📦 GitHub 全球红队渗透资源中转站。
​旨在收录那些“好用却难找”的安全项目。
🔗 定时推送:GitHub Trending (Security)
🛠 必备清单:后渗透、远控、免杀、提权工具集
📅 更新频率:每日精选,绝不灌水。
⚠️ 本频道仅供安全研究与授权测试使用。
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #Exploit #RCE #漏洞 #复现

📦 项目名称: CVE-2026-42945_NGINX_Rift
👤 项目作者: niekaicheng
🛠 开发语言: CSS
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-13 05:10:42

📝 项目描述:
无描述

🔗 点击访问项目地址 GitHub - niekaicheng/CVE-2026-42945_NGINX_Rift
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: Retrishul
👤 项目作者: Mehran-Seifalinia
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-13 04:29:43

📝 项目描述:
ReTrishul – Burp Suite extension for active XSS, SQLi & SSTI detection. Intercepts in‑scope requests, injects payloads into GET/POST/JSON params, analyses responses. Results in a dedicated tab with issue tree, advisory & request/response viewers.

🔗 点击访问项目地址
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #RCE

📦 项目名称: CVE-2026-22356
👤 项目作者: xxconi
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-13 04:54:33

📝 项目描述:
CVE-2026-22356: Jetpack CRM Path Traversal Vulnerability and RCE

🔗 点击访问项目地址
🚨 GitHub 监控消息提醒

🚨 发现关键词: #漏洞 #扫描

📦 项目名称: msYqTsaPRp
👤 项目作者: sandhyaman
🛠 开发语言: Unknown
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 17:20:24

📝 项目描述:
【Java计算机毕业设计分享】基于Python的漏洞挖掘系统,MySQL Java开发 毕业设计 实战项目【附源码、文档报告、代码讲解】

🔗 点击访问项目地址 GitHub - sandhyaman/msYqTsaPRp: 【Java计算机毕业设计分享】基于Python的漏洞挖掘系统,MySQL Java开发 毕业设计 实战项目【附源码、文档报告、代码讲解】
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Vulnerability Scanner

📦 项目名称: WebSecMonitor
👤 项目作者: hashtags2023
🛠 开发语言: Python
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-13 00:53:24

📝 项目描述:
Python web vulnerability scanner detecting SQL injection, XSS, open redirects, and security misconfigurations. Multithreaded directory enumeration across 40+ sensitive paths. Generates color-coded HTML/JSON reports with OWASP Top 10 severity rankings.

🔗 点击访问项目地址 GitHub - hashtags2023/WebSecMonitor: Python web vulnerability scanner detecting SQL injection, XSS, open redirects, and security…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #XSS #Stored

📦 项目名称: Atithi-attacker
👤 项目作者: Tarikul3639
🛠 开发语言: JavaScript
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 23:45:57

📝 项目描述:
🔐 Atithi-Attacker — XSS-based cookie hijacking lab demonstrating session theft through stored XSS vulnerabilities. Frontend (HTML/JS) + Backend (PHP) with real-time stolen cookie dashboard.

🔗 点击访问项目地址 GitHub - Tarikul3639/Atithi-attacker: 🔐 Atithi-Attacker — XSS-based cookie hijacking lab demonstrating session theft through stored…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Bypass #WAF

📦 项目名称: Captcha-Bypass-Tool
👤 项目作者: SeseyqOw
🛠 开发语言: C#
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 23:04:31

📝 项目描述:
pentesting tool to bypass captcha Steam, Gmail, Instagram, Facebook, Twitter, Snapchat, Outlook, Netflix, Adobe Bot Automation

🔗 点击访问项目地址 GitHub - SeseyqOw/Captcha-Bypass-Tool: pentesting tool to bypass captcha Steam, Gmail, Instagram, Facebook, Twitter, Snapchat,…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #malware

📦 项目名称: mlw-lab
👤 项目作者: allsmog
🛠 开发语言: Shell
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 22:27:03

📝 项目描述:
Reproducible Stuxnet malware-analysis lab with static and dynamic workflows, YARA/Sigma detections, and safety-first documentation.

🔗 点击访问项目地址 GitHub - allsmog/mlw-lab: Reproducible Stuxnet malware-analysis lab with static and dynamic workflows, YARA/Sigma detections, and…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF #漏洞

📦 项目名称: ember
👤 项目作者: exergyleizhou-ux
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 21:57:03

📝 项目描述:
5-layer offensive & defensive security toolkit: API scanner + payload injection (SQLi/XSS/JWT/PathTrav/SSRF) + network recon + AI prompt injection/red-team engine. Built on CL4R1T4S (29.5k ★).

