📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Control

📦 项目名称: github-C2
👤 项目作者: Kxiandaoyan
🛠 开发语言: Rust
Star数量: 7 | 🍴 Fork数量: 5
📅 更新时间: 2026-04-02 20:59:30

📝 项目描述:
基于GitHub Issues API的隐蔽C2框架,支持Windows/Linux,AES-256-GCM加密通信,远程命令执行、文件管理、端口扫描等功能

🔗 点击访问项目地址
GitHub
GitHub - Kxiandaoyan/github-C2: 基于GitHub Issues API的隐蔽C2框架,支持Windows/Linux,AES-256-GCM加密通信,远程命令执行、文件管理、端口扫描等功能
基于GitHub Issues API的隐蔽C2框架,支持Windows/Linux,AES-256-GCM加密通信,远程命令执行、文件管理、端口扫描等功能 - Kxiandaoyan/github-C2
C2 Control
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XXE

📦 项目名称: b-xssrf-framework
👤 项目作者: mazen-elgammal10
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 19:41:32

📝 项目描述:
Automated Vulnerability Research Framework for SSRF & XXE exploitation in AI-integrated applications.

🔗 点击访问项目地址
GitHub
GitHub - mazen-elgammal10/b-xssrf-framework: Automated Vulnerability Research Framework for SSRF & XXE exploitation in AI-integrated…
GitHub - mazen-elgammal10/b-xssrf-framework: Automated Vulnerability Research Framework for SSRF & XXE exploitation in AI-integrated…
Automated Vulnerability Research Framework for SSRF & XXE exploitation in AI-integrated applications. - mazen-elgammal10/b-xssrf-framework
XXE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV #OTP

📦 项目名称: 2FAssassin
👤 项目作者: Bd-Mutant7
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 20:01:10

📝 项目描述:
Bypass Two-Factor-Authentication

🔗 点击访问项目地址
GitHub
GitHub - Bd-Mutant7/2FAssassin: Bypass Two-Factor-Authentication
GitHub - Bd-Mutant7/2FAssassin: Bypass Two-Factor-Authentication
Bypass Two-Factor-Authentication. Contribute to Bd-Mutant7/2FAssassin development by creating an account on GitHub.
Bypass AV OTP
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Shellcode #Loader #Inject

📦 项目名称: WindowsShell-Injector-Shellcode-Loader
👤 项目作者: Drawmwm
🛠 开发语言: C++
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 18:53:35

📝 项目描述:
An advanced Windows shell code loader and generator toolset featuring XOR encryption, debug protection, and GUI capabilities for penetration testing.

🔗 点击访问项目地址
GitHub
GitHub - Drawmwm/WindowsShell-Injector-Shellcode-Loader: An advanced Windows shell code loader and generator toolset featuring…
GitHub - Drawmwm/WindowsShell-Injector-Shellcode-Loader: An advanced Windows shell code loader and generator toolset featuring…
An advanced Windows shell code loader and generator toolset featuring XOR encryption, debug protection, and GUI capabilities for penetration testing. - Drawmwm/WindowsShell-Injector-Shellcode-Loader
Shellcode Loader Inject
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF

📦 项目名称: agent-egress-bench
👤 项目作者: luckyPipewrench
🛠 开发语言: Go
Star数量: 2 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 18:50:27

📝 项目描述:
Tool-neutral attack corpus for AI agent egress security

🔗 点击访问项目地址
GitHub
GitHub - luckyPipewrench/agent-egress-bench: Tool-neutral attack corpus for AI agent egress security
GitHub - luckyPipewrench/agent-egress-bench: Tool-neutral attack corpus for AI agent egress security
Tool-neutral attack corpus for AI agent egress security - luckyPipewrench/agent-egress-bench
SSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CobaltStrike #Profile #Aggressor #CNA

📦 项目名称: Cobaltstrike-atexec-CNA-plugin
👤 项目作者: Wamrma
🛠 开发语言: C++
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 18:02:02

📝 项目描述:
Enables-Cobalt-Strike-to-support-Atexec-plugin-cna

🔗 点击访问项目地址
GitHub
GitHub - Wamrma/Cobaltstrike-atexec-CNA-plugin: Enables-Cobalt-Strike-to-support-Atexec-plugin-cna
Enables-Cobalt-Strike-to-support-Atexec-plugin-cna - Wamrma/Cobaltstrike-atexec-CNA-plugin
CobaltStrike Profile Aggressor CNA
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF

📦 项目名称: mcp-shield
👤 项目作者: srisowmya2000
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 17:57:59

