Cy95
NagaScan Python 84
NagaScan is a distributed passive scanner for Web application.
weblogic_cmd Java 53
weblogic t3 deserialization rce
Dayu Java 14
一款开源指纹识别工具。
httpscan * Python 8
一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR
Teemo Python 6
A Domain Collection Tool
Feigong * PHP 5
Feigong,针对各种情况自由变化的mysql注入脚本,In view of the different things freely change the mysql injection script
dirmap * Python 3
一个高级web目录扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑
Awesome-Asset-Discovery * 2
List of Awesome Asset Discovery Resources
go-exploitdb * Go 1
vtest * Python 1
用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
cmsprint * 1
CMS和中间件指纹库
educn-sqlScan * Python 1
对全国edu域名以及其二级域名进行的一次Sql注入,预计花费时间为三天,结束时候将提交至漏洞平台
nps * Go 1
一款轻量级、功能强大的内网穿透代理服务器。支持tcp、udp流量转发,支持内网http代理、内网socks5代理,同时支持snappy压缩、站点保护、加密传输、多路复用、header修改等。支持web图形化管理,集成多用户模式。
GyoiThonLight Python 1
GyoiThon for intelligence gatering.
BurpCollector * Python 1
通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。
x-patrol * HTML 1
github泄露扫描系统
Awvs_Nessus_Scanner_API * Python 1
扫描器Awvs 11和Nessus 7 Api利用脚本
xsec-ip-database * Go 1
xsec-ip-database为一个恶意IP和域名库(Malicious ip database)
foxpwn * JavaScript 1
Exploit code for CVE-2016-9066
javaopenrasp * Java 1
A Java Rasp Demo
tplmap * Python 1
Automatic Server-Side Template Injection Detection and Exploitation Tool
AwvScan * PHP 1
New On Live Web Vul Scan
wydomain * Python 1
目标系统信息收集组件
hackingLibrary * 1
APT, Cyber warfare, Penetration testing, Zero-day,Exploiting,Fuzzing,Privilege-Escalation,browser-security,Spyware,Malwres evade anti-virus detection, Rookit CYPTER, Antiviruses Bypassing-av, social engineering,WORMS,Sandbox-Escape, Memory-injection, Ethical,Gray,White,RedTeam,Bugbounty,bug hunter,Cheat Sheet...
The-Hacker-Playbook-3-Translation * 1
对 The Hacker Playbook 3 的翻译。
Micro8 * 1
K8tools * Perl 1
K8工具(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)
vagrant-libvirt * Ruby 1
Vagrant provider for libvirt.
Perun * Python 1
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
FinancialSupportForOpenSource * 1
开源项目挣钱实用手册
WindowsRuntimeSecurityDemos * C# 1
Demos for Presentation on Windows Runtime Security
0day-mikrotik * Python 1
evilginx2 * Go 1
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, alowing to bypass 2-factor authentication.
CVE-2018-2893 * Python 1
CVE-2018-2893 PoC
Fuxi-Scanner * Python 1
Network Security Vulnerability Scanner
Logpara * Python 1
一个对常见的web日志进行解析处理的粗糙DEMO
S7scan * Python 1
a pentest scanner, To make excellent tools / 一个集七种功能的漏洞综合检测利用工具, 希望可以打造出一款优秀的渗透工具
insight * JavaScript 1
洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
DNSLog * Python 1
DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
awesome-spider * 1
爬虫集合
AngelSword * Python 1
Python3编写的CMS漏洞检测框架
teye_scanner_for_book * Python 1
《白帽子讲Web扫描》书籍参考代码
gophish * HTML 1
Open-Source Phishing Toolkit
Security-Data-Analysis-and-Visualization * 0
2018-2020青年安全圈-活跃技术博主/博客
passivedns * 0
A network sniffer that logs all DNS server replies for use in a passive DNS setup
blockchain * 0
go编写的区块链入门级项目
HTMLSimilarity * 0
网页相似度判断:根据网页结构判断页面相似性 ,可用于相似度计算、越权检测等(Determine page similarity based on HTML page structure)
SUDO_KILLER * 0
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
ac-1 * 0
golang Aho-Corasick for byte strings
qnsm * 0
QNSM is network security monitoring framework based on DPDK.
pb * 0
Console progress bar for Golang
trochilus * 0
A Fast & free Windows remote administration tool.
Biu-framework * Python 0
Biu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)
DrSemu * 0
DrSemu - Malware Detection and Classification Tool Based on Dynamic Behavior [The tool is in the early development stage]
Windows-Exploit-Suggester * Python 0
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Safety-Project-Collection * 0
收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。
HackerTools * 0
使用MFC编写的病毒技术合集
giligili * 0
gin+gorm开发的视频网站示例
exploits-2 * 0
Pwn stuff.
penetration * Python 0
渗透 超全面的渗透资料💯 包含:0day,xss,sql注入,提权……
blockchain-tutorial * Go 0
Write and publish your own blockchain in less than 200 lines of Go
Lime-RAT * 0
LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
K8CScan * 0
Cscan 5.0 & Cobalt Strike 大型内网渗透自定义插件化扫描器(附C#/VC/Delphi/Python插件Demo源码) 程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本
ProcessMonitor * 0
Process Monitor Library (based on Apple's new Endpoint Security Framework)
http_inspect * 0
HTTP/HTTPS/DNS inspector (windows driver)
scripts-2 * 0
脚本工具
PortTran * 0
PortTran (.NET版端口转发工具 支持任意权限下转发)
IIS_backdoor * 0
backdoor
Active-Directory-Pentest-Notes * 0
个人域渗透学习笔记
MiniDump * 0
alternative to procdump
ATT-CK-CN * 0
ATT&CK实操
bannerscanner * 0
simple tcp port scanner + banner grabber
dnscrypt-proxy * Go 0
dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
Web-Security-Attack * 0
Web安全相关内容
NetTracer * 0
This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.
oracleShell * 0
oracle 数据库命令执行
Hosts_scan * Python 0
这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
secscan-authcheck * 0
越权检测工具
C3 * C++ 0
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
JSFinder * Python 0
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
tgwechat * 0
一款采用Telegram类似的安全加密方案实现的保护个人隐私安全的微信聊天插件。
gopher-os * Go 0
A proof of concept OS written in Go
JustTrustMe Java 0
JustTrustMe的二次开发版本,用于禁用SSL证书校验,扩展了原来程序的功能。
go-masscan * Go 0
go-masscan is a golang library to run masscan scans, parse scan results.
ptrace * C 0
a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
RedTeam-BCS * 0
BCS(北京网络安全大会)2019 红队行动会议重点内容
clash * Go 0
A rule-based tunnel in Go.
UAC_bypass_windows_store * C 0
Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe)
findomain * Rust 0
The fastest and cross-platform subdomain enumerator, don't waste your time.
M1S2_PNL_4I402 C 0
[4I402] PNL : Programmation Noyau Linux
OneForAll * Python 0
OneForAll是一款强大的子域收集神器
GetWindowsKernelExploitsKB * C# 0
获取系统KB补丁对于的MS号
hackertarget * Python 0
🎯 HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery 🎯
Anti-DDOS * Shell 0
Anti DDOS | Bash Script
command-injection-payload-list * 0
🎯 Command Injection Payload List
jon * C 0
jon 是一款LINUX系统攻防工具箱,包含扫描,入侵,痕迹清理,木马,网站测试等各种黑客工具。
HollowProcess * Python 0
Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python
HollowFind * Python 0
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.
TikiTorch * C# 0
Process Hollowing
webanalyzer * Python 0
webanalyzer wip
social_attacker * Python 0
An Open Source Multi Site Automated Social Media Phishing Framework
fuzzDicts * Python 0
Web Pentesting Fuzz 字典,一个就够了。
webshell-venom * Python 0
免杀webshell无限生成工具(免杀一句话生成|免杀D盾|免杀安全狗护卫神河马查杀等一切waf)
rdp-tunnel * C 0
Pre-compiled tools to tunnel TCP over RDP Connections
JDSRC-Small-Classroom * 0
京东SRC小课堂系列文章
MBRFilter * C 0
Cisco Talos MBR Filter Driver
TorBot * Python 0
Dark Web OSINT Tool
vulcan * Python 0
A gevent spider ,support webkit for dom parsing.
awesome-vm-exploit * 0
share some useful archives about vm and qemu escape exploit.
golang-tcp-port-reuse * Go 0
go-reuseport * Go 0
reuse tcp/udp ports in golang
AgentSmith-HIDS * C 0
Low performance loss and by LKM technology HIDS tool.from Dianrong InfoSEC team.
RedTeamCSharpScripts * C# 0
C# Script used for Red Team
30dayMakeOS * C 0
《30天自制操作系统》源码中文版。自己制作一个操作系统(OSASK)的过程
tencent_mail_weak_brute Python 0
requests-html * HTML 0
Pythonic HTML Parsing for Humans™
0xsp-Mongoose * PHP 0
Privilege Escalation Enumeration Toolkit (ELF 64/32 ) , fast , intelligent enumeration with Web API integration . Mastering Your Own Finding
FastjsonExploit * Java 0
fastjson漏洞快速利用框架
php-extension-backdoor * C 0
Simple php backdoor based on extension
Kayak * Java 0
Kayak is a CAN bus analysis tool based on SocketCAN
gonotifyav * Go 0
Resident (inotify) Anti-Malware Scanner using rules from Linux Malware Detect project
bcrpscan * Python 0
Base on crawler result web path scanner.
Dytan * C++ 0
Dytan Taint Analysis Framework on Linux 64-bit
RF.go * Go 0
Random Forest implemtation in GoLang
go_mini_lfi * Go 0
Golang Mini LFI (Local File Inclusion) Tester
Kernel_Rootkit * C 0
Linux Kernel Rootkit - To hide modules and ssh service
ScDetective * C 0
A kernel level anti-rootkit tool which runs on the windows platform.
linux_io_hook * C 0
class project to replace 'the' with 'she' for files named 'unix.txt' as a kernel module intercepting sys_read
evalhook-1 * C 0
Decoding a User Space Encoded PHP Script
prevoty-nodejs * JavaScript 0
Prevoty node.js bindings
linux-kernel-test * Batchfile 0
ysec-waf-nginx-module * C 0
A lightweight web application firewall module for nginx, which is already used in the production environment.
SearchEngine * HTML 0
A Sample SearchEngine
mysqlproxy * Python 0
MySQL proxy with hook system written in python 2
sentinel-1 * C++ 0
Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. It can protect your programs against 0-day attacks or publicly known bugs.
godigraph * Go 0
Directed graph or "digraph" implementation, written in Go. MIT Licensed.
Zeus-1 * C 0
NOT MY CODE! Zeus trojan horse - leaked in 2011, I am not the author. I have created this repository to make the access for study as easy as possible.
netcat * C 0
NetCat for Windows
pyAhocorasick * Python 0
a pure python Aho-corasick algorithm implementation
KernelRootkit * C 0
Linux kernel rootkit to hide certain files and processes.
minemu * C 0
Minemu is a minimal emulator for dynamic taint analysis ( this is a mirror of https://minemu.org/code/minemu.git )
BackdoorLinux * Batchfile 0
Small Backdoor/rootkit for linux kernel
pylibinjection * Python 0
XssScaner * Python 0
Xss Scaner
witness * C 0
A PHP Extension for trace/debug/monitor
linux-syscall-hooker * C 0
A Linux kernel module that locates the system call table in memory and hooks uname. Contributions welcome!
SKANDA * Python 0
sandbox * C 0
The sandbox libraries (libsandbox & pysandbox) are an open-source suite of software components for C/C++ and Python developers to create automated profiling tools and watchdog programs. The API's are designed for executing and instrumenting simple (single process) tasks, featuring policy-based behavioral auditing, resource quota, and statistics collecting.
golog * Go 0
A high-performant Logging Foundation for Go Applications. X3 faster than the rest leveled loggers.
gohbase * Go 0
Pure-Go HBase client
httpsqs HTML 0
Automatically exported from code.google.com/p/httpsqs
hosttool JavaScript 0
A pretty chrome extension for altering host headers.
php-httpsqs-client C 0
Automatically exported from code.google.com/p/php-httpsqs-client
safing-ui JavaScript 0
Safing UI
go-spectre Go 0
POC of spectre in Golang
hackpool Go 0
优雅的go协程库,轻松控制并发数
noodles Go 0
Noodles(面条)是一款超轻量级分布式任务调度类库(太轻量级了,谈不上框架),类似于python的celery,大量参考benmanns的goworker.
firehttp Go 0
一个专门用于安全工具开发的HTTP类库.
go-nmap Go 0
go-nmap is a golang library to run nmap scans, parse scan results.
Penetration-Testing * 0
List of awesome penetration testing resources, tools and other shiny things
legion * Python 0
Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
cve-2018-1273 * Python 0
Spring Data Commons RCE 远程命令执行漏洞
WSPIH * Python 0
Website Sensitive Personal Information Hunter 网站个人敏感信息文件扫描器
TNSR_IDS * Go 0
IDS using a port mirror, Snort and an alert -> RESTCONF utility
slim * Go 0
Unbelievably space efficient data structures in Golang.
DarkNet_ChineseTrading * Python 0
🚇暗网中文网监控爬虫
wesng * Python 0
Windows Exploit Suggester - Next Generation
Sysmon * Batchfile 0
vulnerability-assessment-tool * Java 0
Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://sap.github.io/vulnerability-assessment-tool/
prvd * PHP 0
PHP Runtime Vulnerability Detection
An-English-Guide-for-Programmers * 0
专为程序员编写的英语学习指南。v1.0
red-team-scripts * PowerShell 0
A collection of Red Team focused tools, scripts, and notes
diesel * Rust 0
A safe, extensible ORM and Query Builder for Rust
FDsploit * Python 0
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
WMImplant * PowerShell 0
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
webtty * Go 0
Share a terminal session over WebRTC
perceptor * Go 0
An open source, cloud native toolkit for threat detection and mitigation
go-cpulimit-1 * Go 0
Throttle the CPU usage to a maximum
sysmon-modular * PowerShell 0
A repository of sysmon configuration modules
suricata-rules * 0
平时抓包写的suricata规则,会慢慢更新
BrowserSecurity * HTML 0
我在学习浏览器安全过程中整理的漏洞分析笔记与相关的学习资料
homemade-machine-learning * Jupyter Notebook 0
🤖 Python examples of popular machine learning algorithms with interactive Jupyter demos and math being explained
nopowershell * C# 0
PowerShell rebuilt in C# for Red Teaming purposes
kerbrute * Go 0
A tool to perform Kerberos pre-auth bruteforcing
slither * Python 0
Static Analyzer for Solidity
exchange_proxy * Go 0
Security proxy server for Exchange server
MSRC-Security-Research * 0
Security Research from the Microsoft Security Response Center (MSRC)
MsfWrapper * Python 0
Asynchronous MSF RPC API wrapper
PHP_imap_open_exploit * PHP 0
Bypassing disabled exec functions in PHP via imap_open
ProcInfo * Objective-C 0
process info/monitoring library for macOS
requests * Go 0
A golang HTTP client library. Salute to python requests.
usercorn * Go 0
dynamic binary analysis via platform emulation
scantron * Python 0
A distributed nmap scanning framework
SharpSploit * C# 0
SharpSploit is a .NET post-exploitation library written in C#
SharpDump * C# 0
SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
CORScanner * Python 0
🍻 Fast CORS misconfiguration vulnerabilities scanner
process-inject * C 0
在Windows环境下的进程注入方法:远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
chipsec * Python 0
Platform Security Assessment Framework
bitcracker * C 0
BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker
download * 0
Melkor_ELF_Fuzzer * C 0
Melkor is a very intuitive and easy-to-use ELF file format fuzzer to find functional and security bugs in ELF parsers.
micromdm * Go 0
Mobile Device Management server
SNETCracker * C# 0
超级弱口令检查工具是一款Windows平台的弱口令审计工具,支持批量多线程检查,可快速发现弱密码、弱口令账号,密码支持和用户名结合进行检查,大大提高成功率,支持自定义服务端口和字典。
Windows-Secure-Host-Baseline * HTML 0
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
Hawk-I * Python 0
Automatic extract anomalious Web attack Payloads with Unsupervised Machine Learning algorithms
syscall_intercept * C 0
The system call intercepting library
DarthSidious * 0
Building an Active Directory domain and hacking it
tr1pd * Rust 0
tamper resistant audit log
DPoSDemo * Go 0
Go语言实现DPoS共识算法
Resilient-ML-Research-Platform * Python 0
vechain-core-nodes-security-checklist * 0
VeChain core nodes security checklist(唯链核心节点安全执行指南)
zgrab * Go 0
Application layer scanner that operates with ZMap
DockerSecurityPlayground * JavaScript 0
A Microservices-based framework for the study of network security
ROP-detection-in-VM * C 0
phpext_phpjiami_decode * C 0
An ext for php to decode some phpjiami
kubeaudit * Go 0
kubeaudit helps you audit your Kubernetes clusters against common security controls
Profit * PowerShell 0
Simple PowerShell enumeration script to look for interesting files
freddy * Java 0
GOSINT-1 * JavaScript 0
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
nishang * PowerShell 0
Nishang - Offensive PowerShell for penetration testing and offensive security.
nlp * Python 0
兜哥出品 <一本开源的NLP入门书籍>
python-iptables * Python 0
Python bindings for iptables
diffy * Python 0
CVE-2018-8174-msf * Ruby 0
CVE-2018-8174 - VBScript memory corruption exploit.
yamot * HTML 0
Yet Another MOnitoring Tool
LDAPPER * Python 0
AD LDAP Command Line Searching that doesn't suck.
Phantom-Evasion * Python 0
Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)
burp_collaborator_http_api * Java 0
Burp Suite Collaborator HTTP API
RedTips * 0
Red Team Tips as posted by @vysecurity on Twitter
DB_BaseLine * Python 0
数据库基线检查工具
4book * Lua 0
《企业安全建设入门:基于开源软件打造企业网络安全》
brakeman * Ruby 0
A static analysis security vulnerability scanner for Ruby on Rails applications
go-deliver * Go 0
Go-deliver is a payload delivery tool coded in Go.
BugBountySubdomains * Python 0
Tools to gather subdomains from Bug Bounty programs
icmpsh * C 0
Simple reverse ICMP shell
os * Go 0
Tiny Linux distro that runs the entire OS as Docker containers
pcileech * C 0
Direct Memory Access (DMA) Attack Software
CVE-2018-2380 * Python 0
PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM
php-ffi * C 0
PHP Foreign Function Interface
fastjson * Go 0
skeksi_virus * C 0
Devestating and awesome Linux X86_64 ELF Virus
FastWin32 * C# 0
MemoryReadWrite InlineAsm Managed/UnmanagedInject
awesome-exploit-development * 0
A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
carbonbeat * Go 0
event shipper for Carbon Black Defense notifications
nDPI * C 0
Open Source Deep Packet Inspection Software Toolkit
LaZagneForensic * Python 0
Windows passwords decryption from dump files
CVE-2018-6546-Exploit * Python 0
CVE-2018-6546-Exploit
php-reverse-shell * PHP 0
exploit-code-by-me * PHP 0
Exploit code developed by me to check few famous vulnerabilities
Linux-0.01 * C 0
Linux 0.01源码及注释
muescheli * Go 0
A simple AntiVirus-as-a-Service implementation using ClamAV
linux-kernel-defence-map * 0
Linux Kernel Defence Map
saruman * C 0
ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
Yuki-Chan-The-Auto-Pentest * Python 0
Automate Pentest Tool
ant * Shell 0
Linux服务器信息收集脚本
DockerXScan * Go 0
DockerXScan——Docker镜像漏洞扫描器
SubOver * Go 0
A Powerful Subdomain Takeover Tool
CTFDefense * Python 0
Some tools for CTF off line
gOSINT * Go 0
OSINT framework in Go
DVIA-v2 * Swift 0
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.
Distributed-Systems * Go 0
MIT课程《Distributed Systems 》学习和翻译
nginxparser * Python 0
use python to parse nginx
List-RDP-Connections-History * PowerShell 0
Use powershell to list the RDP Connections History of logged-in users or all users
math * 0
麻省理工公开课-线性代数-完整笔记
DomainPasswordSpray * PowerShell 0
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
honeytrap * Go 0
Advanced Honeypot framework.
bettercap * Go 0
The state of the art network attack and monitoring framework.
dnsjit * C 0
Engine for capturing, parsing and replaying DNS
ESD * Python 0
Enumeration sub domains(枚举子域名)
GoodbyeDPI * C 0
GoodbyeDPI—Passive Deep Packet Inspection blocker and Active DPI circumvention utility (for Windows)
Memory-Scanner * C 0
Scanning process memory
NtlmSocks * Go 0
a pass-the-hash tool
CVE-2018-4878 * Python 0
CVE-2018-4878 样本
dnsbrute * Go 0
a fast domain brute tool
go-apachelog * Go 0
Go package for parsing Apache logs.
dstat * Python 0
Versatile resource statistics tool
odat * Python 0
ODAT: Oracle Database Attacking Tool
PS4-5.01-WebKit-Exploit-PoC * JavaScript 0
PS4 5.01 WebKit Exploit PoC
php-parser-2 * Go 0
A Parser for PHP written in Go
php-nsq * C 0
a php nsq client write by c extension,the fastest nsq client
mythril * Python 0
以太坊智能合约检查
TIDoS-Framework * Python 0
This is a web-penetration testing toolkit, presently suited for reconnaissance purposes.
porn_fiction_classify * HTML 0
一个色情小说检测项目
wafid * Python 0
Wafid identify and fingerprint Web Application Firewall (WAF) products.
cuckoo * JavaScript 0
Cuckoo Sandbox is an automated dynamic malware analysis system
exploits * Python 0
some exploits
clicktail * Go 0
MalwareScan.AMSI * C# 0
php-internals-extended-development-course * Roff 0
PHP底层内核源码分析和扩展开发
CSS-Keylogging * CSS 0
Chrome extension and Express server that exploits keylogging abilities of CSS.
golang-design-pattern * Go 0
设计模式 Golang实现-《研磨设计模式》读书笔记
harpoon * Python 0
CLI tool for open source and threat intelligence
godirwalk * Go 0
Fast directory traversal for Golang
FinSpyVM * Python 0
Static unpacker for FinSpy VM
RamFuzz * C++ 0
Combining Unit Tests, Fuzzing, and AI
cssInjection * HTML 0
Stealing CSRF tokens with CSS injection (without iFrames)
yulong-hids * Go 0
一款由 YSRC 开源的主机入侵检测系统
APTSimulator * Java 0
A toolset to make a system look as if it was the victim of an APT attack
WiFi-Miner-Detector * Python 0
Detecting malicious WiFi with mining cryptocurrency.
bro-pdns * Go 0
Passive DNS collection using Bro
svnExploit * Python 0
svn>1.7时,dump源码工具
AttackFilter * Ruby 0
Logstash 日志安全攻击分析插件
ssl-kill-switch2 * C 0
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps
archerysec * JavaScript 0
Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.
