📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV #Patch

📦 项目名称: steadyfetch
👤 项目作者: carsonlabs
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 15:00:03

📝 项目描述:
Reliable web fetching for AI agents — MCP server with retry, circuit breaker, caching, and anti-bot bypass

🔗 点击访问项目地址
GitHub
GitHub - carsonlabs/steadyfetch: Reliable web fetching for AI agents — MCP server with retry, circuit breaker, caching, and anti…
Reliable web fetching for AI agents — MCP server with retry, circuit breaker, caching, and anti-bot bypass - carsonlabs/steadyfetch
Bypass AV Patch
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-29000
👤 项目作者: ClayOfGilgamesh
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 14:55:05

📝 项目描述:
CVE-2026-29000

🔗 点击访问项目地址
GitHub
GitHub - ClayOfGilgamesh/CVE-2026-29000: CVE-2026-29000
CVE-2026-29000. Contribute to ClayOfGilgamesh/CVE-2026-29000 development by creating an account on GitHub.
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Webshell

📦 项目名称: webshell
👤 项目作者: stigfire
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 13:54:21

📝 项目描述:
Mirror backup of anthonyhtang/webshell (fork of unknown)

🔗 点击访问项目地址
GitHub
GitHub - stigfire/webshell: Mirror backup of anthonyhtang/webshell (fork of unknown)
GitHub - stigfire/webshell: Mirror backup of anthonyhtang/webshell (fork of unknown)
Mirror backup of anthonyhtang/webshell (fork of unknown) - stigfire/webshell
Webshell
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV

📦 项目名称: mexc-private-api
👤 项目作者: riconcayy123
🛠 开发语言: None
Star数量: 7 | 🍴 Fork数量: 1
📅 更新时间: 2026-03-31 14:00:53

📝 项目描述:
MEXC Futures private API (Typescript, Python), extended api for trading, multi-account support via proxy. Also includes automated listing parser + trading (ex. Binance, Upbit, Bithump, etc.)

🔗 点击访问项目地址
GitHub
GitHub - riconcayy123/mexc-private-api: MEXC Futures private API (Typescript, Python), extended api for trading, multi-account…
MEXC Futures private API (Typescript, Python), extended api for trading, multi-account support via proxy. Also includes automated listing parser + trading (ex. Binance, Upbit, Bithump, etc.) - rico...
Bypass AV
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-3888
👤 项目作者: DanielTangnes
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 13:47:06

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - DanielTangnes/CVE-2026-3888
Contribute to DanielTangnes/CVE-2026-3888 development by creating an account on GitHub.
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #溯源 #IP #分析

📦 项目名称: doc_helper
👤 项目作者: lgloq
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 13:01:28

📝 项目描述:
一个权限感知 RAG 文档知识助手Demo,支持权限感知检索、引用溯源、版本对比、结构化工作流生成,以及基础评测与追踪。

🔗 点击访问项目地址
GitHub
GitHub - lgloq/doc_helper: 一个权限感知 RAG 文档知识助手Demo,支持权限感知检索、引用溯源、版本对比、结构化工作流生成,以及基础评测与追踪。
一个权限感知 RAG 文档知识助手Demo,支持权限感知检索、引用溯源、版本对比、结构化工作流生成,以及基础评测与追踪。 - lgloq/doc_helper
溯源 IP 分析
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV

📦 项目名称: hormuz
👤 项目作者: persiangulf-research
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 13:01:31

📝 项目描述:
Hormuz Gambit, a game-theoretic research platform tracking the 2026 #IranWar through interactive mathematical models. The platform is designed to model a "dominant strategy trap" where Iran utilizes its geographic leverage to impose high escalation costs on the U.S. while bypassing sanctions via yuan-based trade

🔗 点击访问项目地址
GitHub
GitHub - persiangulf-research/hormuz: Hormuz Gambit, a game-theoretic research platform tracking the 2026 #IranWar through interactive…
Hormuz Gambit, a game-theoretic research platform tracking the 2026 #IranWar through interactive mathematical models. The platform is designed to model a "dominant strategy trap" ...
Bypass AV
🚨 GitHub 监控消息提醒

🚨 发现关键词: #渗透 #测试

📦 项目名称: fleetpilots
👤 项目作者: psp123123
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 11:39:36

