This is your work, valued
Passion with Cyber security
impacket-rbcd. The original version of impact-ntlmrelayx only supported requests from machine accounts when playing through RBCD. Now I have made some small changes to enable it to support requests from user accounts.
★ 99findip. A python tool for find real ip addr in cdn
★ 14cve-2023-42820. JumpServer
★ 2OSWE_Jounery. The guide to get OSWE
★ 1CVE_lists. Contribute to the security of open source software and record the security vulnerabilities encountered
★ 1learnjavabug. Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
★ 2.7kJavaRce. Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
★ 550ReerRouter. App URL router for iOS (Swift only). Register via Swift Macro
★ 95arkTS. 🧩 VSCode鸿蒙ArkTS插件 ✨✍️ 支持各种补全/跳转 ⛺️ 支持codelinter检测代码错误 🎵 VSCode HarmonyOS ArkTS plugin for personal use ✨✍️ supports source code navigation and completion ⛺️ supports codelinter to detect errors
★ 858MemShellParty. 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率
★ 1.5kjava-sec-code. Java web common vulnerabilities and security code which is base on springboot and spring security
★ 2.7kFastJsonParty. FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
★ 1.2ktls_proxy. A lightweight reverse proxy server that converts TLS traffic to TCP, allowing secure communication between clients and upstream servers.
★ 80tabby. A CAT called tabby ( Code Analysis Tool )
★ 1.7kvulnhuntr-mod. Static Code Security Analysis Tool driven by LLM
★ 7gpt_academic. 为GPT/GLM等LLM大语言模型提供实用化交互接口,特别优化论文阅读/润色/写作体验,模块化设计,支持自定义快捷按钮&函数插件,支持Python和C++等项目剖析&自译解功能,PDF/LaTex论文翻译&总结功能,支持并行问询多种LLM模型,支持chatglm3等本地模型。接入通义千问, deepseekcoder, 讯飞星火, 文心一言, llama2, rwkv, claude2, moss等。
★ 71kawesome-agents. 🤖 Awesome list of AI Agents
★ 2.6kCVE_lists. Contribute to the security of open source software and record the security vulnerabilities encountered
★ 1cicd-goat. A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
★ 2.3kSecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
★ 72kten-framework. Open-source framework for conversational voice AI agents
★ 11kd2l-zh. 《动手学深度学习》:面向中文读者、能运行、可讨论。中英文版被70多个国家的500多所大学用于教学。
★ 79ksponge_examples. Python
★ 34TAP. TAP: An automated jailbreaking method for black-box LLMs
★ 239Model-Inversion-Attack-ToolBox. A comprehensive toolbox for model inversion attacks and defenses, which is easy to get started.
★ 197awesome-llm-security. A curation of awesome tools, documents and projects about LLM Security.
★ 1.6kagentscope. Build and run agents you can see, understand and trust.
★ 28kai-exploits. A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
★ 1.7kSecGPT. SecGPT网络安全大模型
★ 3.1kADcheck. Assess the security of your Active Directory with few or all privileges.
★ 376geektime-books. :books: 极客时间电子书
★ 13kimpacket-rbcd. The original version of impact-ntlmrelayx only supported requests from machine accounts when playing through RBCD. Now I have made some small changes to enable it to support requests from user accounts.
★ 99xianzhi_assistant. 这是一个基于先知社区知识构建的向量知识库
★ 283SharpRelay. C#
★ 183UserRegEnum_0x727. 域内普通域用户权限查找域内所有计算机上登录的用户
★ 151AD-control-paths. Active Directory Control Paths auditing and graphing tools
★ 678cloud-security-guides.
★ 180Killer. Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.
★ 845SkyArk. SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
★ 912ACLight. A script for advanced discovery of Privileged Accounts - includes Shadow Admins
★ 830SharpWeb. 一个浏览器数据(密码|历史记录|Cookie|书签|下载记录)的导出工具,支持主流浏览器。
★ 796cve-2023-42820. JumpServer
★ 2Source-and-Fuzzing. 一些阅读源码和Fuzzing 的经验,涵盖黑盒与白盒测试..
★ 1.1kOSWE_Jounery. The guide to get OSWE
★ 1CodeQL. 《深入理解CodeQL》Finding vulnerabilities with CodeQL.
