanner

DetectionLab * HTML 0

Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

dockerscan * Python 0

Docker security analysis & hacking tools

linux-kernel-exploitation * 0

A bunch of links related to Linux kernel fuzzing and exploitation

Network-vulnerability-scan-frame * C++ 0

whichCDN * Python 0

WhichCDN allows to detect if a given website is protected by a Content Delivery Network

ChromeFuzzer * JavaScript 0

fuzz

grinder * Ruby 0

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.

morph * Python 0

an open source browser fuzzing framework for fun.

LinEnum * Shell 0

Scripted Local Linux Enumeration & Privilege Escalation Checks

Mirai-Source-Code-1 * C 0

ssrf-ntlm * Python 0

Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.

tensorflow-1.4-billion-password-analysis * Python 0

Deep Learning model to analyze a large corpus of clear text passwords.

APacheSynapseSimplePOC * Java 0

go-yara * Go 0

Go bindings for YARA

php-malware-finder * PHP 0

Detect potentially malicious PHP files

MachineLearning-1 * HTML 0

Machine Learning in Action(机器学习实战)

gohs * Go 0

GoLang Binding of HyperScan https://01.org/hyperscan

TeamViewer_Permissions_Hook_V1 * C++ 0

A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.

Exploit-Framework * Python 0

CT_subdomains * 0

An hourly updated list of subdomains gathered from certificate transparency logs

lkm_parse_dns_packet * C 0

linux 核心模組, 使用 netfilter IPv4 hook 監聽和分析 DNS 請求和回應封包.

poc-exp * C 0

poc or exp of android vulnerability

XssPy * Python 0

XssPy - Web Application XSS Scanner

xsec-proxy-scanner * Go 0

xsec-proxy-scanner是一款速度超快、小巧的代理扫描器

TheHive * HTML 0

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

rootkit-3 * TeX 0

Sample Rootkit for Linux

JS-SCP * 0

JavaScript Secure Coding Practices guide

Apache_HTTP_Server_Module_Backdoor * C 0

Android-Reports-and-Resources * 0

A big list of Android Hackerone disclosed reports and other resources.

build-your-own-docker * Go 0

自己动手写Docker

pouch * Go 0

Pouch is an open-source project created to promote the container technology movement.

Android-SSL-TrustKiller * Java 0

Bypass SSL certificate pinning for most applications

opsweb * Python 0

百合网运维综合管理平台(python+flask框架+cmdb+scheduler+salt),已经成功运行2年有余,基本能够实现日常运维80%以上的重复工作。因本系统依赖底层数据和众多第三方模块,部署运行难度比较大,建议仅用于研究代码!

dnstwist * Python 0

Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

rootkit-2 * C 0

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

fame * Python 0

FAME Automates Malware Evaluation

Icewater * 0

About 3,000 Free Yara rules created by

kernelpop * C 0

kernel privilege escalation enumeration and exploitation framework

dnstricker * JavaScript 0

A simple dns resolver of dns-record and web-record log server for pentesting

Ti_Collector * Python 0

本项目致力于收集网上公开来源的威胁情报,主要关注信誉类威胁情报(如IP/域名等),以及事件类威胁情报。

gocrack * Go 0

Office-DDE-Payloads * Python 0

Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.

CVE-2017-8759 * 0

CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.

findmalware * C 0

FindMalware

RansomDetection * C++ 0

基于行为的Ransomware检测原型

Cobra-W * Python 0

白盒源代码审计工具-白帽子版

open-redirect-scanner * Python 0

open redirect subdomains scanner

deception-as-detection * 0

:honeybee: Deception based detection techniques mapped to the MITRE’s ATT&CK framework

Webshell-Sniper * Python 0

Manage your website via terminal

VulHint * Python 0

VulHint是辅助代码审计的 sublime text 3 插件

WebShell-Detect-By-Machine-Learning * Python 0

使用机器学习识别WebShell

webshell-sample * PHP 0

webshell sample

LSTM_learn * Python 0

a implement of LSTM using Keras for time series prediction regression problem

WebMalwareScanner * Python 0

WebMalwareScanner - A simple malware scanner

awesome-yara * 0

A curated list of awesome YARA rules, tools, and people.

