BurpSuite资源收集:400+Burp插件 500+Burp文章视频

January 2, 2020, 6:35 pm

≫ Next: 2020年信息安全资源集合渗透测试笔记文章教程工具

≪ Previous: burp插件大全漏洞扫描 waf绕过 sql XSS 命令注入 fuzzer

BurpSuite资源收集:400+Burp插件,500+Burp文章视频
项目地址: github.com/alphaSeclab/awesome-burp-suite

工具

收集

[1982星][1y] [BitBake] 1n3/intruderpayloads BurpSuite Intruder Payload收集
[1112星][1y] [Py] bugcrowd/hunt Burp和ZAP的扩展收集
[1108星][2m] snoopysecurity/awesome-burp-extensions Burp扩展收集
[917星][15d] [Batchfile] mr-xn/burpsuite-collections BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程
[96星][2y] [Java] jgillam/burp-co2 A collection of enhancements for Portswigger’s popular Burp Suite web penetration testing tool.
[87星][9m] [Py] laconicwolf/burp-extensions A collection of scripts to extend Burp Suite
[58星][22d] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA Scripts
- IDA-read_unicode.py IDA插件，识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时，读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM，在某些情况下修复（Android/iOS）
- IDA-add_block_for_macho 分析macho文件中的block结构
[22星][4y] [Java] ernw/burpsuite-extensions A collection of Burp Suite extensions

新添加

[378星][3m] [Java] nccgroup/autorepeater Automated HTTP Request Repeating With Burp Suite
[376星][2y] [Py] 0x4d31/burpa A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
[371星][4y] [JS] allfro/burpkit Next-gen BurpSuite penetration testing tool
[299星][1y] [Java] vmware/burp-rest-api REST/JSON API to the Burp Suite security tool.
[265星][3y] [Java] codewatchorg/bypasswaf Add headers to all Burp requests to bypass some WAF products
[147星][4m] [Java] netsoss/headless-burp Automate security tests using Burp Suite.
[141星][1y] [Java] tomsteele/burpbuddy burpbuddy exposes Burp Suites’s extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM
[118星][1m] [Java] nccgroup/decoder-improved Improved decoder for Burp Suite
[111星][22d] [Java] ozzi-/jwt4b JWT Support for Burp
[110星][2y] [Java] x-ai/burpunlimitedre This project !replace! BurpUnlimited of depend (BurpSutie version 1.7.27). It is NOT intended to replace them!
[103星][7m] [Py] kibodwapon/noeye A blind mode exploit framework (a dns server and a web app) that like wvs’s AcuMonitor Service or burpsuite’s collabrator or cloudeye
[99星][4y] [Java] summitt/burp-ysoserial YSOSERIAL Integration with burp suite
[84星][2y] [Java] yandex/burp-molly-pack Security checks pack for Burp Suite
[82星][6y] [Py] mwielgoszewski/burp-protobuf-decoder A simple Google Protobuf Decoder for Burp
[81星][8m] [Py] leoid/matchandreplace Match and Replace script used to automatically generate JSON option file to BurpSuite
[70星][6y] [Java] irsdl/burpsuitejsbeautifier Burp Suite JS Beautifier
[70星][2m] [Py] ziirish/burp-ui a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
[68星][3y] [Py] stayliv3/burpsuite-changeu burpsuite 插件。将返回值中的unicode明文
[59星][5y] [Ruby] tduehr/buby A JRuby implementation of the BurpExtender interface for PortSwigger Burp Suite.
[53星][2m] [Java] coreyd97/stepper A natural evolution of Burp Suite’s Repeater tool
[52星][5y] [Py] jfoote/burp-git-bridge Store Burp data and collaborate via git
[50星][2m] [Java] portswigger/stepper A natural evolution of Burp Suite’s Repeater tool
[48星][1y] [java] anbai-inc/burpstart Burp 启动加载器
[46星][2m] [Py] hvqzao/report-ng Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
[45星][1y] [Ruby] pentestgeek/burpcommander Ruby command-line interface to Burp Suite’s REST API
[42星][11m] [Java] secdec/attack-surface-detector-burp The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
[41星][12m] [Py] zynga/hiccup [DEPRECATED] Hiccup is a framework that allows the Burp Suite (a web application security testing tool,
[41星][6y] [PHP] spiderlabs/upnp-request-generator A tool to parse UPnP descriptor XML files and generate SOAP control requests for use with Burp Suite or netcat
[40星][11m] [Go] joanbono/gurp Burp Commander written in Go
[39星][8m] [Dockerfile] marco-lancini/docker_burp Burp Pro as a Docker Container
[38星][2m] [Py] zephrfish/burpfeed Hacked together script for feeding urls into Burp’s Sitemap
[36星][8y] [Py] gdssecurity/burpee Python object interface to requests/responses recorded by Burp Suite
[36星][8y] [C#] gdssecurity/wcf-binary-soap-plug-in a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data (“Content-Type: application/soap+msbin1)
[35星][7y] [Java] continuumsecurity/resty-burp REST/JSON interface to Burp Suite
[35星][1y] [Java] bit4woo/resign A burp extender that recalculate signature value automatically after you modified request parameter value.
[33星][3y] [Go] tomsteele/burpstaticscan Use burp’s JS static code analysis on code from your local system.
[32星][10m] twelvesec/bearerauthtoken This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach to solve the problem of Burp suite automated scanning failures when Authorization tokens exist.
[28星][2y] [Java] bit4woo/gui_burp_extender_para_encrypter Burp_Extender_para_encrypter
[28星][4y] [Java] burp-hash/burp-hash a Burp Suite plugin.
[28星][4y] [Py] smeegesec/burp-importer Burp Suite Importer – Connect to multiple web servers while populating the sitemap.
[28星][6m] [Java] bit4woo/burp-api-drops burp suite API 处理http请求和响应的基本流程
[25星][3y] [Java] pokeolaf/pokemongodecoderforburp A simpe decoder to decode requests/responses made by PokemonGo in burp
[22星][7m] [Java] ettic-team/endpointfinder-burp burp plugin to find endpoint
[22星][2y] [Java] silentsignal/burp-uuid UUID issues for Burp Suite
[21星][5y] [Java] khai-tran/burpjdser a Burp plugin that will deserialze/serialize Java request and response to and from XML with the use of Xtream library
[21星][2m] [Java] portswigger/json-web-tokens JWT Support for Burp
[18星][7y] [Java] omercnet/burpjdser-ng BurpJDSer-ng
[18星][2m] [Java] silentsignal/burp-json-jtree JSON JTree viewer for Burp Suite
[18星][2m] [Py] xscorp/burpee A python module that accepts an HTTP request file and returns a dictionary of headers and post data
[17星][3m] [BitBake] sy3omda/burp-bounty is extension of Burp Suite that improve Burp scanner.
[16星][2y] [Visual Basic .NET] xcanwin/xburpcrack This is a tool to bypass the cracked version of the burpsuite_pro(Larry_Lau) certification deadline through time reversal.
[15星][11m] [Java] portswigger/auto-repeater Automated HTTP Request Repeating With Burp Suite
[14星][7m] [Java] portswigger/openapi-parser Parse OpenAPI specifications, previously known as Swagger specifications, into the BurpSuite for automating RESTful API testing – approved by Burp for inclusion in their official BApp Store.
[13星][14d] [Java] ankokuty/belle Belle (Burp Suite 非公式日本語化ツール)
[13星][6y] [Java] ioactive/burpjdser-ng Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed
[13星][2y] [Java] netspi/jsonbeautifier JSON Beautifier for Burp written in Java
[12星][2y] [Java] portswigger/json-beautifier JSON Beautifier for Burp written in Java
[11星][9m] [Py] anandtiwarics/python-burp-rest-api Python Package for burprestapi
[11星][2y] [Java] gozo-mt/burplist A jython wordlist creator in-line with Burp-suite
[10星][3y] [Java] portswigger/bypass-waf Add headers to all Burp requests to bypass some WAF products
[10星][2y] [Py] sahildhar/burpextenderpractise burp extender practise
[8星][3y] [Java] silentsignal/burp-cfurl-cache CFURL Cache inspector for Burp Suite
[7星][2y] [Java] jgillam/serphper Serialized PHP toolkit for Burp Suite
[6星][10m] raspberrypilearning/burping-jelly-baby Make a Jelly Baby burp by pressing it!
[6星][11m] chef-koch/windows-redstone-4-1803-data-analysis Explains the telemetry, opt-out methods and provides some Whireshark/Burp dumps in order to see what MS really transmit
[5星][4y] [Py] cyberdefenseinstitute/burp-msgpack MessagePack converter
[5星][2y] [Java] silentsignal/burp-commentator Generates comments for selected request(s) based on regular expressions
[4星][7y] [Py] dnet/burp-gwt-wrapper Burp Suite GWT wrapper
[4星][2y] [Ruby] geoffwalton/burp-command
[4星][2y] [Java] silentsignal/burp-git-version
[4星][6m] [Java] virusdefender/burptime Burp Show Response Time
[4星][12d] [Java] gdgd009xcd/automacrobuilder multi step request sequencer AutoMacroBuilder for burpsuite
[3星][6y] [Java] directdefense/noncetracker A Burp extender module that tracks and updates nonce values per a specific application action.
[3星][3y] [Batchfile] jas502n/burpsuite_pro_v1.7.11-crack BurpSuite_pro_v1.7.11-Crack 破解版抓包神器
[3星][2y] [Py] niemand-sec/burp-scan-them-all Small script for automatizing Burp with Carbonator and slack
[2星][1y] [Py] bao7uo/burpelfish BurpelFish – Adds Google Translate to Burp’s Context Menu. “Babel Fish” language translation for app-sec testing in other languages.
[2星][2y] [Java] cornerpirate/demoextender Code used for a tutorial to get Netbeans GUI editor to work with a Burp Suite Extender
[2星][2y] [Py] dnet/burp-scripts Scripts I wrote to extend Burp Suite functionality
[2星][5y] [Shell] evilpacket/bower-burp-static-analysis Nov 2014 scan of bower using burp suite static analysis engine
[2星][6y] [Py] meatballs1/burp_wicket_handler
[2星][4y] [Py] mwielgoszewski/burp-jython-tab
[2星][1y] [Java] peachtech/peachapisec-burp Peach API Security Burp Integration
[1星][2y] [Java] sampsonc/perfmon Performance metrics for Burp Suite
[1星][30d] [Java] bytebutcher/burp-send-to Adds a customizable “Send to…”-context-menu to your BurpSuite.
[0星][2y] [Java] adityachaudhary/phantom-cryptor Burp Suite extender to encrypt requests and decrypt response.
[0星][1y] jgamblin/burptest
[0星][2y] kkirsche/burp_suite_lists Lists to use with Burp Suite
[0星][3y] [Java] luj1985/albatross XML Fast Infoset decoder for Burp Suite
[0星][2y] [Java] silentsignal/burp-asn1 ASN.1 toolbox for Burp Suite