📝 项目描述:
自动化渗透测试平台

🔗 点击访问项目地址
GitHub
GitHub - psp123123/fleetpilots: 自动化渗透测试平台
自动化渗透测试平台. Contribute to psp123123/fleetpilots development by creating an account on GitHub.
渗透 测试
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Scanner #漏洞

📦 项目名称: web_scanner
👤 项目作者: zzzjiushi
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 10:55:10

📝 项目描述:
一个轻量级模块化 Web 漏洞扫描器(DAST),实现了 SQL 注入,XSS,命令注入等诸多漏洞的 自动化检测,具备可扩展的插件化架构。

🔗 点击访问项目地址
GitHub
GitHub - zzzjiushi/web_scanner: 一个轻量级模块化 Web 漏洞扫描器(DAST),实现了 SQL 注入,XSS,命令注入等诸多漏洞的 自动化检测,具备可扩展的插件化架构。
GitHub - zzzjiushi/web_scanner: 一个轻量级模块化 Web 漏洞扫描器(DAST),实现了 SQL 注入,XSS,命令注入等诸多漏洞的 自动化检测,具备可扩展的插件化架构。
一个轻量级模块化 Web 漏洞扫描器(DAST),实现了 SQL 注入,XSS,命令注入等诸多漏洞的 自动化检测,具备可扩展的插件化架构。 - zzzjiushi/web_scanner
XSS Scanner 漏洞
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV

📦 项目名称: Coursera-Automation-By-TobiX
👤 项目作者: TobiX-Dev
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 11:01:21

📝 项目描述:
Coursera Auto-Complete Extension — One-click course completion (videos, readings, discussions, plugins, quizzes, shareable link). Premium features with device binding, daily limits, and hard expiration, by pass video,reading, auto quiz, bypass quiz solve quiz auto . 2026

🔗 点击访问项目地址
GitHub
GitHub - TobiX-Dev/Coursera-Automation-By-Tobi: Coursera Auto-Complete Extension — One-click course completion free (videos, readings…
GitHub - TobiX-Dev/Coursera-Automation-By-Tobi: Coursera Auto-Complete Extension — One-click course completion free (videos, readings…
Coursera Auto-Complete Extension — One-click course completion free (videos, readings, discussions, plugins, quizzes, shareable link). bypass courses auto solve quizzes all at a time with groq free...
Bypass AV
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RedTeam #Tools

📦 项目名称: ai-redteam-network-client-docker
👤 项目作者: PaloAltoNetworks
🛠 开发语言: Shell
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 10:50:54

📝 项目描述:
Deploy the AI Red Teaming network client using Docker Compose — no Kubernetes or Helm required.

🔗 点击访问项目地址
GitHub
GitHub - PaloAltoNetworks/ai-redteam-network-client-docker: Deploy the AI Red Teaming network channel client using Docker Compose…
GitHub - PaloAltoNetworks/ai-redteam-network-client-docker: Deploy the AI Red Teaming network channel client using Docker Compose…
Deploy the AI Red Teaming network channel client using Docker Compose — no Kubernetes or Helm required. - PaloAltoNetworks/ai-redteam-network-client-docker
RedTeam Tools
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-29000
👤 项目作者: 0xW1LD
🛠 开发语言: Rust
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 10:58:45

📝 项目描述:
Just a simple Rust automation for CVE-2026-29000, design to work against *ippsec's* Principal box on HackTheBox

🔗 点击访问项目地址
GitHub
GitHub - 0xW1LD/CVE-2026-29000: Just a simple Rust automation for CVE-2026-29000, designed to work against ippsec's Principal box…
GitHub - 0xW1LD/CVE-2026-29000: Just a simple Rust automation for CVE-2026-29000, designed to work against ippsec's Principal box…
Just a simple Rust automation for CVE-2026-29000, designed to work against ippsec's Principal box on HackTheBox - 0xW1LD/CVE-2026-29000
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #注入 #模板

📦 项目名称: mp-virtual-pay
👤 项目作者: devoink
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 08:55:22

📝 项目描述:
微信小程序 wx.requestVirtualPayment 封装:下单与签名由调用方注入(transaction),可选支付后轮询(pollOrder);适用于微信原生开发和UniApp开发。

🔗 点击访问项目地址
GitHub
GitHub - devoink/mp-virtual-pay: 微信小程序 wx.requestVirtualPayment 封装:下单与签名由调用方注入(transaction),可选支付后轮询(pollOrder);适用于微信原生开发和UniApp开发。
微信小程序 wx.requestVirtualPayment 封装:下单与签名由调用方注入(transaction),可选支付后轮询(pollOrder);适用于微信原生开发和UniApp开发。 - devoink/mp-virtual-pay
注入 模板
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: Secure-app
👤 项目作者: AnujRathi079
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 08:02:13

📝 项目描述:
Secure form app with CSRF protection and CORS using Node.js, Express, and JavaScript.

