📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: HTB-Snapped-Writeup
👤 项目作者: karimelsheikh1
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 21:16:35

📝 项目描述:
HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated backup disclosure) chained with CVE-2026-3888 (snapd race condition LPE) to achieve full system compromise.

🔗 点击访问项目地址
GitHub
GitHub - karimelsheikh1/HTB-Snapped-Writeup: HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated…
HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated backup disclosure) chained with CVE-2026-3888 (snapd race condition LPE) to achieve full system compromise. - kari...
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Framework

📦 项目名称: sistema-helpdesk--c-pia--c2tn3hj0g
👤 项目作者: PatricSM
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 21:02:58

📝 项目描述:
Project generated by Skip: Sistema Helpdesk (cópia)

🔗 点击访问项目地址
GitHub
GitHub - PatricSM/sistema-helpdesk--c-pia--c2tn3hj0g: Project generated by Skip: Sistema Helpdesk (cópia)
GitHub - PatricSM/sistema-helpdesk--c-pia--c2tn3hj0g: Project generated by Skip: Sistema Helpdesk (cópia)
Project generated by Skip: Sistema Helpdesk (cópia) - PatricSM/sistema-helpdesk--c-pia--c2tn3hj0g
C2 Framework
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: ecommerce-store
👤 项目作者: Rayyan987250
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 21:01:56

📝 项目描述:
Full-stack ecommerce app using Next.js 16 and Express 5, migrated to Neon PostgreSQL with auto schema/seed. Includes auth (JWT cookies + CSRF), Zod validation, rate limiting, product catalog/filtering/cart, responsive accessible UI, real backend integration, live currency conversion, and flag-based locale selection.

🔗 点击访问项目地址
GitHub
Rayyan987250/ecommerce-store
Full-stack ecommerce app using Next.js 16 and Express 5, migrated to Neon PostgreSQL with auto schema/seed. Includes auth (JWT cookies + CSRF), Zod validation, rate limiting, product catalog/filter...
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Xray #POC #Scanner

📦 项目名称: RKNHardering
👤 项目作者: xtclovver
🛠 开发语言: Kotlin
Star数量: 1217 | 🍴 Fork数量: 53
📅 更新时间: 2026-05-07 20:03:23

📝 项目描述:
Обнаружние VPN конфигураторов на пользовательских устройствах с дальнейшей целью защиты от обнаружения

🔗 点击访问项目地址
GitHub
GitHub - xtclovver/RKNHardering: Обнаружние VPN конфигураторов на пользовательских устройствах с дальнейшей целью защиты от обнаружения
GitHub - xtclovver/RKNHardering: Обнаружние VPN конфигураторов на пользовательских устройствах с дальнейшей целью защиты от обнаружения
Обнаружние VPN конфигураторов на пользовательских устройствах с дальнейшей целью защиты от обнаружения - xtclovver/RKNHardering
Xray POC Scanner
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AMSI

📦 项目名称: oscp-arsenal
👤 项目作者: kocaemre
🛠 开发语言: Shell
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 20:01:12

📝 项目描述:
Self-contained, kill-chain-organized OSCP toolkit. Serves ~60 offensive tools over HTTP from your Kali box for one-liner delivery to targets. Linux/Windows enum, AD attack, token abuse, pivoting, AMSI bypass, msfvenom payload generator.

🔗 点击访问项目地址
GitHub
GitHub - kocaemre/oscp-arsenal: Self-contained, kill-chain-organized OSCP toolkit. Serves ~60 offensive tools over HTTP from your…
Self-contained, kill-chain-organized OSCP toolkit. Serves ~60 offensive tools over HTTP from your Kali box for one-liner delivery to targets. Linux/Windows enum, AD attack, token abuse, pivoting, A...
Bypass AMSI
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: fix-cve-2026-3143
👤 项目作者: ClimbMunchkin
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 19:58:27

📝 项目描述:
Диагностика и исправление уязвимости CVE-2026-31431 (copy fail)

