📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: yara-rules
👤 项目作者: k3rnelcallz
🛠 开发语言: YARA
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 09:52:06

📝 项目描述:
Malware detection rules (Code-level pattern matching definitions for identifying and matching malware families)

🔗 点击访问项目地址
GitHub
GitHub - k3rnelcallz/yara-rules: Malware detection rules (Code-level pattern matching definitions for identifying and matching…
GitHub - k3rnelcallz/yara-rules: Malware detection rules (Code-level pattern matching definitions for identifying and matching…
Malware detection rules (Code-level pattern matching definitions for identifying and matching malware families) - k3rnelcallz/yara-rules
YARA rules malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #EXP #POC

📦 项目名称: exp_baddial
👤 项目作者: Starry2233
🛠 开发语言: Batchfile
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 09:01:27

📝 项目描述:
PoC for XTC dial plugin RCE vulnerability - demonstrates arbitrary code execution in UID 1000 system context via unsigned .pl DEX loading from external storage

🔗 点击访问项目地址
GitHub
GitHub - Starry2233/exp_baddial: PoC for XTC dial plugin RCE vulnerability - demonstrates arbitrary code execution in UID 1000…
PoC for XTC dial plugin RCE vulnerability - demonstrates arbitrary code execution in UID 1000 system context via unsigned .pl DEX loading from external storage - Starry2233/exp_baddial
RCE EXP POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #渗透测试 #红队

📦 项目名称: hackvideo
👤 项目作者: 0x7556
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 09:00:16

📝 项目描述:
Hack视频教程:红队渗透测试、金刚狼WolfShell、工具使用教程

🔗 点击访问项目地址
GitHub
GitHub - 0x7556/hackvideo: Hack视频教程:红队渗透测试、金刚狼WolfShell、工具使用教程
Hack视频教程:红队渗透测试、金刚狼WolfShell、工具使用教程. Contribute to 0x7556/hackvideo development by creating an account on GitHub.
渗透测试 红队
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: pyc_rules
👤 项目作者: rakovskij-stanislav
🛠 开发语言: YARA
Star数量: 9 | 🍴 Fork数量: 2
📅 更新时间: 2026-05-24 07:27:45

📝 项目描述:
Yara rules on PYC files to determine PYC version

🔗 点击访问项目地址
GitHub
GitHub - rakovskij-stanislav/pyc_rules: Yara rules on PYC files to determine PYC version
GitHub - rakovskij-stanislav/pyc_rules: Yara rules on PYC files to determine PYC version
Yara rules on PYC files to determine PYC version. Contribute to rakovskij-stanislav/pyc_rules development by creating an account on GitHub.
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored

📦 项目名称: logacademy
👤 项目作者: Ahmadd018
🛠 开发语言: PHP
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 07:01:06

📝 项目描述:
Intentionally vulnerable PHP web app for red/blue team training (SQLi, XSS, IDOR, file upload RCE, open redirect, OTP bypass)

🔗 点击访问项目地址
GitHub
GitHub - Ahmadd018/logacademy: Intentionally vulnerable PHP web app for red/blue team training (SQLi, XSS, IDOR, file upload RCE…
GitHub - Ahmadd018/logacademy: Intentionally vulnerable PHP web app for red/blue team training (SQLi, XSS, IDOR, file upload RCE…
Intentionally vulnerable PHP web app for red/blue team training (SQLi, XSS, IDOR, file upload RCE, open redirect, OTP bypass) - Ahmadd018/logacademy
XSS Stored
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored #Reflected #DOM

📦 项目名称: xss-labs
👤 项目作者: yogsec
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 07:04:07

📝 项目描述:
XSS (Cross-Site Scripting) labs for learning web application security. Each lab demonstrates a different XSS vulnerability with interactive examples and solutions. Frontend-only, no server required. Live demo via GitHub Pages. Includes reflected XSS, stored XSS, DOM-based XSS, and event handler injections. Perfect for students.