插件&&扩展

[730星][2y] [JS] xl7dev/burpsuite BurpSuite using the document and some extensions
[715星][1y] [Java] d3vilbug/hackbar HackBar plugin for Burpsuite
[605星][10m] [Java] c0ny1/chunked-coding-converter Burp suite 分块传输辅助插件
[445星][7m] [Py] albinowax/activescanplusplus ActiveScan++ Burp Suite Plugin
[410星][8m] [Java] nccgroup/burpsuitehttpsmuggler A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
[366星][23d] [Java] portswigger/http-request-smuggler an extension for Burp Suite designed to help you launch HTTP Request Smuggling attack
[364星][14d] [Kotlin] portswigger/turbo-intruder a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
[359星][5m] [Java] bit4woo/domain_hunter 利用burp收集整个企业、组织的域名（不仅仅是单个主域名）的插件
[341星][2y] [Py] securityinnovation/authmatrix AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
[340星][2y] [Py] pathetiq/burpsmartbuster A Burp Suite content discovery plugin that add the smart into the Buster!
[336星][23d] [Java] bit4woo/knife A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
[310星][1y] [Java] ebryx/aes-killer Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
[273星][2m] [Py] quitten/autorize Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
[257星][3m] [Py] rhinosecuritylabs/iprotate_burp_extension Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
[250星][1m] [Java] c0ny1/jsencrypter 一个用于加密传输爆破的Burp Suite插件
[246星][5m] [Py] initroot/burpjslinkfinder Burp Extension for a passive scanning JS files for endpoint links.
[244星][3m] [Java] c0ny1/passive-scan-client Burp被动扫描流量转发插件
[238星][3m] [Java] samlraider/samlraider SAML2 Burp Extension
[191星][2y] [Java] p3gleg/pwnback Burp Extender plugin that generates a sitemap of a website using Wayback Machine
[175星][2y] [Py] virtuesecurity/aws-extender a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.
[174星][3m] [Java] lilifengcode/burpsuite-plugins-usage Burpsuite-Plugins-Usage
[160星][1m] [Py] regala/burp-scope-monitor Burp Suite Extension to monitor new scope
[159星][5m] [Java] netspi/javaserialkiller Burp extension to perform Java Deserialization Attacks
[158星][1y] [Py] bayotop/off-by-slash Bupr扩展, 检测利用Nginx错误配置导致的重名遍历(alias traversal)
[157星][7m] [Py] thekingofduck/burpfakeip 一个用于伪造ip地址进行爆破的Burp Suite插件
[149星][3y] [Java] mwielgoszewski/jython-burp-api Develop Burp extensions in Jython
[143星][6m] [Py] codingo/minesweeper A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
[137星][2y] [Java] netspi/wsdler WSDL Parser extension for Burp
[123星][4y] [Py] moloch–/csp-bypass A Burp Plugin for Detecting Weaknesses in Content Security Policies
[121星][1m] [Py] redhuntlabs/burpsuite-asset_discover Burp Suite extension to discover assets from HTTP response.
[119星][6y] [Py] meatballs1/burp-extensions Burp Suite Extensions
[118星][2m] [Py] prodigysml/dr.-watson a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information!
[103星][2y] [Java] clr2of8/gathercontacts A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results
[103星][2y] [Java] gosecure/csp-auditor Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
[102星][3m] [Java] netspi/burp-extensions Central Repo for Burp extensions
[95星][19d] [Py] m4ll0k/burpsuite-secret_finder Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
[89星][3y] [Java] dobin/burpsentinel GUI Burp Plugin to ease discovering of security holes in web applications
[89星][8m] [Py] lopseg/jsdir a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.
[88星][2y] [Java] silentsignal/burp-image-size Image size issues plugin for Burp Suite
[87星][10m] [Java] doyensec/burpdeveltraining Material for the training “Developing Burp Suite Extensions – From Manual Testing to Security Automation”
[83星][1m] [Java] jgillam/burp-paramalyzer Burp extension for parameter analysis of large-scale web application penetration tests.
[83星][1y] [Py] nccgroup/blackboxprotobuf Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.
[75星][1y] [Java] bit4woo/u2c Unicode To Chinese — U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
[73星][2y] [Java] spiderlabs/burplay Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.
[69星][12d] [Java] c0ny1/captcha-killer burp验证码识别接口调用插件
[65星][2y] [Py] markclayton/bumpster The Unofficial Burp Extension for DNSDumpster.com
[64星][1y] [Java] c0ny1/httpheadmodifer 一款快速修改HTTP数据包头的Burp Suite插件
[63星][5m] [Java] nccgroup/berserko Burp Suite extension to perform Kerberos authentication
[58星][11m] [Java] portswigger/replicator Burp extension to help developers replicate findings from pen tests
[57星][6y] [Java] spiderlabs/burpnotesextension a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.
[51星][1y] [Java] netspi/burpextractor A Burp extension for generic extraction and reuse of data within HTTP requests and responses.
[48星][2y] [Java] inode-/attackselector Burp Suite Attack Selector Plugin
[46星][28d] [Java] netspi/awssigner Burp Extension for AWS Signing
[43星][1y] [Py] br3akp0int/gqlparser A repository for GraphQL Extension for Burp Suite
[42星][5m] [Py] gh0stkey/jsonandhttpp Burp Suite Plugin to convert the json text that returns the body into HTTP request parameters.
[40星][6y] [Java] wuntee/burpauthzplugin Burp plugin to test for authorization flaws
[39星][11m] [Java] tijme/similar-request-excluder A Burp Suite extension that automatically marks similar requests as ‘out-of-scope’.
[37星][1y] [Java] augustd/burp-suite-error-message-checks Burp Suite extension to passively scan for applications revealing server error messages
[36星][3y] [Py] 0ang3el/unsafe-jax-rs-burp Burp Suite extension for JAX-RS
[35星][1y] [Java] ikkisoft/blazer Burp Suite AMF Extension
[35星][11d] [Kotlin] typeerror/bookmarks A Burp Suite Extension to take back your repeater tabs
[34星][5y] [Py] dionach/headersanalyzer Burp extension that checks for interesting and security headers
[34星][2y] [Py] penafieljlm/burp-tracer BurpSuite 扩展。获取当前的站点地图，提取每个请求参数，并搜索存在请求参数值的回复
[33星][2y] [Java] dnet/burp-oauth OAuth plugin for Burp Suite Extender
[33星][2m] [Java] rub-nds/tls-attacker-burpextension assist in the evaluation of TLS Server configurations with Burp Suite.
[32星][5y] [Java] malerisch/burp-csj BurpCSJ extension for Burp Pro – Crawljax Selenium JUnit integration
[32星][7m] [Py] portswigger/active-scan-plus-plus ActiveScan++ Burp Suite Plugin
[30星][4y] [Py] carstein/burp-extensions Automatically exported from code.google.com/p/burp-extensions
[30星][7y] [Py] meatballs1/burp_jsbeautifier js-beautifier extension for Burp Suite
[30星][4m] [Py] portswigger/js-link-finder Burp Extension for a passive scanning JS files for endpoint links.
[29星][8m] [Java] hvqzao/burp-flow Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
[26星][10m] [Kotlin] gosecure/burp-ntlm-challenge-decoder Burp extension to decode NTLM SSP headers and extract domain/host information
[24星][2y] [Py] portswigger/burp-smart-buster A Burp Suite content discovery plugin that add the smart into the Buster!
[24星][3y] [Py] silentsignal/activescan3plus Modified version of ActiveScan++ Burp Suite extension
[23星][2y] [Py] aur3lius-dev/spydir BurpSuite extension to assist with Automated Forced Browsing/Endpoint Enumeration
[23星][5m] [Py] elespike/burp-cph Custom Parameter Handler extension for Burp Suite.
[23星][2y] [Ruby] zidekmat/graphql_beautifier Burp Suite extension to help make Graphql request more readable
[22星][8m] [Java] silentsignal/burp-requests Copy as requests plugin for Burp Suite
[21星][2y] [Py] unamer/ctfhelper A simple Burp extension for scanning stuffs in CTF
[20星][3y] [Ruby] kingsabri/burp_suite_extension_ruby BurpSuite Extension Ruby Template to speed up building a Burp Extension using Ruby
[20星][3y] [Py] securitymb/burp-exceptions Simple trick to increase readability of exceptions raised by Burp extensions written in Python
[19星][8m] [Java] hvqzao/burp-wildcard Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
[19星][5y] [Java] nccgroup/wcfdser-ngng A Burp Extender plugin, that will make binary soap objects readable and modifiable.
[18星][4m] [Java] augustd/burp-suite-software-version-checks Burp extension to passively scan for applications revealing software version numbers
[17星][2m] [Java] phefley/burp-javascript-security-extension A Burp Suite extension which performs checks for cross-domain scripting against the DOM, subresource integrity checks, and evaluates JavaScript resources against threat intelligence data.
[17星][7m] [Py] yeswehack/yesweburp YesWeHack Api Extension for Burp
[15星][4y] [Java] shengqi158/rsa-crypto-burp-extention burp 插件用于RSA 数据包加解密
[15星][10m] [Java] twelvesec/jdser-dcomp A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.
[15星][1y] [Py] portswigger/nginx-alias-traversal Burp extension to detect alias traversal via NGINX misconfiguration at scale.
[14星][3y] [JS] rinetd/burpsuite-1 BurpSuite using the document and some extensions
[13星][5y] [Py] enablesecurity/identity-crisis A Burp Suite extension that checks if a particular URL responds differently to various User-Agent headers
[13星][7m] [Py] modzero/burp-responseclusterer Burp plugin that clusters responses to show an overview of received responses
[13星][1y] [Java] moeinfatehi/admin-panel_finder A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
[13星][7m] [Py] solomonsklash/sri-check A Burp Suite extension for identifying missing Subresource Integrity attributes.
[12星][3m] [Java] augustd/burp-suite-utils Utilities for creating Burp Suite Extensions.
[12星][5y] [Java] federicodotta/burpjdser-ng-edited Burp Suite plugin that allow to deserialize Java objects and convert them in an XML format. Unpack also gzip responses. Based on BurpJDSer-ng of omercnet.
[12星][7y] [Py] infodel/burp.extension-googlehack Burp Suite Extension providing Google Hacking Interface
[11星][2y] [Ruby] crashgrindrips/burp-dump A Burp plugin to dump HTTP(S) requests/responses to a file system
[11星][6y] [Py] faffi/curlit Burp plugin to turn requests into curl commands
[11星][3y] [Java] h3xstream/burp-image-metadata Burp and ZAP plugin that display image metadata (JPEG Exif or PNG text chunk).
[11星][2y] [Java] hvqzao/burp-token-rewrite Burp extension for automated handling of CSRF tokens
[11星][2y] [Java] portswigger/attack-selector Burp Suite Attack Selector Plugin
[11星][7m] [Java] portswigger/copy-as-python-requests Copy as requests plugin for Burp Suite
[11星][6y] [Py] smeegesec/wsdlwizard WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.
[11星][4y] [Java] monikamorrow/burp-suite-extension-examples Burp Suite starter example projects.
[10星][2y] [HTML] adriancitu/burp-tabnabbing-extension Burp Suite Professional extension in Java for Tabnabbing attack
[10星][6y] [Java] xxux11/burpheartbleedextension Burp Heartbleed Extension
[10星][2y] [Java] c0ny1/burp-cookie-porter 一个可快速“搬运”cookie的Burp Suite插件
[10星][2y] [Java] portswigger/kerberos-authentication Burp Suite extension to perform Kerberos authentication
[9星][5y] [Java] allfro/dotnetbeautifier A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
[9星][4y] [Java] augustd/burp-suite-gwt-scan Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
[9星][7m] [Py] defectdojo/burp-plugin A Burp plugin to export findings to DefectDojo
[9星][1y] [Java] sampsonc/authheaderupdater Burp extension to specify the token value for the Authenication header while scanning.
[9星][2y] [Java] aoncyberlabs/fastinfoset-burp-plugin Burp plugin to convert fast infoset (FI) to/from the text-based XML document format allowing easy editing
[8星][2y] [Py] bao7uo/waf-cookie-fetcher WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp’s cookie jar. Requires PhantomJS.
[8星][6y] [Java] cyberisltd/post2json Burp Suite Extension to convert a POST request to JSON message, moving any .NET request verification token to HTTP headers if present
[8星][3y] [Java] eonlight/burpextenderheaderchecks A Burp Suite Extension that adds Header Checks and other helper functionalities
[8星][2y] [Java] rammarj/csrf-poc-creator A Burp Suite extension for CSRF proof of concepts.
[8星][5m] [Py] fsecurelabs/timeinator Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.
[7星][3y] [Java] dibsy/staticanalyzer StaticAnalyzer is a burp plugin that can be used to perform static analysis of the response information from server during run time. It will search for specific words in the response that is mentioned in the vectors.txt
[7星][3y] [Ruby] dradis/burp-dradis Dradis Framework extension for Burp Suite
[7星][3y] [Java] fruh/extendedmacro ExtendedMacro – BurpSuite plugin providing extended macro functionality
[7星][1y] [Java] pajswigger/add-request-to-macro Burp extension to add a request to a macro
[7星][2y] [Java] yehgdotnet/burp-extention-bing-translator Burp Plugin – Bing Translator
[6星][3m] [Java] aress31/copy-as-powershell-requests Copy as PowerShell request(s) plugin for Burp Suite (approved by PortSwigger for inclusion in their official BApp Store).
[6星][1m] [Java] aress31/googleauthenticator Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
[6星][3m] [Java] lorenzog/burpaddcustomheader A Burp Suite extension to add a custom header (e.g. JWT)
[6星][2y] [Py] maxence-schmitt/officeopenxmleditor Burp extension that add a tab to edit Office Open XML document (xlsx,docx,pptx)
[6星][2y] [Java] silentsignal/burp-uniqueness Uniqueness plugin for Burp Suite
[6星][2y] [Java] stackcrash/burpheaders Burp extension for checking optional headers
[6星][5m] [Java] augustd/burp-suite-jsonpath JSONPath extension for BurpSuite
[6星][7m] [Java] denniskniep/gqlraider GQL Burp Extension
[6星][2m] [Java] neal1991/r-forwarder-burp The burp extension to forward the request
[5星][6y] [Java] eganist/burp-issue-poster This Burp Extension is intended to post to a service the details of an issue found either by active or passive scanning
[5星][3y] [Py] floyd-fuh/burp-collect500 Burp plugin that collects all HTTP 500 messages
[5星][7y] [Py] mwielgoszewski/jython-burp-extensions Jython burp extensioins
[5星][2m] [Java] iamaldi/rapid Rapid is a Burp extension that enables you to save HTTP Request / Response to file in a user friendly text format a lot faster.
[5星][22d] [Ruby] dradis/dradis-burp Burp Suite plugin for the Dradis Framework
[5星][27d] [Java] parsiya/bug-diaries A extension for Burp’s free edition that mimics the pro edition’s custom scan issues.
[4星][6y] [Perl] allfro/browserrepeater BurpSuite extension for Repeater tool that renders responses in a real browser.
[4星][2y] [Java] dannegrea/tokenjar Burp Suite extension. Useful for managing tokens like anti-CSRF, CSurf, Session values. Can be used to set params that require random numbers or params that are computed based on application response.
[4星][2y] [Java] pentestpartners/fista A Burp Extender plugin allowing decoding of fastinfoset encoded communications.
[4星][3y] [Java] jksecurity/burp_savetofile BurpSuite plugin to save just the body of a request or response to a file
[3星][2y] [Py] externalist/aes-encrypt-decrypt-burp-extender-plugin-example A POC burp extender plugin to seamlessly decrypt/encrypt encrypted HTTP network traffic.
[3星][9m] [Java] raise-isayan/bigipdiscover It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
[3星][2y] [Py] snoopysecurity/noopener-burp-extension Find Target=”_blank” values within web pages that are set without ‘noopener’ and ‘noreferrer’ attributes
[3星][3y] [Py] vergl4s/signatures Length extension attacks in Burp Suite
[3星][3y] [Java] cnotin/burp-scan-manual-insertion-point Burp Suite Pro extension
[3星][3m] [Java] wrvenkat/burp-multistep-csrf-poc Burp extension to generate multi-step CSRF POC.
[3星][3m] [Java] augustd/burp-suite-swaggy Burp Suite extension for parsing Swagger web service definition files
[3星][7m] [Py] solomonsklash/cookie-decrypter A Burp Suite Professional extension for decrypting/decoding various types of cookies.
[2星][2y] [Java] alexlauerman/incrementmeplease Burp extension to increment a parameter in each active scan request
[2星][4y] [Py] d453d2/burp-jython-console Burp Suite extension to enable a Jython console – origin (
[2星][1y] [Java] matanatr96/decoderproburpsuite Burp Suite Plugin to decode and clean up garbage response text
[2星][3y] [Java] silentsignal/burp-json-array JSON Array issues plugin for Burp Suite
[2星][2y] stayliv3/burpsuite-magic 收集burpsuite插件，并对每个插件编写使用说明手册。
[2星][2y] [Ruby] thec00n/uploader Burp extension to test for directory traversal attacks in insecure file uploads
[2星][8y] [Java] thecao365/burp-suite-beautifier-extension burp-suite-beautifier-extension
[2星][28d] [Java] parsiya/burp-sample-extension-java Sample Burp Extension in Java
[1星][7m] [Java] bort-millipede/burp-batch-report-generator Small Burp Suite Extension to generate multiple scan reports by host with just a few clicks. Works with Burp Suite Professional only.
[1星][28d] [Java] infobyte/faraday_burp Faraday Burp Extension
[1星][9m] [Java] jonluca/burp-copy-as-node Burp extension to copy a request as a node.js requests function
[1星][2y] [Java] moradotai/cms-scan An active scan extension for Burp that provides supplemental coverage when testing popular content management systems.
[1星][3y] [Java] tagomaru/burp-extension-sync-parameter an extension to Burp Suite that provides a sync function for CSRF token parameter.
[1星][3m] [Py] bomsi/blockerlite Simple Burp extension to drop blacklisted hosts
[1星][4y] [Py] hvqzao/burp-csrf-handling CSRF tokens handling Burp extension
[1星][1m] [Java] sunny0day/burp-auto-drop Burp extension to automatically drop requests that match a certain regex.
[0星][3y] [Java] chris-atredis/burpchat burpChat is a BurpSuite plugin that enables collaborative BurpSuite usage using XMPP/Jabber.
[0星][2y] [Java] insighti/burpamx AMX Authorization Burp Suite Extension
[0星][9m] [Java] xorrbit/burp-nessusloader Burp Suite extension to import detected web servers from a Nessus scan xml file (.nessus)

