📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #RCE

📦 项目名称: nginx-rce-cve-2026-42945
👤 项目作者: webdev75950-ux
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 15:21:58

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - webdev75950-ux/nginx-rce-cve-2026-42945
GitHub - webdev75950-ux/nginx-rce-cve-2026-42945
Contribute to webdev75950-ux/nginx-rce-cve-2026-42945 development by creating an account on GitHub.
CVE RCE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #malware

📦 项目名称: BitProbe-Automated_Forensic_Tool
👤 项目作者: K1ngB3ru
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 14:54:15

📝 项目描述:
An automated forensics & malware analysis tool, scripted using Python. This tool automatically collects logs, dumps and artifacts, stores everything individually in an organized structure and then generates a master report for overall analysis. Encoded with .yara module to analyze and track malicious patterns and behaviors and flags them.

🔗 点击访问项目地址
GitHub
GitHub - K1ngB3ru/BitProbe-Automated_Forensic_Tool: An automated forensics & malware analysis tool, scripted using Python. This…
An automated forensics & malware analysis tool, scripted using Python. This tool automatically collects logs, dumps and artifacts, stores everything individually in an organized structure a...
YARA malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC #Exploit

📦 项目名称: IKEV2-POC
👤 项目作者: EpSiLoNPoInTOrI
🛠 开发语言: C++
Star数量: 2 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 14:46:42

📝 项目描述:
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell

🔗 点击访问项目地址
GitHub
GitHub - EpSiLoNPoInTOrI/IKEV2-POC: IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows…
GitHub - EpSiLoNPoInTOrI/IKEV2-POC: IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows…
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell - EpSiLoNPoInTOrI/IKEV2-POC
CVE POC Exploit
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored

📦 项目名称: Stored-Cross-Site-Scripting-XSS-via-Image-Description-Fields-in-HP-ProCurve-Switch-1810-8G
👤 项目作者: Szym0n13k
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 13:59:50

📝 项目描述:
W HP ProCurve Switch 1810-8G wykryto podatność Stored XSS w panelu webowym. Przez brak sanitacji danych uwierzytelniony atakujący może wstrzyknąć złośliwy skrypt JavaScript do pól konfiguracyjnych. Kod wykonuje się w przeglądarce administratora. Brak indywidualnych kont i współdzielone hasło dodatkowo zwiększają ryzyko przejęcia urządzenia.

🔗 点击访问项目地址
GitHub
GitHub - Szym0n13k/Stored-Cross-Site-Scripting-XSS-via-Image-Description-Fields-in-HP-ProCurve-Switch-1810-8G: W HP ProCurve Switch…
GitHub - Szym0n13k/Stored-Cross-Site-Scripting-XSS-via-Image-Description-Fields-in-HP-ProCurve-Switch-1810-8G: W HP ProCurve Switch…
W HP ProCurve Switch 1810-8G wykryto podatność Stored XSS w panelu webowym. Przez brak sanitacji danych uwierzytelniony atakujący może wstrzyknąć złośliwy skrypt JavaScript do pól konfiguracyjnych....
XSS Stored
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored

📦 项目名称: Stored-Cross-Site-Scripting-XSS-via-sys_location-sys_contact-in-HP-ProCurve-Switch-1810-8G
👤 项目作者: Szym0n13k
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 14:02:49

📝 项目描述:
A stored XSS in the HP ProCurve Switch 1810-8G web interface allows authenticated attackers to inject malicious JavaScript into config fields due to poor sanitization. The payload runs when an admin views summary pages. The lack of individual accounts/RBAC and reliance on a single shared password elevate the risk of full device compromise.

🔗 点击访问项目地址
GitHub
GitHub - Szym0n13k/Stored-Cross-Site-Scripting-XSS-via-sys_location-sys_contact-in-HP-ProCurve-Switch-1810-8G: A stored XSS in…
GitHub - Szym0n13k/Stored-Cross-Site-Scripting-XSS-via-sys_location-sys_contact-in-HP-ProCurve-Switch-1810-8G: A stored XSS in…
A stored XSS in the HP ProCurve Switch 1810-8G web interface allows authenticated attackers to inject malicious JavaScript into config fields due to poor sanitization. The payload runs when an admi...
XSS Stored
🚨 GitHub 监控消息提醒

🚨 发现关键词: #POC #CVE

📦 项目名称: Multi-threaded-mass-exploiter-CVE-2018-13379-POC
👤 项目作者: Instructor-Admin
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 14:03:59

📝 项目描述:
CVE-2018-13379 mass exploiter for Fortinet FortiOS SSL VPN. Extracts credentials instantly, saves to CSV + PostgreSQL. Multi-threaded, no bullshit warnings.

