📦 GitHub 全球红队渗透资源中转站。
旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:Public writeup for CVE-2025-55996 (Viber Desktop HTML Injection)
URL:https://github.com/thawkhant/viber-desktop-html-injection
标签:#CVE-2025
更新了:CVE-2025
描述:Public writeup for CVE-2025-55996 (Viber Desktop HTML Injection)
URL:https://github.com/thawkhant/viber-desktop-html-injection
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:反序列化
描述:基于vue3+element-plus+javascript-stringify的js序列化反序列化输入框组
URL:https://github.com/is-zhou/vue-serialize-input
标签:#反序列化
更新了:反序列化
描述:基于vue3+element-plus+javascript-stringify的js序列化反序列化输入框组
URL:https://github.com/is-zhou/vue-serialize-input
标签:#反序列化
GitHub监控消息提醒!!!
更新了:内存马
描述:哥斯拉插件,自定义内存马注入器,java-memshell-generator-Godzilla-custom,参考https://github.com/1ucky7/jmg-for-Godzilla,因为原插件没有自定义内存马注入的功能,所以顺手加了个,可输入base64字节码进行注入,感谢 1ucky7师傅
URL:https://github.com/h00klod0er/java-memshell-generator-Godzilla-custom
标签:#内存马
更新了:内存马
描述:哥斯拉插件,自定义内存马注入器,java-memshell-generator-Godzilla-custom,参考https://github.com/1ucky7/jmg-for-Godzilla,因为原插件没有自定义内存马注入的功能,所以顺手加了个,可输入base64字节码进行注入,感谢 1ucky7师傅
URL:https://github.com/h00klod0er/java-memshell-generator-Godzilla-custom
标签:#内存马
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.
URL:https://github.com/MKIRAHMET/CVE-2025-29927-PoC
标签:#CVE-2025
更新了:CVE-2025
描述:🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.
URL:https://github.com/MKIRAHMET/CVE-2025-29927-PoC
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched models
URL:https://github.com/MKIRAHMET/CVE-2025-29927-PoC
标签:#CVE-2025
更新了:CVE-2025
描述:A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched models
URL:https://github.com/MKIRAHMET/CVE-2025-29927-PoC
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:burp
描述:VigilantX 是一个专为 Burp Suite 设计的被动式 XSS(跨站脚本)漏洞检测扩展。该工具采用创新的两阶段检测机制,能够高效、准确地识别 Web 应用中的 XSS 漏洞,并通过飞书 Webhook 实时推送漏洞发现通知。
URL:https://github.com/dagcybersec/Offensive-Security-Lab-by-DAG
标签:#burp
更新了:burp
描述:VigilantX 是一个专为 Burp Suite 设计的被动式 XSS(跨站脚本)漏洞检测扩展。该工具采用创新的两阶段检测机制,能够高效、准确地识别 Web 应用中的 XSS 漏洞,并通过飞书 Webhook 实时推送漏洞发现通知。
URL:https://github.com/dagcybersec/Offensive-Security-Lab-by-DAG
标签:#burp
GitHub监控消息提醒!!!
更新了:漏洞检测
描述:VigilantX 是一个专为 Burp Suite 设计的被动式 XSS(跨站脚本)漏洞检测扩展。该工具采用创新的两阶段检测机制,能够高效、准确地识别 Web 应用中的 XSS 漏洞,并通过飞书 Webhook 实时推送漏洞发现通知。
URL:https://github.com/Zacarx/VigilantX
标签:#漏洞检测
更新了:漏洞检测
描述:VigilantX 是一个专为 Burp Suite 设计的被动式 XSS(跨站脚本)漏洞检测扩展。该工具采用创新的两阶段检测机制,能够高效、准确地识别 Web 应用中的 XSS 漏洞,并通过飞书 Webhook 实时推送漏洞发现通知。
URL:https://github.com/Zacarx/VigilantX
标签:#漏洞检测
GitHub监控消息提醒!!!
更新了:webshell
描述:Java monitoring tool for Apache Tomcat to detect memory webshell
URL:https://github.com/M1nh-Duk/Inspectra
标签:#webshell
更新了:webshell
描述:Java monitoring tool for Apache Tomcat to detect memory webshell
URL:https://github.com/M1nh-Duk/Inspectra
标签:#webshell
GitHub监控消息提醒!!!