漏洞&&扫描

[663星][10m] [Java] vulnerscom/burp-vulners-scanner Burp扫描插件，基于vulners.com搜索API
[510星][2m] [Java] wagiro/burpbounty is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
[395星][2y] [Java] federicodotta/java-deserialization-scanner All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
[225星][6m] [Perl] modzero/mod0burpuploadscanner HTTP file upload scanner for Burp Proxy
[186星][1y] [Perl] portswigger/upload-scanner HTTP file upload scanner for Burp Proxy
[136星][22d] [JS] h3xstream/burp-retire-js Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
[128星][2y] [Java] yandex/burp-molly-scanner Turn your Burp suite into headless active web application vulnerability scanner
[101星][2y] [Java] spiderlabs/airachnid-burp-extension A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
[85星][4m] [Py] kapytein/jsonp a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
[81星][9m] [Py] nccgroup/argumentinjectionhammer A Burp Extension designed to identify argument injection vulnerabilities.
[75星][4y] [Java] directdefense/superserial SuperSerial – Burp Java Deserialization Vulnerability Identification
[74星][4y] [Py] integrissecurity/carbonator The Burp Suite Pro extension that automates scope, spider & scan from the command line.
[59星][1y] [Py] capt-meelo/telewreck A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
[58星][3y] [Java] vulnerscom/burp-dirbuster Dirbuster plugin for Burp Suite
[57星][3y] [Java] linkedin/sometime A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities
[56星][2y] [Java] bigsizeme/burplugin-java-rce Burp plugin, Java RCE
[46星][2y] [Java] portswigger/httpoxy-scanner A Burp Suite extension that checks for the HTTPoxy vulnerability.
[42星][2y] [Py] modzero/interestingfilescanner Burp extension
[39星][3y] [Java] directdefense/superserial-active SuperSerial-Active – Java Deserialization Vulnerability Active Identification Burp Extender
[38星][1y] [Py] luh2/detectdynamicjs The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.
[35星][4m] [Py] arbazkiraak/burpblh 使用IScannerCheck发现被劫持的损坏链接. Burp插件
[34星][4y] [Py] politoinc/yara-scanner Yara intergrated into BurpSuite
[34星][3y] [Py] thomaspatzke/burp-sessionauthtool Burp plugin which supports in finding privilege escalation vulnerabilities
[29星][2y] [Py] portswigger/wordpress-scanner Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.
[29星][7m] [Java] portswigger/scan-check-builder Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
[25星][2y] [Java] vankyver/burp-vulners-scanner Burp scanner plugin based on Vulners.com vulnerability database
[25星][6y] [Py] opensecurityresearch/custompassivescanner A Custom Scanner for Burp
[23星][3y] [Java] vah13/burpcrlfplugin Another plugin for CRLF vulnerability detection
[22星][9m] [BitBake] ghsec/bbprofiles Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
[21星][3y] [Py] f-secure/headless-scanner-driver A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output
[20星][3m] [Java] aress31/flarequench Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
[19星][2m] [Java] mirfansulaiman/customheader This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History)
[18星][4y] codewatchorg/burp-yara-rules Yara rules to be used with the Burp Yara-Scanner extension
[18星][6m] [Java] thomashartm/burp-aem-scanner Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
[16星][1y] [Py] portswigger/additional-scanner-checks Collection of scanner checks missing in Burp
[14星][3y] [Java] portswigger/same-origin-method-execution A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities
[13星][1y] [Py] thomaspatzke/burp-missingscannerchecks Collection of scanner checks missing in Burp
[12星][2y] [Java] ah8r/csrf CSRF Scanner Extension for Burp Suite Pro
[10星][4y] [Java] augustd/burp-suite-token-fetcher Burp Extender to add unique form tokens to scanner requests.
[10星][1y] [Py] portswigger/detect-dynamic-js The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.
[10星][3y] [Java] ring04h/java-deserialization-scanner All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
[10星][2y] [Java] securifybv/phpunserializecheck PHP Unserialize Check – Burp Scanner Extension
[10星][23d] [Java] veggiespam/imagelocationscanner Scan for GPS location exposure in images with this Burp & ZAP plugin.
[7星][3y] [Py] luh2/pdfmetadata The PDF Metadata Burp Extension provides an additional passive Scanner check for metadata in PDF files.
[4星][4y] [Ruby] blazeinfosec/activeevent ActiveEvent is a Burp plugin that integrates Burp Scanner and Splunk events
[4星][2y] [Java] codedx/burp-extension Burp Suite plugin to send data to Code Dx software vulnerability management system
[2星][3y] [Java] moeinfatehi/cvss_calculator CVSS Calculator – a burp suite extension for calculating CVSS v2 and v3 scores of vulnerabilities.
[2星][6y] [Java] thec00n/dradis-vuln-table Dradis Vuln Table extension for Burp suite
[1星][1y] [Java] logicaltrust/burpexiftoolscanner Burp extension, reads metadata using ExifTool
[1星][2y] [Java] rammarj/burp-header-injector Burp Free plugin to test for host header injection vulnerabilities. (Development)
[1星][9m] [Py] jamesm0rr1s/burpsuite-add-and-track-custom-issues Add & Track Custom Issues is a Burp Suite extension that allows users to add and track manual findings that the automated scanner was unable to identify.

代理

[912星][3y] [Java] summitt/burp-non-http-extension Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
[303星][15d] [Java] ilmila/j2eescan a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
[250星][2y] [Java] portswigger/collaborator-everywhere Burp Suite 扩展，通过注入非侵入性 headers 来增强代理流量，通过引起 Pingback 到 Burp Collaborator 来揭露后端系统
[150星][5m] [Py] kacperszurek/burp_wp Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.
[88星][6m] [Java] rub-nds/burpssoextension An extension for BurpSuite that highlights SSO messages in Burp’s proxy window..
[73星][8m] [Py] jiangsir404/pbscan 基于burpsuite headless 的代理式被动扫描系统
[66星][2m] [Java] static-flow/burpsuite-team-extension This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa!
[49星][2y] [Py] mrschyte/socksmon 使用 BURP 或 ZAP 的 TCP 拦截代理
[33星][4y] [Py] peacand/burp-pytemplate Burp extension to quickly and easily develop Python complex exploits based on Burp proxy requests.
[30星][2y] [Py] aurainfosec/burp-multi-browser-highlighting Highlight Burp proxy requests made by different browsers
[29星][2y] [Java] ibey0nd/nstproxy 一款存储HTTP请求入库的burpsuite插件
[27星][2y] [Py] mrts/burp-suite-http-proxy-history-converter Python script that converts Burp Suite HTTP proxy history files to CSV or HTML
[26星][7m] [Java] static-flow/directoryimporter a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an alternative to proxying bruteforcing tools through burp to catch the results.
[22星][3y] [Swift] melvinsh/burptoggle Status bar application for OS X to toggle the state of the system HTTP/HTTPS proxy.
[17星][2y] [Java] portswigger/j2ee-scan J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
[13星][4y] [Java] retanoj/burpmultiproxy Burpsuite 切换代理插件
[11星][8y] [Java] gdssecurity/deflate-burp-plugin The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.
[11星][4y] [Py] vincd/burpproxypacextension Exemple d’extension Burp permettant d’utiliser les fichiers de configuration de proxy PAC
[8星][2y] [Py] andresriancho/burp-proxy-search Burp suite HTTP history advanced search
[6星][2y] [Java] secureskytechnology/burpextender-proxyhistory-webui Burp Extender . Proxy History viewer in Web UI
[5星][3y] [Java] mrts/burp-suite-http-proxy-history-viewer Burp Suite HTTP proxy history viewer
[5星][3y] [Java] netspi/jsws JavaScript Web Service Proxy Burp Plugin
[3星][2y] [Kotlin] pajswigger/filter-options Burp extension to filter OPTIONS requests from proxy history
[2星][1y] [Java] coastalhacking/burp-pac Burp Proxy Auto-config Extension

日志

[496星][2m] [Py] romanzaikin/burpextension-whatsapp-decryption-checkpoint Burp extension to decrypt WhatsApp Protocol
[239星][1y] [Java] nccgroup/burpsuiteloggerplusplus Burp Suite Logger++: Log activities of all the tools in Burp Suite
[93星][2y] [Py] debasishm89/burpy parses Burp Suite log and performs various tests depending on the module provided and finally generate a HTML report.
[63星][4y] [Py] tony1016/burplogfilter A python3 program to filter Burp Suite log file.
[43星][1y] [Py] bayotop/sink-logger Burp扩展,无缝记录所有传递到已知JavaScript sinks的数据
[32星][3m] [Java] righettod/log-requests-to-sqlite BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
[5星][8m] [Java] logicaltrust/burphttpmock This Burp extension provides mock responses based on the real ones.
[3星][1y] [Java] ax/burp-logs Logs is a Burp Suite extension to work with log files.
[0星][3y] [Java] silentsignal/burp-sqlite-logger SQLite logger for Burp Suite
- 重复区段: 工具->SQL |

XSS

[301星][1y] [Java] elkokc/reflector Burp 插件，浏览网页时实时查找反射 XSS
[301星][3y] [Java] nvisium/xssvalidator This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
[163星][3m] [Py] wish-i-was/femida Automated blind-xss search for Burp Suite
[101星][1y] [Java] mystech7/burp-hunter XSS Hunter Burp Plugin
[44星][7m] [Py] bitthebyte/bitblinder Burp extension helps in finding blind xss vulnerabilities
[34星][3y] [Py] attackercan/burp-xss-sql-plugin Burp plugin which I used for years which helped me to find several bugbounty-worthy XSSes, OpenRedirects and SQLi.
[30星][14d] [JS] psych0tr1a/elscripto XSS explot kit/Blind XSS framework/BurpSuite extension
[27星][3y] [Java] portswigger/xss-validator This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
[23星][9m] [Py] hpd0ger/supertags 一个Burpsuite插件，用于检测隐藏的XSS
[22星][1y] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
- 重复区段: 工具->Fuzz |工具->SQL |
[2星][1y] [Java] conanjun/xssblindinjector burp插件，实现自动化xss盲打以及xss log

Collaborator

[88星][2y] [Java] federicodotta/handycollaborator Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!
[68星][3m] [Java] netspi/burpcollaboratordnstunnel A DNS tunnel utilizing the Burp Collaborator
[39星][2y] [Java] bit4woo/burp_collaborator_http_api 基于Burp Collaborator的HTTP API
[31星][3y] [Java] silentsignal/burp-collab-gw Simple socket-based gateway to the Burp Collaborator
[30星][2m] [Shell] putsi/privatecollaborator A script for installing private Burp Collaborator with free Let’s Encrypt SSL-certificate
[25星][27d] [Java] portswigger/taborator A Burp extension to show the Collaborator client in a tab
[17星][2y] [HCL] 4armed/terraform-burp-collaborator Terraform configuration to build a Burp Private Collaborator Server
[8星][27d] [Java] hackvertor/taborator A Burp extension to show the Collaborator client in a tab

Fuzz

[209星][3m] [Java] h3xstream/http-script-generator ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
[62星][5m] [Py] pinnace/burp-jwt-fuzzhelper-extension Burp扩展, 用于Fuzzing JWT
[54星][3y] [Py] mseclab/burp-pyjfuzz Burp Suite plugin which implement PyJFuzz for fuzzing web application.
[38星][3y] team-firebugs/burp-lfi-tests Fuzzing for LFI using Burpsuite
[28星][3y] [Py] floyd-fuh/burp-httpfuzzer Burp plugin to do random fuzzing of HTTP requests
[22星][1y] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
- 重复区段: 工具->XSS |工具->SQL |
[18星][1y] [Py] mgeeky/burpcontextawarefuzzer BurpSuite’s payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.
[18星][7y] raz0r/burp-radamsa Radamsa fuzzer extension for Burp Suite
[11星][3y] [Java] portswigger/reissue-request-scripter ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
[4星][2y] [Java] huvuqu/fuzz18plus Advance of fuzzing for Web pentest. Based on Burp extension, send HTTP request template out to Python fuzzer.
[1星][5m] [Kotlin] gosecure/burp-fuzzy-encoding-generator Quickly test various encoding for a given value in Burp Intruder

Payload

[423星][6m] [Java] bit4woo/recaptcha 自动识别图形验证码并用于burp intruder爆破模块的插件
[152星][4y] trietptm/sql-injection-payloads SQL Injection Payloads for Burp Suite, OWASP Zed Attack Proxy,…
- 重复区段: 工具->SQL |
[70星][2y] [Java] ikkisoft/bradamsa Burp Suite extension to generate Intruder payloads using Radamsa
[56星][1y] [Py] destine21/zipfileraider ZIP File Raider – Burp Extension for ZIP File Payload Testing
[55星][2y] [Java] righettod/virtualhost-payload-generator BURP extension providing a set of values for the HTTP request “Host” header for the “BURP Intruder” in order to abuse virtual host resolution.
[32星][3y] tdifg/payloads for burp
[19星][4y] [Java] lgrangeia/aesburp Burp Extension to manipulate AES encrypted payloads
[17星][3m] thehackingsage/burpsuite BurpSuite Pro, Plugins and Payloads
[16星][3y] [Java] portswigger/java-serialized-payloads YSOSERIAL Integration with burp suite
[12星][2m] [Java] tmendo/burpintruderfilepayloadgenerator Burp Intruder File Payload Generator
[10星][2y] antichown/burp-payloads Burp Payloads
[5星][4y] [Java] antoinet/burp-decompressor An extension for BurpSuite used to access and modify compressed HTTP payloads without changing the content-encoding.
[5星][5y] [Py] enablesecurity/burp-luhn-payload-processor A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the “modulus 10” or “mod 10” algorithm).
[3星][7y] [Py] infodel/burp.extension-payloadparser Burp Extension for parsing payloads containing/excluding characters you provide.
[3星][2y] [Java] pan-lu/recaptcha A Burp Extender that auto recognize CAPTCHA and use for Intruder payload