🔗 点击访问项目地址
GitHub
GitHub - Instructor-Admin/Multi-threaded-mass-exploiter-CVE-2018-13379-POC: CVE-2018-13379 mass exploiter for Fortinet FortiOS…
GitHub - Instructor-Admin/Multi-threaded-mass-exploiter-CVE-2018-13379-POC: CVE-2018-13379 mass exploiter for Fortinet FortiOS…
CVE-2018-13379 mass exploiter for Fortinet FortiOS SSL VPN. Extracts credentials instantly, saves to CSV + PostgreSQL. Multi-threaded, no bullshit warnings. - Instructor-Admin/Multi-threaded-mass-e...
POC CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Framework #Beacon #Command and Control

📦 项目名称: ComandoYControlPython
👤 项目作者: murdok1982
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 13:46:45

📝 项目描述:
Programa basico en python de comando y control

🔗 点击访问项目地址
GitHub
GitHub - murdok1982/ComandoYControlPython: Programa basico en python de comando y control
GitHub - murdok1982/ComandoYControlPython: Programa basico en python de comando y control
Programa basico en python de comando y control. Contribute to murdok1982/ComandoYControlPython development by creating an account on GitHub.
C2 Framework Beacon Command
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Command and Control

📦 项目名称: C2-Simulation-and-Detection
👤 项目作者: ErickMurilo
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 13:59:01

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - ErickMurilo/C2-Simulation-and-Detection
Contribute to ErickMurilo/C2-Simulation-and-Detection development by creating an account on GitHub.
C2 Command
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Plugin #Extension

📦 项目名称: burp-vigolium
👤 项目作者: vigolium
🛠 开发语言: Java
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 13:23:35

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - vigolium/burp-vigolium
GitHub - vigolium/burp-vigolium
Contribute to vigolium/burp-vigolium development by creating an account on GitHub.
Burp Plugin Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #rules #SIEM

📦 项目名称: flipper-purple-team
👤 项目作者: descambiado
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 13:24:02

📝 项目描述:
Flipper Zero BadUSB payloads paired with SIGMA detection rules and KQL hunting queries

🔗 点击访问项目地址
GitHub
GitHub - descambiado/flipper-purple-team: Flipper Zero BadUSB payloads paired with SIGMA detection rules and KQL hunting queries
GitHub - descambiado/flipper-purple-team: Flipper Zero BadUSB payloads paired with SIGMA detection rules and KQL hunting queries
Flipper Zero BadUSB payloads paired with SIGMA detection rules and KQL hunting queries - descambiado/flipper-purple-team
Sigma rules SIEM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #malware

📦 项目名称: paranoya
👤 项目作者: c0m4r
🛠 开发语言: Python
Star数量: 13 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 12:14:21

📝 项目描述:
Simple IOC and YARA scanner for Linux®

🔗 点击访问项目地址
GitHub
GitHub - c0m4r/paranoya: Simple IOC and YARA scanner for Linux®
GitHub - c0m4r/paranoya: Simple IOC and YARA scanner for Linux®
Simple IOC and YARA scanner for Linux®. Contribute to c0m4r/paranoya development by creating an account on GitHub.
YARA malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: cve-2026-poc-collection
👤 项目作者: XZ1r0
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 12:37:33

📝 项目描述:
CVE-2026 PoC Collection - 128 PoCs covering 84 CVEs

🔗 点击访问项目地址
GitHub
XZ1r0/cve-2026-poc-collection
XZ1r0/cve-2026-poc-collection
CVE-2026 PoC Collection - 128 PoCs covering 84 CVEs - XZ1r0/cve-2026-poc-collection
CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #渗透测试 #漏洞

📦 项目名称: ai-pentest-platform
👤 项目作者: djunhao2-star
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 11:57:50

📝 项目描述:
本项目基于 Multi-Agent 协同架构与 AI 驱动安全分析能力,构建了一套自动化渗透测试与 SRC 漏洞挖掘平台,重点解决传统安全测试中高度依赖人工经验、漏洞验证效率低、误报率高以及大规模资产难以持续化检测的问题。

🔗 点击访问项目地址
GitHub
djunhao2-star/ai-pentest-platform
本项目基于 Multi-Agent 协同架构与 AI 驱动安全分析能力,构建了一套自动化渗透测试与 SRC 漏洞挖掘平台,重点解决传统安全测试中高度依赖人工经验、漏洞验证效率低、误报率高以及大规模资产难以持续化检测的问题。 - djunhao2-star/ai-pentest-platform
渗透测试 漏洞
🚨 GitHub 监控消息提醒

🚨 发现关键词: #BlueTeam #Trace #Response

📦 项目名称: traceguard
👤 项目作者: L1ghtn1ng
🛠 开发语言: Go
Star数量: 2 | 🍴 Fork数量: 1
📅 更新时间: 2026-05-23 11:49:31

📝 项目描述:
TraceGuard uses the eBPF subsystem of the linux kernel to get valuable insights to what your system is doing

