kiang70.md

Awesome Stars

A curated list of my GitHub stars! Generated by starred

Contents

• Assembly

• Batchfile

• C

• C#

• C++

• CSS

• Clojure

• Go

• HTML

• Java

• JavaScript

• Lua

• Others

• PHP

• Perl

• PowerShell

• Python

• Roff

• Ruby

• Shell

Assembly

• Eternalblue -

Batchfile

• WinSystemHelper - A tool that checks and downloads scripts that will aid with privilege escalation on a Windows system.

C

• smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)

• p4p1 - Reverse shell for remote administration 🍑

• TheFatRat - Thefatrat a massive exploiting tool revealed >> An easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .

• fcn - free connect your private network from anywhere

• wifi-arsenal - WiFi arsenal

• public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups

• toolforspider - a new spider based on python with more function including Network fingerprint search

• Scan-T - a new crawler based on python with more function including Network fingerprint search

• phptrace - A tracing and troubleshooting tool for PHP scripts.

C#

• cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader

• QuasarRAT - Remote Administration Tool for Windows

• Altman - the cross platform webshell tool in .NET

• shadowsocks-windows - If you want to keep a secret, you must also hide it from yourself.

C++

• autoshadower - autoshadower is so sweet, she will find many free shadowsoks accounts for you, do her best!

• hardseed - SEX IS ZERO (0), so, who wanna be the ONE (1), aha?

• kcws - Deep Learning Chinese Word Segment

CSS

• ZVulDrill - Web漏洞演练平台

• cobra - Source Code Security Audit (源代码安全审计)

• orangescan - 在线子域名信息收集工具

• portnine-free-bootstrap-theme - Free bootstrap theme

Clojure

• oss.io - Developers gathering up

Go

• yunSpider - 百度云网盘爬虫

• poseidon - A search engine which can hold 100 trillion lines of log data.

• dog-tunnel - p2p tunnel,(udp mode work with kcp,https://github.com/skywind3000/kcp)

HTML

• WamaCry - a fake WannaCry

• WooyunDrops - Wooyun知识库，乌云知识库，https://superkieran.github.io/WooyunDrops

• Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。

• 1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)

• readfree -

• louchaooo.github.io - 🐺三千浮华 独居一隅 (记录下学习生活中的点滴)

• fuzzdb - 一个fuzzdb扩展库

• wifisheep -

• gophish - Open-Source Phishing Toolkit

• hackazon - A modern vulnerable web app

• BroDomain - 兄弟域名查询

Java

• EquationExploit - Eternalblue Doublepulsar exploit

• androrat - Remote Administration Tool for Android devices

• S2-046-PoC - S2-046-PoC

• PDFLayoutTextStripper - Converts a pdf file into a text file while keeping the layout of the original pdf. Useful to extract the content from a table in a pdf file for instance. This is a subclass of PDFTextStripper class (from the Apache PDFBox library).

• ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

• ShareLoc - 这是一个多用户共享位置的demo，通过socket与服务器长连接来实现位置共享

• pentestdb - WEB渗透测试数据库

• Cknife - Cknife

• agnes - android上的wifi钓鱼应用

• WeChatLuckyMoney - 💸 WeChat's lucky money helper (微信抢红包插件). An Android app that helps you snatch red packets in WeChat groups.

• QiangHongBao - 微信、QQ自动抢红包外挂（绿色、无广告）

• sqlmap4burp - sqlmap embed in burpsuite

JavaScript

• xssor2 - XSS'OR - Hack with JavaScript.

• winxin-app-watch-life.net - "守望轩"WordPress官网微信小程序

• 3xp10it - 一个自动化渗透框架

• simple_zoomeye - 一个还正在完善的项目，采用分布式python扫描全国的HTTP服务

• antSword - 中国蚁剑是一款跨平台的开源网站管理工具

• django-template-bootstrap - A django template based on twitter's bootstrap project.

• Qkindle - kindle 图书在线分享

• AS_BugScan - 通过 Webshell 创建 BugScan 节点(需要目标支持 Python2.7)

• Brosec - Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.

• antSword - AntSword is a cross-platform website management toolkit.

• ant - code for study

• SRCMS - SRCMS企业应急响应与缺陷管理系统

• BlueLotus_XSSReceiver - XSS平台 CTF工具 Web安全工具

• cms - 社工库

Lua

• ScanS2-045-Nmap - Struts2 S2-045-Nmap NSE script

Others

• vuldocker -

• ebook - classic books of computer science

• Salon2 - T00ls.Net 2017第二期线下聚会（安徽）PPT合集

• Sec-Box - information security Tools Box （信息安全工具以及资源集合）

• betterdefaultpasslist -

• EternalRocks - EternalRocks worm

• kindle114-rsrc-gathering - 📚 Kindle114 资源集结计划

• EternalBlue-MSF-Automation - Automation script for the Eternal Blue & Double Pulsar Metasploit exploit.