🔗 点击访问项目地址
GitHub
GitHub - AnujRathi079/Secure-app: Secure form app with CSRF protection and CORS using Node.js, Express, and JavaScript.
Secure form app with CSRF protection and CORS using Node.js, Express, and JavaScript. - AnujRathi079/Secure-app
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV #Filter

📦 项目名称: Directory-Traversal
👤 项目作者: bisurauniyar93
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 08:01:23

📝 项目描述:
Hands-on Directory Traversal labs from PortSwigger, documenting path manipulation, filter bypasses, and file access exploitation techniques.

🔗 点击访问项目地址
GitHub
GitHub - bisurauniyar93/Directory-Traversal: Hands-on Directory Traversal labs from PortSwigger, documenting path manipulation…
GitHub - bisurauniyar93/Directory-Traversal: Hands-on Directory Traversal labs from PortSwigger, documenting path manipulation…
Hands-on Directory Traversal labs from PortSwigger, documenting path manipulation, filter bypasses, and file access exploitation techniques. - bisurauniyar93/Directory-Traversal
Bypass AV Filter
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RedTeam #Tools

📦 项目名称: Redteam_LLM_Injection_payloads
👤 项目作者: crazywifi
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 08:00:28

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - crazywifi/Redteam_LLM_Injection_payloads
Contribute to crazywifi/Redteam_LLM_Injection_payloads development by creating an account on GitHub.
RedTeam Tools
🚨 GitHub 监控消息提醒

🚨 发现关键词: #漏洞 #EXP #分析

📦 项目名称: codescan
👤 项目作者: HeJiguang
🛠 开发语言: Python
Star数量: 7 | 🍴 Fork数量: 2
📅 更新时间: 2026-03-31 07:58:09

📝 项目描述:
基于大语言模型的代码漏洞风险检查工具,支持多种编程语言和检查模式,为开发者提供全面的代码安全评估解决方案。

🔗 点击访问项目地址
GitHub
GitHub - HeJiguang/codescan: Agent-native code security review with MCP, structured findings, and practical pre-merge scanning…
GitHub - HeJiguang/codescan: Agent-native code security review with MCP, structured findings, and practical pre-merge scanning…
Agent-native code security review with MCP, structured findings, and practical pre-merge scanning workflows. - HeJiguang/codescan
漏洞 EXP 分析
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: AUTH-NEXUS
👤 项目作者: TEAMBCS
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 07:00:10

📝 项目描述:
Next-gen TUI-based security tool supporting HTTP, SSH, FTP, and SMTP. Features include auto-CSRF handling, asynchronous engine (aiohttp), and real-time analytics. Optimized for Termux & Linux.

🔗 点击访问项目地址
GitHub
GitHub - TEAMBCS/AUTH-NEXUS: Next-gen TUI-based security tool supporting HTTP, SSH, FTP, and SMTP. Features include auto-CSRF handling…
GitHub - TEAMBCS/AUTH-NEXUS: Next-gen TUI-based security tool supporting HTTP, SSH, FTP, and SMTP. Features include auto-CSRF handling…
Next-gen TUI-based security tool supporting HTTP, SSH, FTP, and SMTP. Features include auto-CSRF handling, asynchronous engine (aiohttp), and real-time analytics. Optimized for Termux & Lin...
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF

📦 项目名称: dependabot-ssrf-test
👤 项目作者: fimskiy
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 06:56:52

📝 项目描述:
Dependabot registry SSRF test

🔗 点击访问项目地址
SSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-30081
👤 项目作者: rakeshelamaran98
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-03-31 05:57:38

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - rakeshelamaran98/CVE-2026-30081
Contribute to rakeshelamaran98/CVE-2026-30081 development by creating an account on GitHub.
CVE
Before
After
Back to Top