SQL

[381星][1y] [Py] rhinosecuritylabs/sleuthql Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
[235星][1y] [Java] difcareer/sqlmap4burp sqlmap embed in burpsuite
[174星][2m] [Py] codewatchorg/sqlipy Burp Suite 插件, 使用 SQLMap API 集成SQLMap
[152星][4y] trietptm/sql-injection-payloads SQL Injection Payloads for Burp Suite, OWASP Zed Attack Proxy,…
- 重复区段: 工具->Payload |
[109星][2m] [Java] c0ny1/sqlmap4burp-plus-plus 一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件
[24星][2m] [Py] portswigger/sqli-py a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
[22星][1y] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
- 重复区段: 工具->XSS |工具->Fuzz |
[22星][7y] [Py] milo2012/burpsql Automating SQL injection using Burp Proxy Logs and SQLMap
[8星][8m] [Py] orleven/burpcollect 基于BurpCollector的二次开发，记录Burpsuite Site Map记录的里的数据包中的目录路径参数名信息，并存入Sqlite，并可导出txt文件。
[0星][3y] [Java] silentsignal/burp-sqlite-logger SQLite logger for Burp Suite
- 重复区段: 工具->日志 |

Android

[274星][2y] [Java] mateuszk87/badintent Intercept, modify, repeat and attack Android’s Binder transactions using Burp Suite
[9星][4m] [JS] shahidcodes/android-nougat-ssl-intercept It decompiles target apk and adds security exception to accept all certificates thus making able to work with Burp/Charles and Other Tools

其他

[584星][1y] [Java] federicodotta/brida The new bridge between Burp Suite and Frida!
[354星][2y] [Shell] koenbuyens/kalirouter 将 KaliLinux 主机转变为路由器，使用 Wireshark 记录所有的网络流量，同时将 HTTP/HTTPS 流量发送到其他主机的拦截代理（例如 BurpSuite）
[298星][1y] [Shell] yw9381/burp_suite_doc_zh_cn 这是基于Burp Suite官方文档翻译而来的中文版文档
[230星][1y] [Py] audibleblink/doxycannon 为一堆OpenVPN文件分别创建Docker容器, 每个容器开启SOCKS5代理服务器并绑定至Docker主机端口, 再结合使用Burp或ProxyChains, 构建私有的Botnet
[219星][10m] [Py] teag1e/burpcollector 通过BurpSuite来构建自己的爆破字典，可以通过字典爆破来发现隐藏资产。
[141星][6m] [Py] integrity-sa/burpcollaborator-docker a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate
[130星][7m] [Go] empijei/wapty Go语言编写的Burp的替代品。（已不再维护）
[121星][2m] cujanovic/content-bruteforcing-wordlist Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
[77星][1m] [Go] root4loot/rescope defining scopes for Burp Suite and OWASP ZAP.
[64星][3m] [Java] aress31/swurg Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments
[12星][30d] boreas514/burp-suite-2.0-chinese-document 中文版burp2.0官方文档
[0星][3y] fbogner/burp.app A small AppleScript wrapper application around Burp.jar to make it more OS X like