• wooyunallbugs - wooyun_all_bugs

• awesome-cve-poc - ✍️ A curated list of CVE PoCs.

• flexidie - Source code and binaries of FlexiSpy from the Flexidie dump

• awesome-machine-learning-cn - 机器学习资源大全中文版，包括机器学习领域的框架、库以及软件

• Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

• Chinese-Names-Corpus - 中文人名语料库。中文姓名,姓氏,名字,称呼,日本人名,翻译人名,英文人名。

• free-programming-books - 📚 Freely available programming books

• papers - my security summit papers

• Mind-Map - 各种安全相关思维导图整理收集

• AZScanner - 自动漏洞扫描器，自动子域名爆破，自动爬取注入，调用sqlmapapi检测注入，端口扫描，目录爆破，子网段服务探测及其端口扫描，常用框架漏洞检测。 Automatic scanner, automatic sub domain blasting, automatic crawl injection, injection, call the sqlmapapi port scan detection, directory service detection and segment blasting, port scanning, vulnerability detection framework commonly used.

• awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things

• awesome-django - A curated list of awesome Django apps, projects and resources.

• F-Scrack - F-Scrack is a single file bruteforcer supports multi-protocol

• msfrpc - Perl/Python modules for interfacing with Metasploit MSGRPC

• pentest_study - 从零开始内网渗透学习

• pupy-binaries - precompiled templates for pupy

• git-recipes - Git recipes in Chinese. 高质量的Git中文教程.

• Cpassword - Cpassword is a about password dict create tools

• phpcodz - Php Codz Hacking

• papers - my open papers

• RobotsDisallowed - A harvest of the Disallowed directories from the robots.txt files of the world's top websites.

• sqlmapapi -

PHP

• SCANNER-INURLBR - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

• Sn1per - Automated Pentest Recon Scanner

• SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

• Scanners-Box - The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集👻

• wooyun_search - 乌云公开漏洞、知识库搜索 search from wooyun.org

• webshell - This is a webshell open source project

• wooyun_public - 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops

• AwvScan - New On Live Web Vul Scan

• Bugscan - Bugscan Web Vulnerability Scaner Online System

• exp - 收集各种各样的exp

• fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

• sees - SEES aims to increase the success rate of phishing attacks by sending emails to company users as if they are coming from the very same company’s domain.

• web-malware-collection - Clone of svn repository of http://insecurety.net/projects/web-malware/ project

• webshellSample - webshell sample for WebShell Log Analysis

• joomla-getshell-EXP - joomla 反序列化漏洞 getshell&&命令执行

• MCIR - The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.

• doom - DOOM是在thorn上实现的分布式任务分发的ip端口漏洞扫描器

• GourdScan -

• GourdScan -

• SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!

• LBSContacts - 基于地理位置服务的通讯录

• SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!

• phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods

Perl

• ATSCAN - Advanced Search & Mass Exploit Scanner- فاحص متقدم لبحث و استغلال الثغرات بالجملة

• EQGRP - Decrypted content of eqgrp-auction-file.tar.xz

PowerShell

• redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments

• Empire - Empire is a PowerShell and Python post-exploitation agent.

• mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory.

Python

• s2-048-exp -

• datasploit - An #OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.

• maltrail - Malicious traffic detection system

• django-cms - The easy-to-use and developer-friendly CMS

• blog - 基于django1.10的个人博客

• gk7-douban - 豆瓣阅读推送kindle

• RedKindle - Kindle期刊推送系统

• Prowl -

• kekescan - automate scanner

• getsploit - Command line utility for searching and downloading exploits

• microscan - MicroScan 基于B/S架构微扫描器

• SambaHunter - It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).

• pyfiscan - Free web-application vulnerability and version scanner

• WindowsExploits - Windows exploits, mostly precompiled.

• PyAttack - 批量抓鸡脚本

• btScan - 批量漏洞扫描框架

• CVE-2017-7269-Echo-PoC - CVE-2017-7269 回显PoC ,用于远程漏洞检测..

• kmanga - KManga site

• Sharly -

• github-dorks - Collection of github dorks and helper tool to automate the process of checking dorks

• eternalsunshine - EternalBlue/DoublePulsar python wrapper

• cupper - It comes!!

• fuzzbunch-debian - Fuzzbunch deployment for Debian - Intructions: Readme.md

• WebEye -

• scan -

• wxpy - 微信机器人 / 可能是最优雅的微信个人号 API ✨✨

• RouterExploitScan - RouterExploit

• sicklepoc -

• shadowbroker - The Shadow Brokers "Lost In Translation" leak

• PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF

• ZEROScan - Just a scan by Z3r0yu

• Drystan - Automated information gathering tool for pentest

• pocscan-cli - 模拟登录，自动提交pocscan扫描任务

• doublepulsar-c2-traffic-decryptor - A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

• PyShell - python backdoor （后门程序）

• CVE-2017-3599 - Proof of concept exploit for CVE-2017-3599

• theHarvester - E-mail, subdomain and people names harvester

• Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation

• Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable.