更新了:Cobalt Strike
描述:异步Beacon Object Files概念的实现。它提供了一个框架,用于运行可以检测事件并报告回Cobalt Strike团队服务器的异步监控任务。
URL:https://github.com/9Insomnie/async_bof
标签:#Cobalt Strike
更新了:Cobalt Strike
描述:异步Beacon Object Files概念的实现。它提供了一个框架,用于运行可以检测事件并报告回Cobalt Strike团队服务器的异步监控任务。
URL:https://github.com/9Insomnie/async_bof
标签:#Cobalt Strike
GitHub监控消息提醒!!!
更新了:绕过
描述:🚀 AI转录器本地客户端工具 - 完全绕过反机器人检测,支持200+视频平台 | AI Transcriber Local Client - Bypass Anti-Bot Detection, Support 200+ Video Platforms
URL:https://github.com/AugustineQiu/ai-transcriber-client
标签:#绕过
更新了:绕过
描述:🚀 AI转录器本地客户端工具 - 完全绕过反机器人检测,支持200+视频平台 | AI Transcriber Local Client - Bypass Anti-Bot Detection, Support 200+ Video Platforms
URL:https://github.com/AugustineQiu/ai-transcriber-client
标签:#绕过
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:Detection for CVE-2025-42944
URL:https://github.com/rxerium/CVE-2025-42944
标签:#CVE-2025
更新了:CVE-2025
描述:Detection for CVE-2025-42944
URL:https://github.com/rxerium/CVE-2025-42944
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.
URL:https://github.com/sureshkumarsat/CVE-2025-31258-PoC
标签:#CVE-2025
更新了:CVE-2025
描述:🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.
URL:https://github.com/sureshkumarsat/CVE-2025-31258-PoC
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:CVE-2025
描述:🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.
URL:https://github.com/sureshkumarsat/CVE-2025-31258-PoC
标签:#CVE-2025
更新了:CVE-2025
描述:🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.
URL:https://github.com/sureshkumarsat/CVE-2025-31258-PoC
标签:#CVE-2025
GitHub监控消息提醒!!!
更新了:Red Team
描述:ReconRoyale challenges, bug bounty experiments, and penetration testing notes | Red Team, subdomain, and cloud asset discovery
URL:https://github.com/fawadqureshi007/recon-assets
标签:#Red Team
更新了:Red Team
描述:ReconRoyale challenges, bug bounty experiments, and penetration testing notes | Red Team, subdomain, and cloud asset discovery
URL:https://github.com/fawadqureshi007/recon-assets
标签:#Red Team
GitHub监控消息提醒!!!
更新了:webshell
描述:A personal tool for webshell-based file management and vulnerability testing in local environments.
URL:https://github.com/gexer00/gexer-webshell
标签:#webshell
更新了:webshell
描述:A personal tool for webshell-based file management and vulnerability testing in local environments.
URL:https://github.com/gexer00/gexer-webshell
标签:#webshell
GitHub监控消息提醒!!!
更新了:RCE
描述:XSS, SQLI, LFI, RCE Practice Labs in php
URL:https://github.com/KrazePlanet/KrazePlanetLabs
标签:#RCE
更新了:RCE
描述:XSS, SQLI, LFI, RCE Practice Labs in php
URL:https://github.com/KrazePlanet/KrazePlanetLabs
标签:#RCE
GitHub监控消息提醒!!!
更新了:RCE
描述:XSS, SQLI, LFI, RCE Practice Labs in php
URL:https://github.com/KrazePlanet/KrazePlanetLabs
标签:#RCE
更新了:RCE
描述:XSS, SQLI, LFI, RCE Practice Labs in php
URL:https://github.com/KrazePlanet/KrazePlanetLabs
标签:#RCE
GitHub监控消息提醒!!!
更新了:漏洞检测
描述:Spring Boot Actuator未授权访问漏洞检测工具
URL:https://github.com/renbon-wu/SBAunauth
标签:#漏洞检测
更新了:漏洞检测
描述:Spring Boot Actuator未授权访问漏洞检测工具
URL:https://github.com/renbon-wu/SBAunauth
标签:#漏洞检测
GitHub监控消息提醒!!!
更新了:Red Team
描述:Red Team utility that alerts you to potential Blue Team, IDS, and IPS detection activity
URL:https://github.com/Acucarinho/Doppel
标签:#Red Team
更新了:Red Team
描述:Red Team utility that alerts you to potential Blue Team, IDS, and IPS detection activity
URL:https://github.com/Acucarinho/Doppel
标签:#Red Team