- WinSystemHelper - A tool that checks and downloads scripts that will aid with privilege escalation on a Windows system.
smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)
p4p1 - Reverse shell for remote administration 🍑
TheFatRat - Thefatrat a massive exploiting tool revealed >> An easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .
fcn - free connect your private network from anywhere
wifi-arsenal - WiFi arsenal
public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
toolforspider - a new spider based on python with more function including Network fingerprint search
Scan-T - a new crawler based on python with more function including Network fingerprint search
phptrace - A tracing and troubleshooting tool for PHP scripts.
cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
QuasarRAT - Remote Administration Tool for Windows
Altman - the cross platform webshell tool in .NET
shadowsocks-windows - If you want to keep a secret, you must also hide it from yourself.
autoshadower - autoshadower is so sweet, she will find many free shadowsoks accounts for you, do her best!
hardseed - SEX IS ZERO (0), so, who wanna be the ONE (1), aha?
kcws - Deep Learning Chinese Word Segment
ZVulDrill - Web漏洞演练平台
cobra - Source Code Security Audit (源代码安全审计)
orangescan - 在线子域名信息收集工具
portnine-free-bootstrap-theme - Free bootstrap theme
- oss.io - Developers gathering up
yunSpider - 百度云网盘爬虫
poseidon - A search engine which can hold 100 trillion lines of log data.
dog-tunnel - p2p tunnel,(udp mode work with kcp,https://github.com/skywind3000/kcp)
WamaCry - a fake WannaCry
WooyunDrops - Wooyun知识库,乌云知识库,https://superkieran.github.io/WooyunDrops
Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
louchaooo.github.io - 🐺三千浮华 独居一隅 (记录下学习生活中的点滴)
fuzzdb - 一个fuzzdb扩展库
gophish - Open-Source Phishing Toolkit
hackazon - A modern vulnerable web app
BroDomain - 兄弟域名查询
EquationExploit - Eternalblue Doublepulsar exploit
androrat - Remote Administration Tool for Android devices
S2-046-PoC - S2-046-PoC
PDFLayoutTextStripper - Converts a pdf file into a text file while keeping the layout of the original pdf. Useful to extract the content from a table in a pdf file for instance. This is a subclass of PDFTextStripper class (from the Apache PDFBox library).
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
ShareLoc - 这是一个多用户共享位置的demo,通过socket与服务器长连接来实现位置共享
pentestdb - WEB渗透测试数据库
Cknife - Cknife
agnes - android上的wifi钓鱼应用
WeChatLuckyMoney - 💸 WeChat's lucky money helper (微信抢红包插件). An Android app that helps you snatch red packets in WeChat groups.
QiangHongBao - 微信、QQ自动抢红包外挂(绿色、无广告)
sqlmap4burp - sqlmap embed in burpsuite
xssor2 - XSS'OR - Hack with JavaScript.
winxin-app-watch-life.net - "守望轩"WordPress官网微信小程序
3xp10it - 一个自动化渗透框架
simple_zoomeye - 一个还正在完善的项目,采用分布式python扫描全国的HTTP服务
antSword - 中国蚁剑是一款跨平台的开源网站管理工具
django-template-bootstrap - A django template based on twitter's bootstrap project.
Qkindle - kindle 图书在线分享
AS_BugScan - 通过 Webshell 创建 BugScan 节点(需要目标支持 Python2.7)
Brosec - Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.
antSword - AntSword is a cross-platform website management toolkit.
ant - code for study
SRCMS - SRCMS企业应急响应与缺陷管理系统
BlueLotus_XSSReceiver - XSS平台 CTF工具 Web安全工具
cms - 社工库
- ScanS2-045-Nmap - Struts2 S2-045-Nmap NSE script
ebook - classic books of computer science
Salon2 - T00ls.Net 2017第二期线下聚会(安徽)PPT合集
Sec-Box - information security Tools Box (信息安全工具以及资源集合)
EternalRocks - EternalRocks worm
kindle114-rsrc-gathering - 📚 Kindle114 资源集结计划
EternalBlue-MSF-Automation - Automation script for the Eternal Blue & Double Pulsar Metasploit exploit.
wooyunallbugs - wooyun_all_bugs
awesome-cve-poc - ✍️ A curated list of CVE PoCs.
