📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #CVE #POC

📦 项目名称: CVE-2026-6815
👤 项目作者: danilo-dellorco
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 15:06:45

📝 项目描述:
Proof of Concept (PoC) exploit for CVE-2026-6815: Authenticated Path Traversal & Arbitrary File Write in Casdoor (< 3.54.1) leading to RCE/DoS.

🔗 点击访问项目地址
GitHub
danilo-dellorco/CVE-2026-6815
Proof of Concept (PoC) exploit for CVE-2026-6815: Authenticated Path Traversal & Arbitrary File Write in Casdoor (< 3.54.1) leading to RCE/DoS. - danilo-dellorco/CVE-2026-6815
RCE CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: Yara-Rules
👤 项目作者: RussianPanda95
🛠 开发语言: YARA
Star数量: 143 | 🍴 Fork数量: 14
📅 更新时间: 2026-06-04 14:43:13

📝 项目描述:
Repository of Yara Rules

🔗 点击访问项目地址
GitHub
GitHub - RussianPanda95/Yara-Rules: Repository of Yara Rules
Repository of Yara Rules. Contribute to RussianPanda95/Yara-Rules development by creating an account on GitHub.
YARA rules malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Framework

📦 项目名称: c2-site
👤 项目作者: cassio-cloud
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 14:52:19

📝 项目描述:
Site institucional + portfólio + painel admin da C2 Content. Next.js 16 (App Router, RSC, SSG), TypeScript, NextAuth, JSON-em-disco.

🔗 点击访问项目地址
GitHub
GitHub - cassio-cloud/c2-site: Site institucional + portfólio + painel admin da C2 Content. Next.js 16 (App Router, RSC, SSG),…
Site institucional + portfólio + painel admin da C2 Content. Next.js 16 (App Router, RSC, SSG), TypeScript, NextAuth, JSON-em-disco. - cassio-cloud/c2-site
C2 Framework
🚨 GitHub 监控消息提醒

🚨 发现关键词: #攻防演练 #渗透 #靶场

📦 项目名称: SmartMES-Range
👤 项目作者: timidadada
🛠 开发语言: PHP
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 14:36:30

📝 项目描述:
智能制造企业攻防演练靶场系统 (SmartMES) — 用于红蓝对抗渗透测试与应急响应训练。包含 SQL注入、文件上传、命令注入、反序列化等9个预埋漏洞,支持4阶段完整攻击链复现。

🔗 点击访问项目地址
GitHub
GitHub - timidadada/SmartMES-Range: 智能制造企业攻防演练靶场系统 (SmartMES) — 用于红蓝对抗渗透测试与应急响应训练。包含 SQL注入、文件上传、命令注入、反序列化等9个预埋漏洞,支持4阶段完整攻击链复现。
GitHub - timidadada/SmartMES-Range: 智能制造企业攻防演练靶场系统 (SmartMES) — 用于红蓝对抗渗透测试与应急响应训练。包含 SQL注入、文件上传、命令注入、反序列化等9个预埋漏洞,支持4阶段完整攻击链复现。
智能制造企业攻防演练靶场系统 (SmartMES) — 用于红蓝对抗渗透测试与应急响应训练。包含 SQL注入、文件上传、命令注入、反序列化等9个预埋漏洞,支持4阶段完整攻击链复现。 - timidadada/SmartMES-Range
攻防演练 渗透 靶场
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC #Exploit

📦 项目名称: CVE-2026-41089-509
👤 项目作者: Vanquishermacdetach
🛠 开发语言: Python
Star数量: 5 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 14:42:13

📝 项目描述:
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)

🔗 点击访问项目地址
GitHub
GitHub - Vanquishermacdetach/CVE-2026-41089-509: CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
GitHub - Vanquishermacdetach/CVE-2026-41089-509: CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL) - Vanquishermacdetach/CVE-2026-41089-509
CVE POC Exploit
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: yara-sigma-webui
👤 项目作者: wahidhendrawan
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 13:54:39

📝 项目描述:
🛡️ Convert YARA rules → Sigma + native SIEM/EDR queries. Modular engine (web UI + CLI), IOC classification, MITRE ATT&CK tagging, configurable pipelines (Sysmon/WinSec/Linux/Proxy), 7 backends. Docker-Compose-ready with gunicorn + sigma-cli bundled.