riot * Go 0

Go Open Source, Distributed, Simple and efficient Search Engine

network_backdoor_scanner * C++ 0

This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..

securitai-lstm-model * Python 0

wangfeng-rnn * Shell 0

Multi-layer RNN building Wang Feng style lyric

aktaion * Python 0

Aktaion: Open Source ML tool and data samples for Exploit and Phishing Research

OSINTforPenTests * 0

Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.

libvmi-volatility-master * C 0

虚拟机带外内存监控

libvmi * C 0

The official home of the LibVMI project is at https://github.com/libvmi/libvmi.

CyberScan * Python 0

CyberScan

awesome-malware-analysis * 0

A curated list of awesome malware analysis tools and resources

Phishing_detection_based_on_heuristic_features * Python 0

基于启发式特征的钓鱼网站检测系统

malicious_web_page_detection_based_on_url * Python 0

基于url特征的轻量级的恶意页面检测

sec-reseach * Python 0

ApkProtect * Java 0

通付盾第一代安全加固方案

nvt * 0

citypw-SCFE * C 0

sample code for educate myself-_-

rhapis * Lua 0

:globe_with_meridians: Network intrusion detection systems simulator. RHAPIS provides a simulation environment through which user is able to execute any IDS operation.

connect-hook * C 0

a hook for the sys_connect using kprobes

Autorize * Python 0

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

hook * C 0

hook: linux kernel syscall hijack

rootkit-sample-code * C 0

rootkit sample code of my tutorials on Freebuf.com

LinuxAntivirus * C 0

ping-back * C 0

Linux backdoor using ICMP payload for activation

struts-scan * Python 0

struts2漏洞全版本检测和利用工具

Unix-Privilege-Escalation-Exploits-Pack * C 0

Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.

machinista * Go 0

Simple rootkit hunter

beurk * C 0

BEURK Experimental Unix RootKit

enyelkm * C 0

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.

prism * C 0

PRISM is an user space stealth reverse shell backdoor, written in pure C.

research-rootkit * C 0

LibZeroEvil & the Research Rootkit project.

rootkit * C 0

A rootkit for linux kernel >= 3.0

basic-rootkit * C 0

just a basic rootkit for learning how to playing sys_call_table

AFkit * C 0

Anti live forensic linux LKM rootkit

GithubCloner * Python 0

A script that clones Github repositories of users and organizations.

github-dorks * Python 0

Collection of github dorks and helper tool to automate the process of checking dorks

git-all-secrets * Go 0

A tool to capture all the git secrets by leveraging multiple open source git searching tools

sqliv * Python 0

(SQLiv) massive SQL injection vulnerability scanner

linux-antivirus * C 0

Antivirus for Linux operating system

1book * PHP 0

《Web安全之机器学习入门》

AI-Programmer * C# 0

Using artificial intelligence and genetic algorithms to automatically write programs. Tutorial: http://www.primaryobjects.com/cms/article149

rtcp * Python 0

利用 Python 的 Socket 端口转发,用于远程维护

isf-1 * Python 0

ISF(Industrial Security Framework),基于Python的工控漏洞利用框架

iniscan * PHP 0

A php.ini scanner for best security practices

HandyCollaborator * Java 0

Burp Suite plugin created for using Collaborator tool during manual testing

sec-ml * 0

security machine learning

pywintrace * Python 0

ETW Python Library

JavaUnserializeExploits * Python 0

awesome-cve-poc * 0

✍️ A curated list of CVE PoCs.

europilot * Jupyter Notebook 0

A toolkit for controlling Euro Truck Simulator 2 with python to develop self-driving algorithms.

githubscan * Python 0

githubscan

fval * C 0

PHP Fval(say F-word to eval) extension used to disable unsafe functions/eval with E_FATAL.

