📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #CVE #Remote Code Execution

📦 项目名称: CVE-2024-37054
👤 项目作者: vanhari
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 21:01:25

📝 项目描述:
a proof-of-concept for MLflow RCE (remote code execution)

🔗 点击访问项目地址
GitHub
GitHub - vanhari/CVE-2024-37054: a proof-of-concept for MLflow RCE (remote code execution)
a proof-of-concept for MLflow RCE (remote code execution) - vanhari/CVE-2024-37054
RCE CVE Remote
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sliver #C2

📦 项目名称: GodPotatoBOF-Sliver
👤 项目作者: ScotSec
🛠 开发语言: C
Star数量: 2 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 20:48:49

📝 项目描述:
A Sliver C2 port of incursi0n's GodPotato CobaltStrike BOF.

🔗 点击访问项目地址
GitHub
GitHub - ScotSec/GodPotatoBOF-Sliver: A Sliver C2 port of incursi0n's GodPotato CobaltStrike BOF.
A Sliver C2 port of incursi0n's GodPotato CobaltStrike BOF. - ScotSec/GodPotatoBOF-Sliver
Sliver C2
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exploit #CVE

📦 项目名称: CVE-2024-0582
👤 项目作者: nanabingies
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 20:41:46

📝 项目描述:
An exploit for a Use-After-Free vulnerability in the io_uring subsystem in the linux kernel

🔗 点击访问项目地址
GitHub
GitHub - nanabingies/CVE-2024-0582: An exploit for a Use-After-Free vulnerability in the io_uring subsystem in the linux kernel
GitHub - nanabingies/CVE-2024-0582: An exploit for a Use-After-Free vulnerability in the io_uring subsystem in the linux kernel
An exploit for a Use-After-Free vulnerability in the io_uring subsystem in the linux kernel - nanabingies/CVE-2024-0582
Exploit CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #SIEM

📦 项目名称: rsigma
👤 项目作者: timescale
🛠 开发语言: Rust
Star数量: 53 | 🍴 Fork数量: 4
📅 更新时间: 2026-05-20 20:54:38

📝 项目描述:
A complete Sigma detection toolkit: parser, linter, evaluator, correlation engine, conversion framework, streaming daemon, and LSP server :crab:

🔗 点击访问项目地址
GitHub
GitHub - timescale/rsigma: A complete Sigma detection toolkit: parser, linter, evaluator, correlation engine, conversion framework…
GitHub - timescale/rsigma: A complete Sigma detection toolkit: parser, linter, evaluator, correlation engine, conversion framework…
A complete Sigma detection toolkit: parser, linter, evaluator, correlation engine, conversion framework, streaming daemon, and LSP server :crab: - timescale/rsigma
Sigma SIEM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sliver #C2 #Implant #Beacon

📦 项目名称: sliver-orchestrator
👤 项目作者: lcensies
🛠 开发语言: Go
Star数量: 2 | 🍴 Fork数量: 4
📅 更新时间: 2026-05-20 15:43:11

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - lcensies/sliver-orchestrator
GitHub - lcensies/sliver-orchestrator
Contribute to lcensies/sliver-orchestrator development by creating an account on GitHub.
Sliver C2 Implant Beacon
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: true-protection-by-jag
👤 项目作者: jagjourney
🛠 开发语言: YARA
Star数量: 2 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 19:43:48

📝 项目描述:
Enterprise-grade Firewall + Antivirus + Anti-Rootkit. Free. AI-Powered. Community hub for bug reports, YARA rules, and browser extension.

🔗 点击访问项目地址
GitHub
GitHub - jagjourney/true-protection-by-jag: Enterprise-grade Firewall + Antivirus + Anti-Rootkit. Free. AI-Powered. Community hub…
GitHub - jagjourney/true-protection-by-jag: Enterprise-grade Firewall + Antivirus + Anti-Rootkit. Free. AI-Powered. Community hub…
Enterprise-grade Firewall + Antivirus + Anti-Rootkit. Free. AI-Powered. Community hub for bug reports, YARA rules, and browser extension. - jagjourney/true-protection-by-jag
YARA rules malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Nuclei #CVE

📦 项目名称: nuclei
👤 项目作者: projectdiscovery
🛠 开发语言: Go
Star数量: 28772 | 🍴 Fork数量: 3429
📅 更新时间: 2026-05-20 19:38:51

📝 项目描述:
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

🔗 点击访问项目地址
GitHub
GitHub - projectdiscovery/nuclei: Nuclei is a fast, customizable vulnerability scanner powered by the global security community…
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the ...
Nuclei CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Implant

📦 项目名称: Ghost-in-the-Stack
👤 项目作者: Chrisstoute
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 20:00:41

📝 项目描述:
Advanced threat hunt investigating Linux implant execution, persistence, lateral movement, external SSH access, C2 activity, and containment planning using KQL Advanced Hunting telemetry.