文章

新添加

2019.12 [aliyun] 如何利用xray、burp、lsc构成自动化挖src平台
2019.12 [parsiya] Developing and Debugging Java Burp Extensions with Visual Studio Code
2019.11 [parsiya] Swing in Python Burp Extensions – Part 3 – Tips and Tricks
2019.11 [parsiya] Swing in Python Burp Extensions – Part 2 – NetBeans and TableModels
2019.11 [parsiya] Swing in Python Burp Extensions – Part 1
2019.10 [KacperSzurek] [BURP] Intruder: Jak sprawdzić typ konta?
2019.10 [KacperSzurek] [BURP] 12 trików do Burp Repeater
2019.10 [parsiya] Quality of Life Tips and Tricks – Burp Suite
2019.10 [freebuf] 使用Burp拦截Flutter App与其后端的通信
2019.10 [KacperSzurek] [BURP] Jak stworzyć makro do odświeżania sesji?
2019.09 [BrokenSecurity] 036 part of Ethical Hacking – Burpsuite login bruteforce
2019.09 [BrokenSecurity] 033 part of Ethical Hacking – Editing packets in Burpsuite
2019.09 [BrokenSecurity] 032 part of Ethical Hacking – Burpsuite configuration
2019.09 [aliyun] BurpSuite插件 – AutoRepeater说明
2019.09 [radekk] Firefox and Burp Suite — the most secure configuration
2019.08 [nviso] Using Burp’s session Handling Rules to insert authorization cookies into Intruder, Repeater and even sqlmap
2019.08 [arbazhussain] LinkDumper Burp Plugin
2019.08 [chawdamrunal] How i exploit out-of-band resource load (HTTP) using burp suite extension plugin (taborator)
2019.07 [0x00sec] Doubt with header. Burp & Tamper
2019.06 [appsecconsulting] Ten Useful Burp Suite Pro Extensions for Web Application Testing
2019.06 [bugbountywriteup] Deploy a private Burp Collaborator Server in Azure
2019.06 [infosecinstitute] Intercepting HTTPS traffic with Burp Suite
2019.06 [0x00sec] Achieving Persistent Access to Burp Collaborator Sessions
2019.06 [bugbountywriteup] Digging Android Applications — Part 1 — Drozer + Burp
2019.06 [NetworkHeros] Bug Bounty : BurpSuite Professional v2.0.11 Free and Set up for Proxy Intercept
2019.05 [web] Scanning TLS Server Configurations with Burp Suite
2019.05 [infosecaddicts] Burp Suite
2019.04 [parsiya] Disabling Burp’s Update Screen – Part 1 – Analysis and Failures
2019.04 [parsiya] Disabling Burp’s Update Screen – Part 1 – Analysis and Failures
2019.04 [parsiya] Hiding OPTIONS – An Adventure in Dealing with Burp Proxy in an Extension
2019.04 [parsiya] Hiding OPTIONS – An Adventure in Dealing with Burp Proxy in an Extension
2019.02 [infosecinstitute] Quick and Dirty BurpSuite Tutorial (2019 Update)
2019.02 [pentestpartners] Burp HMAC header extensions, a how-to
2019.01 [freebuf] 详细讲解 | 利用python开发Burp Suite插件（二）
2019.01 [nxadmin] Android 7.0+手机burpsuite抓包https
2019.01 [freebuf] 详细讲解 | 利用python开发Burp Suite插件（一）
2019.01 [freebuf] Burpsuite Collaborato模块详解
2019.01 [4hou] 利用Python编写具有加密和解密功能的Burp插件（下）
2019.01 [4hou] 利用Python编写具有加密和解密功能的Burp插件（上）
2019.01 [aliyun] 使用Burp Suite 宏自动化处理 Session 会话
2019.01 [sans] Extending Burp to Find Struts and XXE Vulnerabilities
2018.12 [parsiya] Cryptography in Python Burp Extensions
2018.12 [parsiya] Python Utility Modules for Burp Extensions
2018.12 [ecforce] 创建Burp扩展, 使用HMAC签名替换HTTP Header
2018.12 [parsiya] 使用Burp的网站地图比较功能, 检测强制浏览/访问控制/直接对象引用等问题
2018.12 [parsiya] Tiredful API – Part 2 – Comparing Site Maps with Burp
2018.12 [parsiya] Tiredful API – Part 1 – Burp Session Validation with Macros
2018.12 [4hou] 通过Burp Macros自动化平台对Web应用的模糊输入进行处理
2018.12 [parsiya] Tiredful API. Part1: 使用宏验证Burp会话
2018.12 [doyler] Proxy Android Apps through Burp for Mobile Assessments
2018.12 [mindpointgroup] REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 3 – Reporting
2018.11 [wallarm] FAST or Burp or both?
2018.11 [arbazhussain] Broken Link Hijacking Burp Plugin
2018.11 [4hou] 利用burp插件Hackvertor绕过waf并破解XOR加密
2018.11 [mindpointgroup] 使用Burp对REST API进行渗透测试. Part2
2018.11 [pediy] [原创]利用BurpSuite到SQLMap批量测试SQL注入
2018.11 [vanimpe] Hunt for devices with default passwords (with Burp)
2018.11 [d0znpp] Extending fuzzing with Burp by FAST
2018.11 [jerrygamblin] Automatically Create Github Issues From Burp 2.0
2018.11 [mindpointgroup] 使用Burp Suite对REST API进行渗透测试. Part1:介绍与配置
2018.11 [doyensec] Introducing burp-rest-api v2
2018.10 [valerio] MITM using arpspoof + Burp or mitmproxy on Kali Linux
2018.10 [portswigger] Burp 2.0: How do I throttle requests? | Blog
2018.10 [portswigger] Burp 2.0: Where is live scanning? | Blog
2018.10 [portswigger] Burp 2.0: How do I scan individual items? | Blog
2018.10 [portswigger] Burp 2.0: Where is the scan queue? | Blog
2018.10 [MastersInEthicalHacking] An Introduction To Burp Suite Tool In Hindi
2018.10 [portswigger] Burp 2.0: Where are the Spider and Scanner? | Blog
2018.09 [4hou] 使用Burp和Ysoserial实现Java反序列化漏洞的盲利用
2018.08 [portswigger] Burp Suite Enterprise Edition beta now available | Blog
2018.08 [jerrygamblin] Bulk Bug Bounty Scanning With The Burp 2.0 API
2018.08 [4hou] Burp Extractor扩展工具介绍
2018.08 [aliyun] BurpSuite Extender之巧用Marco和Extractor绕过Token限制
2018.08 [netspi] Introducing Burp Extractor
2018.08 [portswigger] Burp’s new crawler | Blog
2018.07 [cqureacademy] How To Burp With Confidence – Our 5 Favorite Features
2018.07 [freebuf] 使用VirtualBox，INetSim和Burp建立自己的恶意软件分析实验环境
2018.07 [web] Support for XXE attacks in SAML in our Burp Suite extension
2018.06 [bugbountywriteup] How to brute force efficiently without Burp Pro
2018.06 [finnwea] An efficiency improvement for Burp Suite
2018.06 [finnwea] An efficiency improvement for Burp Suite
2018.06 [hackers] Online Password Cracking with THC-Hydra and BurpSuite
2018.06 [integrity] CVE-2018-10377 – Insufficient Validation of Burp Collaborator Server Certificate
2018.06 [NetworkHeros] Ethical Hacking (CEHv10) :Intercept HTTPS (SSL) traffic with Burpsuite
2018.06 [NetworkHeros] Ethical Hacking (CEHv10): BurpSuite install and configure proxy
2018.05 [hackerone] New Hacker101 Content: Threat modeling, Burp basics, and more
2018.05 [aliyun] 基于Burp Collaborator的HTTP API
2018.05 [freebuf] Burpsuit结合SQLMapAPI产生的批量注入插件（X10）
2018.05 [tevora] Blind Command Injection Testing with Burp Collaborator
2018.05 [pentestingexperts] Minesweeper – A Burpsuite plugin (BApp) to aid in the detection of cryptocurrency mining domains (cryptojacking)
2018.05 [freebuf] Burp Xss Scanner插件开发思路分享（附下载）
2018.05 [thief] burpsuite插件开发之检测越权访问漏洞
2018.05 [freebuf] Burpsuit结合SQLMapAPI产生的批量注入插件
2018.04 [PNPtutorials] Burpsuite Tutorial for Beginners: Learn Burpsuite from Scratch
2018.04 [freebuf] 实现一个简单的Burp验证码本地识别插件
2018.04 [dustri] Confusing Burp’s display with fake encoding
2018.04 [aliyun] 如何搭建自己的 Burp Collaborator 服务器
2018.04 [JosephDelgadillo] Learn Kali Linux Episode #55: Burp Suite Basics
2018.04 [freebuf] 关于Sql注入以及Burpsuite Intruders使用的一些浅浅的见解
2018.03 [secureideas] Burp Suite continuing the Saga
2018.03 [HackerSploit] Web App Penetration Testing – #3 – Brute Force Attacks With Burp Suite
2018.03 [blackhillsinfosec] Gathering Usernames from Google LinkedIn Results Using Burp Suite Pro
2018.03 [nviso] Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows
2018.03 [4hou] 使用BurpSuite的Collaborator查找.Onion隐藏服务的真实IP地址
2018.02 [hackingarticles] Advance Web Application Testing using Burpsuite
2018.02 [HackerSploit] Web App Penetration Testing – #1 – Setting Up Burp Suite
2018.02 [hackers] Online Password Cracking with THC-Hydra and Burp Suite
2018.02 [nxadmin] ios 11.2.5 burpsuite抓https
2018.02 [ZeroNights] [Defensive Track]Eldar Zaitov, Andrey Abakumov – Automation of Web Application Scanning With Burp
2018.02 [hackingarticles] Engagement Tools Tutorial in Burp suite
2018.02 [hackingarticles] Payload Processing Rule in Burp suite (Part 2)
2018.02 [dustri] Ghetto recursive payload in the Burp Intruder
2018.02 [hackingarticles] Payload Processing Rule in Burp suite (Part 1)
2018.01 [4hou] 如何绕过csrf保护，并在burp suite中使用intruder？
2018.01 [360] 恶意软件逆向：burpsuite 序列号器后门分析
2018.01 [nviso] 结合使用 Burp 与自定义 rootCA 来探查 Android N 网络流量
2018.01 [hackingarticles] WordPress Exploitation using Burpsuite (Burp_wp Plugin)
2018.01 [0x00sec] 之前发布的 Burpsuite Keygen 内嵌的后门分析
2018.01 [hackingarticles] Beginners Guide to Burpsuite Payloads (Part 2)
2018.01 [freebuf] 如何在Android Nougat中正确配置Burp Suite？
2018.01 [hackingarticles] Burpsuite Encoder & Decoder Tutorial
2018.01 [hackingarticles] Beginners Guide to Burpsuite Payloads (Part 1)
2018.01 [security] Burp WP – Find vulnerabilities in WordPress using Burp
2018.01 [ropnop] Configuring Burp Suite with Android Nougat
2018.01 [DemmSec] Beginner Hacking 2.0 – Episode 6 – Burp (Brute-forcing)
2018.01 [blackhillsinfosec] Analyzing Extension Effectiveness with Burp
2018.01 [freebuf] 经验分享 | Burpsuite抓取非HTTP流量
2018.01 [4hou] 实战教程：用Burpsuite测试移动应用程序
2017.12 [pediy] [翻译]使用Burp Suite执行更复杂的Intruder攻击
2017.12 [freebuf] 如何使用Burp和Magisk在Android 7.0监测HTTPS流量
2017.12 [freebuf] 经验分享 | Burpsuite插件的使用
2017.12 [nviso] Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp
2017.12 [trustedsec] More Complex Intruder Attacks with Burp!
2017.12 [4hou] 如何使用 Burp 代理调试安卓应用中的 HTTP(S) 流量
2017.12 [aliyun] 安卓脱壳&&协议分析&&Burp辅助分析插件编写
2017.12 [freebuf] 新手福利 | Burpsuite你可能不知道的技巧
2017.12 [freebuf] 经验分享 | Burpsuite中宏的使用
2017.12 [aliyun] 使用OWASP Zap度过没有Burp的过渡期
2017.12 [avleonov] Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome
2017.12 [freebuf] 利用Burp Suite挖掘暗网服务的真实IP
2017.11 [digitalforensicstips] Using Burp Suite’s Collaborator to Find the True IP Address for a .Onion Hidden Service
2017.11 [n00py] Exploiting blind Java deserialization with Burp and Ysoserial
2017.11 [nxadmin] burpsuite抓包https请求相关
2017.11 [polaris] reCAPTCHA：一款自动识别图形验证码并用于Intruder Payload中的BurpSuite插件
2017.10 [TechnoHacker] How to Crack Logins with Burp Suite
2017.10 [freebuf] 利用Burp Suite对OWASP Juice Shop进行渗透测试
2017.10 [4hou] Bypass WAF：使用Burp插件绕过一些WAF设备
2017.10 [gdssecurity] Pentesting Fast Infoset based web applications with Burp
2017.10 [d0znpp] The best Burp plugin I’ve ever seen
2017.10 [n00py] How to Burp Good
2017.09 [netspi] BurpCollaboratorDNSTunnel 介绍
2017.09 [freebuf] Handy Collaborator ：用于挖掘out-of-band类漏洞的Burp插件介绍
2017.09 [aliyun] 请问能burpsuite的插件中直接获取到直接获取到漏洞报告吗？
2017.09 [niemand] Automatizing Burp + Carbonator + Slack
2017.09 [trustwave] burplay介绍
2017.09 [freebuf] 如何通过BurpSuiteMacro自动化模糊测试Web应用的输入点
2017.09 [mediaservice] HandyCollaborator介绍
2017.09 [securestate] Updating Anti-CSRF Tokens in Burp Suite
2017.09 [4hou] 利用Burp“宏”解决自动化 web fuzzer的登录问题
2017.09 [securestate] Updating Anti-CSRF Tokens in Burp Suite
2017.09 [360] 如何使用Burp Suite Macros绕过防护进行自动化fuzz测试
2017.09 [initblog] Hacking a Pizza Order with Burp Suite
2017.09 [securelayer7] 使用 Burp 的宏功能，实现 WebApp 输入 Fuzzing 的自动化
2017.09 [securelayer7] Automating Web Apps Input fuzzing via Burp Macros
2017.09 [freebuf] 如何在特定的渗透测试中使用正确的Burp扩展插件
2017.08 [avleonov] Burp Suite Free Edition and NTLM authentication in ASP.net applications
2017.08 [portswigger] 如何为特定的渗透测试环境定制 Burp 扩展
2017.08 [cybrary] Your Complete Guide to Burp Suite
2017.08 [freebuf] 使用Burp和自定义Sqlmap Tamper利用二次注入漏洞
2017.08 [freebuf] HUNT：一款可提升漏洞扫描能力的BurpSuite漏洞扫描插件
2017.08 [4hou] 通过Burp以及自定义的Sqlmap Tamper进行二次SQL注入
2017.08 [360] Burp Suite扩展之Java-Deserialization-Scanner
2017.08 [360] 联合Frida和BurpSuite的强大扩展–Brida
2017.08 [360] 如何借助Burp和SQLMap Tamper利用二次注入
2017.08 [4hou] 如何使用Burp Suite模糊测试SQL注入、XSS、命令执行漏洞
2017.08 [4hou] Brida:将frida与burp结合进行移动app渗透测试
2017.08 [pentest] 使用 Burp 和自定义的Sqlmap Tamper 脚本实现 Second Order SQLi 漏洞利用
2017.07 [360] BurpSuite插件：利用BurpSuite Spider收集子域名和相似域名
2017.07 [polaris] BurpSuite插件：利用BurpSuite Spider收集子域名和相似域名
2017.07 [hackingarticles] Fuzzing SQL,XSS and Command Injection using Burp Suite
2017.07 [freebuf] Burp Suite扫描器漏洞扫描功能介绍及简单教程
2017.07 [hackerone] Hey Hackers: We’ve got your free Burp Suite Professional license right here
2017.07 [hackingarticles] Vulnerability Analysis in Web Application using Burp Scanner
2017.07 [aliyun] Burpsuite handshake alert: unrecognized_name解决办法
2017.07 [4hou] 用VirtualBox、INetSim和Burp配置一个恶意软件分析实验室
2017.07 [vulners] 2 years of Vulners and new plugin for Burp Scanner
2017.07 [intrinsec] Burp extension « Scan manual insertion point »
2017.06 [hackingarticles] How to Spider Web Applications using Burpsuite
2017.06 [4hou] 使用 Burp Infiltrator 进行漏洞挖掘
2017.06 [8090] 渗透测试神器Burp Suite v1.6.17（破解版）
2017.06 [4hou] 将Burp Scanner漏洞结果转换为Splunk事件
2017.06 [portswigger] Behind enemy lines: bug hunting with Burp Infiltrator | Blog
2017.06 [christophetd] 使用 VirtualBox，INetSim和 Burp 搭建自己的恶意软件分析实验室
2017.05 [aliyun] 各位师傅们请问BurpSuite怎么同时传递多个页面
2017.05 [360] Burp Suite Mobile Assistant
2017.05 [4hou] NTLM认证失效时，如何使用Fiddler配合Burp Suite进行渗透测试？
2017.05 [netspi] Beautifying JSON in Burp
2017.05 [mediaservice] NTLM认证失效时，如何使用Fiddler配合Burp Suite进行渗透测试？
2017.05 [compass] JWT Burp Extension
2017.05 [trustwave] Airachnid: Web Cache Deception Burp Extender
2017.05 [moxia] 【技术分享】Burp Suite扩展开发之Shodan扫描器（已开源）
2017.05 [elearnsecurity] Developing Burp Suite Extensions
2017.04 [securityblog] Stunnel and Burp Pro
2017.04 [] Build a Private Burp Collaborator Server on AWS with Terraform and Ansible
2017.04 [aliyun] Burp Suite收集到的录像、文档以及视频资料
2017.04 [360] BurpSuite 代理设置的小技巧
2017.04 [freebuf] 如何通过BurpSuite检测Blind XSS漏洞
2017.04 [jerrygamblin] Burp Settings File
2017.04 [doyler] Burp VERBalyzer v1.0 Release
2017.04 [agarri] Exploiting a Blind XSS using Burp Suite
2017.04 [agarri] Exploiting a Blind XSS using Burp Suite
2017.04 [blackhillsinfosec] Using Burp with ProxyCannon
2017.03 [4hou] 利用Burp“宏”自动化另类 SQLi
2017.03 [freebuf] Burpsuite+SQLMAP双璧合一绕过Token保护的应用进行注入攻击
2017.03 [360] 使用burp macros和sqlmap绕过csrf防护进行sql注入
2017.02 [zsec] Learning the Ropes 101: Burp Suite Intro
2017.02 [cyberis] Creating Macros for Burp Suite
2017.02 [polaris] 使用BurpSuite攻击JavaScript Web服务代理
2017.02 [netspi] Attacking JavaScript Web Service Proxies with Burp
2017.02 [freebuf] 使用Burpsuite代理和pypcap抓包进行抢红包的尝试
2017.02 [polaris] BurpSuite和Fiddler串联使用解决App测试漏包和速度慢的问题
2017.01 [securityinnovation] Solve the Software Security Authorization Testing Riddle with AuthMatrix for Burp Suite
2017.01 [freebuf] 使用Frida配合Burp Suite追踪API调用
2017.01 [hackingarticles] Hack the Basic HTTP Authentication using Burpsuite
2017.01 [hackingarticles] Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)
2017.01 [360] 超越检测：利用Burp Collaborator执行SQL盲注
2017.01 [360] 使用Burp的intruder功能测试有csrf保护的应用程序
2017.01 [polaris] BurpSuite插件开发Tips：请求响应参数的AES加解密
2017.01 [silentsignal] Beyond detection: exploiting blind SQL injections with Burp Collaborator
2016.12 [polaris] BurpSuite插件分享：图形化重算sign和参数加解密插件
2016.12 [360] Burp Suite扩展开发之Shodan扫描器（已开源）
2016.12 [rapid7] Burp Series: Intercepting and modifying made easy
2016.12 [polaris] BurpSuite 实战指南
2016.12 [360] BurpSuite 实战指南（附下载地址）
2016.12 [aliyun] BurpSuite实战指南
2016.12 [freebuf] burpsuite_pro_v1.7.11破解版（含下载）
2016.12 [hackers] Web App Hacking: Hacking Form Authentication with Burp Suite
2016.12 [360] burpsuite_pro_v1.7.11破解版(含下载地址)
2016.12 [] burpsuite_pro_v1.7.11破解版(含下载地址)
2016.11 [nxadmin] Burpsuite抓包Android模拟器(AVD)设置
2016.11 [jerrygamblin] Automated Burp Suite Scanning and Reporting To Slack.
2016.11 [360] Burp Suite插件开发之SQL注入检测（已开源）
2016.11 [freebuf] 渗透测试神器Burp Suite v1.7.08发布（含下载）
2016.10 [averagesecurityguy] Recon-ng + Google Dorks + Burp = …
2016.10 [kalilinuxtutorials] Burpsuite – Use Burp Intruder to Bruteforce Forms
2016.10 [hackingarticles] SMS Bombing on Mobile using Burpsuite
2016.09 [hackingarticles] Hijacking Gmail Message on Air using Burpsuite
2016.09 [securify] Burp Suite security automation with Selenium and Jenkins
2016.09 [hackingarticles] Brute Force Website Login Page using Burpsuite (Beginner Guide)
2016.09 [securityblog] Simple python script to make multiple raw requests from Burp
2016.09 [freebuf] 新手教程：如何使用Burpsuite抓取手机APP的HTTPS数据
2016.08 [bogner] Burp.app – Making Burp a little more OS X like
2016.08 [] Configuring Google Chrome to Proxy Through Burp Suite
2016.07 [portswigger] Introducing Burp Infiltrator | Blog
2016.07 [] Burpsuite之Burp Collaborator模块介绍
2016.06 [timothydeblock] When not to use Burp Suite
2016.06 [freebuf] BurpSuite插件开发Tips：请求响应参数的AES加解密
2016.06 [securityblog] Using Burp Intruder to Test CSRF Protected Applications
2016.06 [insinuator] SAMLReQuest Burpsuite Extention