CVE-2017-10271 * Python 0
WebLogic Exploit
CVE-2017-4878-Samples * 0
CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
chkrootkit * Shell 0
This program locally checks for signs of a rootkit. 'Forked' to fix false-positive for SucKIT rootkit
scripts-1 * Python 0
Generic scripts for public consumption
metasploit-cn-wiki * 0
metasploit中文wiki
pritunl-zero * Go 0
Zero trust system
mini-docker * Python 0
A tiny container
LuLu * Objective-C 0
LuLu is the free open-source macOS firewall that aims to block unauthorized (outgoing) network traffic 开源macOS防火墙
ladon * Go 0
A SDK for access control policies: authorization for the microservice and IoT age. Inspired by AWS IAM policies. Written for Go.
ksm * C 0
A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.
Wappalyzer * JavaScript 0
Cross-platform utility that uncovers the technologies used on websites.
ketshash * PowerShell 0
A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.
EvilURL * Python 0
Generate unicode evil domains for IDN Homograph Attack and detect them.
jackson-rce-via-two-new-gadgets * Java 0
Two different gadgets to bypass the blacklist in jackson-databind for RCE
One-Lin3r * Python 0
Gives you one-liners that aids in penetration testing operations
hacker101 * HTML 0
Hacker101
golismero * Python 0
GoLismero - The Web Knife
go-colorable * Go 0
EasyHook * C 0
EasyHook - The reinvention of Windows API Hooking
egressbuster * Python 0
Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.
rsocks * Go 0
Tiny little reverse socks5 client & server
gortcp * Go 0
内网穿透、远程文件上传下载、命令执行
Vegile * Shell 0
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
gopsutil * Go 0
psutil for golang
flightsim * Go 0
A utility to generate malicious network traffic and evaluate controls
hershell * Go 0
data-visualization * JavaScript 0
数据可视化
msf * Go 0
MFS (Minio Federation Service) is a namespace, identity and access management server for Minio Servers
Monitoring-Systems-Cheat-Sheet * 0
A cheat sheet for pentesters and researchers about vulnerabilities in well-known monitoring systems.
mod_auth_accessfabric * Shell 0
An Apache 2.4.x module for authenticating requests from the ScaleFT Access Fabric
pulsar * Python 0
Protocol Learning and Stateful Fuzzing
jackson-rce-via-spel * Java 0
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
yeti * Python 0
Your Everyday Threat Intelligence
ac * Go 0
Aho-Corasick Automaton with Double Array Trie (Multi-pattern substitute in go)
Struts-S2-xxx * 0
整理收集Struts2漏洞环境
bta * Python 0
Open source Active Directory security audit framework.
demo-agent * Java 0
java agent demo
enumdb * Python 0
MySQL and MSSQL brute force and post exploitation tool to search through databases and extract sensitive information.
Halcyon * Java 0
First IDE for Nmap Script (NSE) Development.
oathkeeper * Go 0
A BeyondCorp/Zero Trust Identity & Access Proxy (IAP) built on top of OAuth2 and ORY Hydra.
web-analytics * JavaScript 0
监测分析、异常监测、广告验证、访客唯一标识
re_sysdiag * C 0
逆向火绒安全软件驱动——sysdiag
OWASP-Nettacker * Python 0
Automated Penetration Testing Framework
GTScan * Python 0
The Nmap Scanner for Telco
KPTI-PoC-Collection * C++ 0
Meltdown/Spectre PoC src collection.
nullinux * Python 0
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
pyHIDS * Python 0
pyHIDS is a HIDS (host-based intrusion detection system) for verifying the integrity of a system. It uses an RSA signature to check the integrity of its database. Alerts are written in the logs of the system and can be sent via email to a list of users. You can define rules to specify files to be checked periodically.
office-exploit-case-study * Visual Basic 0
ngrok * Go 0
Introspected tunnels to localhost
NetSafe_Frontend * Vue 0
网络安全态势感知新闻平台(前台)
230-OOB * Python 0
An Out-of-Band XXE server for retrieving file contents over FTP.
portknob * Go 0
Port knocking daemon with web interface
dirsearch * Python 0
Web path scanner
POC-Collect * Java 0
各种开源CMS 各种版本的漏洞以及EXP 该项目将不断更新
docker-security * 0
docker 安全基线规范
XAttacker * Perl 0
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
x-crack * Go 0
x-crack - Weak password scanner, Support: FTP/SSH/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
alerting-detection-strategy-framework * 0
A framework for developing alerting and detection strategies for incident response.
DGA-Domain-Predict * Python 0
使用LSTM模型检测DGA域名
WhatWaf * Python 0
Detect and bypass web application firewalls and protection systems
blacksheepwall * Go 0
blacksheepwall is a hostname reconnaissance tool子域名爆破工具
dns_tunnel_dectect_with_CNN * Python 0
dns tunnel dectect with CNN
LinuxTool * 0
Linux下常用工具及其命令介绍
go-qemu * Go 0
Go packages to interact with QEMU using the QEMU Machine Protocol (QMP). Apache 2.0 Licensed.
gogs * Go 0
Gogs is a painless self-hosted Git service.
gohs-ladon * Go 0
A service for thousands regex finder with Intel's hyperscan.(海量正则快速匹配,给定一行字符串,能够从海量的正则里快速匹配到是否有符合条件的正则)
syslog * Go 0
Golang - 获取Windows & Linux登录日志并正则解析
goproxy * Go 0
proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持正向代理和内网穿透.程序本身可以作为一级代理,如果设置了上级代理那么可以作为二级代理,乃至N级代理.如果程序不是一级代理,而且上级代理也是本程序,那么可以加密和上级代理之间的通讯,采用底层tls高强度加密,安全无特征.代理时会自动判断访问的网站是否屏蔽,如果被屏蔽那么就会使用上级代理(前提是配置了上级代理)访问网站;如果访问的网站没有被屏蔽,为了加速访问,代理会直接访问网站,不使用上级代理.另外可以设置域名黑白名单,更加自由的控制网站的访问方式。下载地址:https://github.com/snail007/goproxy/releases 官方QQ交流群:189618940
libfacedetection * C++ 0
人脸识别库
libdetection * C 0
用于检测攻击的第三方库
lexmachine * Go 0
Lex machinary for go.
PassGAN * Python 0
A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)
suricata * C 0
Suricata git repository maintained by the OISF
chiron-elk * Python 0
Empire * PowerShell 0
Empire is a PowerShell and Python post-exploitation agent.
capsule8 * Go 0
Capsule8: open-source cloud-native behavioral security monitoring
ssrf_proxy * Ruby 0
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
SiteBroker * Python 0
A cross-platform python based utility to penetrate websites and test them with approximately every angle.
Alesense-Antivirus * C 0
一款拥有完整交互界面与驱动级拦截能力的开源杀毒软件
ytrace * C 0
Another php debug tool.
webconsole * JavaScript 0
基于Golang、WebSocket、xTermJS 的 Web SSH 远程终端
blackhat-arsenal-tools * 0
Official Black Hat Arsenal Security Tools Repository
xsec-webspy * Go 0
golang版的dsinff-webspy
demo-spark-analytics * Python 0
Demo about realtime analytics of user behavior using elk stack/apache spark streaming+mllib/redis/slamdata用户行为分析
study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095 * Java 0
Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告
SELKS * Shell 0
A Suricata based IDS/IPS distro
gotty * Go 0
Share your terminal as a web application
brutesubs * Shell 0
An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
LockWebPageDriver * C 0
锁主页驱动
XDiFF * Python 0
Extended Differential Fuzzing Framework
xsec-traffic * Go 0
恶意流量分析程序
wee * C 0
kiwi * Python 0
kiwi:安全源码审计工具
BruteX * Shell 0
Automatically brute force all services running on a target.
repo-security-scanner * Go 0
CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
Reverse-Shell-Manager * Python 0
blind-sql-bitshifting * Python 0
SQL注入工具
DBScanner * Python 0
自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch),包含未授权访问及常规弱口令检测
reposcanner * Python 0
Python script to scan Git repos for interesting strings
cmsPoc * Python 0
CMS渗透测试框架-A CMS Exploit Framework
signature-base * Python 0
Signature base for my scanner tools
Anubis * Python 0
Subdomain enumeration and information gathering tool
Nosql-Exploitation-Framework * Python 0
A Python Framework For NoSQL Scanning and Exploitation
Fastjson-Payload * 0
Fastjson 反序列化漏洞利用工具
Hook-PasswordChangeNotify * PowerShell 0
superhide * C 0
Example of hooking a linux systemcall
go-ntdll * Go 0
Go interface to NTDLL functions
evidenceSample * Java 0
区块链存证
multi-criteria-cws * Python 0
Simple Solution for Multi-Criteria Chinese Word Segmentation
ndpi-netfilter-1 * C 0
patchkit * C 0
binary patching from Python
awvs_script_decode * PHP 0
解密好的AWVS10.5 data/script/目录下的脚本
php7-opcache-override * Python 0
Security-related PHP7 OPcache abuse tools and demo
CVE-2017-0199 * Python 0
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
koadic * Python 0
Koadic C3 COM Command & Control - JScript RAT
re_avkmgr * C 0
逆向小红伞杀毒软件驱动——avkmgr
mimikittenz * PowerShell 0
A post-exploitation powershell tool for extracting juicy info from memory.
JavaID * Python 0
java source code danger function identify prog
AhMyth-Android-RAT * Smali 0
Android Remote Administration Tool
dvna * CSS 0
Damn Vulnerable NodeJS Application
malcom * Python 0
Malcom - Malware Communications Analyzer
psad * Perl 0
psad: Intrusion Detection and Log Analysis with iptables
DNSSniffer * Go 0
DNSQuery Sniffer in Golang
kjackal * C 0
Linux Rootkit Scanner
MyMiniEncrypt * C 0
使用minifilter编写的透明加解密驱动。
gopherci * Go 0
Dshell * Python 0
Dshell is a network forensic analysis framework.
Blasting_dictionary * Python 0
爆破字典
payloads * Shell 0
Git All the Payloads! A collection of web attack payloads.
unicorn * C 0
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
bssh * Python 0
BeyondCorp-style SSH ProxyCommand, allowing for federated SSH clients
sec-scan-agent_v1.0 * Python 0
Web scan foundation framework
go-dpi * Go 0
CeWL * Ruby 0
CeWL is a Custom Word List Generator
go-iforest * Go 0
Isolation forest implementation in Go
Tensorflow- * 0
Tensorflow实战学习笔记
pipe * Go 0
Network traffic sniffer, decoder and mirror
domain_analyzer * Python 0
Analyze the security of any domain by finding all the information possible. Made in python.
goworker * Go 0
goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.
dfwfw * Perl 0
Docker Firewall Framework
meshbird * Go 0
Distributed private networking
Reptile * C 0
LKM Linux rootkit
yasca * PHP 0
Yet Another Source Code Analyzer
PHP-WebShell-Bypass-WAF * PHP 0
记录与分享PHP WebShell 绕过WAF 的一些经验 Share some experience about PHP WebShell bypass WAF
DNS-Shell * Python 0
DNS-Shell is an interactive Shell over DNS channel
como-lang-ng * C 0
A programming language prototype implemented in C with an AST, Compiler, and Virtual Machine \@TODO Garbage Collection
s3-fuzzer * Go 0
🔐 A concurrent, command-line AWS S3 Fuzzer. Written in Go.
samm * XSLT 0
Linux-baseline-scan * Shell 0
Linux baseline scan,make sure the host security
libinjection-fuzzer * Python 0
This tool was written as PoC to article https://waf.ninja/libinjection-fuzz-to-bypass/
security-research-pocs * PHP 0
Proof-of-concept codes created as part of security research done by Google Security Team.
DetectLM * Python 0
Detecting Lateral Movement with Machine Learning
NATBypass * Go 0
一款lcx在golang下的实现
joes-sandbox * C 0
subjack * Go 0
Hostile Subdomain Takeover tool written in Go
goscan * Go 0
goscan is a simple and efficient IPv4 network scanner that discovers all active devices on local subnet.
tencent_exmail * Python 0
获取腾讯企业邮箱通讯录
PDFTear * C++ 0
Malicious PDF document parsing tool
fuxploider * Python 0
File upload vulnerability scanner and exploitation tool.
FOCA * C# 0
FirewallEventMonitor * C++ 0
Listens for Firewall rule match events generated by Microsoft Hyper-V Virtual Filter Protocol (VFP) extension.
2book * PHP 0
《Web安全之深度学习与实战》
reflector * Java 0
Burp plugin able to find reflected XSS on page in real-time while browsing on site
docker-onion-nmap * Shell 0
Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
go-audit * Go 0
go-audit is an alternative to the auditd daemon that ships with many distros
lets-build-a-blockchain * Ruby 0
A mini cryptocurrency in Ruby
reCAPTCHA * Java 0
A burp extender that reconginze CAPTCHA and use for intruder payload
ml-for-humans-zh * CSS 0
:book: [译] 写给人类的机器学习
lmsensors * Go 0
Package lmsensors provides access to Linux monitoring sensors data, such as temperatures, voltage, and fan speeds. MIT Licensed.
bandit * Python 0
Python AST-based static analyzer from OpenStack Security Group
BaRMIe * Java 0
Java RMI enumeration and attack tool.
nzyme * Java 0
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.
HuntingWithPowershell * 0
Windows log and threat hunting with powershell
burplay * Java 0
Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.
SSRF-Testing * Python 0
SSRF (Server Side Request Forgery) testing resources
netbyte * Python 0
Netbyte is a Netcat-style tool that facilitates probing proprietary TCP and UDP services. It is lightweight, fully interactive and provides formatted output in both hexadecimal and ASCII.
hook_syscall_of_linux64 * C 0
nebula * Python 0
"星云"业务风控系统
domato * Python 0
DOM fuzzer
osprey * Python 0
cgroups * Go 0
cgroups package for Go
MemScan-1.0 * C 0
Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory
SecGen * Ruby 0
Create randomly insecure VMs
Switcher * Go 0
端口复用工具,能让HTTP/HTTPS/SSH/RDP/SOCKS5/HTTPProxy/Other跑在同一个端口上,支持复用本地或远程端口
browser-sec-whitepaper * 0
CIA-Hacking-Tools * HTML 0
WikiLeaks Vault 7 CIA Hacking Tools
ysoserial.net * C# 0
Deserialization payload generator for a variety of .NET formatters
PyJFuzz * Python 0
PyJFuzz - Python JSON Fuzzer
Blisqy * Python 0
Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
DamnWebScanner * Python 0
Another web vulnerabilities scanner, this extension works on Chrome and Opera
pbscan * C 0
Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.
GitMiner * Python 0
Tool for advanced mining for content on Github
gitem * Python 0
A Github organization reconnaissance tool.
php-1 * Go 0
Parser for PHP written in Go
phpsploit * Python 0
Stealth post-exploitation framework
rancher * Shell 0
Complete container management platform
SQLiScanner * Python 0
Automatic SQL injection with Charles and sqlmap api
BurpCollaboratorDNSTunnel * Java 0
A DNS tunnel utilizing the Burp Collaborator
vlany * C 0
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
db_security * PLSQL 0
gobotnet * Go 0
Pure HTTP and DNS Botnet written in Golang for Windows.
aaaaaaa * PLSQL 0
goagain * Go 0
Zero-downtime restarts in Go
DBC2 * PowerShell 0
DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication.
faraday * Python 0
Collaborative Penetration Test and Vulnerability Management Platform
c-jwt-cracker * C 0
JWT brute force cracker written in C
go-queue * Go 0
High-performance lock-free queue (Disruptor 1400/s)
linux-kernel-exploits * C 0
linux-kernel-exploits Linux平台提权漏洞集合
SENSS * Python 0
Software Defined Security Service
SDN-Intrusion-Prevention-System-Honeypot * Python 0
Intrusion Prevention System to dynamically add firewall rules to block malicious traffic detected by IDS system implemented on Software Defined Networl (SDN). Alternatively, the malicious traffic can be redirected to a Honeypot Server. OpenFlow protocol used for SDN. Snort used for IDS (Intrusion Detection System).
fail2ban * Python 0
Daemon to ban hosts that cause multiple authentication errors
Tiny-URL-Fuzzer * Python 0
A tiny and cute URL fuzzer
IntroductionToMachineLearningForSecurityPros * Python 0
Example code for our book Introduction to Artificial Intelligence for Security Professionals
regexp-security-cheatsheet * PHP 0
SAMLRaider * Java 0
SAML2 Burp Extension
free-programming-books-zh_CN * JavaScript 0
:books: 免费的计算机编程类中文书籍,欢迎投稿
webshell-2 * PHP 0
This is a webshell open source project
safing-notify * Go 0
Safing Notify
HUNT * Python 0
WFPFirewall * C++ 0
基于WFP(Windows Filter Platform)的个人防火墙系统
D0xk1t * Python 0
Web-based OSINT and active reconaissance suite
SecLists * PHP 0
SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
Spaghetti * Python 0
Spaghetti - Web Application Security Scanner
bbqsql * Python 0
SQL Injection Exploitation Tool
huey * Python 0
a little task queue for python
kernel-exploits * C 0
A bunch of proof-of-concept exploits for the Linux kernel
wafw00f * Python 0
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
humpback-web * TypeScript 0
Docker management website
Triton * C++ 0
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings.
MS17-010 * Python 0
MS17-010
fwknop * Perl 0
Client and Gateway Modules for Software Defined Perimeter (SDP)
Fuzzing-ImageMagick * Mask 0
OpenSource My ImageMagick Fuzzer ..
psychoPATH * Java 0
psychoPATH - hunting file uploads & LFI in the dark. This tool is a highly configurable payload generator detecting LFI & web root file uploads. Involves advanced path traversal evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator. Now available in the Burp App Store!
JSParser * Python 0
massdns * C 0
A high-performance DNS stub resolver for bulk lookups
FOS_Demo_Vulnerable_App * CSS 0
[FOS:RASP-PHP] PHP Demo Vulnerable Application to test SQL injection vulnerability and patch it using RASP (Runtime Application Self-Protection)
babel-sf * PowerShell 0
Babel Scripting Framework
hackability * PHP 0
Perform a variety of tests to discover what an unknown rendering engine supports
Recon * Python 0
Bug Hunting Recon Script
parameth * Python 0
This tool can be used to brute discover GET and POST parameters
talking-with-cars * Python 0
CAN analysis - Use your car as a gamepad!
broken-link-checker * JavaScript 0
Find broken links, missing images, etc in your HTML.
goHackTools * Go 0
Hacker tools on Go (Golang)
sssniff * Python 0
ShadowSocks(SS) traffic sniffer
subtakeover * Python 0
domain_hunter * Java 0
A Burp Suite extender that search sub domain and similar domain from sitemap
pyrebox * Python 0
timing_attack * Ruby 0
Perform timing attacks against web applications
burp-vulners-scanner * Java 0
Vulnerability scanner based on vulners.com search API
php-parser * JavaScript 0
:herb: NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)
linux-malware-detect * Shell 0
Linux Malware Detection (LMD)
yams * Python 0
A collection of Ansible roles for automating infosec builds.
collaborator-everywhere * Java 0
A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
bugcrowd-levelup-subdomain-enumeration * Python 0
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bucrowd LevelUp 2017 virtual conference
katakana.js * JavaScript 0
Write JavaScript alert(1) with Katakana characters only
netflowAnalyser * Go 0
netflowAnalyser
SourceLeakHacker * Python 0
一个多线程WEB源码泄漏检测工具
truffleHog * Python 0
Searches through git repositories for high entropy strings, digging deep into commit history
portmap * Go 0
:traffic_light: Port mapping library for Go supporting NAT-PMP and UPnP
SerialBrute * Python 0
Java serialization brute force attack tool.
exchangecrack * Python 0
用于探测公司用户是否存在弱口令
dll_hook-rs * Rust 0
Rust code to show how hooking in rust with a dll works.
LFISuite * Python 0
本地文件包含利用工具
dnsmon-go * Go 0
A golang DNS monitor inspired by https://github.com/gamelinux/passivedns
multiscanner * Python 0
Modular file scanning/analysis framework
ReconDog * Python 0
Recon Dog is an all in one tool for all your basic information gathering needs.
CloudFail * Python 0
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
EyeWitness * Python 0
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
domain-scan * Python 0
A pipeline for scanning domains to measure things like speed, accessibility, and HTTPS.
tko-subs * Go 0
A tool that can help detect and takeover subdomains with dead DNS records
apollo * C++ 0
An open autonomous driving platform
deeplearningbook-chinese * TeX 0
Deep Learning Book Chinese Translation
fshell * Python 0
基于机器学习的分布式webshell检测系统
AV_Kernel_Vulns * C++ 0
Pocs for Antivirus Software‘s Kernel Vulnerabilities
php7-internal * 0
PHP7内核剖析
pupy * Python 0
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
phpggc * PHP 0
x86emulator * Go 0
x86 emulator by Golang
Android_Kernel_CVE_POCs * C 0
A list of my CVE's with POCs
pinpoint * Java 0
Pinpoint is an open source APM (Application Performance Management) tool for large-scale distributed systems written in Java.
malware-samples * 0
A collection of malware samples caught by several honeypots i manage
httpparse * Go 0
Capture and parse http traffics
Bypassing-Web-Application-Firewalls * Python 0
A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers
MalwareAnalysis * 0
A curated list of awesome malware analysis tools and resources
V1D0m * Python 0
Enumerate subdomains through Virustotal
XSStrike * Python 0
XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
Struts2Shell * Python 0
malsub * Python 0
A Python RESTful API framework for online malware and URL analysis services.
brutespray * Python 0
Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
php_mt_seed * C 0
Mirror of http://www.openwall.com/php_mt_seed/
massExpConsole * Python 0
adding more exploits and tools
libnids * C 0
libnids
DistributedTracingSystem * 0
分布式系统的跟踪系统 |Open Source APM (application performance management)
PHP-Rootkit * C 0
Your interpreter isn’t safe anymore — The PHP module rootkit
paper-1 * 0
Web&Browser Security
cyberbot * Python 0
A lightweight batch scanning framework based on gevent.