🔗 点击访问项目地址
GitHub
GitHub - Chrisstoute/Ghost-in-the-Stack: Advanced threat hunt investigating Linux implant execution, persistence, lateral movement…
Advanced threat hunt investigating Linux implant execution, persistence, lateral movement, external SSH access, C2 activity, and containment planning using KQL Advanced Hunting telemetry. - Chrisst...
C2 Implant
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Kubernetes #RBAC

📦 项目名称: -Demo-Minecraft-Unlocker-2026-Full-Game-Access-Infinite-Time-Multiplayer-Enabled
👤 项目作者: Alessandroinvariant926
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 20:00:55

📝 项目描述:
Remove demo restrictions and enable full access, multiplayer support, and unlimited playtime for Minecraft Java, Bedrock, and Education editions.

🔗 点击访问项目地址
GitHub
GitHub - Alessandroinvariant926/-Demo-Minecraft-Unlocker-2026-Full-Game-Access-Infinite-Time-Multiplayer-Enabled: Remove demo restrictions…
Remove demo restrictions and enable full access, multiplayer support, and unlimited playtime for Minecraft Java, Bedrock, and Education editions. - Alessandroinvariant926/-Demo-Minecraft-Unlocker-2...
Kubernetes RBAC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #malware

📦 项目名称: assemblyline-service-yara
👤 项目作者: CybercentreCanada
🛠 开发语言: Python
Star数量: 5 | 🍴 Fork数量: 6
📅 更新时间: 2026-05-20 18:53:21

📝 项目描述:
Assemblyline 4 Yara signature and Post tag processing services

🔗 点击访问项目地址
GitHub
GitHub - CybercentreCanada/assemblyline-service-yara: Assemblyline 4 Yara signature and Post tag processing services
Assemblyline 4 Yara signature and Post tag processing services - CybercentreCanada/assemblyline-service-yara
YARA malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #SIEM

📦 项目名称: rustinel
👤 项目作者: MrSpaghettiBK
🛠 开发语言: Rust
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 19:01:40

📝 项目描述:
🔍 Detect threats with Rustinel, a high-performance Windows EDR agent that leverages ETW to collect telemetry and outputs alerts for easy SIEM integration.

🔗 点击访问项目地址
GitHub
GitHub - MrSpaghettiBK/rustinel: 🔍 Detect threats with Rustinel, a high-performance Windows EDR agent that leverages ETW to collect…
GitHub - MrSpaghettiBK/rustinel: 🔍 Detect threats with Rustinel, a high-performance Windows EDR agent that leverages ETW to collect…
🔍 Detect threats with Rustinel, a high-performance Windows EDR agent that leverages ETW to collect telemetry and outputs alerts for easy SIEM integration. - MrSpaghettiBK/rustinel
Sigma SIEM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored #Reflected #DOM

📦 项目名称: XSS-Learning-Lab-BurpSuite
👤 项目作者: tariqahmad0046-cpu
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 18:40:34

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - tariqahmad0046-cpu/XSS-Learning-Lab-BurpSuite
GitHub - tariqahmad0046-cpu/XSS-Learning-Lab-BurpSuite
Contribute to tariqahmad0046-cpu/XSS-Learning-Lab-BurpSuite development by creating an account on GitHub.
XSS Stored Reflected DOM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #供应链攻击 #投毒 #NPM

📦 项目名称: apifox_security_check
👤 项目作者: daxiong888
🛠 开发语言: PowerShell
Star数量: 6 | 🍴 Fork数量: 1
📅 更新时间: 2026-03-28 16:27:21

📝 项目描述:
Apifox 供应链攻击排查工具, 检测已知远程代码执行 / 数据回传风险

🔗 点击访问项目地址
GitHub
GitHub - daxiong888/apifox_security_check: Apifox 供应链攻击排查工具, 检测已知远程代码执行 / 数据回传风险
GitHub - daxiong888/apifox_security_check: Apifox 供应链攻击排查工具, 检测已知远程代码执行 / 数据回传风险
Apifox 供应链攻击排查工具, 检测已知远程代码执行 / 数据回传风险. Contribute to daxiong888/apifox_security_check development by creating an account on GitHub.
供应链攻击 投毒 NPM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #供应链攻击 #投毒 #NPM

