loveshell

Elite
@loveshell

ngx_lua_waf. ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙

4k

rtcp. Python

10

awesome-list.

9

security.vcl. protect your websites with varnish rules

6

VFW. Varnish Firewall

5

GitHack. A `.git` folder disclosure exploit

5

nginx-systemtap-toolkit. Real-time analyzing and diagnosing tools for Nginx based on SystemTap

4

Enterprise_-Security_tools. 企业安全建设中用到的开源or“免费”的工具

4

waf-research. WAF Research

3

yulong-hids. 一款由 YSRC 开源的主机入侵检测系统

3

PHP-WebShell-Bypass-WAF. 记录与分享PHP WebShell 绕过WAF 的一些经验 Share some experience PHP WebShell bypass WAF

3

ortbot. Open Red Team Bag of Tricks - Red Teaming and Pentesting cheat sheet and trick book

3

xsschef. Chrome extension Exploitation Framework

3

DNSLog. DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。

2

BkScanner. BkScanner 分布式、插件化web漏洞扫描器

2

sslstrip. A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

2

sec-chart. Security Flow Chart

2

CrackMapExec. A swiss army knife for pentesting Windows/Active Directory environments

2

atexec-pro. Fileless atexec, no more need for port 445

1

vulfocus. 🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。

1

domainTools. 内网域渗透小工具

1

CVE-2021-22204-exiftool. Python exploit for the CVE-2021-22204 vulnerability in Exiftool

1

hackingtool. ALL IN ONE Hacking Tool For Hackers

1

Mind-Map. 超详细的渗透测试思维导图

1

telnet-scanner. telnet服务密码撞库

1

otunnel. peer-to-peer tunnel tool

1

Anti-Anti-Spider. 越来越多的网站具有反爬虫特性,有的用图片隐藏关键数据,有的使用反人类的验证码,建立反反爬虫的代码仓库,通过与不同特性的网站做斗争(无恶意)提高技术。(欢迎提交难以采集的网站)

1

ProxyBroker. Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS

1

portspoof. Portspoof

1

gitjacker. 🔪 :octocat: Leak git repositories from misconfigured websites

1

XXEinjector. Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

1

HTTP-revshell. Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware

1

teleconsole. Command line tool to share your UNIX terminal and forward local TCP ports to people you trust.

1

icmp-backdoor. Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.

1

passivedns. A network sniffer that logs all DNS server replies for use in a passive DNS setup

1

xsec-ip-database. xsec-ip-database为一个恶意IP和域名库(Malicious ip database)

1

tsocks. A reverse socks5 proxy server with ssl(一个Socks5代理服务器程序)

1

jumpserver. 开源跳板机/堡垒机:认证,授权,审计,自动化运维(Open source springboard machine / machine fortress: authentication, authorization, auditing, operation and maintenance of automation).http://www.jumpserver.org

1

Intranet_Penetration_Tips. 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~

1

SQLInjectionWiki. A wiki focusing on aggregating and documenting various SQL injection methods

1

SecurityManagement. 分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴

1

ssh-mitm. SSH man-in-the-middle tool

1

awesome-iot-hacks. A Collection of Hacks in IoT Space so that we can address them (hopefully).

1

Liudao. “六道”实时业务风控系统

1

fastnetmon. FastNetMon - very fast DDoS analyzer with sflow/netflow/mirror support

1

sudo-snooper. Python script that acts like the original sudo binary to fool users into entering their passwords

1

tools. security and hacking tools, exploits, proof of concepts, shellcodes, scripts

1

pyspider. A Powerful Spider(Web Crawler) System in Python.

1

fuzzdb. 一个fuzzdb扩展库

1

Pcap_tools. 网络流量可配置嗅探,流量包解析,漏洞规则扫描,生成报告. ....搞网络安全这块,还凑合着用吧

1

AI-for-Security-Learning. 安全场景、基于AI的安全算法和安全数据分析学习资料整理

1

websocket-injection. WebSocket 中转注入工具

1

ironbee-dev-tools. IronBee Development Tools

1

icecast-logs-parser. icecast Logs Parser

1

libinjection. SQL / SQLI tokenizer parser analyzer

1

portscan. push

1

iis-shortname-scanner. latest version of scanners for IIS short filename (8.3) disclosure vulnerability

1

data_hacking. Click Security Data Hacking Project

1
58
Apply