🔗 点击访问项目地址
GitHub
GitHub - yogsec/xss-labs: xss-labs for learning web application security. Each lab demonstrates a different XSS vulnerability with…
GitHub - yogsec/xss-labs: xss-labs for learning web application security. Each lab demonstrates a different XSS vulnerability with…
xss-labs for learning web application security. Each lab demonstrates a different XSS vulnerability with interactive examples and solutions. Frontend-only, no server required. - yogsec/xss-labs
XSS Stored Reflected DOM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exploit #CVE

📦 项目名称: CVE-2025-55182-in-go
👤 项目作者: w3nch
🛠 开发语言: Go
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 06:58:31

📝 项目描述:
Just a simple exploit script written in go for react2shell

🔗 点击访问项目地址
GitHub
GitHub - w3nch/CVE-2025-55182-in-go
Contribute to w3nch/CVE-2025-55182-in-go development by creating an account on GitHub.
Exploit CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #rules

📦 项目名称: LogSources_SigmaRules
👤 项目作者: EssexRich
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 05:58:48

📝 项目描述:
Log source field names and sigma rules

🔗 点击访问项目地址
GitHub
GitHub - EssexRich/LogSources_SigmaRules: Log source field names and sigma rules
Log source field names and sigma rules. Contribute to EssexRich/LogSources_SigmaRules development by creating an account on GitHub.
Sigma rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: port-highlighter
👤 项目作者: dhakal-bibek
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 05:53:39

📝 项目描述:
Burp Suite extension that color-codes proxy history entries based on listener port. Similar to PwnFox but port-based.

🔗 点击访问项目地址
GitHub
GitHub - dhakal-bibek/port-highlighter: Burp Suite extension that color-codes proxy history entries based on listener port. Similar…
Burp Suite extension that color-codes proxy history entries based on listener port. Similar to PwnFox but port-based. - dhakal-bibek/port-highlighter
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #钓鱼 #二维码

📦 项目名称: maker-vpotzrytri-Coding
👤 项目作者: x7yxpksk72-maker
🛠 开发语言: Java
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 02:56:31

📝 项目描述:
基于SpringBoot+Vue的同城钓鱼社交APP的设计与开发

🔗 点击访问项目地址
GitHub
GitHub - x7yxpksk72-maker/maker-vpotzrytri-Coding: 基于SpringBoot+Vue的同城钓鱼社交APP的设计与开发
基于SpringBoot+Vue的同城钓鱼社交APP的设计与开发. Contribute to x7yxpksk72-maker/maker-vpotzrytri-Coding development by creating an account on GitHub.
钓鱼 二维码
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #rules

📦 项目名称: hayabusa-rules
👤 项目作者: Yamato-Security
🛠 开发语言: Python
Star数量: 218 | 🍴 Fork数量: 28
📅 更新时间: 2026-05-24 03:56:00

📝 项目描述:
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

🔗 点击访问项目地址
GitHub
GitHub - Yamato-Security/hayabusa-rules: Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
GitHub - Yamato-Security/hayabusa-rules: Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor. - Yamato-Security/hayabusa-rules
Sigma rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: prx-sd
👤 项目作者: openprx
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 03:59:02

📝 项目描述:
Open-source antivirus engine with hash matching, YARA rules, and heuristic analysis. Built with Rust.

🔗 点击访问项目地址
GitHub
GitHub - openprx/prx-sd: Open-source antivirus engine with hash matching, YARA rules, and heuristic analysis. Built with Rust.
Open-source antivirus engine with hash matching, YARA rules, and heuristic analysis. Built with Rust. - openprx/prx-sd
YARA rules malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: CVE-2026-41096-POC
👤 项目作者: satchfunky
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 01:48:41

📝 项目描述:
windows api bug

🔗 点击访问项目地址
GitHub
GitHub - satchfunky/CVE-2026-41096-POC: windows api bug
windows api bug. Contribute to satchfunky/CVE-2026-41096-POC development by creating an account on GitHub.
CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Nuclei #templates

📦 项目名称: nuclei-confuser
👤 项目作者: dwisiswant0
🛠 开发语言: Go
Star数量: 10 | 🍴 Fork数量: 3
📅 更新时间: 2026-05-24 00:31:02

📝 项目描述:
This repository gathers matchers from Nuclei templates designed to fool the Nuclei scanner.

