FofaMap是一款基于Python3开发的跨平台FOFA API数据采集器，支持普通查询、网站存活检测、统计聚合查询、Host聚合查询、网站图标查询、批量查询等查询功能。同时FofaMap还能够自定义查询FOFA数据，并根据查询结果自动去重和筛选关键字，生成对应的Excel表格。另外春节特别版还可以调用Nuclei对FofaMap查询出来的目标进行漏洞扫描，让你在挖洞路上快人一步。

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

2022 护网行动 POC 整理

分支出了些问题，无法合并到main，迁移至https://github.com/hktalent/scan4all

一个用于隐藏C2的、开箱即用的反向代理服务器。旨在省去繁琐的配置Nginx服务的过程。

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

批量发送钓鱼邮箱

在线cms识别|旁站|c段|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..

用于记录分享一些有趣的案例

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

参数 | 字典 collections

爆破字典

A list of interesting payloads, tips and tricks for bug bounty hunters.

上传漏洞fuzz字典生成脚本

Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

弱口令,敏感目录,敏感文件等渗透测试常用攻击字典

Send output from subjs to LinkFinder

Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB i…

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

一个fuzzdb扩展库

List of Awesome Asset Discovery Resources

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

This is a webshell open source project

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Take a list of domains and probe for working HTTP and HTTPS servers

Generates permutations, alterations and mutations of subdomains and then resolves them