c0okB
Follow
Stars
A Crypto-Secure Reliable-UDP Library for golang with FEC
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Some attempts at using Zig(https://ziglang.org/) in penetration testing.
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
dddd是一款使用简单的批量信息收集,供应链漏洞探测工具,旨在优化红队工作流,减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标
密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集,文件扫描、端口扫描、批量信息权重查询、密码字典等功能
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
Automated Hosting Information Hunting Tool - Windows 主机信息自动化狩猎工具
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Nuclei plugin for BurpSuite
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有11w+POC,已校验有效性并去重)
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
TestNet资产管理系统(资产管理|信息收集|暴露面管理|子域名扫描|C段扫描|端口扫描|漏洞扫描|Hunter|Fofa)
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
逸尘的字典 渗透测试个人专用的字典,搜索网上,及自己平常收集的一些路径,其中信息包括HVV中常见的各大厂商的弱密码,web常见漏洞测试,会遇到的邮箱,密码,服务弱口令,中间件,子域名,漏洞路径,账户密码,等等,这些内容都是基于本人在实战中收集到的,其中包含Github上公布的密码字典整合,堪称最经典的字典,用这个足以满足日常src,渗透测试,资产梳理,红蓝对抗等前期探测工作。
A tool for adding new lines to files, skipping duplicates
Log4j2 RCE Passive Scanner plugin for BurpSuite
E-mails, subdomains and names Harvester - OSINT
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
基于ARL v2.6.2版本源码,生成docker镜像进行快速部署,同时提供七千多条指纹
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
一个半自动化springboot打点工具,内置目前springboot所有漏洞