🔗 点击访问项目地址
GitHub
GitHub - dwisiswant0/nuclei-confuser: This repository gathers matchers from Nuclei templates designed to fool the Nuclei scanner.
GitHub - dwisiswant0/nuclei-confuser: This repository gathers matchers from Nuclei templates designed to fool the Nuclei scanner.
This repository gathers matchers from Nuclei templates designed to fool the Nuclei scanner. - dwisiswant0/nuclei-confuser
Nuclei templates
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Kubernetes #RBAC

📦 项目名称: RotatingSecrets
👤 项目作者: bhanafee
🛠 开发语言: C#
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 01:03:24

📝 项目描述:
Sample code for rotating secrets in a Java application that uses a Kubernetes Secrets replacement

🔗 点击访问项目地址
GitHub
GitHub - bhanafee/RotatingSecrets: Sample code for rotating secrets in a Java application that uses a Kubernetes Secrets replacement
Sample code for rotating secrets in a Java application that uses a Kubernetes Secrets replacement - bhanafee/RotatingSecrets
Kubernetes RBAC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Kubernetes #RBAC

📦 项目名称: nebari-provenance-collector-pack
👤 项目作者: nebari-dev
🛠 开发语言: Go
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 01:04:14

📝 项目描述:
A Kubernetes-native CronJob that discovers running images and Helm releases, resolves digests, verifies signatures, detects SLSA/SBOM attestations, and emits timestamped provenance reports.

🔗 点击访问项目地址
GitHub
GitHub - nebari-dev/nebari-provenance-collector-pack: A Kubernetes-native CronJob that discovers running images and Helm releases…
A Kubernetes-native CronJob that discovers running images and Helm releases, resolves digests, verifies signatures, detects SLSA/SBOM attestations, and emits timestamped provenance reports. - nebar...
Kubernetes RBAC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #CVE #Stored

📦 项目名称: evershop-stored-xss-cve
👤 项目作者: Venukamatchi
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 00:20:11

📝 项目描述:
Stored XSS via unrestricted file upload in EverShop <= 2.1.2 allowing arbitrary JavaScript execution under application origin.

🔗 点击访问项目地址
GitHub
GitHub - Venukamatchi/evershop-stored-xss-cve: Stored XSS via unrestricted file upload in EverShop <= 2.1.2 allowing arbitrary…
GitHub - Venukamatchi/evershop-stored-xss-cve: Stored XSS via unrestricted file upload in EverShop <= 2.1.2 allowing arbitrary…
Stored XSS via unrestricted file upload in EverShop <= 2.1.2 allowing arbitrary JavaScript execution under application origin. - Venukamatchi/evershop-stored-xss-cve
XSS CVE Stored
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #CVE #POC

📦 项目名称: React2Shell-CVE-2025-55182
👤 项目作者: SpeatX
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 00:41:18

📝 项目描述:
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.

🔗 点击访问项目地址
GitHub
GitHub - SpeatX/React2Shell-CVE-2025-55182: CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS…
GitHub - SpeatX/React2Shell-CVE-2025-55182: CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS…
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing. - SpeatX/React2Shell-CVE-2025-55182
RCE CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #GitLab #CVE

📦 项目名称: SigmaGit-v2
👤 项目作者: disclearing
🛠 开发语言: TypeScript
Star数量: 3 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-24 00:59:03

📝 项目描述:
a new powerful github replacement

🔗 点击访问项目地址
GitHub
GitHub - disclearing/SigmaGit-v2: a new powerful github replacement
GitHub - disclearing/SigmaGit-v2: a new powerful github replacement
a new powerful github replacement. Contribute to disclearing/SigmaGit-v2 development by creating an account on GitHub.
GitLab CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: yaramail
👤 项目作者: seanthegeek
🛠 开发语言: Python
Star数量: 23 | 🍴 Fork数量: 5
📅 更新时间: 2026-05-24 00:49:55

📝 项目描述:
A Python package and command line utility for scanning emails with YARA rules

🔗 点击访问项目地址
GitHub
GitHub - seanthegeek/yaramail: A Python package and command line utility for scanning emails with YARA rules
GitHub - seanthegeek/yaramail: A Python package and command line utility for scanning emails with YARA rules
A Python package and command line utility for scanning emails with YARA rules - seanthegeek/yaramail
YARA rules malware
Before
After
Back to Top