📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: defender2yara
👤 项目作者: t-tani
🛠 开发语言: Python
Star数量: 199 | 🍴 Fork数量: 26
📅 更新时间: 2026-05-29 22:31:26

📝 项目描述:
Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules

🔗 点击访问项目地址
GitHub
GitHub - t-tani/defender2yara: Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
GitHub - t-tani/defender2yara: Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules - t-tani/defender2yara
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: Custom-Yara-Rules
👤 项目作者: Ununp3ntium115
🛠 开发语言: YARA
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 22:42:28

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - Ununp3ntium115/Custom-Yara-Rules
Contribute to Ununp3ntium115/Custom-Yara-Rules development by creating an account on GitHub.
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: Yara-Rules-for-Autopsy
👤 项目作者: Maghanelizabeth
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 21:21:03

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - Maghanelizabeth/Yara-Rules-for-Autopsy
Contribute to Maghanelizabeth/Yara-Rules-for-Autopsy development by creating an account on GitHub.
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Nuclei #template #CVE

📦 项目名称: CVE-PaaS
👤 项目作者: denimoll
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 1
📅 更新时间: 2026-05-29 21:20:17

📝 项目描述:
CVE-Prioritizer-as-a-Service is an FastAPI server that returns additional information (CVSS, EPSS, KEV, POCs, Nuclei Template) about the vulnerability and determines the priority of criticality

🔗 点击访问项目地址
GitHub
GitHub - denimoll/CVE-PaaS: CVE-Prioritizer-as-a-Service is an FastAPI server that returns additional information (CVSS, EPSS,…
GitHub - denimoll/CVE-PaaS: CVE-Prioritizer-as-a-Service is an FastAPI server that returns additional information (CVSS, EPSS,…
CVE-Prioritizer-as-a-Service is an FastAPI server that returns additional information (CVSS, EPSS, KEV, POCs, Nuclei Template) about the vulnerability and determines the priority of criticality - d...
Nuclei template CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #CVE

📦 项目名称: mcp-stdio-shellguard
👤 项目作者: studiomeyer-io
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 20:51:38

📝 项目描述:
Defense-in-depth bundle for MCP stdio servers: drop-in guardExec/guardSpawn wrappers, AST audit CLI, reference MCP server. Closes the Ox-Security 200k-server stdio-RCE class (LiteLLM CVE-2025-69256). MIT, TypeScript, Node >= 20.

🔗 点击访问项目地址
GitHub
GitHub - studiomeyer-io/mcp-stdio-shellguard: Defense-in-depth bundle for MCP stdio servers: drop-in guardExec/guardSpawn wrappers…
Defense-in-depth bundle for MCP stdio servers: drop-in guardExec/guardSpawn wrappers, AST audit CLI, reference MCP server. Closes the Ox-Security 200k-server stdio-RCE class (LiteLLM CVE-2025-69256...
RCE CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #CVE

📦 项目名称: mcp-rce-guard
👤 项目作者: studiomeyer-io
🛠 开发语言: TypeScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 20:51:42

📝 项目描述:
Foundation Pillar 9: Layer-3 RCE defense for MCP servers via policy synthesis + behavioral CVE replay + cross-server canary tracking. v0.1 descriptor-only; v0.2 ships native enforcement.

🔗 点击访问项目地址
GitHub
GitHub - studiomeyer-io/mcp-rce-guard: Foundation Pillar 9: Layer-3 RCE defense for MCP servers via policy synthesis + behavioral…
Foundation Pillar 9: Layer-3 RCE defense for MCP servers via policy synthesis + behavioral CVE replay + cross-server canary tracking. v0.1 descriptor-only; v0.2 ships native enforcement. - studiome...
RCE CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules

📦 项目名称: pyHIDS
👤 项目作者: cedricbonhomme
🛠 开发语言: Python
Star数量: 59 | 🍴 Fork数量: 15
📅 更新时间: 2026-05-29 20:53:32

📝 项目描述:
A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

🔗 点击访问项目地址
GitHub
GitHub - cedricbonhomme/pyHIDS: A HIDS (host-based intrusion detection system) for verifying the integrity of a system.
A HIDS (host-based intrusion detection system) for verifying the integrity of a system. - cedricbonhomme/pyHIDS
YARA rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: CVE-2026-0257-PoC
👤 项目作者: akashsingh0454
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 20:39:48