PCShare * C++ 0
PCShare是一款强大的远程控制软件,可以监视目标机器屏幕、注册表、文件系统等。
hack * Python 0
crawl hackerone reports
goreplay * Go 0
GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
grab.js * Shell 0
fast TCP banner grabbing with node.js
backslash-powered-scanner * Java 0
Finds unknown classes of injection vulnerabilities
gixy * Python 0
Nginx configuration static analyzer
BruteSploit * Shell 0
BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
XSS-Radar * JavaScript 0
malicious-wordpress-plugin * Python 0
Simply generates a wordpress plugin that will grant you a reverse shell once uploaded. I reccomend installing Kali Linux, as msfvenom is used to generate the payload.
appsensor * JavaScript 0
Build self-defending applications through real-time event detection and response
Benchmarks * 0
常用服务器、数据库、中间件安全配置基线 - 基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器,安卓、IOS、云的安全配置 For benchmarks.cisecurity.org
nitro-1 * Python 0
KVM-based Virtual Machine Introspection
go.netflow * Go 0
marshalsec * Java 0
Invoke-ProcessScan * PowerShell 0
Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
wordpress-exploit-framework * Ruby 0
A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
WPSeku-1 * Python 0
WPSeku - Wordpress Security Scanner
PHP-Internals-Book * Python 0
PHP Internals Book
LinkFinder * Python 0
A python script that finds endpoints in JavaScript files
domainhunter * HTML 0
Checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names
ftw * Python 0
Framework for Testing WAFs (FTW!)
tamperchrome * JavaScript 0
Tamper Chrome is a Chrome extension that allows you to modify HTTP requests on the fly and aid on web security testing. Tamper Chrome works across all operating systems (including Chrome OS).
Sn1per * PHP 0
Automated Pentest Recon Scanner
Airachnid-Burp-Extension * Java 0
A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
Advocate * Python 0
An SSRF-preventing wrapper around Python's requests library
WPSeku * Python 0
Simple Wordpress Security Scanner
WindowsExploits * Python 0
Windows exploits, mostly precompiled.
tpotce * Shell 0
T-Pot Image Creator
subDomainsBrute * Python 0
A simple and fast sub domain brute tool for pentesters
sobelow * Elixir 0
Security-focused static analysis for the Phoenix Framework
rust-iptables * Rust 0
Rust bindings for iptables
RootKits-List-Download * 0
This is the list of all rootkits found so far on github and othersites.
pyekaboo * Python 0
Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
MalAnalyzer * Python 0
基于docker虚拟化的恶意代码沙箱
vulscan * Lua 0
Advanced vulnerability scanning with Nmap NSE
doublepulsar-detection-script * Python 0
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
flexidie * Objective-C 0
Source code and binaries of FlexiSpy from the Flexidie dump
filterbypass * 0
ffmpeg-avi-m3u-xbin * Python 0
dawnscanner * Ruby 0
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
cvechecker * C 0
Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data
CS558 * Batchfile 0
EQGRP * Perl 0
Decrypted content of eqgrp-auction-file.tar.xz
Paper * 0
security technology documents
nShield * Python 0
An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices
nitro * C 0
KVM-based virtual machine introspection for malware analysis
mimipenguin * Python 0
A tool to dump the login password from the current linux user
check_py * Python 0
中国网络安全技术对抗赛代码
Bypass_Disable_functions_Shell * PHP 0
一个各种方式突破Disable_functions达到命令执行的shell
BlueOx * Python 0
A library for python-based application logging and data collection
awesome-web-security * 0
🐶 A curated list of Web Security materials and resources.
TSpider * Python 0
Yet Another Web Spider
Burp-Non-HTTP-Extension * Java 0
Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
drool * C 0
DNS Replay Tool
docker_fetch * Python 0
Data extraction tool for Docker Registry API
screw-plus * C 0
开源php加密运行扩展,基于screw二次开发,暂时只能在linux下运行
TinyAntivirus * C++ 0
TinyAntivirus is an open source antivirus engine designed for detecting polymorphic virus and disinfecting it.
grr * Python 0
GRR Rapid Response: remote live forensics for incident response
linux-inject * C 0
Tool for injecting a shared object into a Linux process
funfuzz * JavaScript 0
JavaScript engine & DOM fuzzers
serianalyzer * Java 0
A static byte code analyzer for Java deserialization gadget research
rim * Go 0
Agentless network interfaces monitor for GNU/Linux firewalls/servers
Veil-Evasion * Python 0
Veil Evasion is no longer supported, use Veil 3.0!
unfixed-security-bugs * 0
A list of publicly known but unfixed security bugs
netfilter_http * C 0
WikiLeaks-Marble-CIA * C++ 0
Clone repository for Source Code secret anti-forensic tools Marble Framework CIA, Leaked by WikiLeaks.
fuzzbunch * Python 0
NSA finest tool
cheetah * Python 0
a very fast brute force webshell password tool
OCIFT * Python 0
一个半自动化命令注入漏洞Fuzz工具(One Semi-automation command injection vulnerability Fuzz tool)
azazel * C 0
Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
ZEROScan * Python 0
Just a scan by Z3r0yu
focuson * Python 0
A tool to surface security issues in python code
tomcat-weak-password-scanner * Python 0
醉考拉tomcat后台弱口令扫描器,命令行版+图形界面版。
pymultitor * Python 0
PyMultitor - Python Multi Threaded Tor Proxy
qqbot * Ruby 0
基于SmartQQ(WebQQ)的QQ机器人 / a qq robot based on smartqq(webqq) api
Chinese-Names-Corpus * 0
中文人名语料库
scff * Python 0
softScheck Cloud Fuzzing Framework
oniongateway * Go 0
End-to-End encrypted Tor2Web gateway
ip2region * C 0
准确率99.9%的ip地址定位库,0.0x毫秒级查询,数据库文件大小只有1.5M,提供了java,php,c,python,nodejs,golang查询绑定和Binary,B树,内存三种查询算法,妈妈再也不用担心我的ip地址定位!
CVE-2017-7269-Echo-PoC * Python 0
CVE-2017-7269 回显PoC ,用于远程漏洞检测..
AI-Driven-WAF * Python 0
Artificial intelligence-driven Web Firewall
dind * Shell 0
Docker in Docker
IPAPatch * Objective-C 0
Patch iOS Apps, The Easy Way, Without Jailbreak.
Cisco-Adaptive-Security-appliances-shellcode * Python 0
Complete Cisco Adaptive Security Appliances shellcode support versions 8.0 through version 8.4 PLEASE USE RESPONSIBLY
EaST * Python 0
Exploits and Security Tools Framework 1.0.3
GitHack * Python 0
.git 泄漏利用工具,可还原历史版本
GithubLeakAlert * Python 0
GoBot2 * Go 0
Second Version of The GoBot Botnet, But more advanced.
pack * Python 0
PACK (Password Analysis and Cracking Kit)
HaboMalHunter * Python 0
HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
HatCloud * Ruby 0
Bypass CloudFlare with Ruby
security-101-for-saas-startups-zh_CN * 0
security-101-for-saas-startups 的中文翻译,原仓库 https://github.com/forter/security-101-for-saas-startups
HostileSubBruteforcer * Ruby 0
BAF * Python 0
Blind Attacking Framework
HttpPwnly * HTML 0
httponly下的xss利用
droopescan * Python 0
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
word_cloud * Python 0
A little word cloud generator in Python
Java-Deserialization-Cheat-Sheet * 0
The cheat sheet about Java Deserialization vulnerabilities
alibaba_safe_code * 0
阿里聚安全算法挑战赛
SuperSQLInjectionV1 * C# 0
超级SQL注入工具 简介: 超级SQL注入工具(SSQLInjection)是一款基于HTTP协议自组包的SQL注入工具,采用C#开发,程序采用自写代码来操作HTTP交互,支持出现在HTTP协议任意位置的SQL注入,支持各种类型的SQL注入,支持HTTPS模式注入;支持以盲注、错误显示、Union注入等方式来获取数据;支持Access/MySQL/SQLServer/Oracle等数据库;支持手动灵活的进行SQL注入绕过,可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计,需要使用人员对SQL注入有一定了解。 工具特点: 1.支持任意地点出现的任意SQL注入 2.支持全自动识别注入标记,也可人工识别注入并标记。 3.支持各种语言环境。大多数注入工具在盲注下,无法获取中文等多字节编码字符内容,本工具可完美解决。 4.支持注入数据发包记录。让你了解程序是如何注入,有助于快速学习和找出注入问题。 5.依靠关键字/时间等进行盲注,可通过HTTP相应状态码判断,还可以通过关键字取反功能,反过来取关键字。 6.程序采用自编码操作HTTP请求,HTTP发包和获取速度较快。
Belle * Java 0
Belle (Burp Suite 非公式日本語化ツール)
NetFuzzer * Python 0
kokkuri * Python 0
Kokkuri
weevely3 * Python 0
Weaponized web shell
libfuzzer-workshop * C++ 0
Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
src_edu * Python 0
为各位出色的渗透工程师提供攻击目标。
Teemo-1 * Python 0
A Domain Name Collection Tool
TBDEx * Python 0
lua-ffi-libinjection * Lua 0
LuaJIT FFI bindings for libinjection
smbmap * Python 0
SMBMap is a handy SMB enumeration tool
Mobile-Security-Framework-MobSF * Python 0
Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
probesc * Python 0
bugscan-1 * Python 0
w8ay专属扫描器
liffy * Python 0
Local File Inclusion Exploitation Tool (mirror)
ALISQLI * Java 0
阿里聚安全算法挑战赛 赛题二:《SQL注入检测》
Stitch * Python 0
Python Remote Administration Tool (RAT)
rust-inet-diag * Rust 0
netlink inet_diag in rust
subdomain3 * Python 0
electronic-wechat * JavaScript 0
:speech_balloon: A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.
NodeJsScan * Python 0
NodeJsScan is a static security code scanner for Node.js applications.
java_deserialization_exploits * Python 0
A collection of Java Deserialization Exploits
BVED * HTML 0
Browser Vulnerability Exploit DB(浏览器漏洞PoC数据库)
machine-learning * Jupyter Notebook 0
Content for Udacity's Machine Learning curriculum
subbrute * Python 0
A DNS meta-query spider that enumerates DNS records, and subdomains.
proxy_pool * Python 0
简易爬虫代理池
wafpass * Python 0
Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
scout_apm_ruby * Ruby 0
Scout Ruby Application Monitoring Agent
fssb * C 0
A filesystem sandbox for Linux using syscall intercepts.
find-sec-bugs * Java 0
The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala projects)
goscan-1 * Go 0
golang的扫描框架, 支持协程池和自动调节协程个数.
POC-T * Python 0
渗透测试插件化并发框架
WebshellManager * JavaScript 0
w8ay 一句话WEB端管理工具
dirtycow.github.io * HTML 0
Dirty COW
PayloadsAllTheThings * Python 0
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
sqlite-lab * PHP 0
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Fwaf-Machine-Learning-driven-Web-Application-Firewall * Python 0
Machine learning driven web application firewall to detect malicious queries with high accuracy.
rust.ko * Rust 0
使用rust开发lkm
XSSYA-V-2.0 * Python 0
Node.Js-Security-Course * JavaScript 0
Contents for Node.Js Security Course
cryptostalker * Go 0
Detect and prevent crypto malware as it encrypts files
thesis2016 * Groff 0
My Thesis dealing with detecting Evolutionary Algorithms for Application-Layer Web Attacks
commix * Python 0
Automated All-in-One OS command injection and exploitation tool.
magento-malware-scanner * HTML 0
A collection of rules and samples to detect Magento malware
bypass_waf * Python 0
waf自动爆破(绕过)工具
jdwp-shellifier * Python 0
ngx_php7_tracker * C 0
The branch of ngx_php7, Track php7 script, opcode, function stack for nginx-module.
bash-autoinstaller-active-syslog * Shell 0
Bash autoinstaller (any versions 4) + all patches + syslog module (with real username)
rtf_exploit_extractor * Python 0
Script to extract malicious payload and decoy document from CVE-2015-1641 exploit documents
KernelHooksDetection_x64 * C 0
x64 Kernel Hooks Detection
Netfilter-HTTP-Modify * C 0
linux netfilter下修改网关,劫持404页面
RouterExploitScan * Python 0
RouterExploit
V3n0M-Scanner * Python 0
Popular Pentesting scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns
Web-Application-Firewall * C 0
Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.
lcyscan * Python 0
autoSubTakeover * Python 0
A tool used to check if a CNAME resolves to the scope adress. If the CNAME resolves to a non-scope adress it might be worth checking out if subdomain takeover is possible.
Mirai-Source-Code * C 0
Leaked Mirai Source Code for Research/IoC Development Purposes
datasploit * JavaScript 0
A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
server-status_PWN * Python 0
A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
pam * Go 0
PAM layer for implementing your own pam library
H5SC * JavaScript 0
HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
DGADetection * Python 0
Exploring the use of decision trees to detect domain names generated by domain generation algorithms (DGA)
3xp10it * JavaScript 0
AssetsView * PHP 0
Assets View资产发现、网络拓扑管理系统
dvcs-ripper * Perl 0
Rip web accessible (distributed) version control systems: SVN/GIT/HG...
Liudao * Java 0
“六道”实时业务风控系统
DBShield * Go 0
Database firewall written in Go
Hypro * C 0
VMI on BitVisor to detect hidden rootkits.
codewarrior * C 0
code-searching tool and static analysis - Beta, at construction
ssrfDetector * JavaScript 0
Server-side request forgery detector
sshesame * Go 0
A fake SSH server that lets everyone in and logs their activity
cuckoo-linux * Python 0
Linux malware analysis based on Cuckoo Sandbox.
SecurityRSS * 0
网络安全相关的RSS订阅列表
service-go * Go 0
Service management for Linux (systemd, upstart, sys-v), Darwin (launchd) and Windows. Forked from https://bitbucket.org/kardianos/service/
geoip-attack-map * Python 0
Cyber security geoip attack map that follows syslog and parses IPs/port numbers to visualize attackers in real time.
GitPrey * Python 0
Searching sensitive files and contents in GitHub associated to company name or other key words
go-stf * Go 0
minicap, minitouch, UIAutomator etc... wraps
OpenDoor * Python 0
OWASP Directory Access scanner
ysoserial * Java 0
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
injection-php * C 0
libinjection PHP wrapper
awesome-machine-learning-cn * 0
机器学习资源大全中文版,包括机器学习领域的框架、库以及软件
wooyun-wiki * HTML 0
wiki.wooyun.org的部分快照网页
leanengine-nodejs-apm * JavaScript 0
LeanEngine performance monitoring for Node.js application
DigitalOcean * Go 0
Port scanner, written in golang
lightbulb-framework * Python 0
Tools for auditing WAFS
multiple_burst * Python 0
分布式弱口令扫描
Decryptonite * C 0
Ransomware Detection and Mitigation Software
F-Scrack * 0
F-Scrack is a single file bruteforcer supports multi-protocol
Mirai-1 * C 0
Source code for the Mirai botnet - Not going anywhere anytime soon
elf_reader * Go 0
A Go library for reading and parsing ELF files
MemorySharp * C# 0
A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.
raptor_waf * C 0
Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta
remoteShell * C 0
Direct shell in C. Reverse shell in C. Both over TCP.
malheur * C 0
自动化恶意软件分析
ssrf_scan * Python 0
多线程批量扫描ssrf漏洞
cppphp * C++ 0
C++ learning project to write a dummy PHP AST builder
scantastic-tool * Python 0
It's bloody scantastic
Dionaea * JavaScript 0
基于Docker的蜜罐系统
Firewall * Python 0
美国国家安全局NSA下属方程式黑客组织(Equation Group)被The Shadow Brokers(影子经纪人)hack出来的并免费分享的源码
PhantomjsFetcher * JavaScript 0
A python web fetcher using phantomjs to mock browser
genetics * Python 0
A python library for genetic algorithms
OWASP-Xenotix-XSS-Exploit-Framework * Python 0
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
icmptunnel * C 0
Tunnel IP over ICMP.
next * Go 0
A robust, reliable, easy-configure virtual private network (linux/macOS)
weblogic_unserialize_exploit * Python 0
java unserialize vul for weblogic exploit
Libinjection-1 * Java 0
Libinjection in Java
LISET * Batchfile 0
Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident response (either forensic or malware oriented).
local-nsq * Go 0
NSQ Local and Simple Version
MobileSF * Python 0
HackingLab定制版Mobile Safe Framework
poc * Python 0
poc from bugscan beebeeto
process-hiding * C 0
linux下实现进程隐藏
ProxyBroker * Python 0
Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS
redis-protocol * Go 0
Redis protocol parser in golang
research * Python 0
comma.ai for the people to experiment with
rkduck * C 0
Linux v4.x.x Rootkit
RubySVMVirusScanner * Ruby 0
Virus scanner (PE classifier) based on rb-libsvm and pedump
scanrs * Rust 0
A port scanner written in Rust, as an exercise to learn more about Rust! MIT Licensed.
CodeIgniterXor * Python 0
CodeIgniter <=2.1.4 session cookie decryption vulnerability
DNFWAH * HTML 0
It's an ezine: DO NOT FUCK WITH A HACKER
Some-PoC-oR-ExP * Python 0
各种漏洞poc、Exp的收集或编写
sshhipot * Go 0
High-interaction MitM SSH honeypot
syscall-rootkit * C 0
Just a proof of concept Linux rootkit that reads from syscalls.
uberlogger * C 0
Linux honeypot system
WEF_ADSecuirtyLogs * PowerShell 0
Windows Event Forwarding for Active Directory Security Logs
ActiveDefense * C++ 0
小型主动防御引擎
php-5.3.3 * C 0
php
detect_preload * C 0
Small C application designed to detect LD_PRELOAD malware via the libdl library functions.
HellRaiser * Ruby 0
Vulnerability Scanner
ssh2go * Go 0
go wrapper for libssh (both client and server side)
Kadimus-1 * C 0
本地文件包含利用工具
aiohttp_spider * Python 0
An example of web spider using aiohttp
VCG * Visual Basic 0
VisualCodeGrepper - Code security scanning tool.
tbhm * 0
The Bug Hunters Methodology
smartdns * Python 0
基于Twisted实现的智能dns系统
burp-ysoserial * Java 0
YSOSERIAL Integration with burp suite
Spark_Movie_recsys * Python 0
在Spark环境下,利用Flask框架,采用Mongodb设计的一个在线电影推荐系统的演示demo
Shell-Detector * Python 0
Shell Detector – is a application that helps you find and identify php/cgi(perl)/asp/aspx shells. Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.
SerialKillerBypassGadgetCollection * Java 0
Collection of bypass gadgets to extend and wrap ysoserial payloads
chess * Go 0
基于Go语言的棋牌游戏框架
CMSFuzz * Ruby 0
crawler * Python 0
a web crawler
rtb * Go 0
Proof of concept real time bidding library.
docker_api_vul * Python 0
docker 未授权访问漏洞利用脚本
Limon * Python 0
Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools
dpdk-go * Go 0
Go bindings for dpdk (http://dpdk.org/).
Nodejs-APM * PHP 0
A sample apm system
HQLi-playground * Java 0
HighRiskPort * Python 0
总结一些渗透中值得关注的默认端口
duncan * Python 0
Duncan - Blind SQL injector skeleton
foolav * C 0
Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host
acunetix_0day * Python 0
Acunetix 0day RCE
go-mimikatz * Go 0
A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
cub3 * C 0
基于LD_PRELOAD的ring3 rootkit
d-sole * Go 0
Docker security hole, allow to execute a script on the host from a container.
AutoLocalPrivilegeEscalation * Python 0
An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
mimic * C 0
A tool for covert execution in Linux.
netlink-3 * Rust 0
Rust bindings for libnetlink
Remote * C++ 0
远程控制项目
BBScan * Python 0
A tiny Batch weB vulnerability Scanner
rootkit-1 * C 0
bashistdb * Go 0
Bashistdb saves and retrieves your bash history into a local or remote SQLite database.
spy * Go 0
Spy - Watches for file changes, restarts stuff
JavaUnserializePOC * Python 0
pentest_study * PowerShell 0
从零开始内网渗透学习
XSS.png * 0
A XSS mind map ;)
isip * Python 0
Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks.
PenTools * Shell 0
This is a bundle of python and bash penetration testing tools for recon and information gathering.
ds_store * Go 0
GO - Minimal parser for .DS_Store files
simple-rootkit * C 0
A simple attack against gcc and Python via kernel module, with highly detailed comments.
clamav-yara * Go 0
Converts the Clamav Virus Database definitions to YARA rules [GOLANG]
assetnote * JavaScript 0
Push notifications for passive DNS data
lstm_dga * Lua 0
This repository based on Andrej Karpathy char-rnn https://github.com/karpathy/char-rnn. Developed to research the possibility of applying LSTM neural network to detect and classify malicious domains.
awvspy * Python 0
awvs python library
SimpleCLRProfiler * C++ 0
Getting started with CLR Profiling API
apm-python-agent-principle * Python 0
Python 探针实现原理
mod_sqli * C++ 0
A simple Apache module with implementation of LibInjection
LKM_KeyLogs * C 0
A simple kernel-land keylogger
linux-kernel-security-suite * C 0
:penguin: A collection of linux kernel modules that harden the kernel
phantomjs_hide_and_seek * HTML 0
Some ideas around spoofing and detecting user agents.
php-apm * C 0
PHP APM (Alternative PHP Monitor)
BkScanner * Python 0
BkScanner 分布式、插件化web漏洞扫描器
LAN-Behavior_MIS * JavaScript 0
This is an Internet Behavior Management System.