🔗 点击访问项目地址
GitHub
ClimbMunchkin/fix-cve-2026-3143
ClimbMunchkin/fix-cve-2026-3143
Диагностика и исправление уязвимости CVE-2026-31431 (copy fail) - ClimbMunchkin/fix-cve-2026-3143
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: CSRF-Attack-and-Defense
👤 项目作者: Heisenberg-617
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 19:01:17

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
Heisenberg-617/CSRF-Attack-and-Defense
Contribute to Heisenberg-617/CSRF-Attack-and-Defense development by creating an account on GitHub.
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-2441
👤 项目作者: MartinaStarone
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 18:15:14

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - MartinaStarone/CVE-2026-2441
GitHub - MartinaStarone/CVE-2026-2441
Contribute to MartinaStarone/CVE-2026-2441 development by creating an account on GitHub.
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF

📦 项目名称: SSRF
👤 项目作者: moglxh
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 17:49:17

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - moglxh/SSRF
Contribute to moglxh/SSRF development by creating an account on GitHub.
SSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #插件 #扩展 #Plugin #Extension

📦 项目名称: sessionSwitcher
👤 项目作者: GitHubNull
🛠 开发语言: Java
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 17:01:59

📝 项目描述:
Session Switcher 是一款专为 Burp Suite 设计的扩展插件,旨在帮助安全测试人员和开发工程师高效管理和切换多个用户会话。在 Web 应用安全测试过程中,经常需要在不同用户身份之间切换(如普通用户、管理员、测试账号等),手动修改请求中的会话信息既繁琐又容易出错。Session Switcher 通过提供自动替换和手动替换两种模式,极大地简化了这一过程。

🔗 点击访问项目地址
GitHub
GitHub - GitHubNull/sessionSwitcher: Session Switcher 是一款专为 Burp Suite 设计的扩展插件,旨在帮助安全测试人员和开发工程师高效管理和切换多个用户会话。在 Web 应用安全测试过程中,经…
Session Switcher 是一款专为 Burp Suite 设计的扩展插件,旨在帮助安全测试人员和开发工程师高效管理和切换多个用户会话。在 Web 应用安全测试过程中,经常需要在不同用户身份之间切换(如普通用户、管理员、测试账号等),手动修改请求中的会话信息既繁琐又容易出错。Session Switcher 通过提供自动替换和手动替换两种模式,极大地简化了这一过程。 - GitHub...
Burp 插件 扩展 Plugin Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #POC #CVE

📦 项目名称: options-scanner
👤 项目作者: suli99
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 16:59:34

📝 项目描述:
Visualize options market data with gamma exposure, volatility, and positioning across multiple tickers for informed trade analysis.

🔗 点击访问项目地址
GitHub
GitHub - suli99/options-scanner: Visualize options market data with gamma exposure, volatility, and positioning across multiple…
Visualize options market data with gamma exposure, volatility, and positioning across multiple tickers for informed trade analysis. - suli99/options-scanner
POC CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Command #Control

📦 项目名称: oxide-loader
👤 项目作者: diemoeve
🛠 开发语言: Rust
Star数量: 2 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 11:30:57

📝 项目描述:
3-stage C2 payload loader with detection rules for each stage.

🔗 点击访问项目地址
GitHub
GitHub - diemoeve/oxide-loader: 3-stage C2 payload loader with detection rules for each stage.
3-stage C2 payload loader with detection rules for each stage. - diemoeve/oxide-loader
C2 Command Control
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Scanner

📦 项目名称: PredatorScanner-v3.0
👤 项目作者: saraanshmishra-cybersecurity
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 15:54:50

📝 项目描述:
A high-performance asynchronous web vulnerability scanner for SQLi and XSS detection.

