📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: Blazing-Black-Dragon
👤 项目作者: unguaranteed-cabin828
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-28 00:39:30

📝 项目描述:
Build a sleek black dragon UI with bold ASCII art, clean layouts, and fast setup for GitHub profiles and project pages

🔗 点击访问项目地址
GitHub
GitHub - unguaranteed-cabin828/Blazing-Black-Dragon: Build a sleek black dragon UI with bold ASCII art, clean layouts, and fast…
Build a sleek black dragon UI with bold ASCII art, clean layouts, and fast setup for GitHub profiles and project pages - unguaranteed-cabin828/Blazing-Black-Dragon
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #EDR

📦 项目名称: VibeBlade
👤 项目作者: kevin046
🛠 开发语言: Python
Star数量: 3 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-28 00:59:20

📝 项目描述:
VibeDrift - Run any LLM on your own hardware. Bypass the VRAM wall with CPU/RAM inference, MOE expert offloading, and 4-bit quantization. No Cloud, no Subscription.

🔗 点击访问项目地址
GitHub
kevin046 - Overview
I am a technology entrepreneur and full-stack developer based in the Greater Toronto Area, dedicated to bridging the gap between frontier-scale AI and local LLM - kevin046
Bypass EDR
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Credential Dumping

📦 项目名称: Detection-of-Suspicious-LSASS-Dump-Activity-via-PowerShell-CMD-in-Splunk
👤 项目作者: KillerInstinct7
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 23:32:11

📝 项目描述:
Built and validated a Splunk detection for PowerShell or cmd activity executing from or referencing a temporary directory where the command line references an LSASS dump file (lsass.DMP). This behavior may indicate credential dumping or unauthorized access to sensitive system memory artifacts.

🔗 点击访问项目地址
GitHub
GitHub - KillerInstinct7/Detection-of-Suspicious-LSASS-Dump-Activity-via-PowerShell-CMD-in-Splunk: Built and validated a Splunk…
GitHub - KillerInstinct7/Detection-of-Suspicious-LSASS-Dump-Activity-via-PowerShell-CMD-in-Splunk: Built and validated a Splunk…
Built and validated a Splunk detection for PowerShell or cmd activity executing from or referencing a temporary directory where the command line references an LSASS dump file (lsass.DMP). This beh...
Credential
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV #UAC #Patch

📦 项目名称: dahusim
👤 项目作者: shvshnkr
🛠 开发语言: Kotlin
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 23:01:26

📝 项目描述:
husi clicl-to-connect fork for ru-censority bypass using open servers

🔗 点击访问项目地址
GitHub
GitHub - shvshnkr/dahusim: husi clicl-to-connect fork for ru-censority bypass using open servers
GitHub - shvshnkr/dahusim: husi clicl-to-connect fork for ru-censority bypass using open servers
husi clicl-to-connect fork for ru-censority bypass using open servers - shvshnkr/dahusim
Bypass AV UAC Patch
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-21986-VirtualBox-DoS
👤 项目作者: MohaBars
🛠 开发语言: C++
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 21:08:19

📝 项目描述:
CVE-2026-21986: VirtualBox Shared Folders kernel memory exhaustion DoS

🔗 点击访问项目地址
GitHub
GitHub - MohaBars/CVE-2026-21986-VirtualBox-DoS: CVE-2026-21986: VirtualBox Shared Folders kernel memory exhaustion DoS
CVE-2026-21986: VirtualBox Shared Folders kernel memory exhaustion DoS - MohaBars/CVE-2026-21986-VirtualBox-DoS
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #POC #CVE

📦 项目名称: pentest-ai
👤 项目作者: 0xSteph
🛠 开发语言: Python
Star数量: 111 | 🍴 Fork数量: 24
📅 更新时间: 2026-04-27 20:57:48

📝 项目描述:
The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.

