PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Windows Exploit Suggester - Next Generation

A little tool to play with Windows security

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

Defeating Windows User Account Control

windows-kernel-exploits Windows平台提权漏洞集合

Nmap script to guess* a GitLab version.

Awesome Privilege Escalation

🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等

Gitbook

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Automatically Collect POC or EXP from GitHub by CVE ID. If you are unable to find the POC/EXP on GitHub, you can also check here: https://pocorexps.nsa.im/

Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。

【Hello-CTF labs】PHP文件包含类靶场，各类协议的讲解以及基于协议的LFI/RFI

哥斯拉webshell管理工具二次开发规避流量检测设备

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

Security Guide for Developers (实用性开发人员安全须知)

📦 Make security testing of K8s, Docker, and Containerd easier.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

高危漏洞精准检测与深度利用框架

python安全和代码审计相关资料收集 resource collection of python security and code review

各大漏洞文库合集

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~

Checklist of the most important security countermeasures when designing, testing, and releasing your API

Security Learning For All~

红方人员作战执行手册

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

List of Awesome Asset Discovery Resources