Beyond.APM * C++ 0
Beyond APM is a .Net CLR Profiler dedicated to .Net Application Performance Monitor and offering AOP and Tracing capabilities to your code without modification of original source codes
wechat-deleted-friends * Python 0
查看被删的微信好友
ToyMalwareClassification * Python 0
WVS_Patcher * Python 0
Script to run wvs in queue, and send mails to you on ending.
WMI_Backdoor * PowerShell 0
A PoC WMI backdoor presented at Black Hat 2015
winfirewall * C++ 0
Control the Windows Firewall from Go, supports Windows XP API and Advanced Security COM API
sqlparser * Go 0
SQL Parser from https://github.com/youtube/vitess/tree/master/go/vt/sqlparser
sqlchop * Python 0
A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis.
socketcand * C 0
snuck * Java 0
Automatic XSS filter bypass
SNMP-Brute * Python 0
Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.
rust-php-ext * C 0
Rust library integrated into a PHP extension
Reverse_DNS_Shell * Python 0
A python reverse shell that uses DNS as the c2 channel
lcxl-shadow * C 0
LCXL影子系统
go-netfilter-queue * Go 0
Go bindings for libnetfilter_queue
go-mysql-replay * Go 0
Replay MySQL Traffic
fcgi_exp * Go 0
PHP-Shell-Detector * PHP 0
Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.
php-ext * Shell 0
php扩展开发笔记
passcheck * Go 0
Linux user password expiration check
otpknock * Go 0
port knocking by otp auth
node-apm * JavaScript 0
Nodejs Application Monitor
modshell * C 0
Linux kernel module netfilter backdoor demo
mixer * Go 0
a MySQL proxy powered by Go
byzantine * Python 0
The Byzantine General Problem
bugspots * Ruby 0
Implementation of simple bug prediction hotspot heuristic
Bugscan * PHP 0
Bugscan Web Vulnerability Scaner Online System
browspy * JavaScript 0
浏览器用户全部信息收集js
acapulco * JavaScript 0
Attack Community Graphs through Event Clustering
DylibHijack * Python 0
python utilities related to dylib hijacking on OS X
docker-iptables * Go 0
Docker firewall manager
TeamTalk * Objective-C 0
TeamTalk is a solution for enterprise IM
Virus-and-Windows-API-Programing * C 0
中科大13级计算机病毒分析与WindowsAPI编程 授课老师:郭大侠
SIEM * JavaScript 0
Security information and event management, masters's diploma
kprobe_rootkit * C 0
Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)
x64emu * C 0
x86_x64 emulator
xfr_scanner * Python 0
a dns zone transfer vulnerability scanner
XSeleniumS * Python 0
Automatic XSS Reflected Scan
kaggle_Microsoft_Malware * Python 0
code for kaggle competition Microsoft malware classification
jsprime * JavaScript 0
a javascript static security analysis tool
ivre * Python 0
A Python network recon framework, based on Nmap, Bro & p0f with MongoDB backend.
reenix * Rust 0
A Rust version of the Weenix OS
htpwdScan * Python 0
A python HTTP weak pass scanner
golang-libinjection * Go 0
Golang bindings for libinjection
dirb * C 0
Web Fuzzer
php-security-scanner * PHP 0
A static security scanner for PHP
php-monitor * C 0
内部函数监控扩展
pecker * PHP 0
A scanner named pecker, written in php,It can check dangerous functions with lexical analysis.
evilarc * Python 0
Create tar/zip archives that can exploit directory traversal vulnerabilities
mysql-proxy-python * C 0
Automatically exported from code.google.com/p/mysql-proxy-python
SRCMS * PHP 0
SRCMS(轻响应)企业应急响应中心开发框架模版
myctf * Python 0
A ctf competition program.
ruby-libinjection * Ruby 0
Ruby wrapper around Client9's libinjection
banti * C 0
Kernel Based Root ToolKit Samples
Security-Data-Analysis * Jupyter Notebook 0
A series of labs that will help users apply various data science techniques to security related data.
YOF * CSS 0
最好的 YAF 入门 DEMO, 看过就会用 !
portguard * Go 0
port scan detection
phpvulhunter * PHP 0
A tool that can scan php vulnerabilities automatically using static analysis methods
lorispack * Shell 0
Network Microsegmentation for Docker container deployments
svn_git_scanner * Python 0
用于扫描git,svn泄露
swoole-yaf * PHP 0
结合swoole扩展和Yaf框架,使用swoole的内置http_server
igo * Go 0
A simple interactive Go interpreter built on go-eval with some readline-like refinements
Splunk-Web-Shell * JavaScript 0
Splunk Web Shell
SimpleZoomeye * PHP 0
A simple Zoomeye written by python,more details click this link: http://blog.csdn.net/u011721501/article/details/41967847
Static-DOM-XSS-Scanner * Python 0
Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.
stoke * JavaScript 0
:evergreen_tree: Generate the Abstract Syntax Tree (AST) of a Bash command.
thrift_unix_domain * Go 0
thrift golang unix domain socket
wispy * Python 0
AST parser and inference engine for PowerShell language
XSSChallengeWiki * 0
Welcome to the XSS Challenge Wiki!
xsschef * JavaScript 0
Chrome extension Exploitation Framework
bannerscan * Python 0
http://x0day.me/archives/bannerscan-py.html
AxisInvoker * Java 0
Minimal AXIS2 webshell
mcpulimit * Go 0
CPULimit for multiple processes (limits ALL of them, not just the first)
mst * Python 0
A Platform for Web Pentest From China
MysqlAudit * Go 0
Mysql test sniffer to audit simple queries
Nscan * Python 0
Nscan: Fast internet-wide scanner
php-apm-web * JavaScript 0
APM (Alternative PHP Monitor) web frontend
php-webim * JavaScript 0
使用PHP+Swoole实现的网页即时聊天工具
elasticsearch-river-nsq * Java 0
Elasticsearch River for NSQ
DLLRunner * Python 0
Smart DLL execution for malware analysis in sandbox systems
dll_hijack_detect * C++ 0
Detects DLL hijacking in running processes on Windows systems
gscan * Go 0
hmm * Go 0
A hidden Markov model implementation
isapiguard * C++ 0
Basic implementation of web request filtering under IIS 7.0+; capable of stopping sql injection and file incursion attacks
Kadimus * C 0
LFI Scan & Exploit Tool
vipas * Go 0
Vipasyin Webshell detector (golang)
lsof * Go 0
a pure go lsof
MachineLearning * Python 0
Basic MachineLearning algorithm
psnotify * Go 0
python_netlink * Python 0
python native library for network device.
lin.rootkit * C 0
SDBF * Python 0
Smart DNS Brute Forcer
ninja * C 0
a privilege escalation detection and prevention system for GNU/Linux hosts
DOMinator * C++ 0
OpenDPI * C 0
OpenDPI v.3.10
lib_mysqludf_sys * HTML 0
A UDF library with functions to interact with the operating system. These functions allow you to interact with the execution environment in which MySQL runs.
Linux_Hook_Detection * C 0
Linux Hook Detection
python-webshell * Python 0
webshell writen in python
gethooks * C 0
GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
go-alpm * Go 0
go bindings to pacman's libalpm
grace * PHP 0
一款支持HMVC、数据库主从分离、多项目的PHP框架
pvt * C 0
PHP extension for web-application dynamic analysis.
phpml * PHP 0
PHP Markup Language
yaranids * C 0
NIDS based around hooking yara into callbacks
aspis * PHP 0
A PHP code transformer to provide protection against injection attacks
codeword * C# 0
Fork of Codeword from http://code.google.com/p/codeword/
sqlassie * C++ 0
database firewall
mysql_proxy * Python 0
webhandler * Python 0
webhandler
skipfish * C 0
Web application security scanner created by lcamtuf for google - Unofficial Mirror
ML_Malware_detect * Python 0
阿里云安全恶意程序检测比赛
fastjson-rce-exploit * Java 0
exploit for fastjson remote code execution vulnerability
awesome-mitre-attack * 0
A curated list of awesome resources related to Mitre ATT&CK™ Framework
sonar.js * JavaScript 0
A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
GithubMonitor * Python 0
根据关键字与 hosts 生成的关键词,利用 github 提供的 api,监控 git 泄漏。
beyondauth * Go 0
a traefik / nginx companion to create an identity aware proxy like beyondcorp
jsspider * Python 0
A js infomation dig tool.
redis-rce * Python 0
Redis 4.x/5.x RCE
urlooker * 0
企业级url监控
Cheating-Plugin-Program * C++ 0
从零开始研究外挂设计原理
gowap * Go 0
Wappalyzer implementation in Go
procmon * C 0
Log all none root Linux kernel EXEC calls. pid, uid, host and cmdline are written with rsyslog in JSON format.
Vxscan * Python 0
python3写的综合扫描工具,主要用来敏感文件探测(目录扫描与js泄露接口),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,弱口令探测,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Amsi-Bypass-Powershell * 0
This repo contains some Amsi Bypass methods i found on different Blog Posts.
GScan-1 * Python 0
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
aswan * Python 0
陌陌风控系统静态规则引擎,零基础简易便捷的配置多种复杂规则,实时高效管控用户异常行为。
AdvBox * Python 0
An adversarial examples toolbox for constructing attacks, building defenses, and Measuring robustness of AI model
risk-management-note * 0
风险控制笔记,适用于互联网企业
DLLSpy * C++ 0
DLL Hijacking Detection Tool
datacon_2019_DNS * 0
https://www.cdxy.me/?p=806
datacon * 0
datacon比赛方向三-攻击源与攻击者分析writeup
SaiDict * 0
弱口令,敏感目录,敏感文件等渗透测试常用攻击字典
AI-for-Security-Testing-Database * Jupyter Notebook 0
复现过的AI安全检测的项目集合
dive-to-gosync-workshop * Go 0
深入Go并发编程研讨课
yurita * Scala 0
Anomaly detection framework @ PayPal
hack_tools_for_me * Shell 0
自己为了方便收集的小工具
m3u8-Downloader-Go * Go 0
m3u8 downloader with golang
CVE-2019-0708 * C 0
Scanner PoC for CVE-2019-0708 RDP RCE vuln
CVE-2018-14729 * 0
Discuz backend getshell
gocelery * Go 0
Celery Distributed Task Queue in Go
memconn * Go 0
MemConn is an in-memory network stack for Go.
linux * Shell 0
linux安全检查
wfuzz * Python 0
Web application fuzzer
ffuf * Go 0
Fast web fuzzer written in Go
Awesome-WAF * 0
🔥 A curated list of awesome web-app firewall (WAF) stuff.
chromium_for_spider * HTML 0
为漏扫动态爬虫定制的浏览器
Seccubus * JavaScript 0
Easy automated vulnerability scanning, reporting and analysis
java_rasp_example * Java 0
w12scan * CSS 0
🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
MalwareTrainingSets * Python 0
Free Malware Training Datasets for Machine Learning
fireELF * Python 0
Fileless Linux Malware Framework
auditd-attack * 0
A Linux Auditd rule set mapped to MITRE's Attack Framework
AsyncRAT-C-Sharp * C# 0
Remote Administration Tool For Windows C# (RAT)
netmap.js * JavaScript 0
Fast browser-based network discovery module
pbscan-1 * Python 0
基于burpsuite headless 的代理式被动扫描系统
ptf * Python 0
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
Finder * Go 0
一款Go语言实现的端口扫描器.
arpZebra * Go 0
ARP+DNS欺骗工具,网络安全第三次实验,课堂演示用,严禁非法用途。ARPSpoof,wifi hijack,dns spoof
fusee-launcher * Python 0
ReSwitched's work-in-progress launcher for one of the Tegra X1 bootROM exploits(switch root)
godfs * Go 0
A simple fast, easy use distributed file system written by golang.
go-fastdfs * Go 0
A simple fast, easy use distributed file system written by golang(similar fastdfs).go-fastdfs 是一个简单的分布式文件存储,具有高性能,高可靠,免维护等优点,支持断点续传,分块上传,小文件合并,自动同步,自动修复。
30-days-of-vue * CSS 0
30 Days of Vue
goSkylar * Go 0
基于Golang开发的企业级外网端口资产扫描
Code-audit * 0
代码审计入坑
sqlflow * Go 0
Brings SQL and AI together.
linux_rat * JavaScript 0
LINUX集群控制(LINUX反弹式远控) LINUX反向链接运维 BY:QQ:879301117
tangscan * Python 0
乌云tangscan扫描器插件
Tentacle * Python 0
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zooeyem, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.
Awesome-Advanced-Windows-Exploitation-References * 0
List of Awesome Advanced Windows Exploitation References
go-querystring * Go 0
go-querystring is Go library for encoding structs into URL query parameters.
WordSteal * Python 0
This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
windows-docker-machine * PowerShell 0
Work with Windows containers and LCOW on Mac/Linux/Windows
gameboy.live * Go 0
🕹️ A basic gameboy emulator with terminal "Cloud Gaming" support
TP1 * 0
Linux Basics for Hackers
whatweb-1 * Go 0
WEB指纹识别 - gowap基础上修改的golang版本
yujianrdpcrack * 0
御剑RDP爆破工具
goscan-2 * Go 0
Interactive Network Scanner
navicat-keygen * C 0
A keygen for Navicat
fracker * PHP 0
PHP function tracker
WMI_Monitor * PowerShell 0
Log newly created WMI consumers and processes to the Windows Application event log
ScanQLi * Python 0
SQLi scanner to detect SQL vulns
android-vuln * C 0
安卓内核提权漏洞分析
Cobalt_Strike_wiki * 0
Cobalt Strike系列
vulscan-1 * Python 0
vulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
MYSQL_SQL_BYPASS_WIKI * 0
mysql注入,bypass的一些心得
termshark * Go 0
A terminal UI for tshark, inspired by Wireshark
GoMet * Go 0
Multi-platform agent written in Golang. TCP forwarding, socks5, tunneling, pivoting, shell, download, exec
golang-uacbypasser * Go 0
UAC bypass techniques implemented and written in Go
wmifilter * C 0
驱动层拦截web访问源码
sudo_inject * C 0
[Linux] Two Privilege Escalation techniques abusing sudo token
gogsownz * Python 0
Gogs CVEs
KWP * Python 0
Keyboard Weak Password
uilive * Go 0
uilive is a go library for updating terminal output in realtime
mysql-magic * C 0
dump mysql client password from memory
awesome-pentest * 0
A collection of awesome penetration testing resources, tools and other shiny things
windows-privesc-check * Python 0
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
BlueHive * PowerShell 0
PowerShell based Active Directory Honey User Account Management with Universal Dashboards
SCADA-Rules * 0
Snort rules
icstools * Lua 0
ics security tools
dnsmasq-china-list * Python 0
Chinese-specific configuration to improve your favorite DNS server. Best partner for chnroutes.
commando-vm * PowerShell 0
RW_Password * Python 0
此项目用来提取收集以往泄露的密码中符合条件的强弱密码
WebShellCheck * Python 0
Webshell Detection Based on Deep Learning
process-packet-filter * C 0
Capture packet by process info in Windows System
analog * Python 0
一款基于机器学习的Web日志统计分析与异常检测命令行工具
everyone-can-use-english * 0
人人都能用英语
selenium * Go 0
Selenium/Webdriver client for Go
graudit * Shell 0
grep rough audit - source code auditing tool
sniffer-1 * Go 0
sniffer http data by go
QilinBaoleiji * C 0
堡垒机-麒麟堡垒机,集堡垒机、SSLVPN-堡垒机内置、动态口令-堡垒机内置、应用审计-堡垒机内置、数据库审计-堡垒机内置、CA证书-堡垒机内置-堡垒机内置、云桌面-堡垒机内置、密码自动修改为一体的堡垒机系统
pown-recon * JavaScript 0
A powerful target reconnaissance framework powered by graph theory.
beagle * Python 0
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
PowerShdll * C# 0
Run PowerShell with rundll32. Bypass software restrictions.
linux-kernel-module-cheat * Python 0
The perfect emulation setup to study and modify the Linux kernel, kernel modules, QEMU and gem5. Highly automated. Thoroughly documented. GDB step debug and KGDB just work. Automated tests. Powered by Buildroot. "Tested" in Ubuntu 18.04 host, x86_64, ARMv7 and ARMv8 guests with kernel v5.0.
SharPyShell * Python 0
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
SearchApp * Python 0
小型网络空间搜索引擎
Mr.SIP * Python 0
SIP-Based Audit and Attack Tool
WCnife * Python 0
Web版中国菜刀
tcpscan-1 * Python 0
python3写的一个小工具,主要用于端口扫描,服务识别。
golang_c2 * Go 0
Boilerplate C2 written in Go for red teams
sublert * Python 0
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
mail_fishing * PHP 0
甲方安全工程师必备,内部钓鱼系统
xray * Go 0
XRay is a tool for recon, mapping and OSINT gathering from public networks.
ChunkedHTTPAdapter * Python 0
参考《利用分块传输吊打所有WAF》修改的requests的Adapter
MySQLMonitor * Python 0
MySQL实时监控工具(黑盒测试辅助工具)
AI-Machine-Learning-Security * 0
一个关于人工智能渗透测试分析系列
Java-Unserialization-Study * Java 0
QAQ Just study unserialize vulnerabilities in Java :)
dashboards * HTML 0
Responsive dashboard templates for Bootstrap 📊✨
HiddenEye * HTML 0
Modern phishing tool with advanced functionality [ Termux-Support Available ]
pyevmasm * Python 0
Ethereum Virtual Machine (EVM) disassembler and assembler
go-fastping * Go 0
ICMP ping library for Go inspired by AnyEvent::FastPing Perl module
ml-antivirus * Python 0
This is repo of antivirus which uses machine learning to classify viruses from legitimate files.
awesome-linux-rootkits * 0
awesome-linux-rootkits
win10-secure-baseline-gpo * Go 0
Windows 10 and Server 2016 Secure Baseline Group Policy
VulDeePecker * C 0
VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
LuWu * Shell 0
红队基础设施自动化部署工具
Pass-the-Hash-Guidance * PowerShell 0
Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber
ReflectiveDLLInjection * C 0
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
DNSlivery * Python 0
Easy files and payloads delivery over DNS
ghidra * 0
Offensive-Security-OSCP-Cheatsheets * PowerShell 0
ipv666 * Go 0
Golang IPv6 address enumeration
Pentest_Interview * 0
个人准备渗透测试和安全面试的经验,和部分厂商的面试题
websocket-client-go * Go 0
Reconnecting Websocket Client Golang Library
WebMap * Python 0
Nmap Web Dashboard and Reporting
webshell-find-tools * Python 0
分析web访问日志以及web目录文件属性,用于根据查找可疑后门文件的相关脚本。
Sagaan-AntiCheat-V2.0 * C 0
Anti Cheat i made in my free time. Credits to everyone who helped are in the files and some are in the code. I will definitely improve this Anti Cheat along the way, now its just beta. Enjoy.
Shared * Jupyter Notebook 0
Shared Blogs and Notebooks
winc-1 * Go 0
Common library for Go GUI apps on Windows
Venom * Go 0
Venom - A Multi-hop Proxy for Penetration Testers Written in Go
netlinkconnector * Go 0
netlink connector library for Go
firehttp-1 * Go 0
一个专门用于开发安全工具的HTTP类库.
powershellveryless * C# 0
Constrained Language Mode + AMSI bypass all in one
netlink-4 * Rust 0
low level netlink library for rust
malware-sample-library * 0
Malware sample library.
piof * HTML 0
PIOF - PHP Instrumentation Open Framework - A dynamic and modulable instrumentation framework for PHP language.
extrace * C 0
trace exec() calls system-wide
Security-with-Go * Go 0
Security with Go, published by Packt
bro-sysmon * Bro 0
How to Zeek Sysmon Logs!
falco * C++ 0
Falco: Container Native Runtime Security
jenkins_unauthenticated_remote_code_execution * Java 0
Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)
DeeDee * Python 0
Stealthy DDE Exploit Payload generator and injector for DOCX files
zgrab2 * Go 0
ZGrab 2.0 Framework
rust-headless-chrome * Rust 0
chashell * Go 0
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
app * Go 0
Package to create apps with GO, HTML and CSS. golang gui
PSHunt * PowerShell 0
Powershell Threat Hunting Module
pe * Go 0
Package pe implements access to the Portable Executable (PE) file format.
go-cluster * Go 0
k-modes and k-prototypes clustering algorithms implementation in Go
lihang_book_algorithm * Python 0
致力于将李航博士《统计学习方法》一书中所有算法实现一遍
AI-Security-Learning * 0
自身学习的安全数据科学和ai安全算法的学习资料
get_ip_by_ico * Python 0
从shodan获取使用了相同favicon.ico的网站
javaweb-codereview * Java 0
javaweb-codereview
How-To-Secure-A-Linux-Server * 0
An evolving how-to guide for securing a Linux server.
libsvm-go * Go 0
Full port of LIBSVM in the Go programming language
safeline-open-platform * Lua 0
lol-model-viewer * JavaScript 0
154个英雄联盟中的英雄和中立生物的3D模型(带动画)演示。https://tengge1.github.io/lol-model-viewer
PythonDataMining * Jupyter Notebook 0
:notebook_with_decorative_cover: 在学院的书架上发现了一本不带脑子就能看懂的书《Python数据挖掘与实战》
lysec * JavaScript 0
一个基于docker的安全培训系统
Mastering_Go_ZH_CN * Go 0
《Mastering GO》中文译本,暂时命名为《玩转 GO》。阅读本书之前,您应该阅读有关Go的介绍性书籍,或者已经完成了Go By Example。本书的内容包括但不限于并发、网络编程、垃圾回收、组合、GO UNIX系统编程、基本数据类型(Array,Slice,Map)、GO源码、反射,接口,类型方法等高级概念。阅读本书需要一定的编程经验。如果你在工作中使用Go或者业余时间爱好GO,那么这本书一定会让你对GO的理解更上一层楼。
http-netfilter * C 0
Linux kernel HTTP filtering netfilter module
CyBot * Python 0
Open Source Threat Intelligence Chat Bot
dnsbin * JavaScript 0
The request.bin of DNS request
w11scan * CSS 0
分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
kunpeng * Go 0
kunpeng是一个Golang编写的开源POC检测框架,以动态链接库的形式提供各种语言调用,通过此项目可快速对目标进行安全漏洞检测,比攻击者快一步发现风险漏洞。
go-cgroup * Go 0
bindings for libcgroup
Intranet_Penetration_Tips * 0
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
go-cpulimit * Go 0
Channel-based CPU usage limiter
bbscan_rules * 0
My BBScan rules
RedTeam * 0
RedTeam资料收集整理
nWatch * Python 0
NetNTLMtoSilverTicket * PowerShell 0
SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
scanproxy * Go 0
scanproxy is auto scan IP & port,and check that is proxy if port is open...(scanproxy是一个自动扫描端口,并且检测是否是代理服务器的程序)
synflood * Go 0
A tcp syn flood attack tool
SocialEngineeringPayloads * CSS 0
This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.