🔗 点击访问项目地址
GitHub
GitHub - 0xSteph/pentest-ai: Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes…
GitHub - 0xSteph/pentest-ai: Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes…
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path. - 0xSteph/pentest-ai
POC CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Webshell

📦 项目名称: PHP-Sentinel-AST
👤 项目作者: yanjingyao
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 19:57:55

📝 项目描述:
基于 AST(抽象语法树)的 PHP 代码安全审计平台。支持污点传播分析、WebShell 检测、AI 辅助审计,提供可视化仪表盘与多种格式报告导出。

🔗 点击访问项目地址
GitHub
GitHub - yanjingyao/PHP-Sentinel-AST: 基于 AST(抽象语法树)的 PHP 代码安全审计平台。支持污点传播分析、WebShell 检测、AI 辅助审计,提供可视化仪表盘与多种格式报告导出。
GitHub - yanjingyao/PHP-Sentinel-AST: 基于 AST(抽象语法树)的 PHP 代码安全审计平台。支持污点传播分析、WebShell 检测、AI 辅助审计,提供可视化仪表盘与多种格式报告导出。
基于 AST(抽象语法树)的 PHP 代码安全审计平台。支持污点传播分析、WebShell 检测、AI 辅助审计,提供可视化仪表盘与多种格式报告导出。 - yanjingyao/PHP-Sentinel-AST
Webshell
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV

📦 项目名称: flow-driver-gui-vpn
👤 项目作者: ACriticalCoder
🛠 开发语言: Go
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 20:00:24

📝 项目描述:
A GUI tool to bypass restrictive networks by tunneling SOCKS5 traffic through legitimate Google Drive API requests using FlowDriver.

🔗 点击访问项目地址
GitHub
GitHub - ACriticalCoder/flow-driver-gui-vpn: A GUI tool to bypass restrictive networks by tunneling SOCKS5 traffic through legitimate…
A GUI tool to bypass restrictive networks by tunneling SOCKS5 traffic through legitimate Google Drive API requests using FlowDriver. - ACriticalCoder/flow-driver-gui-vpn
Bypass AV
🚨 GitHub 监控消息提醒

🚨 发现关键词: #注入 #模板

📦 项目名称: frontier-chain-skeleton
👤 项目作者: konbakuyomu
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 18:31:05

📝 项目描述:
Mihomo override skeleton script — Sparkle/Sub-Store/Shadowrocket 三端共享,无凭据,运行时通过 $arguments 注入

🔗 点击访问项目地址
GitHub
GitHub - konbakuyomu/frontier-chain-skeleton: Mihomo override skeleton script — Sparkle/Sub-Store/Shadowrocket 三端共享,无凭据,运行时通过 $arguments…
Mihomo override skeleton script — Sparkle/Sub-Store/Shadowrocket 三端共享,无凭据,运行时通过 $arguments 注入 - konbakuyomu/frontier-chain-skeleton
注入 模板
🚨 GitHub 监控消息提醒

🚨 发现关键词: #0day

📦 项目名称: doas_race_condition
👤 项目作者: demon-i386
🛠 开发语言: C
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 18:01:31

📝 项目描述:
0day - Privilege escalation using DOAS

🔗 点击访问项目地址
GitHub
GitHub - demon-i386/doas_race_condition: 0day - Privilege escalation using DOAS
GitHub - demon-i386/doas_race_condition: 0day - Privilege escalation using DOAS
0day - Privilege escalation using DOAS. Contribute to demon-i386/doas_race_condition development by creating an account on GitHub.
0day
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF

📦 项目名称: ssrf
👤 项目作者: vivekpv1610
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 16:35:47

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - vivekpv1610/ssrf
Contribute to vivekpv1610/ssrf development by creating an account on GitHub.
SSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026

📦 项目名称: CVE-2026-33439-OpenAM
👤 项目作者: shreyas-malhotra
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 16:23:39

📝 项目描述:
Vulnerable endpoint description for CVE-2026-33439 in OpenAM

🔗 点击访问项目地址
GitHub
GitHub - shreyas-malhotra/CVE-2026-33439-OpenAM: Vulnerable endpoint description for CVE-2026-33439 in OpenAM
Vulnerable endpoint description for CVE-2026-33439 in OpenAM - shreyas-malhotra/CVE-2026-33439-OpenAM
CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV #Filter

📦 项目名称: GoGuardian-Bypass
👤 项目作者: fuckyou859-source
🛠 开发语言: CSS
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 16:01:28

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - fuckyou859-source/GoGuardian-Bypass
Contribute to fuckyou859-source/GoGuardian-Bypass development by creating an account on GitHub.
Bypass AV Filter
🚨 GitHub 监控消息提醒