• cheetah - a very fast brute force webshell password tool

• leakPasswd - Python 密码泄露查询模块

• CMSmap -

• lcyscan -

• CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v3.0 is a handy python script which provides pentesters and security researchers a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious (Obfuscated) RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.

• gwhatweb - CMS识别 python gevent实现

• doublepulsar-detection-script - A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

• EQGRP_Lost_in_Translation - Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

• mimipenguin - A tool to dump the login password from the current linux user

• bugscan-1 - w8ay专属扫描器

• struts2_045_scan - Struts2-045 Scanner

• GoogleSearchCrawler - a tool for crawl Google search results

• zoomeyer - This is a program to use Zoomeye.org's API for exploering IOT.

• zoomeye_search - 基于 zoomeyey api 整理的一个小脚本

• pymsf - using python to hack

• ProxyPool - Crawl and validate proxies from Internet

• Proxies - 获取最新的HTTP代理，每日更新代理。

• webdav_exploit - An exploit for Microsoft IIS 6.0 CVE-2017-7269

• reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

• IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

• basicRAT - python remote access trojan

• Ares - Python botnet and backdoor

• censys-python - Python Library for Censys

• censys - Censys.io Python API Search

• fofa-py - fofa pro的sdk，python语言版本

• PocHunter - 一个适配器模块，用于调用市面上流行的PoC框架(Beebeeto/PocSuite/TangScan/KsPoc)下的PoC.

• GitHack - .git 泄漏利用工具，可还原历史版本

• poc - poc from bugscan beebeeto

• Github_Nuggests - 自动爬取Github上文件敏感信息泄露，抓取邮箱密码并自动登录邮箱验证，支持126，qq，sina，163邮箱

• web_shell_bopo - Python 一句话木马爆破工具，速度极快

• corePython - 《Python 核心编程 第二版》 (《Core Python Programming 2nd Edition》) 学习笔记、事例代码以及课后练习

• Struts2_045-Poc - Struts2-045 POC

• Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写

• genpAss - 中国特色的弱口令生成器

• pentestEr_Fully-automatic-scanner - 定向全自动化渗透测试

• BkScanner - BkScanner 分布式、插件化web漏洞扫描器

• lalascan - 自主开发的分布式web漏洞扫描框架，集合webkit爬虫，Subdomain子域名发现，sqli、反射xss、Domxss等owasp top10漏洞扫描和边界资产发现能力。同时为通用CMS POC扫描提供了插件扩展平台

• Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

• operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...)

• python_gdork_sqli - This python script is developed to show, how many vulnerables websites, which are laying around on the web. 1) Scan net for urls prone to SQL injection 2) Check if urls is vulnerable 3) Exploit with sqlmap

• FileSensor - Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具

• Stitch - Python Remote Administration Tool (RAT)

• wqcmsexp - 批量检测wqcms6.0配合iis6.0解析漏洞getshell

• subdomain3 -

• sensitivefilescan -

• python_learn - 郭帅用于学习的python's code

• pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

• zoomeye - sdk for zoomeye to explore the web space

• PhpStudy - phpstudy get shell

• s0m3poc - a poc framework to test hosts via zoomeye sdk

• srez - Image super-resolution through deep learning

• httpscan - 一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR

• Fwaf-Machine-Learning-driven-Web-Application-Firewall - Machine learning driven web application firewall to detect malicious queries with high accuracy.

• Hacking - not just code , hacking is a spirit , will write code better !

• iRead4Kindle - A simple Django site for sharing Kindle highlights to Sina Weibo & Douban broadcast

• sendKindle - CLI tool for sending files via email to your Amazon Kindle device

• hacking_script - 开发或收集的一些网络安全方面的脚本、小工具

• SDK - ZoomEye API SDK

• xunfeng - 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

• proxy_pool - python爬虫代理IP池(proxy pool)

• pocscan_dockerfile - 构建pocscan运行环境的Dockerfile

• crawlers - Some crawlers u know it:-)

• douban-client - Python client library for Douban APIs (OAuth 2.0)

• readfree -

• GourdScanV2 - 被动式漏洞扫描系统

• wyproxy - proxying and recording HTTP/HTTPs/Socks5 proxy flow, save to MYSQL database.

• Dir-Xcan - Python version of OWASP's DirBuster Application.