100-Days-Of-ML-Code-1 * Jupyter Notebook 0
100-Days-Of-ML-Code中文版
mitre-collection * 0
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
elasticsql * Go 0
convert sql to elasticsearch DSL in golang(go)
ElasticHD * Go 0
Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索,Index template快捷替换修改,索引列表信息查看, SQL converts to DSL等
dga_detector * Python 0
DGA Domains detection
web-log-parser * Python 0
web日志分析工具
go-shellcode * Go 0
Load shellcode into a new process
hookjs * JavaScript 0
javascript function hook
MachineLearning-2 * Python 0
Basic Machine Learning and Deep Learning
student * Python 0
个人学习
python-evtx * Python 0
Pure Python parser for recent Windows Event Log files (.evtx)
x-deeplearning * C++ 0
An industrial deep learning framework for high-dimension sparse data
AI-for-Security-Testing * Jupyter Notebook 0
My AI security testing project
DarthSidious-Chinese * 0
DarthSidious 中文版
p0wnedShell * C# 0
PowerShell Runspace Post Exploitation Toolkit
DccwBypassUAC * C++ 0
Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
dzscan * Python 0
Dzscan
IsolationForest * Python 0
IsolationForest wiht Sk-learn
AV-Killer * C++ 0
Antivirus Killer
Github-Monitor * JavaScript 0
Github信息泄漏监控系统
SharpLogger * C# 0
Keylogger written in C#
sploitfun-linux-x86-exp-tut-zh * CSS 0
:book: [译] SploitFun Linux x86 Exploit 开发系列教程
Base-Learning-for-Security-Offers * 0
404notfound的知识体系
LinuxCheck * Shell 0
Responder * Python 0
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
dga_classifier * Python 0
Sample DGA classifier
SubDomainizer * Python 0
A tool to find subdomains and interesting things hidden inside and external Javascript files of page.
miaosha * Java 0
😮😮秒杀系统设计与实现.互联网工程师进阶与分析🙋🐓
sklearn * Go 0
bits of sklearn ported to Go #golang
CVE-2018-15982_EXP * Python 0
exp of CVE-2018-15982
evilginx * Python 0
PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2
PPTHub * 0
大安全各领域各公司各会议分享的PPT及行业合规、安全认证、安全书籍汇总
How-to-Read-Source-and-Fuzzing * 0
一些阅读源码和Fuzzing 的经验..
Allscanner * Python 0
数据库和其他服务的弱端口的弱口令检测以及未授权访问的集成检测工具。 Weak password blasting of weak ports and integrated detection tools for unauthorized access.
Seth * Python 0
Perform a MitM attack and extract clear text credentials from RDP connections
SharpClipboard * C# 0
C# Clipboard Monitor
it-chain * Go 0
私有区块链
webshellgg * PHP 0
ml webshellgg project
Windows-AD-environment-related * Ruby 0
This Repository contains the stuff related to windows Active directory environment exploitation
Vba2Graph * Python 0
Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
webborer * Go 0
WebBorer is a directory-enumeration tool written in Go.
aclpwn.py * Python 0
Active Directory ACL exploitation with BloodHound
linikatz * C 0
linikatz is a tool to attack AD on UNIX
Geetest3-Crack * Python 0
🤖 Geetest3 Distributed Cracking Platform 极验3代分布式破解平台
Windows-universal-samples * JavaScript 0
API samples for the Universal Windows Platform.
ThreatHunting * Python 0
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
github-desktop-poc * Python 0
Github Desktop PoC
koding * Go 0
The Simplest Way to Manage Your Entire Dev Infrastructure!
openzaly * Java 0
openzaly 是 Akaxin 的服务器源代码,用以搭建私有聊天服务器。 服务器安装教程:https://www.akaxin.com/docs/install/index.html QQ群: 655249600
getpass * C++ 0
a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz
atomic-red-team * PowerShell 0
Small and highly portable detection tests based on MITRE's ATT&CK.
MaliciousMacroMSBuild * Python 0
Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
MaliciousMacroGenerator * Visual Basic 0
Malicious Macro Generator
GoldenTicketDetection * HTML 0
mimikatz_detection * HTML 0
tyton * C 0
Kernel-Mode Rootkit Hunter
GTRS * Shell 0
GTRS - Google Translator Reverse Shell
data_hacking * Jupyter Notebook 0
Click Security Data Hacking Project
Anti-Hook- * C 0
SuperWeChatPC * C++ 0
微信电脑客户端多开工具,支持防消息撤销
RSA-reverse-shell * Python 0
Python implementation of RSA reverse shell.
gowindows * Go 0
go windows 库,主要实现 "golang.org/x/sys/windows" 库未包含的api。
WhatWeb * Ruby 0
Next generation web scanner
fuzz.txt * 0
Potentially dangerous files
xsshell * Go 0
An XSS reverse shell framework
mcreator * Python 0
Encoded Reverse Shell Generator With Techniques To Bypass AV's
strace-docker * Shell 0
Trace system calls from Docker containers running on the system
rhids * Java 0
Host-based Intrusion Detection System for Linux Containers
aa-tools * Python 0
Artifact analysis tools by JPCERT/CC Analysis Center
SecurityManageFramwork * Python 0
SecurityManageFramwork是一款适用于企业内网安全管理平台,包含资产管理,漏洞管理,账号管理,知识库管、安全扫描自动化功能模块,可用于企业内部的安全管理。 本平台旨在帮助安全人员少,业务线繁杂,周期巡检困难,自动化程度低的甲方,更好的实现企业内部的安全管理。
pdns * Python 0
PDNS Monitors network for malicious activities domain
VulInfo * 0
These are the vulnerabilities discovered by Galaxy Lab.
awesome-crawler * 0
A collection of awesome web crawler,spider in different languages
detect_kerberos_attacks * Shell 0
Detect kerberos attacks in pcap files
msf-elf-in-memory-execution * Ruby 0
Post module for Metasploit to execute ELF in memory
EmpireAMSI * PowerShell 0
processhacker-1 * C 0
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
ishell * Go 0
Library for creating interactive cli applications.
AI-for-Security-Learning * 0
安全场景、基于AI的安全算法和安全数据分析学习资料整理
pocsuite_poc_collect * Python 0
collection poc use pocsuite framework 收集一些 poc with pocsuite框架
wechatcmd * Go 0
提供微信终端版本、微信命令行版本聊天功能、微信机器人
gosoap * Go 0
🦉SOAP package for Go
golearn * Go 0
Machine Learning for Go
LinuxFlaw * C 0
This repo records all the vulnerabilities of linux software I have reproduced in my local workspace
AD-Attack-Defense * 0
Active Directory Security For Red & Blue Team
ChineseDarkWebCrawler * HTML 0
中文暗网爬虫
HiddenPowerShellDll * Batchfile 0
dpos * Go 0
基于DPoS算法、P2P对等网络的简易区块链Go语言实现。
RedTeamScripts * Python 0
Repo with various Red Team scripts
teamviewer-dumper * Python 0
Dump TeamViewer ID and password from memory. Works much better than other tools.
CACTUSTORCH * Visual Basic 0
CACTUSTORCH: Payload Generation for Adversary Simulations
flint * Python 0
The python client of passivedns.cn
Webcrawle * HTML 0
Awesome-Red-Teaming * 0
List of Awesome Red Teaming Resources
Sreg * HTML 0
Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
jiebago * Go 0
Jieba 分词 Go 语言版
python-girlfriend-mood * Python 0
:kissing_closed_eyes::kissing_closed_eyes: 通过与女朋友聊天获取她的实时情绪波动图谱。 Analyze her mood through her girlfriend's words ·
nodejs-runtime-agent * JavaScript 0
Snyk Node Runtime Agent
Ethereum-Smart-Contracts-Security-CheckList * 0
Ethereum Smart Contracts Security CheckList From Knownsec 404 Team
htcap * Python 0
htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes.
PcapXray * Python 0
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
UsbKeyboardDataHacker * Python 0
USB键盘流量包取证工具 , 用于恢复用户的击键信息
weblogic-scan * Python 0
weblogic 漏洞扫描工具
pwn2own2018 * C 0
A Pwn2Own exploit chain
dotNetFuzz * Python 0
A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.
BlockChain-Security-List * 0
BlockChain-Security-List
Managed-code-injection * C++ 0
Inject a .NET assembly into a native process using the CLR Hosting API
ATTACK * 0
MITRE ATT&CK Windows Logging Cheat Sheets
httpmq * Go 0
A simple HTTP message queue written in Go with goleveldb, just like httpsqs written in C with Tokyo Cabinet.
php-go * C 0
Write PHP extension using go/golang. Zend API wrapper for go/golang.
goleveldb * Go 0
LevelDB key/value database in Go.
dnscat2-powershell * PowerShell 0
A Powershell client for dnscat2, an encrypted DNS command and control tool.
netelf * C 0
Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
UnmanagedPowerShell * C 0
Executes PowerShell from an unmanaged process
bscan * Python 0
an asynchronous target enumeration tool
goflow * Go 0
The high-scalability sFlow/NetFlow/IPFIX collector used internally at Cloudflare.
BFuzz * HTML 0
Fuzzing Browsers
ProcDump-for-Linux * C 0
A Linux version of the ProcDump Sysinternals tool
seesaw * Python 0
Automatic reversed shell detacting and defensing
sandbox-1 * JavaScript 0
Sandbox to execute php or bash code
grmon * Go 0
Command line monitoring for goroutines
dtgo * Go 0
Decision tree in Go based on @random-forests example
goboy * Go 0
Multi-platform Nintendo Game Boy Color emulator written in go
linux-re-101 * 0
A collection of resources for linux reverse engineering
CobaltStrike_Hanization * Java 0
CobaltStrike 2.5中文汉化版
Cobaltstrike-Trial * 0
leaves * Go 0
pure Go implementation of prediction part for GBRT (Gradient Boosting Regression Trees) models from popular frameworks
sslsplit * C 0
Transparent SSL/TLS interception
serviceFu * C 0
Automates credential skimming from service accounts in Windows Registry
anomalous * Go 0
Anomaly detection in Go with isolation forests.
imylu * Python 0
Pure Python implementation of machine learning algorithms
malwaregan * Python 0
Visualizing malware behavior, and proactive protection using GANs against zero-day attacks.
ghw * Go 0
Golang hardware discovery/inspection library
PIE * PowerShell 0
:mailbox: The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365
DeepCreamPy * Python 0
Decensoring Hentai with Deep Neural Networks
face_recognition * Python 0
The world's simplest facial recognition api for Python and the command line
openface * Lua 0
Face recognition with deep neural networks.
FaceDetectionServer * Go 0
基于 SeetaFace 的人脸识别服务, By and For Golang
AutoSploit * Python 0
Automated Mass Exploiter
ransomware * Go 0
A POC Windows crypto-ransomware (Academic)
gotop * Go 0
A terminal based graphical activity monitor inspired by gtop and vtop
gochain * Go 0
A simple Blockchain implementation in Go
powershell-reverse-http * Go 0
:innocent: A Powershell exploit, windows native service with no virus signature that open a reverse http connection via meterpreter
linux-insides * Python 0
A little bit about a linux kernel
anti-ransomware-minifilter * C 0
jass * Go 0
a tool to facilitate sharing of secrets using SSH keys
machine_learning_security * Python 0
Source code about machine learning and security.
SAIVS * Python 0
SAIVS (Spider Artificial Intelligence Vulnerability Scanner).
macOS-Security-and-Privacy-Guide * Python 0
A practical guide to securing macOS.
ReShellAAS * Python 0
Reverse Shell as a Service
Platypus * Go 0
:hammer: A modern multiple reverse shell sessions manager written in go
sourcegraph * Go 0
Code search and intelligence, self-hosted and scalable
fuse * Go 0
FUSE library for Go. go get bazil.org/fuse
unserchain * PHP 0
BadKernel * HTML 0
Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016
gocryptfs * Go 0
Encrypted overlay filesystem written in Go.
Windows-User-Action-Hook * C# 0
A .NET library to subscribe for Windows operating system global user actions such mouse, keyboard, clipboard & print events
android_vuln_poc-exp * C 0
This project contains pocs and exploits for android vulneribilities
tableflip * Go 0
Graceful process restarts in Go
arbitrary-php-extension * C 0
这是一个实验性的PHP扩展,加载这个扩展后,每次请求将可以执行一段自己的PHP代码。
jiacrontab * Go 0
提供可视化界面的任务调度工具
linux_exploit_development * Python 0
Linux Exploit Development Techniques
libSSH-Authentication-Bypass * Python 0
Spawn to shell without any credentials by using CVE-2018-10933
Malware_Detection_API_Graphs * Python 0
Predicting malicious behaviour in programs by studying patterns of API Call graphs
awesome-incident-response * 0
A curated list of tools for incident response
LiME * C 0
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
shd * C 0
Ssdt Hook Detection tool
re_avdevprot * C 0
逆向小红伞杀毒软件驱动——avdevprot
windows-syscall-table * Assembly 0
windows syscall table from xp ~ 10 rs4
SSRFmap-1 * Python 0
Automatic SSRF fuzzer and exploitation tool
Windows-via-C- * C++ 0
Windows核心编程(第5版中文版)
minhook-rs * Rust 0
A function hooking library for the Rust programming language
go-hook * Go 0
`go-hook`provides low level keyboard and mouse hook for Windows.
hinako * Go 0
x86 WinAPI hook written in pure Go
Auto-Root-Exploit * Shell 0
Auto Root Exploit Tool
pywerview * Python 0
A (partial) Python rewriting of PowerSploit's PowerView
dpapilab * Python 0
Windows DPAPI laboratory
memorpy * Python 0
Python library using ctypes to search/edit windows / linux / macOS / SunOS programs memory
LaZagne * Python 0
Credentials recovery project
Windows-KeyLogger * Go 0
go-sniffer * Go 0
🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。
WinboxPoC * Python 0
Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)
impacket * Python 0
Impacket is a collection of Python classes for working with network protocols.
whids * Go 0
Powershell-Attack-Guide * PowerShell 0
Powershell攻击指南----黑客后渗透之道
multiOTPCredentialProvider * PHP 0
multiOTP Credential Provider is a V2 Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016 with options like RDP only and UPN name support
Alibaba-3rd-Security-Algorithm-Challenge * Jupyter Notebook 0
第三届阿里云安全算法挑战赛冠军代码
ptyshell * C 0
A reverse PTY shell in C
protravel * Python 0
Recursively exploit path traversal vulnerability
libelfmaster * C 0
Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
ecfs_exec * C 0
Be able to execute memory snapshots so they can start running where they left off.
avu32 * C 0
anti virus 32bit. my first attempt (in 2008) to write prototype for detecting/disinfecting unix ELF viruses
arch-audit * Rust 0
An utility like pkg-audit for Arch Linux. Based on Arch Security Team data
clair-scanner * Go 0
Docker containers vulnerability scan
subscraper * Python 0
External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
Aron * Go 0
Aron is a GO script for finding hidden GET & POST parameters
Ransomware-Guard * C 0
Anti-ransomware in linux, Decoy, Protect file, Protect drectory, Auto backup
awesome-forensics * 0
A curated list of awesome forensic analysis tools and resources
AES-Killer * Java 0
Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly
kemon * C 0
An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring.
osxcollector * Python 0
A forensic evidence collection & analysis toolkit for OS X
BIOS_Rootkit * Assembly 0
来自Freebuf评论区,一个UEFI马.
rekall-agent-server * Python 0
Rekall is an endpoint security solution.
rekall * Python 0
Rekall Memory Forensic Framework
rvmi * C 0
rVMI - A New Paradigm For Full System Analysis
goiptables * Go 0
Wouldn't the world be better with more iptables wrappers? WIP
dnscap * C 0
Network capture utility designed specifically for DNS traffic
lynis * Shell 0
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
securitybot * Python 0
Distributed alerting for the masses!
nodexp * Python 0
NodeXP - A Server Side Javascript Injection tool capable of detecting and exploiting Node.js vulnerabilities
rop_detector * C 0
Experimental tool for ROP-shellcode detection
RopGun * C 0
RopGun is a Linux implementation of a transparent ROP mitigation technique based on runtime detection of abnormal control transfers using hardware performance counters.
VMI-as-a-Service * C 0
safetrend-echarts * JavaScript 0
大数据威胁态势感知,图标实时展示攻击状态
vmi-rs * Rust 0
A simple Rust wrapper around LibVMI for virtual machine introspection (very incomplete)
teleport * Go 0
Teleport is a versatile, high-performance and flexible socket framework. It can be used for RPC, micro services, peer-peer, push services, game services and so on.
IP-security-analysis * PHP 0
Log malicious IP security analysis
Vibe * Python 0
A framework for stealthy domain reconnaissance
futures-rs * Rust 0
Zero-cost asynchronous programming in Rust
ct-exposer * Python 0
An OSINT tool that discovers sub-domains by searching Certificate Transparency logs
VeraCrypt * C 0
Disk encryption with strong security based on TrueCrypt
winipt * C 0
The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and a command-line tool.
IoTSecurity101 * 0
From IoT Pentesting to IoT Security
cloudwalker * Go 0
CloudWalker Platform
pam_abl * C 0
pam_abl auto blacklisting PAM module
pkg-audit * Python 0
audit installed packages on Arch Linux against known vulnerabilities
go-crypt * Go 0
Golang wrappers for glibc crypt(3)
duo_unix * C 0
Duo two-factor authentication for Unix systems
flinux * C 0
Foreign LINUX - Run unmodified Linux applications inside Windows.
shellz * Go 0
Shellz is a small utility to keep track of your SSH identities, servers and run commands on multiple machines at once.
PrivilegeGuard * 0
Privilege guard blocks common local privilege escalation in Linux Kernel
CVE-2018-17182 * C 0
Linux 内核VMA-UAF 提权漏洞(CVE-2018-17182),0day
brootkit * Shell 0
Lightweight rootkit implemented by bash shell scripts v0.10
netlink-rs * Rust 0
Rust bindings for netlink communication
rust-psutil * Rust 0
A process monitoring library for rust
netlink-2 * Go 0
Golang netlink implementation
MS-DOS * Assembly 0
The original sources of MS-DOS 1.25 and 2.0, for reference purposes
ZeroAccess * C 0
ZeroAccess v3 toolkit
WebRange * CSS 0
一个Web版的docker管理程序,可以用来运行各种docker漏洞环境和CTF环境。
byob * Python 0
BYOB (Build Your Own Botnet)
weui-wxss * JavaScript 0
A UI library by WeChat official design team, includes the most useful widgets/modules.
WINspect * PowerShell 0
Powershell-based Windows Security Auditing Toolbox
openvas-scanner * C 0
OpenVAS remote network security scanner
linux-insides-zh * 0
Linux 内核揭密
pwcracker * Python 0
一款插件化的密码爆破框架
google-authenticator-libpam * C 0
google-authenticator * Java 0
Open source version of Google Authenticator (except the Android app)
moloch * JavaScript 0
Moloch is an open source, large scale, full packet capturing, indexing, and database system.
OSTrICa * Python 0
SocialBox * Shell 0
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi
go-lib * Go 0
mirrored from https://cr.deepin.io/#/admin/projects/go-lib
csharp * C# 0
Various C# projects for offensive security
polymorph * Python 0
Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols
bpfd * Go 0
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
DeepBlueCLI * PowerShell 0
Aurora * Go 0
Aurora Remote Administration Tool
jsEncrypter * Java 0
一个用于加密传输爆破的Burp Suite插件
sec_check * Go 0
Cross platform security detection tool
PortScanner * Python 0
目标tcp端口快速扫描、banner识别、cdn检测
logkit * Go 0
Very powerful server agent for collecting & sending logs & metrics with an easy-to-use web console.
windows-Credential-Provider-library * C++ 0
This repository will be updated with all the examples and links that I can find with relevant knowledge & information about CP in MS Windows vista up to version 10.
windows-credentials-provider * C# 0
An example implementation of a windows credential provider that is tightly connected with logon system
CredProvider.NET * C# 0
A Windows Credential Provider written in C#
pgina * C# 0
pGina: Open Source Windows Authentication
MacPatch * Objective-C 0
Software & Patch management for Mac OS X
doorman * Python 0
an osquery fleet manager
metta * Python 0
An information security preparedness tool to do adversarial simulation.
windows_ad_dos_poc * Python 0
PoC code for crashing windows active directory
erays * Python 0
Ethereum smart contract reverse engineering
cat * JavaScript 0
Central Application Tracking
knock-1 * C 0
A port-knocking daemon
xmark * C 0
一个能够 Hook 绝大多数函数/类、部分 opcode 的 PHP7 扩展
pam-ussh * Go 0
uber's ssh certificate pam module
Windows-driver-samples * C 0
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
pefile * Python 0
pefile is a Python module to read and work with PE (Portable Executable) files
Threat-Intelligence-Analyst * 0
威胁情报,恶意样本分析,开源Malware代码收集
httptools * Python 0
Fast HTTP parser
TTLScan * Python 0
一款简易的插件化的漏洞扫描器框架
go-systemd * Go 0
Go bindings to systemd socket activation, journal, D-Bus, and unit files
Scanr * Python 0
Detect x86 shellcode in files and traffic.
cisco-snmp-rce * Python 0
Cisco IOS SNMP RCE PoC
Lilith * C++ 0
Lilith, The Open Source C++ Remote Administration Tool (RAT)
zeroday-powershell * PowerShell 0
A PowerShell example of the Windows zero day priv esc
CovenantSQL * Go 0
a SQL Database on Blockchain
http-parser * C 0
http request/response parser for c
SecurityManagement * 0
分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴
getshell * C 0
各大平台提权工具
geoip2-golang * Go 0
Unofficial MaxMind GeoIP2 Reader for Go
pacu * Python 0
Rhino Security Labs' AWS penetration testing toolkit
drltrace * HTML 0
Drltrace is a library calls tracer for Windows and Linux applications.
