剑宗

yhy

Expert
@yhy0

修道之初,谁不想当剑仙 yhysec@qq.com

github-cve-monitor. 实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控,并多渠道推送通知

1.2k

ExpDemo-JavaFX. 图形化漏洞利用Demo-JavaFX版

717

ChYing. 承影,愿你在光影之间,找到属于自己的锋芒。开源的类 BurpSuite 应用 ChYing — may you find your own edge between light and shadow. An open-source, BurpSuite-like application.

711

Jie. Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)

612

AVByPass. 一款Web在线自动免杀工具

190

RustScan. 一个调用 rustscan 进行端口扫描的 go 库

21

sqlilab-Jsp. jsp版sqlilab 1-21关

20

nucleiY. 承影用的 nuclei 漏扫模板

14

JavaSerializeDemo. Java反序列化漏洞学习

14

GodzillaSource. 哥斯拉源码-v3.03-godzilla

11

ExpInfoVuln. Goby 插件 .idea、 .git、.DS_Store 一键利用

10

ai_memory. 本目录存放 AI(如 Cursor)用于保持项目上下文的“持久层记忆”文件,解决 AI 在多项目、多轮对话中丢失上下文的问题。

9

flatlaf-demo-1.4. Godzilla 依赖的 flatlaf-demo-1.4.jar mvn 重新构建

6

SScan-web. SScan Web界面设计源码

6

FakeToa. TCP IP伪造,建议使用 ubuntu 22.04

6

Starmap. 一个轮子融合的子域名收集小工具

6

yhy0.github.io. 博客

5

hydra. 没什么用,外网扫描出来的概率太小了,得不偿失,先分出来,后续再看看加不加入吧

4

Ouroboros. HTML

3

Gadgets. Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。

3

JiePaper. Jie 漏洞扫描器中关于漏洞扫描的设计

3

Arsenal. 内网小工具

2

Bypass_Disable_functions_Shell. 一个各种方式突破Disable_functions达到命令执行的shell

2

katana. A next-generation crawling and spidering framework.

2

Java-Rce-Echo. Java RCE 回显测试代码

2

nuclei. Fast and customizable vulnerability scanner based on simple YAML based DSL.

1

siteMonitor. Django框架,站点实时监测,邮箱通知站点变化

1

PicGoImg. PicGo 图床

1

blog_comments. 博客评论

1

ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

1

awesome-wails. ⭐ A carefully selected list of Wails applications

1

httpx. httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

1

BehinderClientSource. 冰蝎客户端源码-3.0-BETA11.t00ls

1

PeiQi-WIKI-POC. 鹿不在侧,鲸不予游🐋

1

DriedMango. GUI Exploit Tool For RedTeam

1

sizedwaitgroup. SizedWaitGroup has the same role and close to the same API as the Golang sync.WaitGroup but it adds a limit on the amount of goroutines started concurrently.

1

scf-proxy. 云函数代理

1

cf. 云环境利用框架(Cloud exploitation framework)主要用来方便红队人员在获得 AK 的后续工作。

1

NotionNext. 使用 NextJS + Notion API 实现的,支持多种部署方案的静态博客,无需服务器、零门槛搭建网站,为Notion和所有创作者设计。 (A static blog built with NextJS and Notion API, supporting multiple deployment options. No server required, zero threshold to set up a website. Designed for Notion and all creators.)

1

yhy0. 自述

1

Spark. ✨Spark is a web-based, cross-platform and full-featured Remote Administration Tool (RAT) written in Go that allows you control all your devices anywhere. Spark是一个Go编写的,网页UI、跨平台以及多功能的远程控制和监控工具,你可以随时随地监控和控制所有设备。

1
41
Apply