📝 项目描述:
Secure MCP runtime — policy enforcement, SSRF/secret-theft blocking, audit logging

🔗 点击访问项目地址
GitHub
GitHub - srisowmya2000/mcp-shield: Secure MCP runtime — policy enforcement, SSRF/secret-theft blocking, audit logging
Secure MCP runtime — policy enforcement, SSRF/secret-theft blocking, audit logging - srisowmya2000/mcp-shield
SSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Payload

📦 项目名称: XSS_exemple
👤 项目作者: hiamhuy
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 17:02:29

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - hiamhuy/XSS_exemple
Contribute to hiamhuy/XSS_exemple development by creating an account on GitHub.
XSS Payload
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: Blazing-Black-Dragon
👤 项目作者: Ali-Haidar-Sy
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 17:02:21

📝 项目描述:
Blazing Black Dragon – professional web vulnerability scanner with 26 attack vectors: XSS, SQLi, SSTI, LFI, CMDi, CORS, GraphQL, OAuth, subdomains, secrets, ports, SSL, headers, CMS, dir brute, open redirect, CSRF, smuggling, external tools (Nikto/Nuclei), HTML/JSON/CSV/XML reports. For authorised use only.

🔗 点击访问项目地址
GitHub
GitHub - Ali-Haidar-Sy/Blazing-Black-Dragon: 🔥🐉 Professional web vulnerability scanner with 26 attack vectors – XSS, SQLi, SSTI…
🔥🐉 Professional web vulnerability scanner with 26 attack vectors – XSS, SQLi, SSTI, LFI, CMDi, CORS, GraphQL, subdomains, ports, SSL, CMS, open redirect, CSRF, smuggling, external tools (Nikto/Nucl...
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #注入 #SQL

📦 项目名称: gin-core
👤 项目作者: possibities
🛠 开发语言: Go
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 16:19:34

📝 项目描述:
Go/Gin 后端脚手架 — 分层架构、Wire 编译期依赖注入、JWT 密钥轮转、Casbin RBAC、Redis 缓存/分布式锁、滑动窗口限流、事务性 Outbox、OpenTelemetry 链路追踪、Prometheus 监控

🔗 点击访问项目地址
GitHub
GitHub - possibities/gin-core: Go/Gin 后端脚手架 — 分层架构、Wire 编译期依赖注入、JWT 密钥轮转、Casbin RBAC、Redis 缓存/分布式锁、滑动窗口限流、事务性 Outbox、OpenTelemetry…
Go/Gin 后端脚手架 — 分层架构、Wire 编译期依赖注入、JWT 密钥轮转、Casbin RBAC、Redis 缓存/分布式锁、滑动窗口限流、事务性 Outbox、OpenTelemetry 链路追踪、Prometheus 监控 - possibities/gin-core
注入 SQL
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-22738-POC
👤 项目作者: n0n4m3x41
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 16:25:31

📝 项目描述:
PoC for CVE-2026-22738

🔗 点击访问项目地址
GitHub
GitHub - n0n4m3x41/CVE-2026-22738-POC: PoC for CVE-2026-22738
GitHub - n0n4m3x41/CVE-2026-22738-POC: PoC for CVE-2026-22738
PoC for CVE-2026-22738. Contribute to n0n4m3x41/CVE-2026-22738-POC development by creating an account on GitHub.
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Shellcode #Execute

📦 项目名称: x96-combiner
👤 项目作者: RTS-Framework
🛠 开发语言: Go
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 15:58:43

📝 项目描述:
A tool for building multi-architecture (x86/x64) shellcode that can execute correctly on both platforms.

🔗 点击访问项目地址
GitHub
GitHub - RTS-Framework/x96-combiner: A tool for building multi-architecture (x86/x64) shellcode that can execute correctly on both…
A tool for building multi-architecture (x86/x64) shellcode that can execute correctly on both platforms. - RTS-Framework/x96-combiner
Shellcode Execute
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: vulnlab
👤 项目作者: Prakhar-Sethi
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 15:55:56

📝 项目描述:
Interactive XSS & CSRF security education web app

🔗 点击访问项目地址
GitHub
GitHub - Prakhar-Sethi/vulnlab: Interactive XSS & CSRF security education web app
Interactive XSS & CSRF security education web app. Contribute to Prakhar-Sethi/vulnlab development by creating an account on GitHub.
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #注入 #SQL

📦 项目名称: docora-go
👤 项目作者: qqqqhhqq
🛠 开发语言: Go
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 15:34:45