Oriana * Python 0
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Reverse-Shell-Manager-1 * Python 0
:hammer: A multiple reverse shell session/client manager via terminal
hostscan-bypass * Go 0
Generate OpenConnect CSD files to bypass Cisco AnyConnect hostscan requirements
SSRFmap * Ruby 0
Server Side Request Forgery services enumeration tool.
Exploits-1 * Perl 0
Containing Self Made Perl Reproducers / PoC Codes
ReDoS-vulnerabilities * JavaScript 0
A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
MiningGitlog * Python 0
A script to mine email addresses in the Github repository.
cowrie * Python 0
Cowrie SSH/Telnet Honeypot
JWT_Hacking * Python 0
Collection of scripts that aid in penetration testing of JSON Web Tokens
MacOS-Security-Baseline * Shell 0
Baseline Security Configuration For MacOS
ssdeep * Go 0
SSDEEP hash lib in Golang
Oops-Webshell * Python 0
Oops, It's funny to detect a webshell
awesome-rust * Rust 0
A curated list of Rust code and resources.
bytebuf * Go 0
Replacement for bytes.Buffer that you can use in a performace-sensitive parts or your Go programs
guardian-agent * Go 0
[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
EGESPLOIT * Go 0
EGESPLOIT is a golang library for malware development
GoldenEye * Python 0
GoldenEye Layer 7 (KeepAlive+NoCache) DoS Test Tool
prometheus * Go 0
The Prometheus monitoring system and time series database.
win * Go 0
A Windows API wrapper package for the Go Programming Language
libnids-1 * C 0
Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.
PE-Linux * Shell 0
Linux Privilege Escalation Tool By WazeHell
wmi * Go 0
WMI for Go
opencanary_web * Vue 0
基于opencanary的蜜罐web服务端|The Web App of opencanary secondary development
conntrack * Go 0
Go module to monitor TCP connections using linux's ip_conntrack kernel module
botnets * C++ 0
This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY
kraken * Go 0
Cross-platform Yara scanner written in Go
zabbix-threat-control * Python 0
Zabbix vulnerability assessment plugin
go-autoruns * Go 0
Collect autorun records from running system
grumpy * Go 0
Grumpy is a Python to Go source code transcompiler and runtime.
ASWCrypter * Shell 0
An Bash&Python Script For Generating Payloads that Bypasses All Antivirus so far [FUD]
Linux_Exploit_Suggester * Perl 0
Linux Exploit Suggester; based on operating system release number
Amass-1 * Go 0
In-Depth DNS Enumeration written in Go
osquery-configuration * 0
A repository for using osquery for incident detection and response
sysmon-config * 0
Sysmon configuration file template with default high-quality event tracing
baidu-netdisk-downloaderx * Go 0
:zap: 百度网盘不限速下载器 BND,支持 Windows、Mac 和 Linux。
machma * Go 0
Easy parallel execution of commands with live feedback
rules * 0
Public rules and samples for various automations through LimaCharlie.io
hmmlearn * Python 0
Hidden Markov Models in Python, with scikit-learn like API
GitHacker * Python 0
一个 Git 源码泄露利用工具 , 可恢复整个 Git 仓库 , 用于白盒审计以及分析开发者的思维
malicious_dynamic_behavior_detection_by_cnn * Python 0
Machine-Learning-Based-Botnet-Detection * Python 0
Machine Learning Based Botnet Detection is a tool to classify network traffic as being botnet affected or not based on the network traffic flows. It involves various classifiers including Neural Networks, Decision Tree, SVM, Naive Bayes, Logistic Regression, k-Nearest Neighbours.
gordp * Go 0
Rdp client on pure GoLang
docker_ssh_honeypot * Go 0
安全开发教学 - 用Docker制作一个高交互ssh蜜罐
BillCipher * Python 0
Information Gathering tool for a Website or IP address
Ducky-Exploit * Python 0
Arduino Rubber Ducky Framework
badKarma * Python 0
advanced network reconnaissance toolkit
imaginaryC2 * Python 0
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
Revoke-Obfuscation * PowerShell 0
PowerShell Obfuscation Detection Framework
awesome-threat-detection * 0
A curated list of awesome threat detection and hunting resources
acra * Go 0
Database encryption proxy for data-driven apps: strong selective encryption, SQL injections prevention, intrusion detection, honeypots.
bsmtrace * C 0
BSM based intrusion detection system
Cloud_Integrity * C 0
Using LibVMI to detect malware
ProcessHacker * C 0
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware—mirror of https://github.com/processhacker2/processhacker.git
CyberGod-KSGMPRH * C 0
An open-source antivirus for windows
tracecorn * Python 0
Windows API tracer for malware (oldname: unitracer)
PyAna * Python 0
PyAna - Analyzing the Windows shellcode
unicorn-rs * Rust 0
Rust bindings for the unicorn CPU emulator
kicomav * Python 0
KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it.
cyberprobe * Shell 0
Capturing, analysing and responding to cyber attacks
unicorn-1 * Python 0
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
waf * Java 0
:vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
gene * Go 0
Go Evtx sigNature Engine
NetRipper * PowerShell 0
NetRipper - Smart traffic sniffing for penetration testers
JSCPP * CoffeeScript 0
A simple C++ interpreter written in JavaScript
ueditor-getshell * Python 0
ueditor .net getshell
wam * JavaScript 0
Web App Monitor
gowin32 * Go 0
Win32 API bindings for the Go programming language.
godivert * Go 0
Bindings for WinDivert in Go
network-policy-demo-apps * TypeScript 0
This repository is a demonstration of the functionalities of kubernetes network policies together with egress network policy (open vSwitch).
docker-operator * Go 0
container crash reporting + security and reliability countermeasures
mig * Go 0
Distributed & real time digital forensics at the speed of the cloud
log4go * Go 0
a logging package for golang similar to log4j or log4c++ supporting console, file and network.
BeRoot * Python 0
Privilege Escalation Project - Windows / Linux / Mac
docker-bench-security * Shell 0
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
docker-security-scanner * Python 0
Security Scanning Utility for Twistlock and Nexus IQ for use in Codefresh Builds
Uproot * PowerShell 0
Currently not updated for WMIEvent module...
pupmod-simp-dirtycow * Ruby 0
A module for managing checks and fixes for the 'dirty cow' kernel bug
N3tstatIDS * 0
Lightweight Endpoint Detection & Response (EDR) Framework
pool * Go 0
Connection pool for Go's net.Conn interface
dalton * Python 0
Suricata and Snort IDS rule and pcap testing system
iptables-essentials * 0
Iptables Essentials: Common Firewall Rules and Commands.
vFW-demo * Shell 0
ONAP vFirewall Use Case
butterfly * C++ 0
Butterfly connects Virtual Machines and control their traffic flow
cFW-demo * Dockerfile 0
Cloud-Native Firewall Virtual Network Function
cn-infra * Go 0
A platform for developing cloud-native VNFs
IntrusionPreventionSystem * Jupyter Notebook 0
A virtual intrusion prevention system to detect and prevent DDoS/DoS attacks. Provides Firewall Options too.
DBProxy * C 0
thal * JavaScript 0
译文:Puppeteer 与 Chrome Headless —— 从入门到爬虫
proxy-web * JavaScript 0
proxy-web是用go语言写的,基于snail007/goproxy完成的可视化网页应用
graftcp * C 0
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 proxy.
gopher-lua * Go 0
GopherLua: VM and compiler for Lua in Go
gowitness * Go 0
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
go-knock * Go 0
Port knocking in go
Charles-Crack * Kotlin 0
Charles 破解工具
avet * C 0
AntiVirus Evasion Tool
BurpSSOExtension * Java 0
An extension for BurpSuite that highlights SSO messages in Burp's proxy window..
boofuzz * Python 0
A fork and successor of the Sulley Fuzzing Framework
jvm.go * Go 0
A toy JVM written in Go
ruler * Go 0
A tool to abuse Exchange services
hawkeye-1 * Go 0
Hawkeye filesystem analysis tool
Gopherus * Python 0
This tool generates gopher link for doing SSRF and RCE in various servers
logrus * Go 0
Structured, pluggable logging for Go.
adversarial-robustness-toolbox * Jupyter Notebook 0
This is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attacks and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers. https://developer.ibm.com/code/open/projects/adversarial-robustness-toolbox/
Dejavu * 0
DejaVU - Open Source Deception Framework
cs-suite * Shell 0
Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.
anwi * C++ 0
ANWI - All New Wireless IDS
PowerUpSQL * PowerShell 0
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
mallet * Java 0
hideNsneak * Go 0
a CLI for ephemeral penetration testing
DependencyCheck * Java 0
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
arima_lstm * Python 0
使用arima_lstm完成容量分析预测(cpu、内存、磁盘)
SMBetray * Python 0
SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext.
Mailget * Python 0
通过脉脉用户猜测企业邮箱
Linux_kernel_exploits * C 0
I will publish some Linux kernel exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.
Sentinel * Java 0
A lightweight flow-control library providing high-available protection and monitoring (高可用防护的流量管理框架)
EventCleaner * C++ 0
A tool mainly to erase specified records from Windows event logs, with additional functionalities.
gost * Go 0
GO Simple Tunnel - a simple tunnel written in golang
VHostScan * Python 0
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
stux-DNN * Python 0
Run-time trojan attack on neural networks
Bug-Project-Framework * Python 0
漏洞利用框架模块分享仓库
dog-tunnel * Go 0
p2p tunnel,(udp mode work with kcp,https://github.com/skywind3000/kcp)
cli * Go 0
A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
TIDoS-Framework-1 * Python 0
The offensive web application penetration testing framework.
ffsend * Python 0
Python client for Firefox Send
sensitive_info_leakage_detect * Lua 0
BloodHound * PowerShell 0
Six Degrees of Domain Admin
pentestdb * Java 0
WEB渗透测试数据库
100-Days-Of-ML-Code * 0
100 Days of ML Coding
leviathan * Python 0
wide range mass audit toolkit
ndpi-netfilter * C 0
ndpi-netfilter
mimipy * Python 0
port of mimipenguin.sh in python with some additional protection features
Raccoon * Python 0
A high performance offensive security tool for reconnaissance and vulnerability scanning
UBoat * C++ 0
HTTP Botnet Project
swap_digger * Shell 0
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Camelishing * Python 0
Social Engineering Tool
cobra-1 * Go 0
A Commander for modern Go CLI interactions
rita * Go 0
Real Intelligence Threat Analytics
bruteforce-http-auth * Python 0
Bruteforce HTTP Authentication
awesome-devsecops * 0
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
xxeserv * Go 0
A mini webserver with FTP support for XXE payloads
MaiInt * Python 0
OSINT Organization Employee Profiling Tool for MaiMai
netgraph * Go 0
A cross platform http sniffer with a web UI
EvilOSX * Python 0
An evil RAT (Remote Administration Tool) for macOS / OS X.
ph0neutria * Python 0
ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability.
minions * Go 0
Distributed filesystem scanner
netstack-1 * Go 0
IPv4 and IPv6 userland network stack
gops * Go 0
A tool to list and diagnose Go processes currently running on your system
janusec * Go 0
Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing.
readhook * C 0
Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
tcpscan * Go 0
A fast utility for scanning tcp ports on servers
zsocket * Go 0
Zero-copy sockets for Linux in Golang
go-sysinfo * Go 0
go-sysinfo is a library for collecting system information.
go-elasticsearch * Go 0
Official Go client library for Elasticsearch
go-libaudit * Go 0
go-libaudit is a library for communicating with the Linux Audit Framework.
go-windows * Go 0
go-windows provides Go wrappers for Windows APIs.
migfw * C++ 0
experimental support for firewall controls for MIG. unused & unsupported.
libiptc-sys * Rust 0
Rust bindings to libiptc
go-libiptc * Go 0
libiptc bindings for Go language. Object-oriented design, supports IPv6 and same wait locking mechanism as iptables/ip6tables.
go-iptables-1 * Go 0
Bindings for some functions of libiptc
onlinetools * Python 0
在线cms识别|旁站|c段|信息泄露|工控|系统|物联网安全|cms漏洞扫描|端口扫描|待续..
dirhunt * Python 0
Find web directories without bruteforce
esdp * Erlang 0
erlang software defined perimeter
libaco * C 0
A blazing fast and lightweight C asymmetric coroutine library 💎 ⛅🚀⛅🌞
linux-security-modules * C 0
A place to store my toy linux-security modules.
linux-rootkits-red-blue-teams * C 0
Linux Rootkits (4.x Kernel)
webkiller * Python 0
Tool Information Gathering Write By Python.
blackowl * Python 0
Blackowl is a simple tool to gather information, based on Operative-Framework
firecall * Python 0
Automate SSH communication with firewalls, switches, etc.
CommonServiceDefaultPort * 0
常用系统服务默认端口列表
CVE-2018-2894 * Python 0
CVE-2018-2894 WebLogic 未授权访问致任意文件上传/RCE漏洞检查脚本
synner * Rust 0
A TCP SYN flood client written in Rust, powered by libpnet
raw * Go 0
Package raw enables reading and writing data at the device driver level for a network interface. MIT Licensed.
alg * Go 0
Package alg provides access to Linux AF_ALG sockets for communication with the Linux kernel crypto API. MIT Licensed.
genetlink * Go 0
Package genetlink implements generic netlink interactions and data types. MIT Licensed.
vsock * Go 0
Package vsock provides access to Linux VM sockets (AF_VSOCK) for communication between a hypervisor and its virtual machines. MIT Licensed.
wxappUnpacker * JavaScript 0
Wechat App(微信小程序,.wxapkg)解包及相关文件(.wxss,.json,.wxs,.wxml)还原工具
CVE-2018-2628 * Python 0
CVE-2018-2628 & CVE-2018-2893
redis * Go 0
Type-safe Redis client for Golang
goim * Go 0
goim
merge-nmap-masscan * Go 0
Merge results from NMAP and Masscan into one CSV file
Invoke-PWAudit * PowerShell 0
A PowerShell tool which provides an easy way to check for shared passwords between Windows Active Directory accounts
Bluedroid * C 0
PoCs of Vulnerabilities on Bluedroid
Vub_ENV * PHP 0
跟踪真实漏洞相关靶场环境搭建
masc * Python 0
A Web Malware Scanner
falcon-log-agent * Go 0
用于监控系统的日志采集agent,可无缝对接open-falcon
ysoserial-cve-2018-2628 * Java 0
Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch
jsonp_info_leak * C# 0
jsonp隐私泄漏发现
DotNetToJScript * C# 0
A tool to create a JScript file which loads a .NET v2 assembly from memory.
CMSeeK * Python 0
CMS (Content Management Systems) Detection and Exploitation suite
thor-firewall-logger * 0
:incoming_envelope: sql based firewall event logging via nflog netlink and ulogd2 userspace daemon. improved sql scheme for space efficient storage. multi-host log aggregation using dedicated sql-users.
oyente * JavaScript 0
An Analysis Tool for Smart Contracts
aliyun-odps-python-sdk * Python 0
ODPS Python SDK and data analysis framework
router7 * Go 0
pure-Go small home internet router
dnslog-1 * Python 0
Minimalistic DNS logging tool
Audit-Go * Go 0
Linux Audit Plugin for heka written using netlink Protocol in golang and Lua
killerbee * C 0
IEEE 802.15.4/ZigBee Security Research Toolkit
pureblood * Python 0
A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter
netlink-1 * Go 0
Package netlink provides low-level access to Linux netlink sockets. MIT Licensed.
CNN-SQL * Python 0
banruo * CSS 0
MalwLess * C# 0
Test Blue Team detections without running any attack.
chrome_headless_xss * Python 0
A plugin to check xss by useing chrome_headless
A_Scan_Framework * JavaScript 0
互联网漏洞管理、资产管理、任务扫描、todoLIST
qlbridge * Go 0
A golang SQL expression VM. Library to build query engine based functionality.
martini * Go 0
Classy web framework for Go
sqlmate * Python 0
A friend of SQLmap which will do what you always expected from SQLmap.
mod0BurpUploadScanner * Perl 0
HTTP file upload scanner for Burp Proxy
lasercrack * Ruby 0
Lasercrack-可扩展的Ruby暴力破解框架
Taipan * F# 0
Web application security scanner
HORSEPILL * C 0
HORSEPILL rootkit PoC
otto * Go 0
A JavaScript interpreter in Go (golang)
gosecco * Go 0
Go seccomp parser and compiler
rogue * Python 0
The Rogue Toolkit: An extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy Access Points for the purpose of conducting penetration testing and red team engagements.
gosu * Go 0
Simple Go-based setuid+setgid+setgroups+exec
EXIF * Python 0
EXIF information viewer(读取照片中隐藏的各类信息)
build-web-application-with-golang * Go 0
A golang ebook intro how to build a web with golang
cadvisor * Go 0
Analyzes resource usage and performance characteristics of running containers.
netlink_inet_diag * C 0
netlink with inet_diag
h1-search * Go 0
Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
go-libvirt * Go 0
Package libvirt provides a pure Go interface for interacting with Libvirt. Apache 2.0 Licensed.
Pcap-Analyzer * JavaScript 0
Python编写的可视化的离线数据包分析器
Magic-Unicorn-Tool * Python 0
amazon-ecs-agent * Go 0
Amazon Elastic Container Service Agent
go-nfnetlink * Go 0
A library for communicating with Linux netfilter subsystems over netlink sockets.
smart-contract-honeypots * 0
This repo contains a collection of smart contract honeypots.
mass3 * Go 0
kcptun * Go 0
A Fast & Secure Tunnel Based On KCP with N:M Multiplexing
osquery-go * Go 0
Go bindings for osquery
netlink * Go 0
Simple netlink library for go.
pspy * Go 0
Monitor linux processes without root permissions
dref * JavaScript 0
DNS Rebinding Exploitation Framework
Knowledge-Base * 0
Knowledge Base
netbox * C 0
asp 应用服务器,十年前的项目,一直有用户希望开源
Red-Teaming-Toolkit * 0
A collection of open source and commercial tools that aid in red team operations.
cuckoomon * C 0
DEPRECATED - replaced with "monitor"
MBA * C 0
Malware Behavior Analyzer
x86emu * Rust 0
The beginning of a x86_64 emulator written in Rust
gomhotep * Go 0
Antivirus on-access scanning for Linux using ClamAV and Fanotify
linuxkit * Go 0
A toolkit for building secure, portable and lean operating systems for containers
scannerl * Erlang 0
The modular distributed fingerprinting engine
goproxy-1 * Go 0
An HTTP proxy library for Go
Diamorphine * C 0
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
subfinder * Go 0
SubFinder is a subdomain discovery tool that can discover massive amounts of valid subdomains for any target. It has a simple modular architecture and has been aimed as a successor to sublist3r project.
unix-privesc-check * Shell 0
Automatically exported from code.google.com/p/unix-privesc-check
rootkit_checker * C 0
--= Xt9 - Anti - Rootkit =-- beta v0.11 by xti9er
Hash-Buster * Python 0
Hash Buster is a program which uses several APIs to perform hash lookups.
go-win64api * Go 0
GoLang Windows API wrappers for System Info / User Management
pyppeteer * Python 0
Headless chrome/chromium automation library (unofficial port of puppeteer)
yapool * Go 0
一个多功能心跳发送包,可以实现服务发现、健康监测、集群数据采集等功能
redis_lua_exploit * Python 0
dockerfile * Go 0
Parse a dockerfile into a high-level representation using the official go parser
maltrail * Python 0
Malicious traffic detection system
APT_CyberCriminal_Campagin_Collections * JavaScript 0
APT & CyberCriminal Campaign Collection
incubator-spot * Python 0
Mirror of Apache Spot
RAT-NjRat-0.7d-modded-source-code * Visual Basic 0
A very simple modify for RAT Njrat 0.7D
nikto * Perl 0
Nikto web server scanner
theftfuzzer * Python 0
ann-visualizer * Python 0
A python library for visualizing Artificial Neural Networks (ANN)
Sutekh * C 0
An example rootkit that gives a root shell
dependency-track * JavaScript 0
Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
DELTA * Java 0
PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK
BadMod * PHP 0
BadMod detect websites cms & auto exploit :D
ldapdomaindump * Python 0
Active Directory information dumper via LDAP
DocHub * Go 0
参考百度文库,使用Beego(Golang)开发的开源文库系统
VulApps * Shell 0
快速搭建各种漏洞环境(Various vulnerability environment)
VtopBetaCaptchaParser * Python 0
Parses the captcha in vtop beta
xxer * Python 0
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
Github-Hunter * Python 0
This tool is for sensitive information searching on Github.
linux-exploit-suggester * Shell 0
Linux privilege escalation auditing tool
drupwn * Python 0
Drupal enumeration & exploitation tool
PowerSploit * PowerShell 0
PowerSploit - A PowerShell Post-Exploitation Framework
libfuzzer-gv * C++ 0
enhanced fork of libFuzzer
art-of-hacking * Python 0
This repository includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
ngx-libinjection * C 0
Simple module integrating libinjection as a request filter
prowler * Python 0
Distributed Network Vulnerability Scanner
bash4-syslog-patch * 0
go-nats * Go 0
Golang client for NATS, the cloud native messaging system.
sigma * Python 0
Generic Signature Format for SIEM Systems
hacking-material-books * Ruby 0
collection of articles/books about programing
DNS-Analysis * Vue 0
非法域名挖掘与画像系统。
Tunna * Python 0
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
PwnAuth * Python 0
mandibule * C 0
linux elf injector for x86 x86_64 arm arm64
PublicMonitors * Python 0
对公网IP列表进行端口服务扫描,发现周期内的端口服务变化情况和弱口令安全风险
salt-scanner * Python 0
Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
HTTPoxyScan * Python 0
HTTPoxy Exploit Scanner by 1N3 @CrowdShield
can-i-take-over-xyz * 0
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
python_data_analysis_and_mining_action * Python 0
《python数据分析与挖掘实战》的代码笔记
Bad-Pdf * Python 0
Steal Net-NTLM Hashes using Bad-PDF
Markdown-XSS-Payloads * 0
XSS payloads for exploiting Markdown syntax
tips-note * Python 0
做过的实验,踩过的坑
tail * Go 0
Go package for reading from continously updated files (tail -f)
pypykatz * Python 0
Mimikatz implementation in pure Python
upload-labs * PHP 0
一个帮你总结所有类型的上传漏洞的靶场
wildpwn * Python 0
unix wildcard attacks
Eternalblue-Doublepulsar-Metasploit * Ruby 0
dumpzilla * Python 0
Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers
Galileo * Python 0
Galileo - Web Application Audit Framework
How-to-Make-a-Computer-Operating-System * C 0
How to Make a Computer Operating System in C++
bountyplz * Shell 0
Automated security reporting from markdown templates (HackerOne is currently the platform supported)
burp_wp * Python 0
Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.
patchman * Python 0
Patchman is a Linux Patch Status Monitoring System
LogonTracer * JavaScript 0
Investigate malicious Windows logon by visualizing and analyzing Windows event log
dnsbotnet * Go 0
DNS Botnet Server and Client
GAE-RCE * Java 0
Google App Engine - Remote Code Execution bug ($36k bug bounty)
Windows-RCE-exploits * 0
The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue teams.
w8fuckcdn * Python 0
Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址
clair * Go 0
Vulnerability Static Analysis for Containers
hdiv * Java 0
Hdiv CE | Application Self-Protection
weirdAAL * Python 0
WeirdAAL (AWS Attack Library)
OWASP-Web-Checklist * 0
OWASP Web Application Security Testing Checklist
windows_sshagent_extract * Python 0
PoC code to extract private keys from Windows 10's built in ssh-agent service
Detect-It-Easy * JavaScript 0
Detect it Easy
GitPageHijack * Shell 0
OK now. Let's hijack github user's custom domain.