📝 项目描述:
无描述

🔗 点击访问项目地址
GitHub
GitHub - akashsingh0454/CVE-2026-0257-PoC
Contribute to akashsingh0454/CVE-2026-0257-PoC development by creating an account on GitHub.
CVE POC
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Fscan #内网 #漏洞

📦 项目名称: FscanResultParser
👤 项目作者: HSGQSRGS
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 17:27:22

📝 项目描述:


🔗 点击访问项目地址
GitHub
GitHub - HSGQSRGS/FscanResultParser: 无
无. Contribute to HSGQSRGS/FscanResultParser development by creating an account on GitHub.
Fscan 内网 漏洞
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: BrokenLinkChecker
👤 项目作者: msaadsbr
🛠 开发语言: Java
Star数量: 0 | 🍴 Fork数量: 1
📅 更新时间: 2026-05-29 19:36:40

📝 项目描述:
Burp Suite extension that detects Broken Link Hijacking vulnerabilities on social media links

🔗 点击访问项目地址
GitHub
GitHub - msaadsbr/BrokenLinkChecker: Burp Suite extension that detects Broken Link Hijacking vulnerabilities on social media links
GitHub - msaadsbr/BrokenLinkChecker: Burp Suite extension that detects Broken Link Hijacking vulnerabilities on social media links
Burp Suite extension that detects Broken Link Hijacking vulnerabilities on social media links - msaadsbr/BrokenLinkChecker
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: Burp-Theme-Lab
👤 项目作者: tobiasGuta
🛠 开发语言: Java
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 18:14:24

📝 项目描述:
Burp Theme Lab is a clean, simple, and robust Burp Suite extension that allows you to change Burp Suite's Look and Feel directly from inside a custom "Theme Lab" tab using standard Java Swing APIs and FlatLaf themes.

🔗 点击访问项目地址
GitHub
GitHub - tobiasGuta/Burp-Theme-Lab: Burp Theme Lab is a clean, simple, and robust Burp Suite extension that allows you to change…
Burp Theme Lab is a clean, simple, and robust Burp Suite extension that allows you to change Burp Suite's Look and Feel directly from inside a custom "Theme Lab" tab using...
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC #Exploit

📦 项目名称: CVE-2026-46376
👤 项目作者: portbuster1337
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 18:27:34

📝 项目描述:
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials

🔗 点击访问项目地址
GitHub
GitHub - portbuster1337/CVE-2026-46376: CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
GitHub - portbuster1337/CVE-2026-46376: CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials - portbuster1337/CVE-2026-46376
CVE POC Exploit
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF #metadata

📦 项目名称: Ultimate-SSRF-Arsenal-Multi-Target-Automated-SSRF-Exploitation-Framework
👤 项目作者: KauanCosta2000
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 17:40:57

📝 项目描述:
Ultimate SSRF Arsenal is a powerful, dynamic, and fully automated SSRF (Server-Side Request Forgery) testing framework built with Python and Playwright. It features intelligent endpoint discovery, parameter fuzzing, cloud metadata extraction, protocol smuggling, blind SSRF detection via out-of-band callbacks, and multi-target scanning.

🔗 点击访问项目地址
GitHub
GitHub - KauanCosta2000/Ultimate-SSRF-Arsenal-Multi-Target-Automated-SSRF-Exploitation-Framework: Ultimate SSRF Arsenal is a powerful…
GitHub - KauanCosta2000/Ultimate-SSRF-Arsenal-Multi-Target-Automated-SSRF-Exploitation-Framework: Ultimate SSRF Arsenal is a powerful…
Ultimate SSRF Arsenal is a powerful, dynamic, and fully automated SSRF (Server-Side Request Forgery) testing framework built with Python and Playwright. It features intelligent endpoint discovery, ...
SSRF metadata
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sigma #rules

📦 项目名称: AD-Attack-Research
👤 项目作者: LiDit3
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 17:55:32

