This is your work, valued
ngx_lua_waf. ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
4krtcp. Python
10awesome-list.
9security.vcl. protect your websites with varnish rules
6VFW. Varnish Firewall
5GitHack. A `.git` folder disclosure exploit
5nginx-systemtap-toolkit. Real-time analyzing and diagnosing tools for Nginx based on SystemTap
4Enterprise_-Security_tools. 企业安全建设中用到的开源or“免费”的工具
4waf-research. WAF Research
3yulong-hids. 一款由 YSRC 开源的主机入侵检测系统
3PHP-WebShell-Bypass-WAF. 记录与分享PHP WebShell 绕过WAF 的一些经验 Share some experience PHP WebShell bypass WAF
3ortbot. Open Red Team Bag of Tricks - Red Teaming and Pentesting cheat sheet and trick book
3xsschef. Chrome extension Exploitation Framework
3DNSLog. DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
2BkScanner. BkScanner 分布式、插件化web漏洞扫描器
2sslstrip. A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
2sec-chart. Security Flow Chart
2CrackMapExec. A swiss army knife for pentesting Windows/Active Directory environments
2atexec-pro. Fileless atexec, no more need for port 445
1vulfocus. 🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
1domainTools. 内网域渗透小工具
1CVE-2021-22204-exiftool. Python exploit for the CVE-2021-22204 vulnerability in Exiftool
1hackingtool. ALL IN ONE Hacking Tool For Hackers
1Mind-Map. 超详细的渗透测试思维导图
1telnet-scanner. telnet服务密码撞库
1otunnel. peer-to-peer tunnel tool
1Anti-Anti-Spider. 越来越多的网站具有反爬虫特性,有的用图片隐藏关键数据,有的使用反人类的验证码,建立反反爬虫的代码仓库,通过与不同特性的网站做斗争(无恶意)提高技术。(欢迎提交难以采集的网站)
1ProxyBroker. Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS
1portspoof. Portspoof
1gitjacker. 🔪 :octocat: Leak git repositories from misconfigured websites
1XXEinjector. Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
1HTTP-revshell. Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware
1teleconsole. Command line tool to share your UNIX terminal and forward local TCP ports to people you trust.
1icmp-backdoor. Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.
1passivedns. A network sniffer that logs all DNS server replies for use in a passive DNS setup
1xsec-ip-database. xsec-ip-database为一个恶意IP和域名库(Malicious ip database)
1tsocks. A reverse socks5 proxy server with ssl(一个Socks5代理服务器程序)
1jumpserver. 开源跳板机/堡垒机:认证,授权,审计,自动化运维(Open source springboard machine / machine fortress: authentication, authorization, auditing, operation and maintenance of automation).http://www.jumpserver.org
1Intranet_Penetration_Tips. 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
1SQLInjectionWiki. A wiki focusing on aggregating and documenting various SQL injection methods
1SecurityManagement. 分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴
1ssh-mitm. SSH man-in-the-middle tool
1awesome-iot-hacks. A Collection of Hacks in IoT Space so that we can address them (hopefully).
1Liudao. “六道”实时业务风控系统
1fastnetmon. FastNetMon - very fast DDoS analyzer with sflow/netflow/mirror support
1sudo-snooper. Python script that acts like the original sudo binary to fool users into entering their passwords
1tools. security and hacking tools, exploits, proof of concepts, shellcodes, scripts
1pyspider. A Powerful Spider(Web Crawler) System in Python.
1fuzzdb. 一个fuzzdb扩展库
1Pcap_tools. 网络流量可配置嗅探,流量包解析,漏洞规则扫描,生成报告. ....搞网络安全这块,还凑合着用吧
1AI-for-Security-Learning. 安全场景、基于AI的安全算法和安全数据分析学习资料整理
1websocket-injection. WebSocket 中转注入工具
1ironbee-dev-tools. IronBee Development Tools
1icecast-logs-parser. icecast Logs Parser
1libinjection. SQL / SQLI tokenizer parser analyzer
1portscan. push
1iis-shortname-scanner. latest version of scanners for IIS short filename (8.3) disclosure vulnerability
1data_hacking. Click Security Data Hacking Project
1