XSS-Filter-Evasion-Cheat-Sheet-CN * 0

XSS_Filter_Evasion_Cheat_Sheet 中文版

CVE-2017-8759-Exploit-sample * 0

Running CVE-2017-8759 exploit sample.

Code-Audit-Challenges * PHP 0

Code-Audit-Challenges

lua-resty-waf * Perl 0

High-performance WAF built on the OpenResty stack

Security-in-Software-Defined-Networks-using-Firewall * Python 0

Improving security in software defined networks using firewall security mechanism and mitigation of attacks

ogo * Go 0

An OpenFlow Network Controller in Go

ryu * Python 0

Ryu component-based software defined networking framework

openflowddos * Python 0

OpenFlow DDoS mitigation Ryu controller

cobra * Python 0

Source Code Security Audit (源代码安全审计)

Pansidong * Python 0

盘丝洞 - 自动化WEB漏洞扫描器

TensorFlowOnSpark * Python 0

TensorFlowOnSpark brings TensorFlow programs onto Apache Spark clusters

PHP-Parser-1 * PHP 0

A PHP parser written in PHP

pyt * Python 0

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

waidps * Python 0

Wireless Auditing, Intrusion Detection & Prevention System

gopacket * Go 0

Provides packet processing capabilities for Go

go-iptables * Go 0

Go wrapper around iptables utility

isf * Python 0

ISF(Industrial Exploitation Framework),基于Python的工控漏洞利用框架

HTTPLeaks * HTML 0

HTTPLeaks - All possible ways, a website can leak HTTP requests

gosimhash * Go 0

中文文档simhash值计算

DropboxC2C * Python 0

DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.

Host-Based-Intrusion-Detection-System-Using-Genetic-Algorithm * Java 0

The GA-IDS is a full-fledged host based intrusion detection system developed using the Java programming language to help detect packets having spoofed IP addresses. It first and foremost sniffs the incoming packets on the host system and there after analyzes them in order to detect an intrusion. Considering the fact that this sniffing process is a low level operation, the java application makes use of the Java Packet Capturing Library (JpCap) which works in conjunction with the Windows Packet Capturing Library (WinpCap).

Wordpresscan * Python 0

WPScan rewritten in Python + some WPSeku ideas

LinuxShellScript * Shell 0

LinuxShell编程笔记

wetland * Python 0

A high interaction SSH honeypot

py * Go 0

Golang bindings to the CPython C-API

mimikatz * C 0

A little tool to play with Windows security

Threat-Intelligence-Hunter * Python 0

TIH is an intelligence tool that helps you in searching for IOCs across multiple openly available security feeds and some well known APIs. The idea behind the tool is to facilitate searching and storing of frequently added IOCs for creating your own local database of indicators.

RocAlphaGo * Python 0

An independent, student-led replication of DeepMind's 2016 Nature publication, "Mastering the game of Go with deep neural networks and tree search" (Nature 529, 484-489, 28 Jan 2016), details of which can be found on their website https://deepmind.com/publications.html.

honeybits * Go 0

A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots

packet_analysis * Python 0

IP/TCP/UDP数据包分析及解析

BoopSuite * Python 0

A Suite of Tools written in Python for wireless auditing and security testing.

bocker * Shell 0

Docker implemented in around 100 lines of bash

apparatus * JavaScript 0

A graphical security analysis tool for IoT networks

WAF_Bypass_Helper * Python 0

Python script for generating bypass of your attack

PassiveScanner * Python 0

a passive scanner based on Mitmproxy and Arachni

mysql-audit * C 0

AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.

mysql-sniffer * C 0

mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team

tools * Assembly 0

security and hacking tools, exploits, proof of concepts, shellcodes, scripts

scripts * Shell 0

信安之路上涉及的一些脚本

opendlp * HTML 0

GRASSMARLIN * Java 0

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. iadgov

pydictor * Python 0

A powerful and useful hacker dictionary builder for a brute-force attack

rpc4django-demo * Python 0

This is the code that runs the demo site for rpc4django

hackazon * HTML 0

A modern vulnerable web app

XXEinjector * Ruby 0

Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

satori * Python 0

Satori 是一个 LeanCloud 维护的监控系统,inspired by Open-Falcon

aliyun-safe-match * Java 0

阿里云安全算法挑战赛代码(第29名,共936支队伍报名)

SQLMAP-Web-GUI * PHP 0

PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!