🔗 点击访问项目地址
GitHub
GitHub - wahidhendrawan/yara-sigma-webui: 🛡️ Convert YARA rules → Sigma + native SIEM/EDR queries. Modular engine (web UI + CLI)…
GitHub - wahidhendrawan/yara-sigma-webui: 🛡️ Convert YARA rules → Sigma + native SIEM/EDR queries. Modular engine (web UI + CLI)…
🛡️ Convert YARA rules → Sigma + native SIEM/EDR queries. Modular engine (web UI + CLI), IOC classification, MITRE ATT&CK tagging, configurable pipelines (Sysmon/WinSec/Linux/Proxy), 7 backe...
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exchange #CVE

📦 项目名称: mex-release
👤 项目作者: robert-koch-institut
🛠 开发语言: Python
Star数量: 2 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 14:03:35

📝 项目描述:
RKI Metadata Exchange | Releaser tool to create a new release, including changelog rollover, project version bump, commit, tag and push.

🔗 点击访问项目地址
GitHub
GitHub - robert-koch-institut/mex-release: RKI Metadata Exchange | Releaser tool to create a new release, including changelog rollover…
RKI Metadata Exchange | Releaser tool to create a new release, including changelog rollover, project version bump, commit, tag and push. - robert-koch-institut/mex-release
Exchange CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #漏洞 #复现

📦 项目名称: web-security-lab
👤 项目作者: zzddss639
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 13:03:15

📝 项目描述:
Web 安全漏洞复现与安全测试辅助项目

🔗 点击访问项目地址
GitHub
GitHub - zzddss639/web-security-lab: Web 安全漏洞复现与安全测试辅助项目
Web 安全漏洞复现与安全测试辅助项目. Contribute to zzddss639/web-security-lab development by creating an account on GitHub.
漏洞 复现
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: BlazorSpy
👤 项目作者: wanetty
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 13:54:42

📝 项目描述:
Burp Suite extension to inspect and decode Blazor Server WebSocket frames (BlazorPack) into readable/editable JSON.

🔗 点击访问项目地址
GitHub
wanetty/BlazorSpy
wanetty/BlazorSpy
Burp Suite extension to inspect and decode Blazor Server WebSocket frames (BlazorPack) into readable/editable JSON. - wanetty/BlazorSpy
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: Permitter
👤 项目作者: roidrage52
🛠 开发语言: Python
Star数量: 3 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 12:41:59

📝 项目描述:
Permiter is a Burp Suite Extension that automatically tests for Authorization issues using either your proxy history or site map

🔗 点击访问项目地址
GitHub
GitHub - roidrage52/Permitter: Permiter is a Burp Suite Extension that automatically tests for Authorization issues using either…
GitHub - roidrage52/Permitter: Permiter is a Burp Suite Extension that automatically tests for Authorization issues using either…
Permiter is a Burp Suite Extension that automatically tests for Authorization issues using either your proxy history or site map - roidrage52/Permitter
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #NTLM Relay #AD #SMB

📦 项目名称: RelayX
👤 项目作者: RedteamNotes
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 13:01:30

📝 项目描述:
An OPSEC-aware NTLM relay operations framework

🔗 点击访问项目地址
GitHub
GitHub - RedteamNotes/RelayX: An OPSEC-aware NTLM relay operations framework
GitHub - RedteamNotes/RelayX: An OPSEC-aware NTLM relay operations framework
An OPSEC-aware NTLM relay operations framework. Contribute to RedteamNotes/RelayX development by creating an account on GitHub.
NTLM AD SMB
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: DesperateFuzzer
👤 项目作者: Ozozuz
🛠 开发语言: Java
Star数量: 4 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 11:02:37

📝 项目描述:
Burp extension for when you have no more ideas and still want errors.

🔗 点击访问项目地址
GitHub
GitHub - Ozozuz/DesperateFuzzer: Burp extension for when you have no more ideas and still want errors.
GitHub - Ozozuz/DesperateFuzzer: Burp extension for when you have no more ideas and still want errors.
Burp extension for when you have no more ideas and still want errors. - Ozozuz/DesperateFuzzer
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #信息收集 #子域名 #指纹

📦 项目名称: NetCanvas
👤 项目作者: czx1111
🛠 开发语言: Unknown
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 08:27:56

📝 项目描述:
一键信息收集

🔗 点击访问项目地址
GitHub
GitHub - czx1111/NetCanvas: 一键信息收集
GitHub - czx1111/NetCanvas: 一键信息收集
一键信息收集. Contribute to czx1111/NetCanvas development by creating an account on GitHub.
信息收集 子域名 指纹
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #CVE

📦 项目名称: CVE-2026-47423-dompurify-xss-detector
👤 项目作者: Galaxy-sc
🛠 开发语言: Go
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 10:34:15

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
GitHub - Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
Contribute to Galaxy-sc/CVE-2026-47423-dompurify-xss-detector development by creating an account on GitHub.
XSS CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Jenkins #POC