📝 项目描述:
Internship task: DCSync & DCShadow detection with Sigma rules

🔗 点击访问项目地址
GitHub
GitHub - LiDit3/AD-Attack-Research: Internship task: DCSync & DCShadow detection with Sigma rules
GitHub - LiDit3/AD-Attack-Research: Internship task: DCSync & DCShadow detection with Sigma rules
Internship task: DCSync & DCShadow detection with Sigma rules - LiDit3/AD-Attack-Research
Sigma rules
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored

📦 项目名称: StoXSS
👤 项目作者: b2d3
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 17:15:48

📝 项目描述:
[Work In Progress] Source-map semantic-pattern analyzer for stored XSS

🔗 点击访问项目地址
GitHub
GitHub - b2d3/StoXSS: [Work In Progress] Source-map semantic-pattern analyzer for stored XSS
[Work In Progress] Source-map semantic-pattern analyzer for stored XSS - b2d3/StoXSS
XSS Stored
🚨 GitHub 监控消息提醒

🚨 发现关键词: #RCE #CVE

📦 项目名称: CVE-2026-46840-ORDS-RCE
👤 项目作者: fangbarristerbar
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 16:16:26

📝 项目描述:
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)

🔗 点击访问项目地址
GitHub
GitHub - fangbarristerbar/CVE-2026-46840-ORDS-RCE: Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
GitHub - fangbarristerbar/CVE-2026-46840-ORDS-RCE: Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840) - fangbarristerbar/CVE-2026-46840-ORDS-RCE
RCE CVE
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: uuid-capture
👤 项目作者: phrantom
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 15:54:17

📝 项目描述:
A Burp Suite extension that passively captures every UUID

🔗 点击访问项目地址
GitHub
GitHub - phrantom/uuid-capture: A Burp Suite extension that passively captures every UUID
A Burp Suite extension that passively captures every UUID - phrantom/uuid-capture
Burp Extension
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF #metadata

📦 项目名称: midjourney-mcp
👤 项目作者: adelaidasofia
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 15:44:06

📝 项目描述:
FastMCP server for Midjourney image generation via PiAPI, with daily USD cost cap, per-call audit, and SSRF-safe image URL inputs. 11 tools.

🔗 点击访问项目地址
GitHub
GitHub - adelaidasofia/midjourney-mcp: FastMCP server for Midjourney image generation via PiAPI, with daily USD cost cap, per-call…
GitHub - adelaidasofia/midjourney-mcp: FastMCP server for Midjourney image generation via PiAPI, with daily USD cost cap, per-call…
FastMCP server for Midjourney image generation via PiAPI, with daily USD cost cap, per-call audit, and SSRF-safe image URL inputs. 11 tools. - adelaidasofia/midjourney-mcp
SSRF metadata
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rule #malware

📦 项目名称: Yarek
👤 项目作者: W3ndige
🛠 开发语言: Go
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 15:20:22

📝 项目描述:
Yarek is an CLI tool to manage, build, and test a YARA-X rule library

🔗 点击访问项目地址
GitHub
GitHub - W3ndige/Yarek: Yarek is an CLI tool to manage, build, and test a YARA-X rule library
GitHub - W3ndige/Yarek: Yarek is an CLI tool to manage, build, and test a YARA-X rule library
Yarek is an CLI tool to manage, build, and test a YARA-X rule library - W3ndige/Yarek
YARA rule malware
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Shellcode #Loader

📦 项目名称: loader-osep
👤 项目作者: 4drez
🛠 开发语言: C#
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-29 14:36:51

📝 项目描述:
MSBuild XML-based shellcode/assembly loader for OffSec OSEP. LOLBin execution via MSBuild.exe with AMSI/ETW bypass, AES-256-CBC encryption, thread context manipulation, and in-memory .NET assembly loading.

🔗 点击访问项目地址
GitHub
GitHub - 4drez/loader-osep: MSBuild XML-based shellcode/assembly loader for OffSec OSEP. LOLBin execution via MSBuild.exe with…
GitHub - 4drez/loader-osep: MSBuild XML-based shellcode/assembly loader for OffSec OSEP. LOLBin execution via MSBuild.exe with…
MSBuild XML-based shellcode/assembly loader for OffSec OSEP. LOLBin execution via MSBuild.exe with AMSI/ETW bypass, AES-256-CBC encryption, thread context manipulation, and in-memory .NET assembly ...
Shellcode Loader
Before
After
Back to Top