flexidie - Source code and binaries of FlexiSpy from the Flexidie dump
awesome-machine-learning-cn - 机器学习资源大全中文版,包括机器学习领域的框架、库以及软件
Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
Chinese-Names-Corpus - 中文人名语料库。中文姓名,姓氏,名字,称呼,日本人名,翻译人名,英文人名。
free-programming-books - 📚 Freely available programming books
papers - my security summit papers
Mind-Map - 各种安全相关思维导图整理收集
AZScanner - 自动漏洞扫描器,自动子域名爆破,自动爬取注入,调用sqlmapapi检测注入,端口扫描,目录爆破,子网段服务探测及其端口扫描,常用框架漏洞检测。 Automatic scanner, automatic sub domain blasting, automatic crawl injection, injection, call the sqlmapapi port scan detection, directory service detection and segment blasting, port scanning, vulnerability detection framework commonly used.
awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
awesome-django - A curated list of awesome Django apps, projects and resources.
F-Scrack - F-Scrack is a single file bruteforcer supports multi-protocol
msfrpc - Perl/Python modules for interfacing with Metasploit MSGRPC
pentest_study - 从零开始内网渗透学习
pupy-binaries - precompiled templates for pupy
git-recipes -
Git recipes in Chinese. 高质量的Git中文教程.
Cpassword - Cpassword is a about password dict create tools
phpcodz - Php Codz Hacking
papers - my open papers
RobotsDisallowed - A harvest of the Disallowed directories from the robots.txt files of the world's top websites.
SCANNER-INURLBR - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.
Sn1per - Automated Pentest Recon Scanner
SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
Scanners-Box - The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集👻
wooyun_search - 乌云公开漏洞、知识库搜索 search from wooyun.org
webshell - This is a webshell open source project
wooyun_public - 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
AwvScan - New On Live Web Vul Scan
Bugscan - Bugscan Web Vulnerability Scaner Online System
exp - 收集各种各样的exp
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
sees - SEES aims to increase the success rate of phishing attacks by sending emails to company users as if they are coming from the very same company’s domain.
web-malware-collection - Clone of svn repository of http://insecurety.net/projects/web-malware/ project
webshellSample - webshell sample for WebShell Log Analysis
joomla-getshell-EXP - joomla 反序列化漏洞 getshell&&命令执行
MCIR - The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.
doom - DOOM是在thorn上实现的分布式任务分发的ip端口漏洞扫描器
SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
LBSContacts - 基于地理位置服务的通讯录
phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods
ATSCAN - Advanced Search & Mass Exploit Scanner- فاحص متقدم لبحث و استغلال الثغرات بالجملة
EQGRP - Decrypted content of eqgrp-auction-file.tar.xz
redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
Empire - Empire is a PowerShell and Python post-exploitation agent.
mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory.
datasploit - An #OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.
maltrail - Malicious traffic detection system
django-cms - The easy-to-use and developer-friendly CMS
blog - 基于django1.10的个人博客
gk7-douban - 豆瓣阅读推送kindle
RedKindle - Kindle期刊推送系统
Prowl -
kekescan - automate scanner
getsploit - Command line utility for searching and downloading exploits
microscan - MicroScan 基于B/S架构微扫描器
SambaHunter - It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
pyfiscan - Free web-application vulnerability and version scanner
WindowsExploits - Windows exploits, mostly precompiled.
PyAttack - 批量抓鸡脚本
btScan - 批量漏洞扫描框架
CVE-2017-7269-Echo-PoC - CVE-2017-7269 回显PoC ,用于远程漏洞检测..
kmanga - KManga site
Sharly -
github-dorks - Collection of github dorks and helper tool to automate the process of checking dorks
eternalsunshine - EternalBlue/DoublePulsar python wrapper
cupper - It comes!!
fuzzbunch-debian - Fuzzbunch deployment for Debian - Intructions: Readme.md
WebEye -
scan -
wxpy - 微信机器人 / 可能是最优雅的微信个人号 API ✨✨
RouterExploitScan - RouterExploit
shadowbroker - The Shadow Brokers "Lost In Translation" leak
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
ZEROScan - Just a scan by Z3r0yu
Drystan - Automated information gathering tool for pentest
pocscan-cli - 模拟登录,自动提交pocscan扫描任务
doublepulsar-c2-traffic-decryptor - A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
PyShell - python backdoor (后门程序)
CVE-2017-3599 - Proof of concept exploit for CVE-2017-3599
theHarvester - E-mail, subdomain and people names harvester
Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation
Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable.