2016.05 [jerrygamblin] BurpBrowser
2016.05 [safebuff] ImageTragick using BurpSuite and Metasploit
2016.05 [freebuf] BurpSuite日志分析过滤工具，加快SqlMap进行批量扫描的速度
2016.05 [] 再谈Burp破解
2016.05 [silentsignal] Detecting ImageTragick with Burp Suite Pro
2016.04 [freebuf] Burpsuite插件开发（二）：信息采集插件
2016.04 [toolswatch] Burp Suite Professional v1.7.02 Beta
2016.04 [freebuf] 针对非Webapp测试的Burp技巧（二）：扫描、重放
2016.04 [freebuf] 针对非Webapp测试的Burp技巧(一)：拦截和代理监听
2016.04 [portswigger] Introducing Burp Projects | Blog
2016.04 [parsiya] Thick Client Proxying – Part 4: Burp in Proxy Chains
2016.04 [parsiya] Thick Client Proxying – Part 4: Burp in Proxy Chains
2016.04 [breakpoint] Web Hacking with Burp Suite 101
2016.04 [parsiya] Thick Client Proxying – Part 3: Burp Options and Extender
2016.04 [hack] Advanced Burp Suite
2016.04 [parsiya] Thick Client Proxying – Part 3: Burp Options and Extender
2016.03 [freebuf] Burp Suite新手指南
2016.03 [parsiya] Thick Client Proxying – Part 2: Burp History, Intruder, Scanner and More
2016.03 [parsiya] Thick Client Proxying – Part 2: Burp History, Intruder, Scanner and More
2016.03 [freebuf] 如何编写burpsuite联动sqlmap的插件
2016.03 [parsiya] Thick Client Proxying – Part 1: Burp Interception and Proxy Listeners
2016.03 [parsiya] Thick Client Proxying – Part 1: Burp Interception and Proxy Listeners
2016.03 [portswigger] Using Burp Suite to audit and exploit an eCommerce application | Blog
2016.03 [freebuf] 渗透测试神器Burpsuite Pro v1.6.38（含下载）
2016.03 [360] 使用burp进行java反序列化攻击
2016.03 [netspi] Java Deserialization Attacks with Burp
2016.02 [] 对burpsuite_pro逆向的一点心得
2016.02 [parsiya] Installing Burp Certificate Authority in Windows Certificate Store
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 00 – Intro
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 06 – Sequencer and Scanner
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 04 – Repeater Module
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 03 – Proxy Module
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 05 – Target and Spider
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 08 – Congrats
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 02 – General Concept
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 01 – Environment Setup
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool – 07 – Intruder and Comparer
2016.02 [gracefulsecurity] Introduction to Burp Suite Pro
2016.02 [bishopfox] Burp, Collaborate, and Listen: A Pentester Reviews the Latest Burp Suite Addition
2016.02 [xxlegend] 如何让Burpsuite监听微信公众号
2016.02 [xxlegend] Burpsuite 插件开发之RSA加解密
2016.02 [xxlegend] Burpsuite 插件开发之RSA加解密
2016.02 [xxlegend] 如何让Burpsuite监听微信公众号
2016.01 [hack] Burp Suite For Beginners
2016.01 [freebuf] Burpsuite插件开发之RSA加解密
2016.01 [blackhillsinfosec] Pentesting ASP.NET Cookieless Sessions with Burp
2015.12 [BSidesCHS] BSidesCHS 2015: Building Burp Extensions – Jason Gillam
2015.12 [nsfocus] Burpsuite插件开发之RSA加解密
2015.12 [blackhillsinfosec] Using Simple Burp Macros to Automate Testing
2015.12 [toolswatch] Sleepy Puppy Burp Extension for XSS v1.0
2015.12 [jerrygamblin] Proxying BurpSuite through TOR
2015.12 [mediaservice] Scanning for Java Deserialization Vulnerabilities in web applications with Burp Suite
2015.12 [toolswatch] [New Tool] SAML Raider v1.1.1 – SAML2 Burp Extension
2015.12 [sans] New Burp Feature – ClickBandit
2015.12 [portswigger] Burp Clickbandit: A JavaScript based clickjacking PoC generator | Blog
2015.12 [nabla] Burp and iOS 9 App Transport Security
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens: Round Two
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens Part 2: CSRFTEI for Remote Tokens
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens: CSRFTEI
2015.11 [gracefulsecurity] Burp Suite Extensions: Installing Jython and adding an Extension
2015.11 [gracefulsecurity] Burp Macros: Automatic Re-authentication
2015.10 [g0tmi1k] DVWA Brute Force (Low Level) – HTTP GET Form [Hydra, Patator, Burp]
2015.10 [parsiya] Proxying Hipchat Part 2: So You Think You Can Use Burp?
2015.10 [freebuf] J2EEScan：J2EE安全扫描（Burp插件）
2015.09 [freebuf] 渗透测试神器Burpsuite Pro v1.6.24（含下载）
2015.09 [freebuf] BurpSuite下一代渗透检测工具：BurpKit
2015.08 [portswigger] Burp Suite training courses | Blog
2015.08 [portswigger] New release cycle for Burp Suite Free Edition | Blog
2015.08 [portcullis] Burp Extension
2015.08 [freebuf] 本地文件包含漏洞检测工具 – Burp国产插件LFI scanner checks
2015.07 [websecurify] The Rebirth Of REBurp
2015.07 [secist] 使用burp进行java反序列化攻击
2015.07 [compass] SAML Burp Extension
2015.07 [nvisium] Intro to BurpSuite, Part VI: Burpsuite Sequencer
2015.07 [] 小技巧：Burp Suite 插件库 BApp Store
2015.06 [gracefulsecurity] Burp Suite Keyboard Shortcuts!
2015.06 [acunetix] Pre-seeding a crawl using output from Fiddler, Burp, Selenium and HAR files
2015.06 [freebuf] 可绕过WAF的Burp Suite插件 – BypassWAF
2015.05 [netspi] Debugging Burp Extensions
2015.05 [idontplaydarts] Detecting low entropy tokens with massive bloom filters in Burp
2015.05 [portswigger] New Burp Suite testing methodologies | Blog
2015.05 [freebuf] 渗透测试神器Burp Suite v1.6.17（含破解版下载）
2015.05 [portswigger] Burp Suite now reports blind XXE injection | Blog
2015.04 [toolswatch] Burp Suite Professional v1.6.13 Released
2015.04 [mediaservice] Pentesting with Serialized Java Objects and Burp Suite
2015.04 [portswigger] Introducing Burp Collaborator | Blog
2015.04 [freebuf] 渗透测试神器Burp Suite v1.6.12破解版下载
2015.02 [sans] BURP 1.6.10 Released
2015.01 [portswigger] Burp Suite Support Center | Blog
2015.01 [portswigger] Burp Suite Pro price held for 2015 | Blog
2014.12 [insinuator] Getting 20k Inline-QR-Codes out of Burp
2014.11 [liftsecurity] Static Analysis and Burp Suite
2014.10 [buer] Detecting Burp Suite – Part 2 of 3: Callback Exposure
2014.10 [portswigger] Burp integrates with WebInspect | Blog
2014.09 [freebuf] 渗透神器合体：在BurpSuite中集成Sqlmap
2014.09 [compass] BurpSentinel on Darknet
2014.08 [insinuator] ERNW’s Top 9 Burp Plugins
2014.08 [liftsecurity] Burp Extender With Scala
2014.08 [nvisium] Intro to BurpSuite V: Extracting Intrusions
2014.08 [appsecconsulting] Running Stubborn Devices Through Burp Suite via OSX Mountain Lion and Above
2014.08 [nvisium] iOS Assessments with Burp + iFunBox + SQLite
2014.08 [milo2012] Extended functionality for Burp Plugin – Carbonator
2014.07 [portswigger] Burp gets new JavaScript analysis capabilities | Blog
2014.07 [nvisium] Intro to BurpSuite Part IV: Being Intrusive
2014.07 [liftsecurity] Introducing Burpbuddy
2014.07 [buer] Detecting Burp Suite – Part 1 of 3: Info Leak
2014.07 [notsosecure] Pentesting Web Service with anti CSRF token using BurpPro
2014.06 [robert] Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
2014.06 [parsiya] Piping SSL/TLS Traffic from SoapUI to Burp
2014.06 [sensepost] Associating an identity with HTTP requests – a Burp extension
2014.05 [sans] Assessing SOAP APIs with Burp
2014.05 [nvisium] Intro to BurpSuite: Part III – It’s all about Repetition!
2014.04 [freebuf] 国产BurpSuite插件 Assassin V1.1发布
2014.04 [freebuf] 国产BurpSuite 插件 Assassin V1.0发布
2014.04 [toolswatch] Burp Suite Professional v1.6 Released
2014.04 [portswigger] Burp Suite Free Edition v1.6 released | Blog
2014.03 [freebuf] 知名渗透测试套件BurpSuite Pro v1.6 beta破解版公布
2014.03 [nvisium] Burp App Store
2014.02 [nvisium] Intro to Burp Part II: Sighting in your Burp Scope
2014.02 [silentsignal] Testing websites using ASP.NET Forms Authentication with Burp Suite
2014.02 [nvisium] Using Burp Intruder to Test CSRF Protected Applications
2014.02 [trustwave] “Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
2014.02 [nvisium] Challenges of Mobile API Signature Forgery with Burp Intruder
2014.02 [portswigger] Burp Suite Pro shines in new survey | Blog
2014.01 [nvisium] Accurate XSS Detection with BurpSuite and PhantomJS
2014.01 [nvisium] Android Assessments with GenyMotion + Burp
2014.01 [sethsec] Writing and Debugging BurpSuite Extensions in Python
2014.01 [sethsec] Re-launch – A focus on Web Application Pen Testing, Burp Extensions, etc
2014.01 [nvisium] Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy
2014.01 [portswigger] Burp Suite Pro price held for 2014 | Blog
2013.12 [freebuf] Java编写代理服务器(Burp拦截Demo)一
2013.12 [freebuf] burpsuite_pro_v1.5.20破解版下载
2013.12 [appsecconsulting] So You Want to Build a Burp Plugin?
2013.12 [directdefense] Multiple NONCE (one-time token) Value Tracking with Burp Extender
2013.11 [freebuf] burpsuite_pro_v1.5.18 破解版
2013.11 [freebuf] burpsuite_pro_v1.5.11 破解版
2013.10 [debasish] Fuzzing Facebook for $$$ using Burpy
2013.10 [agarri] Exploiting WPAD with Burp Suite and the “HTTP Injector” extension
2013.10 [agarri] Exploiting WPAD with Burp Suite and the “HTTP Injector” extension
2013.10 [portswigger] Burp through the ages | Blog
2013.09 [portswigger] SSL pass through in Burp | Blog
2013.08 [freebuf] BurpSuite权限提升漏洞检测插件——The Burp SessionAuth
2013.08 [toolswatch] The Burp SessionAuth – Extension for Detection of Possible Privilege escalation vulnerabilities
2013.07 [cyberis] Testing .NET MVC for JSON Request XSS – POST2JSON Burp Extension
2013.06 [portswigger] Burp Suite confirmed as best value web security scanner | Blog
2013.06 [raz0r] Radamsa Fuzzer Extension for Burp Suite
2013.06 [sec] How to rapidly build a Burp session handling extension using JavaScript
2013.06 [freebuf] angelc0de原创burpsuite系列培训教程（下载）
2013.06 [freebuf] BurpSuite系列使用视频教程（下载）
2013.05 [] Burp Suite处理“不支持代理”的客户端
2013.05 [] Burp通过注射点dump数据库
2013.05 [trustwave] Introducing the Burp Notes Extension
2013.04 [pediy] [原创]利用sqlmap和burpsuite绕过csrf token进行SQL注入
2013.03 [portswigger] Burp Suite is on a feature roll! | Blog
2013.03 [security] Penetration Test pWnOS v2.0 with BurpSuite
2013.03 [freebuf] 使用Burp攻击Web Services
2013.03 [netspi] Hacking Web Services with Burp
2013.03 [] Burpsuite_pro_v1.5.01多平台破解版
2013.02 [freebuf] Burpsuite教程与技巧之HTTP brute暴力破解
2013.02 [freebuf] Burpsuite_pro_v1.5.01多平台破解版
2013.02 [freebuf] AuthTrans(原创工具)+BurpSuite的暴力美学-破解Http Basic认证
2013.02 [pentestlab] SQL Injection Authentication Bypass With Burp
2013.01 [freebuf] [下载]burpsuite_pro_v1.5_crack更新
2013.01 [rapid7] Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy
2013.01 [websecurify] Loading Burp Files Inside Websecurify Suite Video
2013.01 [websecurify] Reading Burp Files From Websecurify Suite
2013.01 [netspi] Tool release: AMF Deserialize Burp plugin
2012.12 [pentestlab] Local File Inclusion Exploitation With Burp
2012.12 [freebuf] iPhone上使用Burp Suite捕捉HTTPS通信包方法
2012.12 [portswigger] Sample Burp Suite extension: Intruder payloads | Blog
2012.12 [pentestlab] Brute Force Attack With Burp
2012.12 [portswigger] Sample Burp Suite extension: custom scanner checks | Blog
2012.12 [portswigger] Sample Burp Suite extension: custom scan insertion points | Blog
2012.12 [portswigger] Sample Burp Suite extension: custom editor tab | Blog
2012.12 [portswigger] Sample Burp Suite extension: custom logger | Blog
2012.12 [portswigger] Sample Burp Suite extension: traffic redirector | Blog
2012.12 [portswigger] Sample Burp Suite extension: event listeners | Blog
2012.12 [portswigger] Sample Burp Suite extension: Hello World | Blog
2012.12 [portswigger] Writing your first Burp Suite extension | Blog
2012.12 [portswigger] New Burp Suite Extensibility | Blog
2012.12 [freebuf] Burpsuite sqlmap插件
2012.11 [portswigger] New Burp Suite Extensibility – preview | Blog
2012.11 [freebuf] 渗透测试神器Burp弹药扩充-fuzzdb
2012.11 [freebuf] Burp Suite—BLIND SQL INJECTION
2012.11 [perezbox] Spoofing an Admin’s Cookies Using Burp
2012.11 [freebuf] Burp Suite免费版本（Free Edition）v1.5发布
2012.10 [portswigger] Burp Suite Free Edition v1.5 released | Blog
2012.10 [] 利用burpsuite获得免费空间
2012.10 [freebuf] Burp Suite PayLoad下载
2012.10 [] 使用BurpSuite来进行sql注入
2012.10 [netspi] Pentesting Java Thick Applications with Burp JDSer
2012.10 [toolswatch] Burp Suite v1.5rc2 released
2012.09 [trustwave] Adding Anti-CSRF Support to Burp Suite Intruder
2012.09 [] 用Burp_suite快速处理上传截断
2012.09 [portswigger] All new Burp help | Blog
2012.09 [] 使用burp suite探测Web目录
2012.09 [freebuf] BurpSuite教程与技巧之SQL Injection
2012.08 [freebuf] Burp Suite V1.4.12发布: 新增破解Android SSL功能
2012.08 [toolswatch] Burp Suite v1.4.12 in the wild with the support of Android SSL Analysis
2012.07 [raz0r] Прокачиваем Burp Suite
2012.07 [console] Setting up a Burp development environment
2012.06 [freebuf] burpsuite_pro_v1.4.07破解版
2012.06 [freebuf] burpsuite v1.4.10发布
2012.06 [toolswatch] Burp Suite Professional v1.4.08 Released
2012.06 [toolswatch] Burp Suite Professional v1.4.09 Released
2012.06 [toolswatch] Burp Suite Professional v1.4.10 Released
2012.06 [milo2012] Automating SQL Injection with Burp, Sqlmap and GDS Burp API
2012.06 [freebuf] [连载]Burp Suite详细使用教程-Intruder模块详解(3)
2012.06 [portswigger] Burp gets a makeover | Blog
2012.06 [freebuf] [连载]Burp Suite详细使用教程-Intruder模块详解(2)
2012.06 [websec] Using Burp to exploit a Blind SQL Injection
2012.06 [freebuf] [技巧]Burp Intruder中的Timing选项的使用
2012.06 [secproject] Burp Suite Beautifier Extension
2012.05 [freebuf] [技巧]使用Burpsuite辅助Sqlmap进行POST注入测试
2012.05 [freebuf] Burp Suite详细使用教程-Intruder模块详解
2012.05 [freebuf] Burp Suite python扩展 – Burpy
2012.05 [portswigger] Burp Suite user forum | Blog
2012.05 [freebuf] Burpsuite系列视频教程不加密版第一部分公布下载
2012.05 [freebuf] burpsuite_pro_v1.4.01破解版
2012.04 [firebitsbr] Pentest tool: Gason: A plugin to run sqlmap into burpsuite.
2012.04 [toolswatch] Burp Suite Professional v1.4.07 Released
2012.03 [toolswatch] Burp Suite Professional v1.4.06 Released
2012.01 [idontplaydarts] Extending Burp Suite to solve reCAPTCHA
2011.12 [milo2012] OWASP Ajax Crawling Tool (Good Companion Tool to Burpsuite)
2011.12 [insinuator] Use Python for Burp plugins with pyBurp
2011.12 [toolswatch] Burp Suite Professional v1.4.05 released
2011.11 [portswigger] Burp is voted #1 web scanner | Blog
2011.11 [digi] Burp Intruder Attack Types
2011.10 [toolswatch] Burp Suite Professional v1.4.02 released
2011.10 [portswigger] Breaking encrypted data using Burp | Blog
2011.06 [cyberis] ‘Invisible Intercept’ Function of Burp
2011.06 [console] Burp Intruder Time fields
2011.06 [toolswatch] Burp Suite Free Edition v1.4 released (Support of IPv6)
2011.06 [portswigger] Burp Suite Free Edition v1.4 released | Blog
2011.05 [console] Web Hacking Video Series #1 Automating SQLi with Burp Extractor
2011.04 [depthsecurity] Blind SQL Injection & BurpSuite – Like a Boss
2011.03 [portswigger] Burp v1.4 beta now available | Blog
2011.03 [portswigger] Burp v1.4 preview – Session handling: putting it all together | Blog
2011.03 [portswigger] Burp v1.4 preview – Macros | Blog
2011.03 [portswigger] Burp v1.4 preview – Session handling | Blog
2011.03 [toolswatch] Burp v1.4 preview – Comparing site maps
2011.03 [portswigger] Burp v1.4 preview – Testing access controls using your browser | Blog
2011.03 [portswigger] Burp v1.4 preview – Comparing site maps | Blog
2010.09 [netspi] Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy
2010.08 [gdssecurity] Constricting the Web: The GDS Burp API
2010.01 [portswigger] Burp Suite v1.3 released | Blog
2009.11 [portswigger] Burp Suite v1.3 preview | Blog
2009.11 [gdssecurity] WCF Binary Soap Plug-In for Burp
2009.11 [portswigger] GIAC paper on Burp Intruder | Blog
2009.04 [portswigger] Burp problems after Windows update | Blog
2009.04 [portswigger] Using Burp Extender | Blog
2008.12 [portswigger] Burp Suite v1.2 released | Blog
2008.11 [portswigger] [MoBP] Burp Extender extended | Blog
2008.11 [raz0r] Эффективный и быстрый пентестинг веб-приложений с Burp Suite
2008.11 [portswigger] [MoBP] The all new Burp Spider | Blog
2008.11 [portswigger] The Month of Burp Pr0n | Blog
2008.05 [portswigger] Burp Sequencer 101 | Blog
2008.02 [gdssecurity] A “Deflate” Burp Plug-In
2007.12 [portswigger] Burp Suite v1.1 released | Blog
2007.11 [gdssecurity] Beta version of the new Burp Suite released
2007.10 [portswigger] Introducing Burp Sequencer | Blog
2007.09 [portswigger] Burp Suite feature requests – thank you | Blog

