📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #BlueTeam #Detection

📦 项目名称: SuspiciousThreads
👤 项目作者: 0xjbb
🛠 开发语言: C++
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 16:19:25

📝 项目描述:
A Poc attempt at hunting suspicious thread creation events using ETW only.

🔗 点击访问项目地址
GitHub
GitHub - 0xjbb/SuspiciousThreads: A Poc attempt at hunting suspicious thread creation events using ETW only.
GitHub - 0xjbb/SuspiciousThreads: A Poc attempt at hunting suspicious thread creation events using ETW only.
A Poc attempt at hunting suspicious thread creation events using ETW only. - 0xjbb/SuspiciousThreads
BlueTeam Detection
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Command and Control

📦 项目名称: c2.ai
👤 项目作者: philcali
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 16:58:23

📝 项目描述:
AI driven Command and Control for AI agents

🔗 点击访问项目地址
GitHub
GitHub - philcali/c2.ai: AI driven Command and Control for AI agents
AI driven Command and Control for AI agents. Contribute to philcali/c2.ai development by creating an account on GitHub.
C2 Command
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: Loupe
👤 项目作者: Loupe-tools
🛠 开发语言: JavaScript
Star数量: 3 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 16:27:30

📝 项目描述:
100% offline, single HTML file static analyser for SOC / DFIR triage — 70+ file formats, 1 Million row EVTX / PCAP / CSV timeline, 550+ YARA rules, VBA macro extraction, PE / ELF / Mach-O capability tagging, SPF / DKIM / DMARC + phishing checks, recursive payload deobfuscation, IOC extraction, STIX 2.1 / MISP export. Sigstore-signed + reproducible.

🔗 点击访问项目地址
GitHub
GitHub - Loupe-tools/Loupe: 100% offline, single HTML file static analyser for SOC / DFIR triage — 70+ file formats, 1 Million…
GitHub - Loupe-tools/Loupe: 100% offline, single HTML file static analyser for SOC / DFIR triage — 70+ file formats, 1 Million…
100% offline, single HTML file static analyser for SOC / DFIR triage — 70+ file formats, 1 Million row EVTX / PCAP / CSV timeline, 550+ YARA rules, VBA macro extraction, PE / ELF / Mach-O capabilit...
YARA rules malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #漏洞 #利用

📦 项目名称: -
👤 项目作者: ZZ-dance
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 16:17:23

📝 项目描述:
PenTesShield 是一个基于多Agent协作架构的渗透测试报告自动化生成平台,通过四个专业Agent(ReconAgent信息收集、VulnScannerAgent漏洞扫描、ExploitAgent验证利用、ReportGeneratorAgent报告生成)按优先级顺序协同工作,结合长链推理能力记录完整的分析决策过程,自动化完成从目标发现、漏洞识别、风险评估到报告输出的全流程,有效解决渗透测试人员手工撰写报告效率低、容易遗漏关键信息的问题,最终输出包含执行摘要、漏洞详情、PoC步骤和优先级修复建议的完整Markdown格式报告。

🔗 点击访问项目地址
GitHub
GitHub - ZZ-dance/-: PenTesShield 是一个基于多Agent协作架构的渗透测试报告自动化生成平台,通过四个专业Agent(ReconAgent信息收集、VulnScannerAgent漏洞扫描、ExploitAgent验证…
GitHub - ZZ-dance/-: PenTesShield 是一个基于多Agent协作架构的渗透测试报告自动化生成平台,通过四个专业Agent(ReconAgent信息收集、VulnScannerAgent漏洞扫描、ExploitAgent验证…
PenTesShield 是一个基于多Agent协作架构的渗透测试报告自动化生成平台,通过四个专业Agent(ReconAgent信息收集、VulnScannerAgent漏洞扫描、ExploitAgent验证利用、ReportGeneratorAgent报告生成)按优先级顺序协同工作,结合长链推理能力记录完整的分析决策过程,自动化完成从目标发现、漏洞识别、风险评估到报告输出的全流程,有效解...
漏洞 利用
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #Exploit

📦 项目名称: copy_fail
👤 项目作者: Iamliuxiaozhen
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 16:54:08

📝 项目描述:
copy_fail:CVE-2026-31431

🔗 点击访问项目地址
GitHub
Iamliuxiaozhen/copy_fail
copy_fail:CVE-2026-31431. Contribute to Iamliuxiaozhen/copy_fail development by creating an account on GitHub.
CVE Exploit
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC #Exploit

📦 项目名称: CVE-2026-33712
👤 项目作者: portbuster1337
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 16:49:46