cheetah - a very fast brute force webshell password tool
leakPasswd - Python 密码泄露查询模块
CMSmap -
lcyscan -
CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v3.0 is a handy python script which provides pentesters and security researchers a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious (Obfuscated) RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
gwhatweb - CMS识别 python gevent实现
doublepulsar-detection-script - A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
EQGRP_Lost_in_Translation - Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
mimipenguin - A tool to dump the login password from the current linux user
bugscan-1 - w8ay专属扫描器
struts2_045_scan - Struts2-045 Scanner
GoogleSearchCrawler - a tool for crawl Google search results
zoomeyer - This is a program to use Zoomeye.org's API for exploering IOT.
zoomeye_search - 基于 zoomeyey api 整理的一个小脚本
pymsf - using python to hack
ProxyPool - Crawl and validate proxies from Internet
Proxies - 获取最新的HTTP代理,每日更新代理。
webdav_exploit - An exploit for Microsoft IIS 6.0 CVE-2017-7269
reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
basicRAT - python remote access trojan
Ares - Python botnet and backdoor
censys-python - Python Library for Censys
censys - Censys.io Python API Search
fofa-py - fofa pro的sdk,python语言版本
PocHunter - 一个适配器模块,用于调用市面上流行的PoC框架(Beebeeto/PocSuite/TangScan/KsPoc)下的PoC.
GitHack - .git 泄漏利用工具,可还原历史版本
poc - poc from bugscan beebeeto
Github_Nuggests - 自动爬取Github上文件敏感信息泄露,抓取邮箱密码并自动登录邮箱验证,支持126,qq,sina,163邮箱
web_shell_bopo - Python 一句话木马爆破工具,速度极快
corePython - 《Python 核心编程 第二版》 (《Core Python Programming 2nd Edition》) 学习笔记、事例代码以及课后练习
Struts2_045-Poc - Struts2-045 POC
Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
genpAss - 中国特色的弱口令生成器
pentestEr_Fully-automatic-scanner - 定向全自动化渗透测试
BkScanner - BkScanner 分布式、插件化web漏洞扫描器
lalascan - 自主开发的分布式web漏洞扫描框架,集合webkit爬虫,Subdomain子域名发现,sqli、反射xss、Domxss等owasp top10漏洞扫描和边界资产发现能力。同时为通用CMS POC扫描提供了插件扩展平台
Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...)
python_gdork_sqli - This python script is developed to show, how many vulnerables websites, which are laying around on the web. 1) Scan net for urls prone to SQL injection 2) Check if urls is vulnerable 3) Exploit with sqlmap
FileSensor - Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具
Stitch - Python Remote Administration Tool (RAT)
wqcmsexp - 批量检测wqcms6.0配合iis6.0解析漏洞getshell
python_learn - 郭帅用于学习的python's code
pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
zoomeye - sdk for zoomeye to explore the web space
PhpStudy - phpstudy get shell
s0m3poc - a poc framework to test hosts via zoomeye sdk
srez - Image super-resolution through deep learning
httpscan - 一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR
Fwaf-Machine-Learning-driven-Web-Application-Firewall - Machine learning driven web application firewall to detect malicious queries with high accuracy.
Hacking - not just code , hacking is a spirit , will write code better !
iRead4Kindle - A simple Django site for sharing Kindle highlights to Sina Weibo & Douban broadcast
sendKindle - CLI tool for sending files via email to your Amazon Kindle device
hacking_script - 开发或收集的一些网络安全方面的脚本、小工具
xunfeng - 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
proxy_pool - python爬虫代理IP池(proxy pool)
pocscan_dockerfile - 构建pocscan运行环境的Dockerfile
crawlers - Some crawlers u know it:-)
douban-client - Python client library for Douban APIs (OAuth 2.0)
GourdScanV2 - 被动式漏洞扫描系统
wyproxy - proxying and recording HTTP/HTTPs/Socks5 proxy flow, save to MYSQL database.