项目地址: github.com/alphaSeclab/awesome-burp-suite

↧

2020年信息安全资源集合渗透测试笔记文章教程工具

January 5, 2020, 7:22 pm

≫ Next: 密码泄露查询 XposedOrNot 随机密码生成器

≪ Previous: BurpSuite资源收集:400+Burp插件 500+Burp文章视频

2020年信息安全资源集合渗透测试笔记文章教程工具,入侵,渗透,物联网安全,数据渗透,Metasploit,BurpSuite,KaliLinux,C＆C,OWASP,免杀,CobaltStrike,侦查,OSINT,社工,密码,凭证,威胁狩猎,有效载荷,Wifi黑客,无线攻击,后渗透,提权,UAC绕过…

以下内容由Google自动翻译,拗口之处请参考原文自行翻译:
github.com/alphaSeclab/awesome-security-collection

所有收集类项目：

收集的所有开源工具：sec-tool-list：超过18K，包括Markdown和Json两种格式
安全资源收集类的Repo：1000多种类别安全资源收集的Github Repo
全平台逆向资源：
- Windows平台安全：PE / DLL / DLL注入/Dll-Hijack/Dll-Load/UAC-Bypass/Sysmon/AppLocker/ETW/WSL/.NET/Process-Injection/Code-Injection/DEP/Kernel / …
- Linux安全：ELF / …
- macOS / iXxx安全：Mach-O /越狱/ LLDB / XCode / …
- Android安全：HotFix / XPosed / Pack / Unpack / Emulator / Obfuscate
- 知名工具：IDA / Ghidra / x64dbg / OllDbg / WinDBG / CuckooSandbox / Radare2 / BinaryNinja / DynamoRIO / IntelPin / Frida / QEMU / …
攻击性网络安全资源：入侵/渗透/物联网安全/数据渗透/ Metasploit / BurpSuite / KaliLinux / C＆C / OWASP /免杀/ CobaltStrike /侦查/ OSINT /社工/密码/凭证/威胁狩猎/有效载荷/ Wifi黑客/无线攻击/后渗透/提权/ UAC绕过/ …
网络相关的安全资源：
- 网络通信：代理/ SS / V2ray / GFW /反向代理/隧道/ VPN / Tor / I2P / …
- 网络攻击：中间人/ PortKnocking / …
- 网络分析：嗅探/协议分析/网络可视化/网络分析/网络诊断等
开源远控工具：Windows / Linux / macOS / Android; 远控类恶意恶意代码的分析报告等
Webshell工具和分析/使用文章：Webshell资源收集，包括150个Github项目，200个左右文章
取证相关工具和文章：近300个取开源取证工具，近600与取证相关文章
蜜罐资源：250+个开源蜜罐工具，350 +与蜜罐相关文章
Burp Suite资源：400多个开源Burp插件，500+与Burp相关文章