📝 项目描述:
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch

🔗 点击访问项目地址
GitHub
GitHub - portbuster1337/CVE-2026-33712: CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch - portbuster1337/CVE-2026-33712
CVE POC Exploit
🚨 GitHub 监控消息提醒

🚨 发现关键词: #渗透测试 #内网 #红队 #靶场 #漏洞

📦 项目名称: Zero-SecurityAgent
👤 项目作者: Zero16800
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 08:33:06

📝 项目描述:
AI 自动化渗透测试

🔗 点击访问项目地址
GitHub
GitHub - Zero16800/Zero-SecurityAgent: AI 自动化渗透测试
AI 自动化渗透测试. Contribute to Zero16800/Zero-SecurityAgent development by creating an account on GitHub.
渗透测试 内网 红队 靶场 漏洞
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #malware

📦 项目名称: rustinel
👤 项目作者: Karib0u
🛠 开发语言: Rust
Star数量: 307 | 🍴 Fork数量: 33
📅 更新时间: 2026-05-25 15:20:52

📝 项目描述:
Open-source endpoint detection engine for Windows and Linux using ETW, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.

🔗 点击访问项目地址
GitHub
GitHub - Karib0u/rustinel: Open-source endpoint detection engine for Windows and Linux using ETW, eBPF, Sigma, YARA, IOCs, and…
GitHub - Karib0u/rustinel: Open-source endpoint detection engine for Windows and Linux using ETW, eBPF, Sigma, YARA, IOCs, and…
Open-source endpoint detection engine for Windows and Linux using ETW, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts. - Karib0u/rustinel
YARA malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #rules

📦 项目名称: sigmahqrag
👤 项目作者: frack113
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 1
📅 更新时间: 2026-05-25 15:51:57

📝 项目描述:
a RAG for sigma Rules

🔗 点击访问项目地址
GitHub
GitHub - frack113/sigmahqrag: a RAG for sigma Rules
a RAG for sigma Rules. Contribute to frack113/sigmahqrag development by creating an account on GitHub.
Sigma rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exploit #CVE

📦 项目名称: low-hanging-vulns
👤 项目作者: zzzteph
🛠 开发语言: Python
Star数量: 6 | 🍴 Fork数量: 2
📅 更新时间: 2026-05-25 15:02:55

📝 项目描述:
Critical and High web vulnerabilities monitoring

🔗 点击访问项目地址
GitHub
GitHub - zzzteph/low-hanging-vulns: Critical and High web vulnerabilities monitoring
GitHub - zzzteph/low-hanging-vulns: Critical and High web vulnerabilities monitoring
Critical and High web vulnerabilities monitoring. Contribute to zzzteph/low-hanging-vulns development by creating an account on GitHub.
Exploit CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exploit #POC

📦 项目名称: Exploit-PoC
👤 项目作者: ZeroTrustWraith
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 15:02:57

📝 项目描述:
A curated collection of Proof-of-Concept exploit scripts, vulnerability research, and security tooling developed for verified CVEs and CWEs.

🔗 点击访问项目地址
GitHub
GitHub - ZeroTrustWraith/Exploit-PoC: A curated collection of Proof-of-Concept exploit scripts, vulnerability research, and security…
A curated collection of Proof-of-Concept exploit scripts, vulnerability research, and security tooling developed for verified CVEs and CWEs. - ZeroTrustWraith/Exploit-PoC
Exploit POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: CVE-2026-20700-POC-that-ll-never-work
👤 项目作者: notthemystery
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 14:57:22

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - notthemystery/CVE-2026-20700-POC-that-ll-never-work
GitHub - notthemystery/CVE-2026-20700-POC-that-ll-never-work
Contribute to notthemystery/CVE-2026-20700-POC-that-ll-never-work development by creating an account on GitHub.
CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #漏洞

📦 项目名称: xss-visualized
👤 项目作者: language-z
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 14:00:23

📝 项目描述:
可视化的XSS攻防实验室。左边是漏洞,右边是防御,一目了然看懂Web安全。

🔗 点击访问项目地址
GitHub
GitHub - language-z/xss-visualized: 可视化的XSS攻防实验室。左边是漏洞,右边是防御,一目了然看懂Web安全。
可视化的XSS攻防实验室。左边是漏洞,右边是防御,一目了然看懂Web安全。. Contribute to language-z/xss-visualized development by creating an account on GitHub.
XSS 漏洞
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #SIEM

📦 项目名称: python-security-automation-scripts
👤 项目作者: sanyasachdeva1
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 13:54:51

📝 项目描述:
A Python toolkit for first-level SOC triage: failed login detection, IOC matching, Nmap exposure parsing, IAM risk triage, JSON findings, Markdown reports, and automated tests.

