📦 GitHub 全球红队渗透资源中转站。
旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
GitHub监控消息提醒!!!
更新了:权限维持
描述:Powershell 权限维持后门
URL:https://github.com/AV1080p/Schtasks-Backdoor
标签:#权限维持
更新了:权限维持
描述:Powershell 权限维持后门
URL:https://github.com/AV1080p/Schtasks-Backdoor
标签:#权限维持
GitHub监控消息提醒!!!
更新了:Cobalt Strike
描述:Go-based C2 server inspired by Cobalt Strike; seamless agent control, web UI, and Malleable Profile support. Fast, extensible, and secure for red-team ops. 🐙
URL:https://github.com/armin-hg/NewCobaltstrikeTeamServer
标签:#Cobalt Strike
更新了:Cobalt Strike
描述:Go-based C2 server inspired by Cobalt Strike; seamless agent control, web UI, and Malleable Profile support. Fast, extensible, and secure for red-team ops. 🐙
URL:https://github.com/armin-hg/NewCobaltstrikeTeamServer
标签:#Cobalt Strike
GitHub监控消息提醒!!!
更新了:RCE
描述:A consolidated bug bounty hunting checklist covering everything from recon to critical RCE and cloud exploits.
URL:https://github.com/vux06/BB-Methodology
标签:#RCE
更新了:RCE
描述:A consolidated bug bounty hunting checklist covering everything from recon to critical RCE and cloud exploits.
URL:https://github.com/vux06/BB-Methodology
标签:#RCE
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:CVE-2025-7771 ThrottleStop.sys privilege escalation exploit - unrestricted IOCTL access to physical memory via MmMapIoSpace
URL:https://github.com/Demoo1337/ThrottleStop
标签:#CVE-2025
更新了:CVE-2025
描述:CVE-2025-7771 ThrottleStop.sys privilege escalation exploit - unrestricted IOCTL access to physical memory via MmMapIoSpace
URL:https://github.com/Demoo1337/ThrottleStop
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:RCE
描述:A proof-of-concept (PoC) remote code execution (RCE) exploit targeting vulnerable applications that deserialize untrusted Python pickle objects.
URL:https://github.com/4nuxd/pickle-rce-exploit
标签:#RCE
更新了:RCE
描述:A proof-of-concept (PoC) remote code execution (RCE) exploit targeting vulnerable applications that deserialize untrusted Python pickle objects.
URL:https://github.com/4nuxd/pickle-rce-exploit
标签:#RCE
GitHub监控消息提醒!!!
更新了:RCE
描述:Python-based web vulnerability scanner for detecting SQLi, XSS, IDOR, CSRF, JWT, LFI, RCE, and more.
URL:https://github.com/EbramSec/ebram_web_scanner
标签:#RCE
更新了:RCE
描述:Python-based web vulnerability scanner for detecting SQLi, XSS, IDOR, CSRF, JWT, LFI, RCE, and more.
URL:https://github.com/EbramSec/ebram_web_scanner
标签:#RCE
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:This is CVE-2025-53690 Analysis Documents.
URL:https://github.com/m0d0ri205/CVE-2025-53690-Analysis
标签:#CVE-2025
更新了:CVE-2025
描述:This is CVE-2025-53690 Analysis Documents.
URL:https://github.com/m0d0ri205/CVE-2025-53690-Analysis
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:WinRAR CVE-2025-8088 exploit tool
URL:https://github.com/cozythrill/CVE-2025-8088
标签:#CVE-2025
更新了:CVE-2025
描述:WinRAR CVE-2025-8088 exploit tool
URL:https://github.com/cozythrill/CVE-2025-8088
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:RCE
描述:CVE-2025-54424: 1Panel TLS client cert bypass enables RCE via forged CN 'panel_client' using a bundled scanning and exploitation tool. Affected: <= v2.0.5. 🔐
URL:https://github.com/hophtien/CVE-2025-54424
标签:#RCE
更新了:RCE
描述:CVE-2025-54424: 1Panel TLS client cert bypass enables RCE via forged CN 'panel_client' using a bundled scanning and exploitation tool. Affected: <= v2.0.5. 🔐
URL:https://github.com/hophtien/CVE-2025-54424
标签:#RCE
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:🔓 Decrypt FairPlay-protected iOS apps on macOS (SIP-enabled) using CVE-2025-24204. Supports macOS 15.0-15.2.
URL:https://github.com/bale170501/decrypted
标签:#CVE-2025
更新了:CVE-2025
描述:🔓 Decrypt FairPlay-protected iOS apps on macOS (SIP-enabled) using CVE-2025-24204. Supports macOS 15.0-15.2.