★ 1.8kSpringBoot-Labs. 一个涵盖六个专栏:Spring Boot 2.X、Spring Cloud、Spring Cloud Alibaba、Dubbo、分布式消息队列、分布式事务的仓库。希望胖友小手一抖,右上角来个 Star,感恩 1024
★ 20kPupilSearch. just a Reptile
★ 12SpringBootExploit. 项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
★ 1.9kcode-phish. JetBrains系列产品.idea钓鱼反制红队
★ 328javasec. 自己学习java安全的一些总结,主要是安全审计相关
★ 1.7kExchange-AD-Privesc. Exchange privilege escalations to Active Directory
★ 819LAPSToolkit. Tool to audit and attack LAPS environments
★ 952BloodHound-Legacy. Six Degrees of Domain Admin
★ 11kWinPwn. Automation for internal Windows Penetrationtest / AD-Security
★ 3.7kmkdocs-material. Documentation that simply works
★ 27kOSWE-Labs-Poc. Dockerized labs For Web Expert (OSWE) certification. Preparation for coming AWAE Training ...
★ 127NTLM-SSP. 本项目是一篇NTLM中高级进阶进阶文章,后续我也会在Github和Gitbook对此文进行持续性的更新NTLM以及常见的协议中高级进阶并计划开源部分协议调试工具,望各位issue勘误。
★ 113OSCE3-Complete-Guide. OSWE, OSEP, OSED, OSEE
★ 3.9kOSWE-cheat-sheet. OSWE-cheat sheet module by module with updated syllabus
★ 12adidnsdump. Active Directory Integrated DNS dumping by any authenticated user
★ 1.2kRelayX. NTLM relay test.
★ 195Web-Security-Attack. Web安全相关内容
★ 951MicrosoftWontFixList. A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
★ 953White-box-pentesting. This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities
★ 94web-sec. WEB安全手册(红队安全技能栈),漏洞理解,漏洞利用,代码审计和渗透测试总结。【持续更新】
★ 1.9kawesome-cybersecurity-blueteam-cn. 网络安全 · 攻防对抗 · 蓝队清单,中文版
★ 964ShuiYing_0x727. 检测域环境内,域机器的本地管理组成员是否存在弱口令和通用口令,对域用户的权限分配以及域内委派查询
★ 357redteam_vul. 红队作战中比较常遇到的一些重点系统漏洞整理。
★ 2.5kAwesome-Red-Teaming. List of Awesome Red Teaming Resources
★ 8kCVE-2021-1675. C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
★ 2kPSPKIAudit. PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
★ 9371earn. ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
★ 5.7kPetitPotam. PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
★ 2.3kAI-for-Security-Starting. 面向安全、数据、算法人员的安全智能化起步手册
★ 194hexo-theme-Wikitten. A theme of Hexo for personal wiki which seems like Wikitten style.
★ 705JavaCodeAudit. Getting started with java code auditing 代码审计入门的小项目
★ 930PHP-Audit-Labs. 一个关于PHP的代码审计项目
★ 1.9ksecurity-engineering. 网络安全空间安全
★ 1.7kBurpSuite-collections. 有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
★ 3.9kFrog-Auth. 🐸Unauthorized Detection Framework未授权访问检测框架
★ 161Code-Audit-Challenges. Code-Audit-Challenges
★ 987php_bugs. PHP代码审计分段讲解
★ 1.7kCVE-2021-22192. CVE-2021-22192 靶场: 未授权用户 RCE 漏洞
★ 38xunfeng. 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
★ 3.6kMedusa. :cat2:Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中
★ 2.2kpocsuite3. pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
★ 3.9kgolang-portScan. a tool of port scanning written in golang
★ 27naabu. A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
★ 6.1kfuzzDicts. You Know, For WEB Fuzzing !
★ 8.4kfindip. A python tool for find real ip addr in cdn
★ 14AD-Attack-Defense. Attack and defend active directory using modern post exploitation adversary tradecraft activity
★ 4.8kSearpy. 🥀 Search Engine Tookit,URL采集、Favicon哈希值查找真实IP、子域名查找
★ 214awesome-ml-for-cybersecurity. :octocat: Machine Learning for Cyber Security
★ 9.1kCyber-Security-Guide. The Whitepaper For Enterprise Security created by Monster Zero Team
★ 35subdomain3. A new generation of tool for discovering subdomains( ip , cdn and so on)
★ 712Perun. Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
★ 1.1k