A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Freeze (package) Python programs into stand-alone executables

Main Sigma Rule Repository

Nginx configuration static analyzer

An advanced memory forensics framework

📂 🐇 🎩 See what a program does before deciding whether you really want it to happen (NO LONGER MAINTAINED)

Hunt for security weaknesses in Kubernetes clusters

A non-validating SQL parser module for Python

TideFinger——指纹识别小工具，汲取整合了多个web指纹库，结合了多种指纹检测方法，让指纹检测更快捷、准确。

This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.

动态多线程敏感信息泄露检测工具

Plug-in type web vulnerability scanner

CUP, common useful python-lib. (Currently, Most popular python lib in baidu). Python 开发底层库, 涵盖util、service(threadpool/generator/executor/cache等等)、logging、monitoring、增强型配置 等等库支持

被动式漏洞扫描系统

Online hash checker for Virustotal and other services

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

a very fast brute force webshell password tool

Wazuh - Ruleset

Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.

Yara Rule Analyzer and Statistics

基于http代理的web漏洞扫描器的实现

luna webscanner

FileScan: 敏感文件扫描 / 二次判断降低误报率 / 扫描内容规则化 / 多目录扫描

一个用于识别目标网站是否采用Struts2框架开发的工具demo

A POC for DNS spoofing in kubernetes clusters. Runs with minimum capabilities, on default installations of kuberentes.

Phantom scanner——An interface friendly and lightweight web assets scanner

Set of CLI tools to transform ModSecurity logs into a meaningful information, given a context.

!!!不建议使用了，可以使用AuditBeat!!! Linux服务器命令监控辅助脚本，ElasticSearch + Logstash + Kibana + Redis + Auditd