Codiad-Remote-Code-Execute-Exploit * Python 0

A simple exploit to execute system command on codiad

linux-baseline * Ruby 0

DevSec Linux Baseline - InSpec Profile

microscan * Python 0

MicroScan 基于B/S架构微扫描器

RNN * Python 0

A toy example for RNN in Python

DL_for_xss * Python 0

Deep learnning for detection with xss

DAws * PHP 0

Advanced Web Shell

WSSAT * JavaScript 0

WEB SERVICE SECURITY ASSESSMENT TOOL

xssfork * Python 0

ws-docker-community * Shell 0

Web Sight Docker Deployment

owtf * Python 0

Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python @owtfp http://owtf.org

fuzzapi * Ruby 0

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

csp-auditor * Java 0

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website

yasuo * Ruby 0

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

MailSniper * PowerShell 0

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

king-phisher * Python 0

Phishing Campaign Toolkit

websearch * Roff 0

Search engine for web assets

wukong * Python 0

悟空扫描器

angularjs-csti-scanner * PHP 0

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

WebShell-1 * PHP 0

Webshell && Backdoor Collection

vmware_escape * C 0

VMware Escape Exploit before VMware WorkStation 12.5.5

webshell * Python 0

social-engineer-toolkit * Python 0

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

gobuster * Go 0

Directory/file & DNS busting tool written in Go

recon-ng * Python 0

The glorious recon-ng project, which is super cool! This is an older unmaintained release of the popular scanner. Possibly no longer works.

domain * Python 0

Setup script for Regon-ng

Hawkeye * Vue 0

GitHub 泄露监控系统

FiercePhish * PHP 0

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

WPForce * Python 0

Wordpress Attack Suite

ssh_scan * Ruby 0

A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)

whitewidow * Ruby 0

SQL Vulnerability Scanner

lua-sqlparser * C 0

General SQL Parser(http://www.sqlparser.com) lua module

xssless * Python 0

An automated XSS payload generator written in python.

go-shodan * Go 0

Shodan API client

fpgrowth * Python 0

数据挖掘/关联规则挖掘/fpgrowth

Machine-Learning-With-Python * Python 0

此项目是我在学习《机器学习实战》这本书时的代码记录情况,用python实现,当然也会包括一些其他的机器学习算法,使用Python实现

basicRAT * Python 0

python remote access trojan

apriori * Python 0

由Python实现的频繁项集挖掘Apriori算法

inspectIT * Java 0

inspectIT is the leading Open Source APM (Application Performance Management) tool for analyzing your Java (EE) applications.

Zeus * Shell 0

AWS Auditing & Hardening Tool

Susanoo * Python 0

A REST API security testing framework.

w8scan * JavaScript 0

一款模仿bugscan的漏洞扫描器

dnssearch * Go 0

A subdomain enumeration tool.

rdpy * Python 0

Remote Desktop Protocol in Twisted Python

pyrasite * Python 0

Inject code into running Python processes

xunfengES * Python 0

aquatone * Ruby 0

A Tool for Domain Flyovers

springcss-cve-2014-3625 * Java 0

spring mvc cve-2014-3625

sslyze * Python 0

Fast and powerful SSL/TLS server scanning library.