🔗 点击访问项目地址
GitHub
GitHub - saraanshmishra-cybersecurity/PredatorScanner-v3.0: A high-performance asynchronous web vulnerability scanner for SQLi…
A high-performance asynchronous web vulnerability scanner for SQLi and XSS detection. - saraanshmishra-cybersecurity/PredatorScanner-v3.0
XSS Scanner
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: CSRF-SQLi-assignment
👤 项目作者: E-Rombley
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 15:58:36

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - E-Rombley/CSRF-SQLi-assignment
Contribute to E-Rombley/CSRF-SQLi-assignment development by creating an account on GitHub.
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RedTeam #Tools

📦 项目名称: redteamagent-cli
👤 项目作者: srimugunthan
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 15:58:01

📝 项目描述:
cli that does redteaming on a target llm trying different attack strategies

🔗 点击访问项目地址
GitHub
GitHub - srimugunthan/redteamagent-cli: cli that does redteaming on a target llm trying different attack strategies
cli that does redteaming on a target llm trying different attack strategies - srimugunthan/redteamagent-cli
RedTeam Tools
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: Copy_Fail2-Electric_Boogaloo
👤 项目作者: 0xdeadbeefnetwork
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 15:41:44

📝 项目描述:
Copy Fail 2 — Electric Boogaloo: unpriv LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW page-cache write (sibling of CVE-2026-31431)

🔗 点击访问项目地址
GitHub
GitHub - 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo: Copy Fail 2: Electric Boogaloo
GitHub - 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo: Copy Fail 2: Electric Boogaloo
Copy Fail 2: Electric Boogaloo. Contribute to 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo development by creating an account on GitHub.
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #免杀 #Bypass

📦 项目名称: webshell
👤 项目作者: 0x7556
🛠 开发语言: ASP.NET
Star数量: 14 | 🍴 Fork数量: 1
📅 更新时间: 2026-05-07 14:22:19

📝 项目描述:
AI一键免杀WebShell,包含金刚狼、哥斯拉、冰蝎、菜刀等

🔗 点击访问项目地址
GitHub
GitHub - 0x7556/webshell: AI一键免杀WebShell,包含金刚狼、哥斯拉、冰蝎、菜刀等
AI一键免杀WebShell,包含金刚狼、哥斯拉、冰蝎、菜刀等. Contribute to 0x7556/webshell development by creating an account on GitHub.
免杀 Bypass
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-38361
👤 项目作者: draxozbel
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 14:59:32

📝 项目描述:
Public advisory: CVE-2026-38361 resource exhaustion (CWE-400/CWE-670) in dash-uploader (Python/PyPI)

🔗 点击访问项目地址
GitHub
GitHub - draxozbel/CVE-2026-38361: Public advisory: CVE-2026-38361 resource exhaustion (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
Public advisory: CVE-2026-38361 resource exhaustion (CWE-400/CWE-670) in dash-uploader (Python/PyPI) - draxozbel/CVE-2026-38361
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Control

📦 项目名称: C2vsU-Py-CUDA
👤 项目作者: santiagodecima
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 14:02:23

📝 项目描述:
Este proyecto determina numéricamente las propiedades eléctricas de sistemas electroquímicos basados en semiconductores tipo n mediante un ajuste global y refinado de los datos experimentales de la inversa al cuadrado de la capacitancia total en función del potencial aplicado.

🔗 点击访问项目地址
GitHub
GitHub - santiagodecima/C2vsU-Py-CUDA: Este proyecto determina numéricamente las propiedades eléctricas de sistemas electroquímicos…
Este proyecto determina numéricamente las propiedades eléctricas de sistemas electroquímicos basados en semiconductores tipo n mediante un ajuste global y refinado de los datos experimentales de la...
C2 Control
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Attack

📦 项目名称: secure-web-app-attack-simulation
👤 项目作者: abieltesfai10-rgb
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-07 14:01:59

📝 项目描述:
Vulnerable web app simulating SQL injection, XSS, and auth bypass — with full attack-to-defense remediation using Python and Flask

🔗 点击访问项目地址
GitHub
GitHub - abieltesfai10-rgb/secure-web-app-attack-simulation: Vulnerable web app simulating SQL injection, XSS, and auth bypass…
Vulnerable web app simulating SQL injection, XSS, and auth bypass — with full attack-to-defense remediation using Python and Flask - abieltesfai10-rgb/secure-web-app-attack-simulation
XSS Attack
Before
After
Back to Top