🔗 点击访问项目地址
GitHub
GitHub - sanyasachdeva1/python-security-automation-scripts: A Python toolkit for first-level SOC triage: failed login detection…
GitHub - sanyasachdeva1/python-security-automation-scripts: A Python toolkit for first-level SOC triage: failed login detection…
A Python toolkit for first-level SOC triage: failed login detection, IOC matching, Nmap exposure parsing, IAM risk triage, JSON findings, Markdown reports, and automated tests. - sanyasachdeva1/pyt...
Sigma SIEM
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: CVE-2026-47102-PoC
👤 项目作者: learner202649
🛠 开发语言: Shell
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 13:38:32

📝 项目描述:
The code for personally reproducing the corresponding vulnerability

🔗 点击访问项目地址
GitHub
GitHub - learner202649/CVE-2026-47102-PoC: The code for personally reproducing the corresponding vulnerability
GitHub - learner202649/CVE-2026-47102-PoC: The code for personally reproducing the corresponding vulnerability
The code for personally reproducing the corresponding vulnerability - learner202649/CVE-2026-47102-PoC
CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #漏洞

📦 项目名称: xss-demo-visualized
👤 项目作者: language-z
🛠 开发语言: EJS
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 12:26:55

📝 项目描述:
可视化的XSS攻防实验室。左边是漏洞,右边是防御,一目了然看懂Web安全。

🔗 点击访问项目地址
GitHub
GitHub - language-z/xss-demo-visualized: 可视化的XSS攻防实验室。左边是漏洞,右边是防御,一目了然看懂Web安全。
可视化的XSS攻防实验室。左边是漏洞,右边是防御,一目了然看懂Web安全。. Contribute to language-z/xss-demo-visualized development by creating an account on GitHub.
XSS 漏洞
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored

📦 项目名称: XSS-CSP
👤 项目作者: meel0wx
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 12:55:10

📝 项目描述:
Stored-XSS-CSP

🔗 点击访问项目地址
GitHub
GitHub - meel0wx/XSS-CSP: Stored-XSS-CSP
GitHub - meel0wx/XSS-CSP: Stored-XSS-CSP
Stored-XSS-CSP. Contribute to meel0wx/XSS-CSP development by creating an account on GitHub.
XSS Stored
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: yara-rules
👤 项目作者: MaryamFatima16
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 12:30:39

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - MaryamFatima16/yara-rules
Contribute to MaryamFatima16/yara-rules development by creating an account on GitHub.
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Nuclei #CVE

📦 项目名称: router-cve-audit
👤 项目作者: mikhailartamonov
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 12:30:41

📝 项目描述:
Defensive CVE audit toolkit for consumer/SOHO routers (MikroTik, TP-Link, Huawei, D-Link, ASUS, Zyxel, Keenetic, Ubiquiti). Detection only - no exploitation. Project Discovery nuclei + Python collectors.

🔗 点击访问项目地址
GitHub
GitHub - mikhailartamonov/router-cve-audit: Defensive CVE audit toolkit for consumer/SOHO routers (MikroTik, TP-Link, Huawei, D…
GitHub - mikhailartamonov/router-cve-audit: Defensive CVE audit toolkit for consumer/SOHO routers (MikroTik, TP-Link, Huawei, D…
Defensive CVE audit toolkit for consumer/SOHO routers (MikroTik, TP-Link, Huawei, D-Link, ASUS, Zyxel, Keenetic, Ubiquiti). Detection only - no exploitation. Project Discovery nuclei + Python colle...
Nuclei CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #RCE

📦 项目名称: CVE-2026-42945-Nginx-RCE-bypass-ASLR
👤 项目作者: bamov970
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-25 12:21:49

📝 项目描述:
CVE-2026-42945 turns a 17-year-old NGINX rewrite bug into remote code execution — even with ASLR on, by chaining the heap overflow with live worker memory read through a common file-read flaw.

🔗 点击访问项目地址
GitHub
GitHub - bamov970/CVE-2026-42945-Nginx-RCE-bypass-ASLR: CVE-2026-42945 turns a 17-year-old NGINX rewrite bug into remote code execution…
CVE-2026-42945 turns a 17-year-old NGINX rewrite bug into remote code execution — even with ASLR on, by chaining the heap overflow with live worker memory read through a common file-read flaw. - ba...
CVE RCE
Before
After
Back to Top