BinExp * C 0
Linux Binary Exploitation
watchdog * Python 0
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
phonedata * Go 0
手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新:2018年4月
PortScan * Go 0
端口扫描器
trpl-zh-cn * HTML 0
Rust 程序设计语言(第二版)
rsg * Python 0
ReverShellGenerator - A tool to generate various ways to do a reverse shell
websocket-fuzzer * Python 0
Simple HTML5 WebSocket fuzzer
spaces-finder * Python 0
A tool to hunt for publicly accessible DigitalOcean Spaces
heap-viewer * Python 0
An IDA Pro plugin to examine the glibc heap, focused on exploit development
trust-dns * Rust 0
A Rust based DNS client, server, and resolver
scirius * Python 0
Scirius is a web application for Suricata ruleset management.
opencensus-go * Go 0
A stats collection and distributed tracing framework
GoKu-API-Gateway * Go 0
GoKu API Gateway CE,悟空API网关(开源版),是国内首个开源go语言API网关,帮助企业进行API服务治理与API性能安全维护,为企业数字化赋能。
fi6s * C 0
IPv6 network scanner designed to be fast
monkey * Python 0
Infection Monkey - An automated pentest tool
rkhunter * Shell 0
the world famous rkhunter
PHP_Source_Audit_Tools * Python 0
PHP 白盒分析工具,结合AST 和数据流跟踪分析代码,达到自动化白盒审计功能
CVE-2018-8897 * C++ 0
Arbitrary code execution with kernel privileges using CVE-2018-8897.
build-your-own-x * 0
🤓 Build your own (insert technology here)
hackersh * Python 0
A free and open source command-line shell and scripting language designed especially for security testing
CPT * Python 0
This is the native Python implementation of CPT(compact Prediction Tree)
aws_public_ips * Ruby 0
Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
winc * Go 0
CLI tool for spawning and running containers on Windows according to the OCI specification
reverse-shell * JavaScript 0
Reverse Shell as a Service
sensitivefilescan * Python 0
adminset * Python 0
自动化运维平台:CMDB、CD、DevOps、资产管理、任务编排、持续交付、系统监控、运维管理、配置管理
lineargo * Go 0
LinearGo (Go wrapper for LIBLINEAR): A Library for Large Linear Classification
Yearning * Vue 0
基于Inception的可视化web端sql审核平台
external_c2_framework * Python 0
Python api for usage with cobalt strike's External C2 specification
codetainer * Go 0
A Docker container in your browser.
cloudfrunt * Python 0
A tool for identifying misconfigured CloudFront domains
AssassinGo * Go 0
An extenisble and concurrency pentest framework in Go
whonow * JavaScript 0
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
CVE-2018-9995_dvr_credentials * Python 0
(CVE-2018-9995) Get DVR Credentials
gvisor * Go 0
Container Runtime Sandbox
libemu * C 0
KatanaFramework * Python 0
The New Hacking Framework
TITAN * Java 0
云集分布式全链路压测军演系统
architect-awesome * 0
后端架构师技术图谱
InsectsAwake * JavaScript 0
Network Vulnerability Scanner
DomLink * Python 0
A tool to link a domain with registered organisation names and emails, to other domains.
routersploit * Python 0
路由器漏洞利用框架
infer * OCaml 0
A static analyzer for Java, C, C++, and Objective-C
go-astilectron * Go 0
Build cross platform GUI apps with GO and HTML/JS/CSS (powered by Electron)
cheetah-gui * Python 0
Cheetah GUI
jvmgo-book * Go 0
《自己动手写Java虚拟机》源代码
pcap * Rust 0
Rust language pcap library
ndpi-go * Go 0
Simple nDPI wrapper in GO
java-stack-trace * Java 0
CyberThreatHunting * Python 0
A collection of resources for Threat Hunters
freshonions-torscraper * Python 0
Fresh Onions is an open source TOR spider / hidden service onion crawler hosted at zlal32teyptf4tvi.onion
linux_information * 0
自动化收集linux信息
sysmonitor * Go 0
a monitor for getting machine system info alarming
WindowsSpyBlocker * Go 0
🛡 Block spying and tracking on Windows
tianchi-aliyun-security-competition * Java 0
第二届阿里云安全算法挑战赛 MJ_3DSUN 队解题方法
Jira-Scan * Python 0
CVE-2017-9506 - SSRF
tsh * C 0
Tiny SHell is an open-source UNIX backdoor.
Invoke-Adversary * PowerShell 0
Simulating Adversary Operations
Dayu-1 * Java 0
一款开源指纹识别工具。
casbin * Go 0
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
BugBountyTemplates * 0
A collection of templates for bug bounty reporting
IoT-Firstep * Java 0
一个物联网(IoT)开发的入门教程。涉及单片机、上位机、移动应用、服务器后台开发的知识。以及蓝牙4.0、以太网模块的使用实例。
AttackDetection * 0
Attack Detection
securedns * C# 0
Brute forcing DNS Subdomains -- a demo for DNS over HTTPS
Drupalgeddon2 * Ruby 0
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
PenTest-Tools * 0
PenTest Tools
xdump * Python 0
一句话脱裤
go-logging * Go 0
Golang logging library
GyoiThon * HTML 0
GyoiThon is a growing penetration test tool using Machine Learning.
bug-monitor * Python 0
Seebug、structs、cve漏洞实时监控推送系统
shield * 0
基于Strom的日志实时流量分析主动防御(CCFirewall)系统
trireme-lib * Go 0
Simple, scalable and secure application segmentation
netlink-go * Go 0
Netlink APIs in Go
goddi * Go 0
goddi (go dump domain info) dumps Active Directory domain information
threatseer * Go 0
efficient linux endpoint telemetry solution
php_keeper * C 0
php扩展,监视PHP服务器的运行状况,并提供后台修改,实时防护
javaweb-expression * Java 0
Java SpEL、Ognl、MVEL2表达式Hook并记录小项目
quickjack * HTML 0
Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.
ssh-auditor * Go 0
The best way to scan for weak ssh passwords on your network
yara-parser * Go 0
Tools for parsing rulesets using the exact grammar as YARA. Written in Go.
race-the-web * Go 0
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
gas * Go 0
Go AST Scanner
syzkaller * Go 0
syzkaller is an unsupervised, coverage-guided kernel fuzzer
Find-PHP-Vulnerabilities * Python 0
A plug-in of sublime 2/3 which is able to find PHP vulnerabilities
Hacking-with-Go * Go 0
Golang for Security Professionals
jxwaf * C 0
JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙
poodle-PoC * Python 0
Poodle (Padding Oracle On Downgraded Legacy Encryption) attack
winapi-kmd-rs * Rust 0
使用rust开发windows驱动
redox * Shell 0
Redox: A Rust Operating System
flying-sandbox-monster * Rust 0
Sandboxed, Rust-based, Windows Defender Client
AppContainerSandbox * C++ 0
An example sandbox using AppContainer (Windows 8+)
sandboxfs * Go 0
A virtual file system for sandboxing
oz * Go 0
OZ: a sandboxing system targeting everyday workstation applications
Deserialize * Java 0
CVE-2018-7600 * Python 0
Exploit for CVE-2018-7600 Drupal SA-CORE-2018-002. PoC (Proof-of-Concept).
dnsrecon * Python 0
DNS Enumeration Script
shelldaddy * 0
跨平台 webshell 静态扫描器
ahocorasick * Go 0
A Golang implementation of the Aho-Corasick string matching algorithm
windows-container * C++ 0
A lightweight sandbox for Windows application
pnscan * C 0
Peter's Network Scanner
Remote_Malware_Analyzer * C 0
Sandbox d'analyse de malware pour Windows 7 avec un client TCP en mode noyau
golang-open-source-projects * 0
为互联网IT人打造的中文版awesome-go
ActiveScanPlusPlus * Python 0
ActiveScan++ Burp Suite Plugin
Decodify * Python 0
It can detect and decode encoded strings, recursively.
rfd-checker * Go 0
RFD Checker - security CLI tool to test Reflected File Download issues
ids_bypass * C 0
CVE-2018-6794 IDS Bypass PoC server
security-onion * 0
Linux distro for IDS, NSM, and Log Management
IIS_shortname_Scanner * Python 0
an IIS shortname Scanner
vuln * 0
Record some Vulnerabilities
CHAOS * Go 0
:fire: CHAOS allow generate payloads and control remote Windows systems.
colly * Go 0
Elegant Scraper and Crawler Framework for Golang
ExploitDev * Python 0
tinn * C 0
The tiny neural network library
CloudHostSecurity * Go 0
vbg * Python 0
Visual Basic GUI: A Tool to Inject Keystrokes on a SSH Client via an X11 Forwarded Session
SMBRat * Python 0
A Windows Remote Administration Tool in Visual Basic
dotnet-deserialization-scanner * Java 0
.NET Deserialization Passive Scanner
php-fpm-code-analysis * 0
php-fpm源码分析
paskto * JavaScript 0
Paskto - Passive Web Scanner
govendor * Go 0
Go vendor tool that works with the standard vendor file.
maltegogo * Go 0
Maltego library in Go
QuasarRAT * C# 0
Remote Administration Tool for Windows
klara * PHP 0
Kaspersky's GReAT KLara
shocker * C 0
Shocker / Docker Breakout PoC
mackerel-agent * Go 0
mackerel-agent is an agent program to post your hosts' metrics to mackerel.io.
bosun * Go 0
Time Series Alerting Framework
virtsock * Go 0
Go bindings for virtio and Hyper-V sockets
sshproxy * Go 0
Golang library to proxy ssh connections
netstack * Go 0
Custom network stack in Go
anam * Go 0
Mass scanning the internet (http and https) using a raw tcpstack.
Sniffer * Python 0
A Sniffer for Open-WLAN
judas * Go 0
opensnitch * Python 0
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
FakeDns * Python 0
A regular-expression based python MITM DNS server with support for DNS Rebinding attacks
SourceCodeSniffer * Python 0
The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
PowerShell-Suite * PowerShell 0
My musings with PowerShell
PyRat * Python 0
PyRat,a rat by python xmlrpc
openrasp * JavaScript 0
Open source RASP solution
S3Scanner * Python 0
Scan for open S3 buckets and dump
PyWeakPwdAudit * Python 0
Droid-Application-Fuzz-Framework * HTML 0
Android application fuzzing framework with fuzzers and crash monitor.
getaltname * Python 0
Get Subject Alt Name from SSL Certificates
go-ps * Go 0
Find, list, and inspect processes from Go (golang).
sift * Go 0
A fast and powerful alternative to grep
f5_cookieLeaks * Python 0
Decode the cookies set by balancer F5, and disclousure all pool ip
Powershell-RAT * Python 0
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
theHarvester * Python 0
E-mails, subdomains and names Harvester - OSINT
FastPhotoStyle * Python 0
Style transfer, deep learning, feature transform
Chimay-Red * Python 0
Working POC of Mikrotik exploit from Vault 7 CIA Leaks
ezXSS * HTML 0
ezXSS is an easy way to test (blind) XSS
ds_storescanner * Go 0
A tool to scan for .DS_Store files on webservers
PyMLProjects * Python 0
Random repo of machine learning ideas orchestrated in python
webshell-3 * Java 0
乙方安全,入侵分析时发现的backdoor
uxss-db * HTML 0
🔪 Universal Cross-site Scripting DB [+ other browser vulnerabilities]
merlin * Go 0
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
DockerAttack * Shell 0
Various Tools and Docker Images
Python-dsstore * 0
A library for parsing .DS_Store files and extracting file names
rop-tool * C 0
A tool to help you write binary exploits
Python-Rootkit * Python 0
Python Remote Administration Tool (RAT) to gain meterpreter session
minhook * C 0
The Minimalistic x86/x64 API Hooking Library for Windows
gitsearch * Python 0
pychrome * Python 0
A Python Package for the Google Chrome Dev Protocol [threading base]
amass * Go 0
Subdomain Enumeration in Go
Memcrashed-DDoS-Exploit * Python 0
DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
HELK * Shell 0
The Hunting ELK
goloader * Go 0
a golang dynamic loader
t3sec-network-flow-analysis * 0
linkedin2username * Python 0
OSINT Tool: Generate username lists for companies on LinkedIn
Arjun * Python 0
Arjun is a python script for finding hidden GET & POST parameters.
ctfr * Python 0
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
DNS-Monitor * Python 0
XSS-hunter * PHP 0
XSS hunter 收集Webview 页面上存在的反射,储存型XSS ,方便应急APP 和前端页面在发布时遇到XSS 安全问题..
pyroute2 * Python 0
Python netlink library — Linux network setup and monitoring
powercat * PowerShell 0
netshell features all in version 2 powershell
btc-eclipse-sim * C 0
C language Bitcoin Network Eclipse Attack Simulator
Winpayloads * Python 0
Undetectable Windows Payload Generation
DroidSSLUnpinning * Java 0
Android certificate pinning disable tools
flare-fakenet-ng * Python 0
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
nextnet * Go 0
nextnet is a pivot point discovery tool written in Go.
Network-Security-Situation-Awareness-System * Java 0
综合了资产检测,主机扫描,流量分析等技术,通过这些技术取得网络资产,脆弱性,威胁等指标,从而根据这些指标计算出当前网络的网络安全态势。
Fireaway * Python 0
Next Generation Firewall Audit and Bypass Tool
ngfw_src * Java 0
NGFW src
injectify * TypeScript 0
Perform advanced MiTM attacks on websites with ease. https://injectify.js.org
cloudmapper * JavaScript 0
CloudMapper creates network diagrams of AWS environments
Awesome-Fuzzing * 0
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
MemcacheDos * TypeScript 0
Memcache 反射攻击 nodejs ddos
Passhunt * Python 0
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
awesome-blockchain * JavaScript 0
收集所有区块链(BlockChain)技术开发相关资料,包括Fabric和Ethereum开发资料
Java-Web-Security * Java 0
Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
fuzzdb * PHP 0
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
virtual-host-discovery * Ruby 0
A script to enumerate virtual hosts on a server.
mydocker * Go 0
<<自己动手写docker>> 源码
VwFirewall * C 0
微盾®VirtualWall®防火墙整套源代码
Pymap-Scanner * Python 0
SRCHunter * Python 0
SRCHunter一款基于python的开源扫描器
Toposcan * C 0
Network topology discovery uses C language by SNMP protocol and nmap(7.12) to realize network assets topology discovery!
PoT * Python 0
Phishing on Twitter
goMS17-010 * Python 0
Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
headless-chrome-crawler * JavaScript 0
Distributed crawler powered by Headless Chrome
gitleaks * Go 0
Searches full repo history for secrets and keys 🔑
altdns * Python 0
Generates permutations, alterations and mutations of subdomains and then resolves them
gmsm * Go 0
GM SM2/3/4 library based on Golang (基于Go语言的国密SM2/SM3/SM4算法库)
ReelPhish * Python 0
双因素钓鱼
gifoeb * Python 0
exploit for ImageMagick's uninitialized memory disclosure in gif coder
vuls * Go 0
漏洞检测Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
rawhttp * Go 0
A Go library for making HTTP requests with complete control
safing-core * Go 0
The Safing Core https://safing.me 基于golang的防火墙
joomscan * Perl 0
OWASP Joomla Vulnerability Scanner Project
MLCheckWebshell * Python 0
suterusu * C 0
An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
Wiki * 0
FISCO BCOS 知识库 区块链
web-traffic-forecasting * Python 0
Kaggle | Web Traffic Forecasting 📈
vulnerability-rating-taxonomy * Python 0
Bugcrowd’s baseline priority ratings for common security vulnerabilities
Oracle-WebLogic-CVE-2017-10271 * Java 0
WebLogic wls-wsat RCE CVE-2017-10271
awesome-nginx-security * 0
🔥 A curated list of awesome links related to application/API security in NGINX environment.
researches * PHP 0
Lengyue-Vcode * Python 0
各种滑动验证码识别 [腾讯云] [阿里云]
nginx_auth_accessfabric * C 0
Nginx module for authenticating requests from the ScaleFT Access Fabric
federated_access_proxy * CSS 0
BeyondCorp-style federated access proxy
transcend * Go 0
BeyondCorp-inspired Access Proxy in Go. Secure internal services outside your VPN/perimeter network during a zero-trust transition.
goWAPT * Go 0
Go Web Application Penetration Test
kDriver-Fuzzer * C 0
nfr * Go 0
A utility to score network traffic and identify security threats
mod_rootme * C 0
mod_rootme patched for apache 2.2
Panoptic * Python 0
Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.
GoAT * Go 0
基于golang的远程控制
explo * Python 0
漏洞测试工具
Machine-Learning-Note * Python 0
机器学习笔记
nux * Go 0
*nux metric collector
medfusion-4000-research * Python 0
Medfusion 4000 Security Research
xssmap * Go 0
(DOM-)XSS fuzzer based on phantomjs and go.
EquationGroupLeak * Python 0
Archive of leaked Equation Group materials
xsec-dns-proxy * Go 0
DNS代理服务器,可以记录log到数据库中
GSIL * Python 0
Github Sensitive Information Leakage(Github敏感信息泄露)
njRAT * Visual Basic 0
njRAT SRC Extract
ssi-server * Python 0
Server Side Includes in Python's SimpleHTTPServer
NFS-scan * Python 0
NFS遍历目录探测
medusa * C 0
Medusa is a speedy, parallel, and modular, login brute-forcer.
webdirdig * Python 0
web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。
mod_uuid * C 0
Apache module which provides a random-based UUID environment variable for each request
Zeus-Scanner * Python 0
Advanced reconnaissance utility
w9scan * Python 0
一款兼容bugscan插件的扫描器
Striker * Python 0
Striker is an offensive information and vulnerability scanner.
cvssv3 * PHP 0
PHP class for the CVSS v3 (Common Vulnerability Scoring System)
go-python * Go 0
naive go bindings to the CPython C-API
Open-Redirect-Payloads * 0
Open Redirect Payloads
fastnetmon * C++ 0
FastNetMon community - very fast DDoS analyzer with sflow/netflow/mirror support
machinery * Go 0
Machinery is an asynchronous task queue/job queue based on distributed message passing.
FoolNLTK * Python 0
A Chinese Nature Language Toolkit
AuditdPy * Python 0
Linux服务器命令监控辅助脚本,ElasticSearch + Logstash + Kibana + Redis + Auditd
slurp * Go 0
S3 bucket enumerator
Exploit-Writeups * 0
A collection where my current and future writeups for exploits/CTF will go
yanff * Go 0
YANFF - Yet Another Network Function Framework
PS4-4.05-Kernel-Exploit * JavaScript 0
A fully implemented kernel exploit for the PS4 on 4.05FW
casb_tiny * Perl 0
cloud access security broker for uploads (e.g. FTP) to basic web hosting
Blackbone * C++ 0
Windows memory hacking library
cupp * Python 0
Common User Passwords Profiler (CUPP)
re2dfa * Go 0
Transform regular expressions into finite state machines and output Go source code
luna * Python 0
luna webscanner
DetectionLab * HTML 0
Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
dockerscan * Python 0
Docker security analysis & hacking tools
linux-kernel-exploitation * 0
A bunch of links related to Linux kernel fuzzing and exploitation
whichCDN * Python 0
WhichCDN allows to detect if a given website is protected by a Content Delivery Network
Network-vulnerability-scan-frame * C++ 0
ChromeFuzzer * JavaScript 0
fuzz
morph * Python 0
an open source browser fuzzing framework for fun.
grinder * Ruby 0
Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
LinEnum * Shell 0
Scripted Local Linux Enumeration & Privilege Escalation Checks
Mirai-Source-Code-1 * C 0
ssrf-ntlm * Python 0
Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.
tensorflow-1.4-billion-password-analysis * Python 0
Deep Learning model to analyze a large corpus of clear text passwords.