🔗 点击访问项目地址 GitHub - exergyleizhou-ux/ember: 5-layer offensive & defensive security toolkit: API scanner + payload injection (SQLi/XSS/JWT/PathTrav/SSRF)…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #SSRF #metadata

📦 项目名称: ressrf
👤 项目作者: R0X4R
🛠 开发语言: Go
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 22:07:34

📝 项目描述:
An advanced Out-of-Band and In-Band SSRF fuzzing scanner with dynamic request tracking.

🔗 点击访问项目地址 GitHub - R0X4R/ressrf: An advanced Out-of-Band and In-Band SSRF fuzzing scanner with dynamic request tracking.
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Nuclei #template #templates

📦 项目名称: webstrike-framework
👤 项目作者: FlinnZee
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 21:09:55

📝 项目描述:
WebStrike — automated web-pentesting framework that orchestrates Kali tools (subfinder, httpx, katana, ffuf, nuclei, sqlmap, dalfox) into one phased recon→exploit→report pipeline.

🔗 点击访问项目地址 GitHub - FlinnZee/webstrike-framework: WebStrike — automated web-pentesting framework that orchestrates Kali tools (subfinder,…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #C2 #Framework

📦 项目名称: orchestra
👤 项目作者: t-h-i-n-k-er
🛠 开发语言: Rust
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 21:56:08

📝 项目描述:
Orchestra is the most advanced C2 framework in development. Features are beta and final version will be available commercially only to approved candidates.

🔗 点击访问项目地址 GitHub - t-h-i-n-k-er/orchestra: Orchestra is the most advanced C2 framework in development. Features are beta and final version…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #malware

📦 项目名称: detonate
👤 项目作者: allsmog
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 21:59:33

📝 项目描述:
Open-source malware analysis sandbox with Docker/QEMU execution, telemetry, YARA, Suricata, threat-intel enrichment, and AI reports.

🔗 点击访问项目地址 GitHub - allsmog/detonate: Open-source malware analysis sandbox with Docker/QEMU execution, telemetry, YARA, Suricata, threat-intel…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #YARA #rules #malware

📦 项目名称: ghostforensics
👤 项目作者: joemunene-by
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 21:06:02

📝 项目描述:
Memory forensics automation — process analysis, injection detection, YARA scanning, IOC extraction with STIX 2.1 export. Works standalone or with Volatility3.

🔗 点击访问项目地址
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Credential Dumping #Mimikatz #sekurlsa

📦 项目名称: THM-Boogeyman3
👤 项目作者: czabatta
🛠 开发语言: Unknown
Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 20:24:17

📝 项目描述:
TryHackMe SOC Level 1 — Full kill chain analysis: HTA lure, DLL execution, credential dumping, DCSync, ransomware staging

🔗 点击访问项目地址 GitHub - czabatta/THM-Boogeyman3: TryHackMe SOC Level 1 — Full kill chain analysis: HTA lure, DLL execution, credential dumping…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Burp #Extension

📦 项目名称: burpsuite-oauth2.0
👤 项目作者: matiassequeira
🛠 开发语言: Python
Star数量: 2 | 🍴 Fork数量: 1
📅 更新时间: 2026-06-12 20:20:14

📝 项目描述:
Burp Suite Extension for auditing OAuth 2.0 implementations. Supports both Community and Professional Editions.

🔗 点击访问项目地址 GitHub - matiassequeira/burpsuite-oauth2.0: Burp Suite Extension for auditing OAuth 2.0 implementations. Supports both Community…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Vulnerability Scanner

📦 项目名称: webguard
👤 项目作者: amr-khaledd
🛠 开发语言: HTML
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 21:00:31

📝 项目描述:
Web Vulnerability Scanner — Flask REST API + SQLite + Security Scanning

🔗 点击访问项目地址 GitHub - amr-khaledd/webguard: Web Vulnerability Scanner — Flask REST API + SQLite + Security Scanning
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #POC

📦 项目名称: CVE-2026-20230-Scanner
👤 项目作者: HalilDeniz
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 19:50:53

📝 项目描述:
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.

🔗 点击访问项目地址 GitHub - HalilDeniz/CVE-2026-20230-Scanner: Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026…
🚨 GitHub 监控消息提醒

🚨 发现关键词: #CVE-2026 #Exploit

📦 项目名称: CVE-2026-28318-check
👤 项目作者: BishopFox
🛠 开发语言: Python
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 20:38:38

📝 项目描述:
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318

🔗 点击访问项目地址 GitHub - BishopFox/CVE-2026-28318-check: Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
🚨 GitHub 监控消息提醒

🚨 发现关键词: #Sliver #Beacon

📦 项目名称: The-Homegrown-Beacon
👤 项目作者: datboyblu3
🛠 开发语言: HCL
Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-06-12 19:44:22

📝 项目描述:
Deploying Sliver to an Oracle OCI compute instance via Terraform and Ansible

🔗 点击访问项目地址 GitHub - datboyblu3/The-Homegrown-Beacon: Deploying Sliver to an Oracle OCI compute instance via Terraform and Ansible
Back to Top