🚨 发现关键词: #漏洞 #挖掘

📦 项目名称: bounty-hunter
👤 项目作者: Wat-nz
🛠 开发语言: None
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 15:56:01

📝 项目描述:
全自动漏洞挖掘与赏金工具

🔗 点击访问项目地址
GitHub
GitHub - Wat-nz/bounty-hunter: 全自动漏洞挖掘与赏金工具
全自动漏洞挖掘与赏金工具. Contribute to Wat-nz/bounty-hunter development by creating an account on GitHub.
漏洞 挖掘
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: we2-csrf-attacker
👤 项目作者: mstolze
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 14:43:07

📝 项目描述:
we2-csrf-attacker

🔗 点击访问项目地址
GitHub
GitHub - mstolze/we2-csrf-attacker: we2-csrf-attacker
we2-csrf-attacker. Contribute to mstolze/we2-csrf-attacker development by creating an account on GitHub.
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #漏洞 #EXP #POC #利用

📦 项目名称: 1DayNews
👤 项目作者: Knaithe
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 14:47:00

📝 项目描述:
单文件 Python 漏洞情报聚合器:20+ 源 → RCE 过滤 → SQLite 去重 → Telegram 推送,支持 CLI 查询和 Claude Code skill 驱动。

🔗 点击访问项目地址
GitHub
GitHub - Knaithe/1DayNews: 聚合多源漏洞情报,通过正则评分、新鲜度验证、LLM 研判三层过滤,精准推送 1day RCE 到 Telegram。
聚合多源漏洞情报,通过正则评分、新鲜度验证、LLM 研判三层过滤,精准推送 1day RCE 到 Telegram。 - Knaithe/1DayNews
漏洞 EXP POC 利用
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Shellcode #Inject #Execute

📦 项目名称: PeDropper
👤 项目作者: maxDcb
🛠 开发语言: C++
Star数量: 11 | 🍴 Fork数量: 7
📅 更新时间: 2026-04-27 13:58:45

📝 项目描述:
Create a Shellcode Dropper from any Windows Module

🔗 点击访问项目地址
GitHub
GitHub - maxDcb/PeDropper: Create a Shellcode Dropper from any Windows Module
Create a Shellcode Dropper from any Windows Module - maxDcb/PeDropper
Shellcode Inject Execute
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Attack

📦 项目名称: HtmlSanitizer
👤 项目作者: mganss
🛠 开发语言: C#
Star数量: 1685 | 🍴 Fork数量: 224
📅 更新时间: 2026-04-27 14:01:53

📝 项目描述:
Cleans HTML to avoid XSS attacks

🔗 点击访问项目地址
GitHub
GitHub - mganss/HtmlSanitizer: Cleans HTML to avoid XSS attacks
GitHub - mganss/HtmlSanitizer: Cleans HTML to avoid XSS attacks
Cleans HTML to avoid XSS attacks. Contribute to mganss/HtmlSanitizer development by creating an account on GitHub.
XSS Attack
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CSRF

📦 项目名称: csrf-attack
👤 项目作者: zaeem-shakir
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 13:56:05

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - zaeem-shakir/csrf-attack
GitHub - zaeem-shakir/csrf-attack
Contribute to zaeem-shakir/csrf-attack development by creating an account on GitHub.
CSRF
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #AV #Filter

📦 项目名称: Broken-access-control_lab
👤 项目作者: AlphaDevelopmental
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-04-27 14:01:30

📝 项目描述:
Hands-on CTF-style Broken Access Control lab for Node/Express, covering IDOR, vertical privilege escalation, JWT abuse, batch authorization bypass, and multi-tenant isolation.

🔗 点击访问项目地址
GitHub
GitHub - AlphaDevelopmental/Broken-access-control_lab: Hands-on CTF-style Broken Access Control lab for Node/Express, covering…
GitHub - AlphaDevelopmental/Broken-access-control_lab: Hands-on CTF-style Broken Access Control lab for Node/Express, covering…
Hands-on CTF-style Broken Access Control lab for Node/Express, covering IDOR, vertical privilege escalation, JWT abuse, batch authorization bypass, and multi-tenant isolation. - AlphaDevelopmental/...
Bypass AV Filter
Before
After
Back to Top