📦 项目名称: poc-13-jenkins-terraform-k8s
👤 项目作者: LasyaM7
🛠 开发语言: HCL
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 11:01:11

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - LasyaM7/poc-13-jenkins-terraform-k8s
GitHub - LasyaM7/poc-13-jenkins-terraform-k8s
Contribute to LasyaM7/poc-13-jenkins-terraform-k8s development by creating an account on GitHub.
Jenkins POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: yara
👤 项目作者: dhanyamanohar
🛠 开发语言: YARA
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 10:04:38

📝 项目描述:
Yara rules

🔗 点击访问项目地址
GitHub
GitHub - dhanyamanohar/yara: Yara rules
GitHub - dhanyamanohar/yara: Yara rules
Yara rules. Contribute to dhanyamanohar/yara development by creating an account on GitHub.
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #渗透测试 #内网

📦 项目名称: API-Agent_JSbot
👤 项目作者: tax3056
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 06:17:25

📝 项目描述:
渗透测试中手动翻找 JS 文件里的 API 接口和敏感信息,眼睛快瞎了; 好不容易找到 JWT Token,还要手动复制粘贴…… API Agent  结合无头浏览器技术,实现低流量特征的智能分析,集成 FindSomething、雪瞳等工具的核心能力,并支持一键导出所有接口。

🔗 点击访问项目地址
GitHub
GitHub - tax3056/API-Agent_JSbot: 渗透测试中手动翻找 JS 文件里的 API 接口和敏感信息,眼睛快瞎了; 好不容易找到 JWT Token,还要手动复制粘贴…… API Agent  结合无头浏览器技术,实现低流量特征的智能分析,集成…
GitHub - tax3056/API-Agent_JSbot: 渗透测试中手动翻找 JS 文件里的 API 接口和敏感信息,眼睛快瞎了; 好不容易找到 JWT Token,还要手动复制粘贴…… API Agent  结合无头浏览器技术,实现低流量特征的智能分析,集成…
渗透测试中手动翻找 JS 文件里的 API 接口和敏感信息,眼睛快瞎了; 好不容易找到 JWT Token,还要手动复制粘贴…… API Agent  结合无头浏览器技术,实现低流量特征的智能分析,集成 FindSomething、雪瞳等工具的核心能力,并支持一键导出所有接口。 - tax3056/API-Agent_JSbot
渗透测试 内网
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF #metadata

📦 项目名称: AntiSSRF-rs
👤 项目作者: finn79426
🛠 开发语言: Rust
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 08:56:49

📝 项目描述:
Microsoft's SSRF Prevention Library for Rust

🔗 点击访问项目地址
GitHub
GitHub - finn79426/AntiSSRF-rs: Microsoft's SSRF Prevention Library for Rust
GitHub - finn79426/AntiSSRF-rs: Microsoft's SSRF Prevention Library for Rust
Microsoft's SSRF Prevention Library for Rust. Contribute to finn79426/AntiSSRF-rs development by creating an account on GitHub.
SSRF metadata
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF #metadata

📦 项目名称: springboot-kafka-flink-postgres-minio-pipeline
👤 项目作者: erancha
🛠 开发语言: Java
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-04 09:02:27

📝 项目描述:
A production-leaning streaming pipeline that reflects a clear understanding of distributed-systems failure modes: idempotent upserts, bounded timeouts on every external I/O path, DLQ routing, SSRF defense, exactly-once reasoning, and real observability. The depth is backed by 100+ tests, including Testcontainers integration suites.

🔗 点击访问项目地址
GitHub
GitHub - erancha/springboot-kafka-flink-postgres-minio-pipeline: A production-leaning streaming pipeline that reflects a clear…
A production-leaning streaming pipeline that reflects a clear understanding of distributed-systems failure modes: idempotent upserts, bounded timeouts on every external I/O path, DLQ routing, SSRF ...
SSRF metadata
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Exchange #CVE #ProxyShell

📦 项目名称: ms-exchange-version-nse
👤 项目作者: righel
🛠 开发语言: Python
Star数量: 86 | 🍴 Fork数量: 16
📅 更新时间: 2026-06-04 09:01:58

📝 项目描述:
Nmap script to detect a Microsoft Exchange instance version with OWA enabled.

🔗 点击访问项目地址
GitHub
GitHub - righel/ms-exchange-version-nse: Nmap script to detect a Microsoft Exchange instance version with OWA enabled.
GitHub - righel/ms-exchange-version-nse: Nmap script to detect a Microsoft Exchange instance version with OWA enabled.
Nmap script to detect a Microsoft Exchange instance version with OWA enabled. - righel/ms-exchange-version-nse
Exchange CVE ProxyShell
Before
After
Back to Top