RED_HAWK * PHP 0

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling. Coded In PHP

goappmonitor * Go 0

Golang application performance data monitoring.

puma-scan * C# 0

Puma Scan is the leading software security Visual Studio analyzer extension. Built on top of Roslyn, the open-source .NET Compiler Platform, Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

svn-extractor * Python 0

simple script to extract all web resources by means of .SVN folder exposed over network.

portia * PowerShell 0

BlindRef * Python 0

BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework

oxml_xxe * Ruby 0

A tool for embedding XXE/XML exploits into different filetypes

c4 * C 0

C in four functions

gwhatweb * Python 0

CMS识别 python gevent实现

cupper * Python 0

It comes!!

BadCode * 0

BadCode is a signature database for static source code scanner that identify bad security practices.

Sharly * Python 0

wpbrute * Shell 0

[BASH] Wordpress bruteforce

fastjson-remote-code-execute-poc * Java 0

fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java

not-your-average-web-crawler * Python 0

A web crawler that gathers more than you can imagine.

bug-bounty-reference * 0

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

NeoPI * Python 0

simple-java-agent * Java 0

Creating a simple Java Agent

Awesome-Hacking * 0

A collection of various awesome lists for hackers, pentesters and security researchers

hound * Python 0

jexboss * Python 0

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

sec-chart * 0

安全思维导图集合

Java-Deserialization-Scanner * Java 0

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

IIS_exploit * Python 0

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

break-fast-serial * Python 0

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

DoubleAgent * C 0

Zero-Day Code Injection and Persistence Technique

1000php * HTML 0

1000个PHP代码审计案例(2016.7以前乌云公开漏洞)

rubysec * Ruby 0

RubySec Field Guide

immunio-xss-fuzzer * Python 0

Immunio's XSS Fuzzer tool

scanner * JavaScript 0

网站漏洞扫描平台

BruteXSS * Python 0

BruteXSS - Cross-Site Scripting Bruteforcer

pyfiscan * Python 0

Free web-application vulnerability and version scanner

intrigue-core * JavaScript 0

Discover your attack surface!

telnet-scanner * Python 0

telnet服务密码撞库

PassiveFuzzFrameworkOSX * C 0

This framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode.

Using-machine-learning-to-detect-malicious-URLs * Python 0

Machine Learning and Security | Using machine learning to detect malicious URLs

xsec-ssh-firewall * Go 0

一个简易的ssh密码防暴力破解程序

logistic_regression * Python 0

a demo of logistic regression

easy-tips * PHP 0

a little tips in my code career

bbtools * Python 0

J2EEScan * Java 0

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

cloudflare_enum * Python 0

Cloudflare DNS Enumeration Tool for Pentesters

browser_xss_auditor_fuzzing * HTML 0

浏览器XSS 过滤器Fuzzing 框架 (browser xss aduit fuzzing framework )..

OpenWAF * Lua 0

Web security protection system based on openresty

ds_store_exp * Python 0

A .DS_Store file disclosure exploit. It parse .DS_Store file and download files recursively.

same-origin-method-execution * Java 0

A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities

nginx-plugin * C 0

source code for yunsuo nginx plugin

WS-Attacker * Java 0

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (http://nds.rub.de/ ) and the Hackmanit GmbH (http://hackmanit.de/).