• SQLiScanner - Automatic SQL injection with Charles and sqlmap api

• RD_Checklist - 知道创宇研发技能表

• webzmap - Zmap on Web

• exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory

• ABPTTS - TCP tunneling over HTTP/HTTPS for web application servers

• Bugscan_exploits-url - 投诉太狠啊，换个地方自己下吧

• pythem - pentest framework

• wxBot - Python网页微信API

• FuzSub - A Tool For Fuzzing Sub-domain.

• PocCollect - a plenty of poc based on python

• Pocsuite - Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team.

• vulcan - A gevent spider ,support webkit for dom parsing.

• cyberbot - A lightweight batch scanning framework based on gevent.

• normal_hack - based on search engine and get the valid infomation to test the vulnerability

• Bugscan_exploits -

• WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack https://www.patreon.com/wifipumpkin

• DNSLog - DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。

• hackhttp - Hackhttp is an HTTP library, written in Python.

• jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

• pymsf - using python to hack

• POC-T - 渗透测试插件化并发框架

• portscan - push

• Blasting_dictionary - 爆破字典

• cupp - Common User Passwords Profiler (CUPP)

• MyJSRat - This is JSRat.ps1 in Python

• KWP - Keyboard Weak Password

• pocscan - Will to be a niubility scan-framework

• weakScan - a web weak file scanner

• pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

• vulysisBugBounty -

• GitHarvester -

• wifiphisher - Automated victim-customized phishing attacks against Wi-Fi clients

• python-pinyin - 汉字拼音转换工具 Python 版(pypinyin)。

• python-shanbay - 提供一系列操作扇贝网 (www.shanbay.com) 的 API

• fuckCoreMail - fuck

• TangScan - TangScan

• ScanSqlTestchromeExtensions - just test

• Nscan - Nscan: Fast internet-wide scanner

• Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

• Beehive - Beehive is an open-source vulnerability detection framework based on Beebeeto-framework. Security researcher can use it to find vulnerability, exploits, subsequent attacks, etc.

• Beebeeto-framework - Beebeeto FrameWork

• social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

• Crack-Tools - web form crack

• V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

• SimplyEmail - Email recon made fast and easy, with a framework to build on

• spiderfoot - SpiderFoot, the open source footprinting and intelligence-gathering tool.

• baiduyun-brute - [已失效] 多线程百度云(私密分享)密码爆破工具 pan.baidu.com

• subDomainsBrute - A simple and fast sub domain brute tool for pentesters

• Sublist3r - Fast subdomains enumeration tool for penetration testers

• dzscan - Dzscan

• thorns - thorns_project 分布式异步队列系统

• passive_scan - 基于http代理的web漏洞扫描器的实现

• CPassword - 社工密码生成

• genPass - 渗透测试中关于字典生成和整理辅助的工具

• wydomain - to discover subdomains of your target domain

• GitHack - A .git folder disclosure exploit

• htpwdScan - A python HTTP weak pass scanner

• sqlmap - Automatic SQL injection and database takeover tool

• sqlmapapi_pi - 利用sqlmapapi进行批量检测sql注入

• MSpider - Spider

• BBScan - A tiny Batch weB vulnerability Scanner

• weakfilescan - 动态多线程敏感信息泄露检测工具

• wyportmap - 目标端口扫描+系统服务指纹识别

• weakfilescan - 动态多线程敏感信息泄露检测工具

• wydomain - 目标系统信息收集组件

• hackUtils - It is a hack tool kit for pentest and web security research.

Roff

• websearch - Search engine for web assets

Ruby

• metasploit-framework - Metasploit Framework

• Eternalblue-Doublepulsar-Metasploit - Eternalblue-Doublepulsar-Metasploit

• Eternalblue-Doublepulsar-Metasploit -

• Metasploit-Plugins - Plugins for Metasploit Framework

• Meterpreter-Scripts - Meterpreter Scripts that I'm working on

• cve-2017-7269 - fixed msf module for cve-2017-7269

• PTReporter - 中文版渗透报告生成系统-Serpico

• metasploit-framework - Metasploit Framework

• fofa - fofa website

• whitewidow - SQL Vulnerability Scanner

• msf_module - Metasploit module

• phishlulz -

• metasploit-framework - Metasploit Framework

• wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

• sqli-hunter - A simple sqlmap api wrapper and proxy server

• wyquery - Wooyun查询系统

Shell

• vulhub - Docker-Compose file for vulnerability environment

• secist_script - 更新优化Demon的Metasploit Payload

• S2-046 - S2-046 POC

• st2-046-poc - st2-046-poc CVE-2017-5638

• VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)

• metasploitavevasion - Metasploit AV Evasion Tool

• streisand - Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

• payloads - Git All the Payloads! A collection of web attack payloads.

• RootHelper - A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

• RootHelper - A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

• Woobuntu -

License

To the extent possible under law, kiang70 has waived all copyright and related or neighboring rights to this work.