📝 项目描述:
基于 Gin 框架和依赖注入的现代化 Go Web 服务

🔗 点击访问项目地址
GitHub
GitHub - qqqqhhqq/docora-go: 基于 Gin 框架和依赖注入的现代化 Go Web 服务
基于 Gin 框架和依赖注入的现代化 Go Web 服务. Contribute to qqqqhhqq/docora-go development by creating an account on GitHub.
注入 SQL
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: ICSA-26-055-03
👤 项目作者: MichaelAdamGroberman
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 15:58:52

📝 项目描述:
CISA Advisory ICSA-26-055-03 (Update A) — Gardyn Home Kit IoT Vulnerabilities — 10 CVEs (CVE-2025-1242, CVE-2025-10681, CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2026-28766, CVE-2026-25197, CVE-2026-32646, CVE-2026-28767, CVE-2026-32662)

🔗 点击访问项目地址
GitHub
GitHub - MichaelAdamGroberman/ICSA-26-055-03: CISA Advisory ICSA-26-055-03 (Update A) — Gardyn Home Kit IoT Vulnerabilities — 10…
GitHub - MichaelAdamGroberman/ICSA-26-055-03: CISA Advisory ICSA-26-055-03 (Update A) — Gardyn Home Kit IoT Vulnerabilities — 10…
CISA Advisory ICSA-26-055-03 (Update A) — Gardyn Home Kit IoT Vulnerabilities — 10 CVEs - MichaelAdamGroberman/ICSA-26-055-03
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #信息收集

📦 项目名称: xxx-mods-scanner
👤 项目作者: lkpnb
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 14:50:58

📝 项目描述:
一款适合新手的网站信息收集工具

🔗 点击访问项目地址
GitHub
GitHub - lkpnb/xxx-mods-scanner: 一款适合新手的网站信息收集工具
一款适合新手的网站信息收集工具. Contribute to lkpnb/xxx-mods-scanner development by creating an account on GitHub.
信息收集
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Command #Control

📦 项目名称: C2Pas-Jinja
👤 项目作者: tregubovav-dev
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 15:00:49

📝 项目描述:
C-headers to Pascal translation. Uses Python scripts with CLang AST library to transform CLang headers into Pascal declaration using Jinga2 templates.

🔗 点击访问项目地址
GitHub
GitHub - tregubovav-dev/C2Pas-Jinja: C-headers to Pascal translation. Uses Python scripts with CLang AST library to transform CLang…
C-headers to Pascal translation. Uses Python scripts with CLang AST library to transform CLang headers into Pascal declaration using Jinga2 templates. - tregubovav-dev/C2Pas-Jinja
C2 Command Control
🚨 GitHub 监控消息提醒

🚨 发现关键词: #注入 #SQL

📦 项目名称: sql-nosql
👤 项目作者: R1d3r666
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 14:58:23

📝 项目描述:
知识点关于数据库注入的原理和绕过姿势

🔗 点击访问项目地址
GitHub
R1d3r666/sql-nosql
知识点关于数据库注入的原理和绕过姿势. Contribute to R1d3r666/sql-nosql development by creating an account on GitHub.
注入 SQL
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-23416-POC
👤 项目作者: bluedragonsecurity
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-02 14:58:54

📝 项目描述:
POC for CVE-2026-23416 (linux kernel 6.17-linux kernel 7 rc5) - vulnerability discovered by Antonius

🔗 点击访问项目地址
GitHub
GitHub - bluedragonsecurity/CVE-2026-23416-POC: POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability…
GitHub - bluedragonsecurity/CVE-2026-23416-POC: POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability…
POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability discovered by Antonius - bluedragonsecurity/CVE-2026-23416-POC
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Shellcode #Loader

📦 项目名称: CTFPacker
👤 项目作者: mochabyte0x
🛠 开发语言: C
Star数量: 120 | 🍴 Fork数量: 22
📅 更新时间: 2026-04-02 13:58:18

📝 项目描述:
Shellcode packer for CTFs and pentest / red team exams aiming for AV evasion!

🔗 点击访问项目地址
GitHub
GitHub - mochabyte0x/CTFPacker: Shellcode packer for CTFs and pentest / red team exams aiming for AV evasion!
GitHub - mochabyte0x/CTFPacker: Shellcode packer for CTFs and pentest / red team exams aiming for AV evasion!
Shellcode packer for CTFs and pentest / red team exams aiming for AV evasion! - mochabyte0x/CTFPacker
Shellcode Loader
Before
After
Back to Top