📦 项目名称: xdr-sop-skill
👤 项目作者: seccmd
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-05 14:21:26

📝 项目描述:
XDR-SOP-SKILL:供应链投毒攻击,首个AI标准化应急处置技能

🔗 点击访问项目地址
GitHub
GitHub - seccmd/xdr-sop-skill: XDR-SOP-SKILL:供应链投毒攻击,首个AI标准化应急处置技能
GitHub - seccmd/xdr-sop-skill: XDR-SOP-SKILL:供应链投毒攻击,首个AI标准化应急处置技能
XDR-SOP-SKILL:供应链投毒攻击,首个AI标准化应急处置技能. Contribute to seccmd/xdr-sop-skill development by creating an account on GitHub.
供应链攻击 投毒 NPM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exploit #CVE #POC

📦 项目名称: PoC-in-GitHub
👤 项目作者: nomi-sec
🛠 开发语言: Unknown
Star数量: 7759 | 🍴 Fork数量: 1321
📅 更新时间: 2026-05-20 18:55:03

📝 项目描述:
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

🔗 点击访问项目地址
GitHub
GitHub - nomi-sec/PoC-in-GitHub: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
GitHub - nomi-sec/PoC-in-GitHub: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware. - nomi-sec/PoC-in-GitHub
Exploit CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: burp-api-scanner
👤 项目作者: liam-portswigger
🛠 开发语言: Java
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 18:29:15

📝 项目描述:
Burp Suite extension for advanced API security scanning (cleanup fork)

🔗 点击访问项目地址
GitHub
GitHub - liam-portswigger/burp-api-scanner: Burp Suite extension for advanced API security scanning (cleanup fork)
Burp Suite extension for advanced API security scanning (cleanup fork) - liam-portswigger/burp-api-scanner
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: autogpt-CVE-2026-30950-poc
👤 项目作者: ZeroPathAI
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 18:55:59

📝 项目描述:
POC for CVE-2026-30950 which allows session hijacking in AutoGpt

🔗 点击访问项目地址
GitHub
ZeroPathAI/autogpt-CVE-2026-30950-poc
POC for CVE-2026-30950 which allows session hijacking in AutoGpt - ZeroPathAI/autogpt-CVE-2026-30950-poc
CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Nuclei #CVE

📦 项目名称: attack-surface-ml
👤 项目作者: daniyal-hussain01
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 1
📅 更新时间: 2026-05-20 16:38:33

📝 项目描述:
ML-driven CVE risk prioritization with end-to-end MLSecOps pipeline

🔗 点击访问项目地址
GitHub
GitHub - daniyal-hussain01/attack-surface-ml: ML-driven CVE risk prioritization with end-to-end MLSecOps pipeline
GitHub - daniyal-hussain01/attack-surface-ml: ML-driven CVE risk prioritization with end-to-end MLSecOps pipeline
ML-driven CVE risk prioritization with end-to-end MLSecOps pipeline - daniyal-hussain01/attack-surface-ml
Nuclei CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #CVE

📦 项目名称: CVE-2024-4367-PDF.js-xss
👤 项目作者: xiaoqiesec0x1
🛠 开发语言: PHP
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 16:28:06

📝 项目描述:
CVE-2024-4367–PDF.js-xss

🔗 点击访问项目地址
GitHub
GitHub - xiaoqiesec0x1/CVE-2024-4367-PDF.js-xss: CVE-2024-4367–PDF.js-xss
CVE-2024-4367–PDF.js-xss. Contribute to xiaoqiesec0x1/CVE-2024-4367-PDF.js-xss development by creating an account on GitHub.
XSS CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #WAF

📦 项目名称: Stealth-Scraper
👤 项目作者: Rusheesonu
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-20 17:02:28

📝 项目描述:
Visual no-code web scraper for AI agents. Point, click, extract — or describe in plain English. Anti-bot bypass, clean JSON, REST + Python/TS SDKs + MCP.

🔗 点击访问项目地址
GitHub
GitHub - Rusheesonu/Stealth-Scraper: Visual no-code web scraper for AI agents. Point, click, extract — or describe in plain English.…
GitHub - Rusheesonu/Stealth-Scraper: Visual no-code web scraper for AI agents. Point, click, extract — or describe in plain English.…
Visual no-code web scraper for AI agents. Point, click, extract — or describe in plain English. Anti-bot bypass, clean JSON, REST + Python/TS SDKs + MCP. - Rusheesonu/Stealth-Scraper
Bypass WAF
Before
After
Back to Top