URL:https://github.com/bale170501/decrypted
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:FOGProject Authentication bypass CVE-2025-58443 Exploit
URL:https://github.com/casp3r0x0/CVE-2025-58443
标签:#CVE-2025
更新了:CVE-2025
描述:FOGProject Authentication bypass CVE-2025-58443 Exploit
URL:https://github.com/casp3r0x0/CVE-2025-58443
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:RCE
描述:Firmware Libraries for RCE Platform Development
URL:https://github.com/Makavellik/POC-CVE-2021-42013-EXPLOIT
标签:#RCE
更新了:RCE
描述:Firmware Libraries for RCE Platform Development
URL:https://github.com/Makavellik/POC-CVE-2021-42013-EXPLOIT
标签:#RCE
GitHub监控消息提醒!!!
更新了:RCE
描述:CVE-2024-22722 RCE via SSTI Automation with Python.
URL:https://github.com/terribledactyl/Form-Tools-3.1.1-RCE
标签:#RCE
更新了:RCE
描述:CVE-2024-22722 RCE via SSTI Automation with Python.
URL:https://github.com/terribledactyl/Form-Tools-3.1.1-RCE
标签:#RCE
GitHub监控消息提醒!!!
更新了:RCE
描述:RCEPayloadGen - Advanced RCE Payload Generator - Over 2500 Remote Code Execution (RCE) payloads
URL:https://github.com/kabiri-labs/rcpayloadgen
标签:#RCE
更新了:RCE
描述:RCEPayloadGen - Advanced RCE Payload Generator - Over 2500 Remote Code Execution (RCE) payloads
URL:https://github.com/kabiri-labs/rcpayloadgen
标签:#RCE
GitHub监控消息提醒!!!
更新了:弱口令
描述:安全运维工具箱是一款面向安全运维场景的集成化利器,融合了资产管理、资产测绘、漏洞检测、配置核查、弱口令检测、批量化运维、漏洞跟踪、报告生成以及日志审计等核心功能模块。
URL:https://github.com/nbyiansec/sskit
标签:#弱口令
更新了:弱口令
描述:安全运维工具箱是一款面向安全运维场景的集成化利器,融合了资产管理、资产测绘、漏洞检测、配置核查、弱口令检测、批量化运维、漏洞跟踪、报告生成以及日志审计等核心功能模块。
URL:https://github.com/nbyiansec/sskit
标签:#弱口令
GitHub监控消息提醒!!!
更新了:漏洞验证
描述:Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有19w+POC,已校验格式的有效性并去重(验证的是格式的有效性)
URL:https://github.com/WuhanUniversityZJF/DOBOT_Internship
标签:#漏洞验证
更新了:漏洞验证
描述:Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有19w+POC,已校验格式的有效性并去重(验证的是格式的有效性)
URL:https://github.com/WuhanUniversityZJF/DOBOT_Internship
标签:#漏洞验证
GitHub监控消息提醒!!!
更新了:钓鱼
描述:🎣 钓鱼平台 - 基于uni-app的多端钓鱼服务平台,包含顾客端、管理员端和员工端。集成完整的CI/CD流水线、智能监控系统、自适应缓存优化、数据驱动分析等企业级功能。支持H5、微信小程序等多端部署。
URL:https://github.com/TAnderson2718/fishing-uniapp
标签:#钓鱼
更新了:钓鱼
描述:🎣 钓鱼平台 - 基于uni-app的多端钓鱼服务平台,包含顾客端、管理员端和员工端。集成完整的CI/CD流水线、智能监控系统、自适应缓存优化、数据驱动分析等企业级功能。支持H5、微信小程序等多端部署。
URL:https://github.com/TAnderson2718/fishing-uniapp
标签:#钓鱼
GitHub监控消息提醒!!!
更新了:Red Team
描述:DarkPhoenix es un toolkit avanzado que combina técnicas de Red Team y Blue Team en un único framework diseñado para entornos controlados y educativos.
URL:https://github.com/Laitwha/ShellCode-Encrypt-Tool-Xor-Aes-Fud-Stable
标签:#Red Team
更新了:Red Team
描述:DarkPhoenix es un toolkit avanzado que combina técnicas de Red Team y Blue Team en un único framework diseñado para entornos controlados y educativos.
URL:https://github.com/Laitwha/ShellCode-Encrypt-Tool-Xor-Aes-Fud-Stable
标签:#Red Team