gitrob * Ruby 0

Reconnaissance tool for GitHub organizations

libinjection * C++ 0

SQL / SQLI tokenizer parser analyzer

apm_python * Python 0

APMonitor Optimization Suite in Python

evalhook * C 0

msafe * C 0

通过劫持Zend底层opcode编译,可以分析php执行的代码,从而达到还原一切混淆加密的php源码,并且可以根据自定义规则,审计代码安全。

forced-evolution * Python 0

forced-evolution

dbpost * Python 0

proxy for save db data. support mysql、sqlite、mongodb

kingshard * Go 0

A high-performance MySQL proxy

php * C 0

PHP扩展练习

cpp-sql-fuzzer * C++ 0

Scanners-Box * Perl 0

扫描器合集

pentestEr_Fully-automatic-scanner * Python 0

定向全自动化渗透测试

DNS_domain_Discovery * Perl 0

域名绑定dns解析搜扫

RASscan * Python 0

内网端口极速扫描器

awesome-ml-for-cybersecurity * 0

:octocat: Machine Learning for Cyber Security

urlfuzzing * Python 0

Advance URL Fuzzing + Whois Domain running on python

crack_geetest * Python 0

滑动验证码破解示例

xsshunter * JavaScript 0

The XSS Hunter service - a portable version of XSSHunter.com

pluginbase * Python 0

A simple but flexible plugin system for Python.

xsser * Python 0

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

onionscan * Go 0

OnionScan is a free and open source tool for investigating the Dark Web.

visualize_logs * HTML 0

A Python library and command line tools to provide interactive log visualization.

flask-celery-example * Python 0

A simple example for using Flask + Celery

Tornado-MySQL * Python 0

PyMySQL fork for Tornado

Bypass-PHP-GD-Process-To-RCE * PHP 0

Reference: http://www.secgeek.net/bookfresh-vulnerability/

web-scan-spider * Python 0

python spider and test basic xss

tp_security_xss_scaner * Python 0

reflected_xss_scanner * Python 0

A python/scrapy based xss website scanner

Smashing_The_Browser * C++ 0

Smashing The Browser: From Vulnerability Discovery To Exploit

bfac * Python 0

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may discloses the web-application's source code.

Mirai * JavaScript 0

An easy to use Discord bot framework in NodeJS

open_nsfw * Python 0

code for running Model and code for Not Suitable for Work (NSFW) classification using deep neural network Caffe models

AuthMatrix * Python 0

AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.

IntruderPayloads * PHP 0

A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

RobotsDisallowed * 0

A harvest of the Disallowed directories from the robots.txt files of the world's top websites.

py-find-injection * Python 0

Look for SQL injection attacks in python source code

pyvulhunter * Python 0

python audit tool 审计 注入 inject

knock * Python 0

Knock Subdomain Scan

detect_webshell * Java 0

wyproxy * Python 0

Proxying And Recording HTTP/HTTPs and Socks5, Save To Mysql Database.

Bank * Python 0

工控安全

IronWASP-Python-Plugins * Python 0

Python Plugins that power IronWASP

jsql-injection * Java 0

jSQL Injection is a Java application for automatic SQL database injection.

hackeroni * Go 0

A Go API client for HackerOne (api.hackerone.com)

spiderfoot * Python 0

SpiderFoot, the open source footprinting and intelligence-gathering tool.

webpwn3r * Python 0

WebPwn3r - Web Applications Security Scanner.

Sublist3r * Python 0

Fast subdomains enumeration tool for penetration testers

hash_extender * C 0

simple_example_filter_GPC * C 0

fenghuangscanner_v3 * Python 0

NoEye * Python 0

A blind mode exploit framework (a dns server and a web app) that like wvs's AcuMonitor Service or burpsuite's collabrator or cloudeye

agent * Java 0

eagleEyeAgent 的agent支持部分,提供premain和agentmain两种入口

Mind-Map * 0

各种安全相关思维导图整理收集

passive_scan * Python 0

基于http代理的web漏洞扫描器的实现

genpAss * Python 0

中国特色的弱口令生成器

Yaf-Blog * JavaScript 0

The fastest blog system by the fastest framework

yaf-extensions * PHP 0

some extensions for php framework YAF(https://github.com/laruence/php-yaf)

weakfilescan * Python 0

动态多线程敏感信息泄露检测工具

fofa * Ruby 0

fofa website

scan-framework * Python 0

A framework used for Vulnerability scanning

星排名
编程语言 排名 好于 星星数
Python 1840 97.97% 117
PHP 2397 90.94% 6
Go 3106 90.87% 4
Java 3154 96.49% 68
HTML 6304 89.80% 2
更新于2019-11-01 23:32:55