🔗 点击访问项目地址
GitHub
GitHub - L1ghtn1ng/traceguard: TraceGuard uses the eBPF subsystem of the linux kernel to get valuable insights to what your system…
GitHub - L1ghtn1ng/traceguard: TraceGuard uses the eBPF subsystem of the linux kernel to get valuable insights to what your system…
TraceGuard uses the eBPF subsystem of the linux kernel to get valuable insights to what your system is doing - L1ghtn1ng/traceguard
BlueTeam Trace Response
🚨 GitHub 监控消息提醒

🚨 发现关键词: #钓鱼 #二维码

📦 项目名称: sealdice-shark-plugins
👤 项目作者: GuraQwQ
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 11:02:04

📝 项目描述:
鲨鲨的海豹骰插件合集 🦈 - 集中化管理所有 SeaDice JavaScript 插件,支持自动更新。包含:log计时、COC自动属性检定、吃掉头像、二维码生成、今日老婆、每日英语、深海斗蛐蛐、答案之书、随机二次元、随机密码、鲨鲨钓鱼。

🔗 点击访问项目地址
GitHub
GuraQwQ/sealdice-shark-plugins
鲨鲨的海豹骰插件合集 🦈 - 集中化管理所有 SeaDice JavaScript 插件,支持自动更新。包含:log计时、COC自动属性检定、吃掉头像、二维码生成、今日老婆、每日英语、深海斗蛐蛐、答案之书、随机二次元、随机密码、鲨鲨钓鱼。 - GuraQwQ/sealdice-shark-plugins
钓鱼 二维码
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #Remote Code Execution

📦 项目名称: Remote-Code-Execution-RCE-Vulnerability-in-ArticleCMS-CWE-94-
👤 项目作者: zero-day348
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 09:34:16

📝 项目描述:
Remote Code Execution (RCE) Vulnerability in ArticleCMS (CWE-94)

🔗 点击访问项目地址
GitHub
GitHub - zero-day348/Remote-Code-Execution-RCE-Vulnerability-in-ArticleCMS-CWE-94-: Remote Code Execution (RCE) Vulnerability in…
GitHub - zero-day348/Remote-Code-Execution-RCE-Vulnerability-in-ArticleCMS-CWE-94-: Remote Code Execution (RCE) Vulnerability in…
Remote Code Execution (RCE) Vulnerability in ArticleCMS (CWE-94) - zero-day348/Remote-Code-Execution-RCE-Vulnerability-in-ArticleCMS-CWE-94-
RCE Remote
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #漏洞 #DOM

📦 项目名称: xss_scanner
👤 项目作者: AukSoryu
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 10:02:22

📝 项目描述:
一款功能完整的 XSS 漏洞扫描器,支持反射型、存储型、DOM 型 XSS 检测,具备动态爬虫、上下文感知 Payload、并发扫描、中断恢复、多格式报告等高级特性。

🔗 点击访问项目地址
GitHub
AukSoryu/xss_scanner
一款功能完整的 XSS 漏洞扫描器,支持反射型、存储型、DOM 型 XSS 检测,具备动态爬虫、上下文感知 Payload、并发扫描、中断恢复、多格式报告等高级特性。 - AukSoryu/xss_scanner
XSS 漏洞 DOM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #Exploit

📦 项目名称: CVE-2026-41940
👤 项目作者: xxconi
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 09:45:06

📝 项目描述:
Private exploit

🔗 点击访问项目地址
GitHub
xxconi/CVE-2026-41940
Private exploit. Contribute to xxconi/CVE-2026-41940 development by creating an account on GitHub.
CVE Exploit
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #RCE

📦 项目名称: CVE-2026-6279
👤 项目作者: zycoder0day
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 09:53:16

📝 项目描述:
CVE-2026-6279 — Avada Builder <= 3.15.2 Unauthenticated RCE via call_user_func()

🔗 点击访问项目地址
GitHub
GitHub - zycoder0day/CVE-2026-6279: CVE-2026-6279 — Avada Builder <= 3.15.2 Unauthenticated RCE via call_user_func()
GitHub - zycoder0day/CVE-2026-6279: CVE-2026-6279 — Avada Builder <= 3.15.2 Unauthenticated RCE via call_user_func()
CVE-2026-6279 — Avada Builder <= 3.15.2 Unauthenticated RCE via call_user_func() - zycoder0day/CVE-2026-6279
CVE RCE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #信息收集 #子域名

📦 项目名称: asset_tool
👤 项目作者: CrispSheep
🛠 开发语言: Vue
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-23 08:35:58

📝 项目描述:
信息收集工具,整合fofa等空间测绘引擎导入,识别去重,子域名发现探活等

🔗 点击访问项目地址
GitHub
GitHub - CrispSheep/asset_tool: 信息收集工具,整合fofa等空间测绘引擎导入,识别去重,子域名发现探活等
GitHub - CrispSheep/asset_tool: 信息收集工具,整合fofa等空间测绘引擎导入,识别去重,子域名发现探活等
信息收集工具,整合fofa等空间测绘引擎导入,识别去重,子域名发现探活等. Contribute to CrispSheep/asset_tool development by creating an account on GitHub.
信息收集 子域名
Before
After
Back to Top