APacheSynapseSimplePOC * Java 0
go-yara * Go 0
Go bindings for YARA
php-malware-finder * PHP 0
Detect potentially malicious PHP files
MachineLearning-1 * HTML 0
Machine Learning in Action(机器学习实战)
gohs * Go 0
GoLang Binding of HyperScan https://01.org/hyperscan
TeamViewer_Permissions_Hook_V1 * C++ 0
A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
Exploit-Framework * Python 0
CT_subdomains * 0
An hourly updated list of subdomains gathered from certificate transparency logs
lkm_parse_dns_packet * C 0
linux 核心模組, 使用 netfilter IPv4 hook 監聽和分析 DNS 請求和回應封包.
poc-exp * C 0
poc or exp of android vulnerability
XssPy * Python 0
XssPy - Web Application XSS Scanner
xsec-proxy-scanner * Go 0
xsec-proxy-scanner是一款速度超快、小巧的代理扫描器
TheHive * HTML 0
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
rootkit-3 * TeX 0
Sample Rootkit for Linux
JS-SCP * 0
JavaScript Secure Coding Practices guide
Apache_HTTP_Server_Module_Backdoor * C 0
Android-Reports-and-Resources * 0
A big list of Android Hackerone disclosed reports and other resources.
build-your-own-docker * Go 0
自己动手写Docker
pouch * Go 0
Pouch is an open-source project created to promote the container technology movement.
Android-SSL-TrustKiller * Java 0
Bypass SSL certificate pinning for most applications
opsweb * Python 0
百合网运维综合管理平台(python+flask框架+cmdb+scheduler+salt),已经成功运行2年有余,基本能够实现日常运维80%以上的重复工作。因本系统依赖底层数据和众多第三方模块,部署运行难度比较大,建议仅用于研究代码!
dnstwist * Python 0
Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
rootkit-2 * C 0
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
fame * Python 0
FAME Automates Malware Evaluation
Icewater * 0
About 3,000 Free Yara rules created by
kernelpop * C 0
kernel privilege escalation enumeration and exploitation framework
dnstricker * JavaScript 0
A simple dns resolver of dns-record and web-record log server for pentesting
Ti_Collector * Python 0
本项目致力于收集网上公开来源的威胁情报,主要关注信誉类威胁情报(如IP/域名等),以及事件类威胁情报。
gocrack * Go 0
Office-DDE-Payloads * Python 0
Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
CVE-2017-8759 * 0
CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
findmalware * C 0
FindMalware
RansomDetection * C++ 0
基于行为的Ransomware检测原型
Cobra-W * Python 0
白盒源代码审计工具-白帽子版
open-redirect-scanner * Python 0
open redirect subdomains scanner
deception-as-detection * 0
:honeybee: Deception based detection techniques mapped to the MITRE’s ATT&CK framework
Webshell-Sniper * Python 0
Manage your website via terminal
VulHint * Python 0
VulHint是辅助代码审计的 sublime text 3 插件
WebShell-Detect-By-Machine-Learning * Python 0
使用机器学习识别WebShell
webshell-sample * PHP 0
webshell sample
LSTM_learn * Python 0
a implement of LSTM using Keras for time series prediction regression problem
WebMalwareScanner * Python 0
WebMalwareScanner - A simple malware scanner
awesome-yara * 0
A curated list of awesome YARA rules, tools, and people.
riot * Go 0
Go Open Source, Distributed, Simple and efficient Search Engine
network_backdoor_scanner * C++ 0
This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
securitai-lstm-model * Python 0
wangfeng-rnn * Shell 0
Multi-layer RNN building Wang Feng style lyric
aktaion * Python 0
Aktaion: Open Source ML tool and data samples for Exploit and Phishing Research
OSINTforPenTests * 0
Slides from my ShellCon Talk, OSINT for Pen Tests, given 10/19.
libvmi-volatility-master * C 0
虚拟机带外内存监控
libvmi * C 0
The official home of the LibVMI project is at https://github.com/libvmi/libvmi.
CyberScan * Python 0
CyberScan
awesome-malware-analysis * 0
A curated list of awesome malware analysis tools and resources
Phishing_detection_based_on_heuristic_features * Python 0
基于启发式特征的钓鱼网站检测系统
malicious_web_page_detection_based_on_url * Python 0
基于url特征的轻量级的恶意页面检测
sec-reseach * Python 0
ApkProtect * Java 0
通付盾第一代安全加固方案
nvt * 0
citypw-SCFE * C 0
sample code for educate myself-_-
rhapis * Lua 0
:globe_with_meridians: Network intrusion detection systems simulator. RHAPIS provides a simulation environment through which user is able to execute any IDS operation.
connect-hook * C 0
a hook for the sys_connect using kprobes
Autorize * Python 0
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
hook * C 0
hook: linux kernel syscall hijack
rootkit-sample-code * C 0
rootkit sample code of my tutorials on Freebuf.com
LinuxAntivirus * C 0
ping-back * C 0
Linux backdoor using ICMP payload for activation
struts-scan * Python 0
struts2漏洞全版本检测和利用工具
Unix-Privilege-Escalation-Exploits-Pack * C 0
Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
machinista * Go 0
Simple rootkit hunter
beurk * C 0
BEURK Experimental Unix RootKit
enyelkm * C 0
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.
prism * C 0
PRISM is an user space stealth reverse shell backdoor, written in pure C.
research-rootkit * C 0
LibZeroEvil & the Research Rootkit project.
rootkit * C 0
A rootkit for linux kernel >= 3.0
basic-rootkit * C 0
just a basic rootkit for learning how to playing sys_call_table
AFkit * C 0
Anti live forensic linux LKM rootkit
GithubCloner * Python 0
A script that clones Github repositories of users and organizations.
github-dorks * Python 0
Collection of github dorks and helper tool to automate the process of checking dorks
git-all-secrets * Go 0
A tool to capture all the git secrets by leveraging multiple open source git searching tools
sqliv * Python 0
(SQLiv) massive SQL injection vulnerability scanner
linux-antivirus * C 0
Antivirus for Linux operating system
1book * PHP 0
《Web安全之机器学习入门》
AI-Programmer * C# 0
Using artificial intelligence and genetic algorithms to automatically write programs. Tutorial: http://www.primaryobjects.com/cms/article149
rtcp * Python 0
利用 Python 的 Socket 端口转发,用于远程维护
isf-1 * Python 0
ISF(Industrial Security Framework),基于Python的工控漏洞利用框架
iniscan * PHP 0
A php.ini scanner for best security practices
HandyCollaborator * Java 0
Burp Suite plugin created for using Collaborator tool during manual testing
sec-ml * 0
security machine learning
pywintrace * Python 0
ETW Python Library
JavaUnserializeExploits * Python 0
awesome-cve-poc * 0
✍️ A curated list of CVE PoCs.
europilot * Jupyter Notebook 0
A toolkit for controlling Euro Truck Simulator 2 with python to develop self-driving algorithms.
githubscan * Python 0
githubscan
fval * C 0
PHP Fval(say F-word to eval) extension used to disable unsafe functions/eval with E_FATAL.
XSS-Filter-Evasion-Cheat-Sheet-CN * 0
XSS_Filter_Evasion_Cheat_Sheet 中文版
CVE-2017-8759-Exploit-sample * 0
Running CVE-2017-8759 exploit sample.
Code-Audit-Challenges * PHP 0
Code-Audit-Challenges
lua-resty-waf * Perl 0
High-performance WAF built on the OpenResty stack
Security-in-Software-Defined-Networks-using-Firewall * Python 0
Improving security in software defined networks using firewall security mechanism and mitigation of attacks
ogo * Go 0
An OpenFlow Network Controller in Go
ryu * Python 0
Ryu component-based software defined networking framework
openflowddos * Python 0
OpenFlow DDoS mitigation Ryu controller
cobra * Python 0
Source Code Security Audit (源代码安全审计)
Pansidong * Python 0
盘丝洞 - 自动化WEB漏洞扫描器
TensorFlowOnSpark * Python 0
TensorFlowOnSpark brings TensorFlow programs onto Apache Spark clusters
PHP-Parser-1 * PHP 0
A PHP parser written in PHP
pyt * Python 0
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
waidps * Python 0
Wireless Auditing, Intrusion Detection & Prevention System
gopacket * Go 0
Provides packet processing capabilities for Go
go-iptables * Go 0
Go wrapper around iptables utility
isf * Python 0
ISF(Industrial Exploitation Framework),基于Python的工控漏洞利用框架
HTTPLeaks * HTML 0
HTTPLeaks - All possible ways, a website can leak HTTP requests
gosimhash * Go 0
中文文档simhash值计算
DropboxC2C * Python 0
DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.
Host-Based-Intrusion-Detection-System-Using-Genetic-Algorithm * Java 0
The GA-IDS is a full-fledged host based intrusion detection system developed using the Java programming language to help detect packets having spoofed IP addresses. It first and foremost sniffs the incoming packets on the host system and there after analyzes them in order to detect an intrusion. Considering the fact that this sniffing process is a low level operation, the java application makes use of the Java Packet Capturing Library (JpCap) which works in conjunction with the Windows Packet Capturing Library (WinpCap).
Wordpresscan * Python 0
WPScan rewritten in Python + some WPSeku ideas
LinuxShellScript * Shell 0
LinuxShell编程笔记
wetland * Python 0
A high interaction SSH honeypot
py * Go 0
Golang bindings to the CPython C-API
mimikatz * C 0
A little tool to play with Windows security
Threat-Intelligence-Hunter * Python 0
TIH is an intelligence tool that helps you in searching for IOCs across multiple openly available security feeds and some well known APIs. The idea behind the tool is to facilitate searching and storing of frequently added IOCs for creating your own local database of indicators.
RocAlphaGo * Python 0
An independent, student-led replication of DeepMind's 2016 Nature publication, "Mastering the game of Go with deep neural networks and tree search" (Nature 529, 484-489, 28 Jan 2016), details of which can be found on their website https://deepmind.com/publications.html.
honeybits * Go 0
A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots
packet_analysis * Python 0
IP/TCP/UDP数据包分析及解析
BoopSuite * Python 0
A Suite of Tools written in Python for wireless auditing and security testing.
bocker * Shell 0
Docker implemented in around 100 lines of bash
apparatus * JavaScript 0
A graphical security analysis tool for IoT networks
WAF_Bypass_Helper * Python 0
Python script for generating bypass of your attack
PassiveScanner * Python 0
a passive scanner based on Mitmproxy and Arachni
mysql-audit * C 0
AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.
mysql-sniffer * C 0
mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team
tools * Assembly 0
security and hacking tools, exploits, proof of concepts, shellcodes, scripts
scripts * Shell 0
信安之路上涉及的一些脚本
opendlp * HTML 0
GRASSMARLIN * Java 0
Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. iadgov
pydictor * Python 0
A powerful and useful hacker dictionary builder for a brute-force attack
rpc4django-demo * Python 0
This is the code that runs the demo site for rpc4django
hackazon * HTML 0
A modern vulnerable web app
XXEinjector * Ruby 0
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
satori * Python 0
Satori 是一个 LeanCloud 维护的监控系统,inspired by Open-Falcon
aliyun-safe-match * Java 0
阿里云安全算法挑战赛代码(第29名,共936支队伍报名)
SQLMAP-Web-GUI * PHP 0
PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
Codiad-Remote-Code-Execute-Exploit * Python 0
A simple exploit to execute system command on codiad
linux-baseline * Ruby 0
DevSec Linux Baseline - InSpec Profile
microscan * Python 0
MicroScan 基于B/S架构微扫描器
RNN * Python 0
A toy example for RNN in Python
DL_for_xss * Python 0
Deep learnning for detection with xss
DAws * PHP 0
Advanced Web Shell
WSSAT * JavaScript 0
WEB SERVICE SECURITY ASSESSMENT TOOL
xssfork * Python 0
ws-docker-community * Shell 0
Web Sight Docker Deployment
owtf * Python 0
Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python @owtfp http://owtf.org
fuzzapi * Ruby 0
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
csp-auditor * Java 0
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
yasuo * Ruby 0
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
MailSniper * PowerShell 0
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
king-phisher * Python 0
Phishing Campaign Toolkit
websearch * Roff 0
Search engine for web assets
wukong * Python 0
悟空扫描器
angularjs-csti-scanner * PHP 0
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
WebShell-1 * PHP 0
Webshell && Backdoor Collection
vmware_escape * C 0
VMware Escape Exploit before VMware WorkStation 12.5.5
webshell * Python 0
social-engineer-toolkit * Python 0
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
gobuster * Go 0
Directory/file & DNS busting tool written in Go
recon-ng * Python 0
The glorious recon-ng project, which is super cool! This is an older unmaintained release of the popular scanner. Possibly no longer works.
domain * Python 0
Setup script for Regon-ng
Hawkeye * Vue 0
GitHub 泄露监控系统
FiercePhish * PHP 0
FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
WPForce * Python 0
Wordpress Attack Suite
ssh_scan * Ruby 0
A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)
whitewidow * Ruby 0
SQL Vulnerability Scanner
lua-sqlparser * C 0
General SQL Parser(http://www.sqlparser.com) lua module
xssless * Python 0
An automated XSS payload generator written in python.
go-shodan * Go 0
Shodan API client
fpgrowth * Python 0
数据挖掘/关联规则挖掘/fpgrowth
Machine-Learning-With-Python * Python 0
此项目是我在学习《机器学习实战》这本书时的代码记录情况,用python实现,当然也会包括一些其他的机器学习算法,使用Python实现
basicRAT * Python 0
python remote access trojan
apriori * Python 0
由Python实现的频繁项集挖掘Apriori算法
inspectIT * Java 0
inspectIT is the leading Open Source APM (Application Performance Management) tool for analyzing your Java (EE) applications.
Zeus * Shell 0
AWS Auditing & Hardening Tool
Susanoo * Python 0
A REST API security testing framework.
w8scan * JavaScript 0
一款模仿bugscan的漏洞扫描器
dnssearch * Go 0
A subdomain enumeration tool.
rdpy * Python 0
Remote Desktop Protocol in Twisted Python
pyrasite * Python 0
Inject code into running Python processes
xunfengES * Python 0
aquatone * Ruby 0
A Tool for Domain Flyovers
springcss-cve-2014-3625 * Java 0
spring mvc cve-2014-3625
sslyze * Python 0
Fast and powerful SSL/TLS server scanning library.
RED_HAWK * PHP 0
RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling. Coded In PHP
goappmonitor * Go 0
Golang application performance data monitoring.
puma-scan * C# 0
Puma Scan is the leading software security Visual Studio analyzer extension. Built on top of Roslyn, the open-source .NET Compiler Platform, Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
svn-extractor * Python 0
simple script to extract all web resources by means of .SVN folder exposed over network.
portia * PowerShell 0
BlindRef * Python 0
BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework
oxml_xxe * Ruby 0
A tool for embedding XXE/XML exploits into different filetypes
c4 * C 0
C in four functions
gwhatweb * Python 0
CMS识别 python gevent实现
cupper * Python 0
It comes!!
BadCode * 0
BadCode is a signature database for static source code scanner that identify bad security practices.
Sharly * Python 0
wpbrute * Shell 0
[BASH] Wordpress bruteforce
fastjson-remote-code-execute-poc * Java 0
fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java
not-your-average-web-crawler * Python 0
A web crawler that gathers more than you can imagine.
bug-bounty-reference * 0
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
NeoPI * Python 0
simple-java-agent * Java 0
Creating a simple Java Agent
Awesome-Hacking * 0
A collection of various awesome lists for hackers, pentesters and security researchers
hound * Python 0
jexboss * Python 0
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
sec-chart * 0
安全思维导图集合
Java-Deserialization-Scanner * Java 0
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
IIS_exploit * Python 0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
break-fast-serial * Python 0
A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
DoubleAgent * C 0
Zero-Day Code Injection and Persistence Technique
1000php * HTML 0
1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
rubysec * Ruby 0
RubySec Field Guide
immunio-xss-fuzzer * Python 0
Immunio's XSS Fuzzer tool
scanner * JavaScript 0
网站漏洞扫描平台
BruteXSS * Python 0
BruteXSS - Cross-Site Scripting Bruteforcer
pyfiscan * Python 0
Free web-application vulnerability and version scanner
intrigue-core * JavaScript 0
Discover your attack surface!
telnet-scanner * Python 0
telnet服务密码撞库
PassiveFuzzFrameworkOSX * C 0
This framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode.
Using-machine-learning-to-detect-malicious-URLs * Python 0
Machine Learning and Security | Using machine learning to detect malicious URLs
xsec-ssh-firewall * Go 0
一个简易的ssh密码防暴力破解程序
logistic_regression * Python 0
a demo of logistic regression
easy-tips * PHP 0
a little tips in my code career
bbtools * Python 0
J2EEScan * Java 0
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
cloudflare_enum * Python 0
Cloudflare DNS Enumeration Tool for Pentesters
browser_xss_auditor_fuzzing * HTML 0
浏览器XSS 过滤器Fuzzing 框架 (browser xss aduit fuzzing framework )..
OpenWAF * Lua 0
Web security protection system based on openresty
ds_store_exp * Python 0
A .DS_Store file disclosure exploit. It parse .DS_Store file and download files recursively.
same-origin-method-execution * Java 0
A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities
nginx-plugin * C 0
source code for yunsuo nginx plugin
WS-Attacker * Java 0
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (http://nds.rub.de/ ) and the Hackmanit GmbH (http://hackmanit.de/).
gitrob * Ruby 0
Reconnaissance tool for GitHub organizations
libinjection * C++ 0
SQL / SQLI tokenizer parser analyzer
apm_python * Python 0
APMonitor Optimization Suite in Python
evalhook * C 0
msafe * C 0
通过劫持Zend底层opcode编译,可以分析php执行的代码,从而达到还原一切混淆加密的php源码,并且可以根据自定义规则,审计代码安全。
forced-evolution * Python 0
forced-evolution
dbpost * Python 0
proxy for save db data. support mysql、sqlite、mongodb
kingshard * Go 0
A high-performance MySQL proxy
php * C 0
PHP扩展练习
cpp-sql-fuzzer * C++ 0
Scanners-Box * Perl 0
扫描器合集
pentestEr_Fully-automatic-scanner * Python 0
定向全自动化渗透测试
DNS_domain_Discovery * Perl 0
域名绑定dns解析搜扫
RASscan * Python 0
内网端口极速扫描器
awesome-ml-for-cybersecurity * 0
:octocat: Machine Learning for Cyber Security
urlfuzzing * Python 0
Advance URL Fuzzing + Whois Domain running on python
crack_geetest * Python 0
滑动验证码破解示例
xsshunter * JavaScript 0
The XSS Hunter service - a portable version of XSSHunter.com
pluginbase * Python 0
A simple but flexible plugin system for Python.
xsser * Python 0
From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016
onionscan * Go 0
OnionScan is a free and open source tool for investigating the Dark Web.
visualize_logs * HTML 0
A Python library and command line tools to provide interactive log visualization.
flask-celery-example * Python 0
A simple example for using Flask + Celery
Tornado-MySQL * Python 0
PyMySQL fork for Tornado
Bypass-PHP-GD-Process-To-RCE * PHP 0
Reference: http://www.secgeek.net/bookfresh-vulnerability/
web-scan-spider * Python 0
python spider and test basic xss
tp_security_xss_scaner * Python 0
reflected_xss_scanner * Python 0
A python/scrapy based xss website scanner
Smashing_The_Browser * C++ 0
Smashing The Browser: From Vulnerability Discovery To Exploit
bfac * Python 0
BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may discloses the web-application's source code.
Mirai * JavaScript 0
An easy to use Discord bot framework in NodeJS
open_nsfw * Python 0
code for running Model and code for Not Suitable for Work (NSFW) classification using deep neural network Caffe models
AuthMatrix * Python 0
AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
IntruderPayloads * PHP 0
A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
RobotsDisallowed * 0
A harvest of the Disallowed directories from the robots.txt files of the world's top websites.
py-find-injection * Python 0
Look for SQL injection attacks in python source code
pyvulhunter * Python 0
python audit tool 审计 注入 inject
knock * Python 0
Knock Subdomain Scan
detect_webshell * Java 0
wyproxy * Python 0
Proxying And Recording HTTP/HTTPs and Socks5, Save To Mysql Database.
Bank * Python 0
工控安全
IronWASP-Python-Plugins * Python 0
Python Plugins that power IronWASP
jsql-injection * Java 0
jSQL Injection is a Java application for automatic SQL database injection.
hackeroni * Go 0
A Go API client for HackerOne (api.hackerone.com)
spiderfoot * Python 0
SpiderFoot, the open source footprinting and intelligence-gathering tool.
webpwn3r * Python 0
WebPwn3r - Web Applications Security Scanner.
Sublist3r * Python 0
Fast subdomains enumeration tool for penetration testers
hash_extender * C 0
simple_example_filter_GPC * C 0
fenghuangscanner_v3 * Python 0
NoEye * Python 0
A blind mode exploit framework (a dns server and a web app) that like wvs's AcuMonitor Service or burpsuite's collabrator or cloudeye
agent * Java 0
eagleEyeAgent 的agent支持部分,提供premain和agentmain两种入口
Mind-Map * 0
各种安全相关思维导图整理收集
passive_scan * Python 0
基于http代理的web漏洞扫描器的实现
genpAss * Python 0
中国特色的弱口令生成器
Yaf-Blog * JavaScript 0
The fastest blog system by the fastest framework
yaf-extensions * PHP 0
some extensions for php framework YAF(https://github.com/laruence/php-yaf)
weakfilescan * Python 0
动态多线程敏感信息泄露检测工具
fofa * Ruby 0
fofa website
scan-framework * Python 0
A framework used for Vulnerability scanning
| 编程语言 | 排名 | 好于 | 星星数 |
|---|---|---|---|
| Python | 1831 | 97.98% | 117 |
| PHP | 2388 | 90.98% | 6 |
| Go | 3068 | 90.97% | 4 |
| Java | 3153 | 96.50% | 68 |
| HTML | 6280 | 89.85% | 2 |