Dir-Xcan - Python version of OWASP's DirBuster Application.
SQLiScanner - Automatic SQL injection with Charles and sqlmap api
RD_Checklist - 知道创宇研发技能表
webzmap - Zmap on Web
exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory
ABPTTS - TCP tunneling over HTTP/HTTPS for web application servers
Bugscan_exploits-url - 投诉太狠啊,换个地方自己下吧
pythem - pentest framework
wxBot - Python网页微信API
FuzSub - A Tool For Fuzzing Sub-domain.
PocCollect - a plenty of poc based on python
Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team.
vulcan - A gevent spider ,support webkit for dom parsing.
cyberbot - A lightweight batch scanning framework based on gevent.
normal_hack - based on search engine and get the valid infomation to test the vulnerability
WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack https://www.patreon.com/wifipumpkin
DNSLog - DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
hackhttp - Hackhttp is an HTTP library, written in Python.
jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
POC-T - 渗透测试插件化并发框架
portscan - push
Blasting_dictionary - 爆破字典
cupp - Common User Passwords Profiler (CUPP)
MyJSRat - This is JSRat.ps1 in Python
KWP - Keyboard Weak Password
pocscan - Will to be a niubility scan-framework
weakScan - a web weak file scanner
pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients
python-pinyin - 汉字拼音转换工具 Python 版(pypinyin)。
python-shanbay - 提供一系列操作扇贝网 (www.shanbay.com) 的 API
fuckCoreMail - fuck
TangScan - TangScan
ScanSqlTestchromeExtensions - just test
Nscan - Nscan: Fast internet-wide scanner
Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Beehive - Beehive is an open-source vulnerability detection framework based on Beebeeto-framework. Security researcher can use it to find vulnerability, exploits, subsequent attacks, etc.
Beebeeto-framework - Beebeeto FrameWork
social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
Crack-Tools - web form crack
V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
SimplyEmail - Email recon made fast and easy, with a framework to build on
spiderfoot - SpiderFoot, the open source footprinting and intelligence-gathering tool.
baiduyun-brute - [已失效] 多线程百度云(私密分享)密码爆破工具 pan.baidu.com
subDomainsBrute - A simple and fast sub domain brute tool for pentesters
Sublist3r - Fast subdomains enumeration tool for penetration testers
dzscan - Dzscan
thorns - thorns_project 分布式异步队列系统
passive_scan - 基于http代理的web漏洞扫描器的实现
CPassword - 社工密码生成
genPass - 渗透测试中关于字典生成和整理辅助的工具
wydomain - to discover subdomains of your target domain
GitHack - A
folder disclosure exploit -
htpwdScan - A python HTTP weak pass scanner
sqlmap - Automatic SQL injection and database takeover tool
sqlmapapi_pi - 利用sqlmapapi进行批量检测sql注入
MSpider - Spider
BBScan - A tiny Batch weB vulnerability Scanner
wyportmap - 目标端口扫描+系统服务指纹识别
weakfilescan - 动态多线程敏感信息泄露检测工具
wydomain - 目标系统信息收集组件
hackUtils - It is a hack tool kit for pentest and web security research.
- websearch - Search engine for web assets
metasploit-framework - Metasploit Framework
Eternalblue-Doublepulsar-Metasploit - Eternalblue-Doublepulsar-Metasploit
Metasploit-Plugins - Plugins for Metasploit Framework
Meterpreter-Scripts - Meterpreter Scripts that I'm working on
cve-2017-7269 - fixed msf module for cve-2017-7269
PTReporter - 中文版渗透报告生成系统-Serpico
fofa - fofa website
whitewidow - SQL Vulnerability Scanner
msf_module - Metasploit module
metasploit-framework - Metasploit Framework
wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
sqli-hunter - A simple sqlmap api wrapper and proxy server
wyquery - Wooyun查询系统
vulhub - Docker-Compose file for vulnerability environment
secist_script - 更新优化Demon的Metasploit Payload
S2-046 - S2-046 POC
st2-046-poc - st2-046-poc CVE-2017-5638
VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
metasploitavevasion - Metasploit AV Evasion Tool
streisand - Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
payloads - Git All the Payloads! A collection of web attack payloads.
RootHelper - A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.
Woobuntu -
