m-star-coder Goto Github PK

1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

active-directory-pentest-notes

个人域渗透学习笔记

androidsecnotes

some learning notes about Android Security

anti-anti-spider

越来越多的网站具有反爬虫特性，有的用图片隐藏关键数据，有的使用反人类的验证码，建立反反爬虫的代码仓库，通过与不同特性的网站做斗争（无恶意）提高技术。（欢迎提交难以采集的网站）（因工作原因，项目暂停）

apt_cybercriminal_campagin_collections

APT & CyberCriminal Campaign Collection

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

attack_range_cloud

Attack Range to test detection against nativel serverless cloud services and environments

attack_range_local

Build a attack range in your local machine

autosrc

awakening-conscience

利用公开的验证漏洞框架 编写批量测试脚本

awesome-hacking

A collection of various awesome lists for hackers, pentesters and security researchers

awesome-resources

:zap: Awesome coding resources for all stages and ages

awesome-waf

🔥 Everything you'll need to know about web-application firewalls (WAF).

bayonet

bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统

behinderclientsource

冰蝎客户端源码-3.0-BETA6

bridge

无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。

bufferfly

攻防演习/渗透测试资产处理小工具，对攻防演习/渗透测试前的信息搜集到的大批量资产/域名进行存活检测、获取标题头、语料提取、常见web端口检测等。

bug-bounty-toolz

BBT - Bug Bounty Tools

burp_data_collector

A Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting

burpsuite-ext-learn

学着用python写一些burpsuite插件，实现一些漏洞的半自动化检测

bypass-web-application-firewalls

Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary Characters These scripts were created during an assessment, while trying to bypass a Web Application Firewall (WAF) in order to exploit a XSS vulnerability. Differnt webservers and browsers interpret URL and strange characters differently which could lead to the bypassing of security controls. When I tried to send a > or < character the WAF would block the request. The following URL escapes I have noticed are traslated to < > ' by Apache2 based web servers: %(N%(n%)S%)U%)^%)s%)u%*C%*E%*c%*e%,.%.#%1N%1n%2S%2U%2^%2s%2u%3C%3E%3c%3e%5.%7#%:C%:E %:c%:e%HN%Hn%IS%IU%I^%Is%Iu%JC%JE%Jc%Je%L.%N#%XN%Xn%YS%YU%Y^%Ys%Yu%ZC%ZE%Zc%Ze%.%^# %hN%hn%iS%iU%i^%is%iu%jC%jE%jc%je%l.%n#%xN%xn%yS%yU%y^%ys%yu%zC%zE%zc%ze%|

bypassantivirus

远控免杀系列文章及配套工具，搜集汇总了互联网上的几十种免杀工具和免杀方法，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

cheatsheets

Cheat sheets for various projects.

check

Checks the status of a list of urls

cobaltstrike

CobaltStrike's source code

cobaltstrikesource

Cobaltstrike4.1 Source

cs-checklist

PC客户端（C-S架构）渗透测试checklist / Client side(C-S) penestration checklist

cs-notes

:books: 技术面试必备基础知识

depix

Recovers passwords from pixelized screenshots

dongtai-agent-java

“火线～洞态IAST”是一款专为甲方安全人员、甲乙代码审计工程师和0 Day漏洞挖掘人员量身打造的辅助工具，可用于集成devops环境进行漏洞检测、作为代码审计的辅助工具和自动化挖掘0 Day。