采集

1000多个Github安全资源收集类的存储库。
英文版

[ 34045星] [1m] [Py] minimaxir /顽皮字符串大列表 “淘气”的字符串列表，当作为用户输入时很容易引发问题
[ 33101星] [3m] hack-with-github / awesome-hacking骇客，渗透测试者和安全研究人员的各种绝妙列表的集合
[ 24868星] [18D] trimstray /的书-的秘密知识启发清单，手册，备忘，博客，黑客的集合，单行，CLI /网络工具等。
[ 22055星] [30d] [PHP] danielmiessler / seclists多种类型的资源收集：用户名，密码，URL，敏感数据类型，Fuzzing Payload，WebShell等
[ 19766星] [3m] [Jupyter笔记本] camdavidsonpilon /针对黑客的概率编程和贝叶斯方法，又名“贝叶斯黑客方法”：贝叶斯方法+概率编程的介绍，首先计算/了解，数学第二观点。全部使用纯Python;）
[ 18703星] [3y] fallibleinc /针对开发人员的安全指南（针对开发人员的安全指南）
[ 14867星] [2m] gfwlist / gfwlist gfwlist
[ 11389星] [13d] [Py] swisskyrepo / payloadsallthethings Web应用程序安全性和Pentest / CTF的有用负载和绕过列表
[ 11306星] [12d] [Py] owasp /备忘单系列OWASP 备忘单系列的创建是为了提供有关特定应用程序安全性主题的高价值信息的简洁集合。
[ 10944星] [2m] [CSS] hacker0x01 / hacker101 Hacker101
[ 10920星] [1m] enaqx / awesome-pentest渗透测试资源/工具集
[ 10615星] [20d] ruanyf / weekly科技爱好者周刊，每周五发布
[ 9042星] [3m] vitalysim / awesome-hacking-resources一系列黑客/渗透测试资源，可帮助您变得更好！
[ 8031星] [3m] [Py] facebook / chisel Chisel是LLDB命令的集合，可帮助调试iOS应用。
[ 5586星] [1m] rshipp / awesome-malware-analysis精选的真棒恶意软件分析工具和资源列表。
[ 5229星] [4m] [Py] ytisf / thezoo LIVE恶意软件的存储库，您可以自己感到高兴和高兴。
[ 5181星] [27d] [PHP] tennc / webshell webshell收集
[ 5121星] [3m] sbilly / awesome-security与安全相关的软件，库，文档，书籍，资源和工具等收集
[ 5084星] [17d] [HTML] owasp / owasp-mstg关于移动应用安全开发，测试和逆向的相近手册
[ 4441星] [2m] [Shell] zardus / ctf-tools一些用于安全研究工具的设置脚本。
[ 4306星] [17d] [Shell] ashishb / android-security-awesome android安全相关资源的集合
[ 4252星] [1m] qazbnm456 / awesome-web-security web安全资源列表
[ 4115星] [10m] wtsxdev / reverse-engineering很棒的反向工程资源列表
[ 4014星] [3m] [JS] apsdehal / awesome-ctf CTF框架，库，资源和软件的精选清单
[ 4014星] [3m] [JS] apsdehal / awesome-ctf CTF框架，库，资源和软件的精选清单
[ 3945星] [5m] [PHP] paragonie / awesome-appsec精选的用于了解应用程序安全性的资源列表
[ 3922星] [15d] [Py] secureauthcorp / impacket Python类收集，用于与网络协议交互
[ 3868星] [2m] jivoi / awesome-osint OSINT资源收集
[ 3836星] [4y] iosre / iosappreverseengineering全球第一本非常详尽的iOS App逆向工程技能书：）
[ 3796星] [18d] [Py] paralax / awesome-honeypots令人敬畏的蜜罐资源列表
[ 3699星] [5m] [C] secwiki / windows-kernel-exploits Windows-kernel-exploits Windows平台提权漏洞集合
[ 3627星] [28d] [HTML] consensys / smart-contract-best-practices智能合约安全最佳做法指南
[ 3616星] [19d] blacckhathaceekr / pentesting-bible链接达到10000个链接和10000个pdf文件。了解道德黑客和渗透测试。数百道德黑客和渗透测试，红色团队，网络安全和计算机科学资源。
[ 3517星] [10m] [C] rpisec / mbe RPISEC用于现代二进制开发的课程材料
[ 3461星] [30d] [C] shellphish / how2heap学习各种堆利用技巧的repo
[ 3383星] [11d] jivoi / awesome-ml-for- cybersecurity针对网络安全的机器学习资源列表
[ 3320星] [2y] 审查/ ethlist以太坊综合阅读列表
[ 3301星] [15d] [Shell] toniblex / my-arsenal-of-aws-security- tools用于AWS安全的开源工具列表：防御性，攻击性，审计，DFIR等。
[ 3230星] [16d] [Rich Text Format] 黑客行为/ h4cker资源收集：黑客行为，渗透，数字取证，事件响应，入侵研究，入侵开发，逆向
[ 3203星] [6m] hslatman / awesome-threat-intelligence精选的Awesome Threat Intelligence资源列表
[ 3198星] [16d] [Makefile] lorien / awesome-web-scraping用于网络抓取和数据处理的库，工具和API的列表。
[ 3168星] [18d] [CSS] juliocesarfort / public-pentesting-reports几家咨询公司和学术安全组织发布的公共渗透测试报告的精选清单
[ 3141星] [17d] meirwah / awesome-incident-response精选的事件响应工具清单
[ 3005星] [10d] [Py] felixonmars / dnsmasq-china-list特定于中文的配置可以改善您喜欢的DNS服务器。chnroutes的最佳合作伙伴。
[ 2977星] [2y] phith0n / mind-map各种安全相关思维导图整理收集
[ 2967星] [11d] [Go] dominikh / go-tools Staticcheck –用于处理Go代码的静态分析工具的集合
[ 2904星] [3m] infosecn1nja / red-teaming-toolkit一组有助于红队运作的开源和商业工具。
[ 2816星] [2m] paulsec / awesome-sec-talks真棒安全性演讲的收集列表
[ 2800星] [3m] secwiki / sec-chart安全思维导图集合
[ 2759星] [1m] [JS] s0md3v / awesomexss很棒的XSS东西
[ 2680星] [14d] rmusser01 / infosec_reference不吸的信息安全参考
[ 2671星] [1y] [HTML] chybeta /网络安全学习网络安全学习
[ 2660星] [18d] xairy / linux-kernel-exploitation Linux内核Fuzz和入侵利用的资源收集
[ 2621星] [2m] pditommaso / awesome-pipeline受Awesome Sysadmin启发的精湛管道工具包的精选列表
[ 2615星] [1m] [JS] knownsec / kcon KCon是由Knownsec团队提供支持的著名Hacker Con。
[ 2519星] [27d] onlurking / awesome-infosec精选的绝妙Infosec课程和培训资源清单。
[ 2499星] [5y] [PHP] audi-1 / sqli-labs SQLI实验室可以测试基于错误的，基于布尔布尔的，基于时间的。
[ 2474星] [2m] [Py] 0xinfection / awesome-waf关于Web应用程序防火墙（WAF）的一切都很棒。
[ 2419星] [3y] rpisec /恶意软件RPISEC进行恶意软件分析的课程材料
[ 2395星] [3y] [OCaml] facebookarchive / pfff一堆工具的集合，用于执行静态分析，代码可视化，代码导航，保持格式的代码转换（例如：二进制代码）。完美支持C，Java， JS，PHP，随后将支持其他一大堆语言。
[ 2356星] [12m] hack-with-github / free-security-ebooks免费安全性和黑客电子书
[ 2345星] [22d] yeyintminthuhtut / awesome-red-teaming令人敬畏的红色团队资源列表
[ 2307星] [1m] [PS] k8gege / k8tools K8工具合集（内网渗透/提权工具/远程溢出/突破利用/扫描工具/密码破解/免杀工具/ Exploit / APT / 0day / Shellcode / Payload / priviledge / BypassUAC / OverFlow / WebShell / PenTest）Web GetShell漏洞（Struts2 / Zimbra / Weblogic / Tomcat / Apache / Jboss / DotNetNuke / zabbix）
[ 2228星] [2y] [JS] curry53 / h5sc HTML5安全备忘单 -与HTML5相关的XSS攻击向量的集合
[ 2204星] [2m] sobolevn / awesome-cryptography加密资源和链接的精选列表。
[ 2184星] [3y] enddo / awesome-windows-exploitation精选的 Windows Exploitation资源和闪亮内容的精选列表。受到敬畏的启发
[ 2169星] [2m] gbdev / awesome-gbdev Game Boy开发资源的精选列表，例如工具，文档，仿真器，相关项目和开源ROM。
[ 2163星] [1y] [C ++] maestron / botnets这是#botnet源代码的集合，没有组织。仅用于教育目的
[ 2161星] [10m] exakat / php-static-analysis-tools有用的PHP静态分析工具的完整列表
[ 2132星] [22d] goq /电报列表电报组，渠道和漫游器的列表//Списокинтересныхгрупп，каналовиботовтелеграма//Списокчатовдляп
[ 2118星] [3m] yeahhub / hacking-security-ebooks排名前100的Hacking＆Security电子书（免费下载）
[ 2116星] [1m] infoslack / awesome-web-hacking网络应用程序安全性列表
[ 2078星] [2m] edoverflow / bugbounty-cheatsheet漏洞赏金猎人的有趣有效负载，技巧和窍门的列表。
[ 2067星] [12d] tanprathan / mobileapp-pentest-cheatsheet移动应用程序Pentest 速查表的创建旨在提供有关特定移动应用程序渗透测试主题的高价值信息的简洁集合。
[ 2066星] [1y] bluscreenofjeff / red-team-infrastructure-wiki Wiki，用于收集红队基础设施强化资源
[ 2057星] [9m] [Shell] foospidy / payloads网络攻击有效载荷集合
[ 2042星] [9d] [Java] williamfiset / algorithms算法和数据结构的集合
[ 2030星] [14d] [HTML] gtfobins / gtfobins.github.io精选的Unix二进制文件列表，可以利用它来绕过系统安全限制
[ 2018星] [2m] qazbnm456 / awesome-cve-poc CVE PoC列表
[ 1990星] [2y] dloss / python-pentest-tools可用于渗透测试的Python工具收集
[ 1982星] [1y] [BitBake] 1n3 /入侵者有效载荷BurpSuite入侵者有效载荷收集
[ 1956星] [2m] [Py] nixawk / pentest-wiki PENTEST-WIKI是面向渗透测试者/研究人员的免费在线安全知识库。如果您有个好主意，请与他人分享。
[ 1930星] [3m] toolswatch / blackhat-arsenal-tools黑帽武器库
[ 1904星] [30d] olivierlaflamme / cheatsheet-god渗透测试参考库-OSCP / PTP和PTX备忘单
[ 1870星] [11m] [PHP] bartblaze / php-backdoors PHP后门的集合。仅用于教育或测试目的。
[ 1845星] [3m] djadmin / awesome-bug-bounty可用的漏洞赏金与披露程序和编写的详尽清单。
[ 1831星] [1y] [CSS] ctfs / write-ups-2015由社区维护的类似Wiki的CTF编写库。2015年
[ 1787星] [4y] caesar0301 / awesome-pcaptools用于处理网络痕迹的工具收集
[ 1779星] [1m] 17mon / china_ip_list中国IPList由IPIP.NET
[ 1771星] [12d] onethawt / idaplugins-list IDA插件收集
[ 1760星] [1y] coreb1t /令人敬畏的最骗子备忘单备有用于笔测的备忘单
[ 1752星] [1m] ngalongc / bug赏金参考受到启发
[ 1748星] [3m] [PHP] orangetw / my-ctf-web- challenges我提出的CTF Web挑战集
[ 1748星] [4m] tunz / js-vuln-db具有PoC的JavaScript引擎CVE的集合
[ 1739星] [2m] sirredbeard / awesome-wsl Linux专用Windows子系统的出色列表
[ 1716星] [4m] [R] briatte / awesome-network-analysis精选的出色网络分析资源列表。
[ 1663星] [2y] [Shell] juude / droidreverse android逆向工程工具集
[ 1652星] [10m] tylerha97 /真棒倒车精选真棒倒车资源列表
[ 1650星] [15d] sarojaba / awesome-devblog很棒的Devblog
[ 1636星] [2y] jhaddix / tbhm The Bug Hunters方法论
[ 1630星] [2m] ivrodriguezca / re-ios-apps关于反向工程iOS应用程序的完全免费的开源在线课程。
[ 1602星] [7m] [Py] w1109790800 / penetration渗透超全面的渗透资料
[ 1585星] [7m] [Ruby] brunofacca / zen-rails-security-checklist Ruby on Rails应用程序的安全预防措施清单。
[ 1546星] [19d] emijrp / awesome-awesome精选的精选主题列表，其中包含许多主题。
[ 1534星] [6m] snowming04 / the-hacker-playbook-3-translation对The Hacker Playbook 3的翻译。
[ 1509星] [14d] [YARA] cybermonitor / apt_cybercriminal_campagin_collections APT和CyberCriminal Campaign Collection
[ 1482星] [14d] [C] sleuthkit / sleuthkit 一个库和命令行数字取证工具的集合，使您可以研究卷和文件系统数据。
[ 1481星] [2m] minimaxir / hacker-news-undocumented准则和FAQ中未包含的一些有关Hacker News的隐藏规范。
[ 1479星] [30d] edoverflow /我可以接管xyz吗？—服务列表以及如何使用悬挂的DNS记录声明（子）域。
[ 1421星] [5m] yadox666 / the-hackers-hardware-toolkit用于Red Team，渗透，安全研究的最佳硬件产品集合
[ 1417星] [3m] [执行] hellogcc / 100-gdb-tips gdb提示的集合。100也许就意味着很多。
[ 1417星] [3m] [HTML] owasp / top10 OWASP官方十大文档存储库
[ 1392星] [4y] [PHP] johntroony / php-webshells常见的php webshell。不要将文件托管在您的服务器上！
[ 1376星] [2m] grrrdog / java-deserialization-cheat- sheet关于Java反序列化漏洞的备忘单
[ 1347星] [2y] [HTML] daxeel / blockshell用于学习区块链技术的概念的命令行工具，例如喜欢链接，挖掘，工作证明等
[ 1332星] [3m] jaredthecoder / awesome-vehicle-security精选的精选资源，书籍，硬件，软件，应用程序，需要关注的人员以及关于汽车安全性，汽车黑客和修补功能的更酷内容的精选清单你的车。
[ 1305星] [1m] nikitavoloboev /尊重隐私 PrivacyRespecing服务和软件列表
[ 1290星] [11d] [Shell] firehol / blocklist-ipsets ipsets使用firehol的update-ipsets.sh脚本动态更新
[ 1290星] [11d] [Shell] firehol / blocklist-ipsets ipsets使用firehol的update-ipsets.sh脚本动态更新
[ 1287星] [9m] michalmalik / linux-re-101 Linux逆向资源收集
[ 1252星] [19d] michalmalik / osx-re-101 OSX / iOS逆向资源收集
[ 1242星] [1y] [Ruby] eliotsykes / rails-security-checklist该清单仅限于Rails的安全预防措施，运行Rails应用程序的其他许多方面也需要保护
[ 1223星] [5y] curu53 / xsschallengewiki欢迎使用XSS Challenge Wiki！
[ 1223星] [5y] curu53 / xsschallengewiki欢迎使用XSS Challenge Wiki！
[ 1222星] [25d] dweinstein / awesome-frida frida资源列表
[ 1215星] [8m] riusksk / secbook信息安全从业者书单推荐
[ 1207星] [8m] joe-shenouda / awesome-cyber-skills精选的骇客环境清单，可让您合法安全地培训网络技能
[ 1203星] [1y] felixgr / secure-ios-app-dev iOSApp最常见突破收集
[ 1197星] [2m] [Py] cujanovic / ssrf-testing SSRF（服务器端请求伪造）测试资源
[ 1187星] [2y] [C] mubix /开发后post-exploitation工具收集
[ 1181星] [1m] [Py] 13o-bbr-bbq / machine_learning_security机器学习与安全的几个主题
- Security_and_MachineLearning网络安全与机器学习课程
- Vulnerabilities_of_ML机器学习突破的汇总
- Analytics使用k-means分析捕获的数据包
- CNN_test生成针对CNN的对抗样例
- DeepExploit使用机器学习的全自动化渗透测试
- Generator使用遗传算法和生成对抗网络，自动生成大量用于Web应用程序评估的注入代码。
- 推荐使用推荐的检测Web应用程序突破的最佳注入代码。
- Saivs发现Web应用程序中的突破的AI
[ 1172星] [17d] m4ll0k / awesome-hacking-tools令人敬畏的黑客工具
[ 1164星] [14d] w00t3k /令人敬畏的细胞骇客令人敬畏的细胞骇客
[ 1155星] [3y] [PS] powershellempire / powertools PowerShell项目的集合，重点是进攻性操作
- PewPewPew脚本利用通用模式在PowerShell Web服务器上托管脚本，调用IEX下载底座以下载/执行目标代码，然后将结果发布回服务器，然后对任何结果进行后处理。
- PowerBreach后门工具箱旨在为用户提供多种方法来对系统进行后门。
- PowerPick允许不使用Powershell.exe而执行Powershell功能
[ 1145星] [1m] [批处理文件] ckjbug / hacking整理和开发网络安全性，黑客技术文档和工具，代码。
[ 1145星] [7m] nebgnahz / awesome-iot-hacks物联网空间中的黑客集合，以便我们可以（希望）解决它们。
[ 1143星] [2y] [Py] hackathonhackers /个人站点 Hackathon Hackers的个人站点列表。
[ 1141星] [1m] [HTML] securitytxt / security-txt网站定义安全策略的“标准”
[ 1116星] [21d] 慢雾/基于知识库的知识库慢雾安全团队知识库
[ 1115星] [1y] paulsec / awesome-windows-domain-hardening精湛的Windows安全强化技术精选清单。
[ 1112星] [1y] [Py] bugcrowd / hunt Burp和ZAP的扩展收集
[ 1110星] [6m] [Py] coffeehb / some-poc-or-exp各种漏洞poc，Exp的收集或编写
[ 1110星] [5m] zbetcheckin / security_list娱乐和暴利的绝佳安全清单
[ 1108星] [2m] 史努比安全性/ awesome-burp-extensions Burp扩展收集
[ 1080星] [2m] guardrailsio / awesome-golang-security令人敬畏的Golang安全资源
[ 1066星] [12d] [Py] forseti-security / forseti-security 社区驱动的一系列开源工具，可提高您的Google Cloud Platform环境的安全性
[ 1065星] [2y] wtsxdev /网络安全机器学习精选的工具和资源列表，与将机器学习用于网络安全有关
[ 1062星] [16d] denji / awesome-http-benchmark HTTP（S）基准测试工具，测试/调试和restAPI（RESTful）
[ 1049星] [1m] [Py] ct-开源/ tuya-convert脚本集合，用于将Tuya IoT设备闪存到备用固件
[ 1037星] [2m] [C] xairy / kernel-exploits我对Linux内核的概念验证漏洞
[ 1030星] [1y] naetw / ctf-pwn-tips这里记录有关pwn的一些技巧。某些内容已过时，将不会更新。对于那个很抱歉。
[ 1030星] [7m] stephenturner / oneliners适用于生物信息学的bash一线。
[ 1026星] [17d] sundowndev / hacker-roadmap概述了学习渗透测试所需的知识，以及一系列黑客工具，资源和实践道德黑客的参考资料
[ 1026星] [2y] [ObjC] zhengmin1989 / ios_ice_and_fire iOS冰与火之歌
[ 1020星] [2m] [C] bt3gl / pentesting-toolkit渗透测试，CTF和战争游戏的工具收集
[ 1013星] [1y] [JS] 0xsobky / hackvault我的公共Web黑客的容器存储库！
[ 1009星] [10m] onethawt / reverseengineering-reading-list反向工程文章，书籍和论文的列表
[ 1007星] [1y] [PHP] secwiki / cms-hunter CMS入侵测试用例集合
[ 993星] [19d] [Py] jekil /很棒的黑客很棒的黑客是一个很棒的黑客工具集合。
[ 990星] [11m] [Py] xiphosresearch /利用杂项利用代码
[ 986星] [8m] 0x4d31 / awesome-threat-detection精选的令人敬畏的威胁检测和狩猎资源列表
[ 977星] [4m] CTF /资源关于CTF和类似安全竞赛的信息，工具和提示的一般集合
[ 963星] [2y] [C] fdiskyou / injectallthethings在一个项目中有七种不同的DLL注入技术。
[ 959星] [5m] bugcrowd / bugcrowd_university研究者社区的教育内容
[ 959星] [10m] wtsxdev / penetration-testing出色的渗透测试资源，工具和其他有趣的东西的列表
[ 949星] [6m] [C] dhavalkapil / heap-exploitation这本书是关于堆利用的指南，它是了解glibc堆内部以及对堆结构可能进行的各种攻击的指南。
[ 946星] [2y] [HTML] chybeta /软件-安全性学习软件-安全性学习
[ 943星] [18d] [Py] nullsecuritynet / tools安全和黑客工具，漏洞，概念证明，Shellcode，脚本。
[ 939星] [2y] deepspaceharbor / awesome-ai-security AI安全资源的精选清单
[ 929星] [2m] tom0li /收集文档质量安全文章的收集
[ 923星] [9m] [C] 0x90 / wifi武器库 WiFi武器库
[ 921星] [7m] [PS] api0cradle / ultimateapplockerbypasslist此存储库的目标是记录绕过AppLocker的最常用技术。
[ 917星] [7m] cn0xroot / rfsec-toolkit RFSec-ToolKit是射频通信协议Hacktools的集合。无线通信协议相关的工具集，可用于SDR硬件+相关工具对无线通信进行研究。哈克·史密斯
[ 906星] [1m] [Shell] dominicbreuker / stego-toolkit隐秘术工具集-帮助应对CTF挑战
[ 899星] [12d] [Py] derekselander / lldb LLDB别名/正则表达式和Python脚本的集合，可帮助您进行调试
[ 898星] [2m] [HTML] hookmaster / frida-all-in-one FRIDA操作手册
[ 894星] [3m] [Ruby] w181496 / web-ctf-cheatsheet Web CTF CheatSheet
[ 890星] [3m] jakejarvis / awesome-shodan-queries令人敬畏的Shodan搜索查询
[ 871星] [12d] explife0011 / awesome-windows-kernel-security-development Windows内核安全开发
[ 852星] [30d] trimstray / iptables-essentials通用防火墙规则和命令。
[ 841星] [2m] cugu / awesome-forensics精选的真棒法医分析工具和资源清单
[ 838星] [17d] [HTML] rewardone / oscprepo我收集并尝试合并以用作OSCP（及更多）学习材料的命令，脚本，资源等的清单。“有用命令” Keepnote中的命令。“书签列表” Keepnote中的书签和阅读材料。在脚本文件夹中重新扫描。
[ 836星] [15d] v33ru / iotsecurity101从IoT渗透测试到IoT安全
[ 829星] [4y] [PS] clymb3r / powershell有用的PowerShell脚本
[ 829星] [5m] [Shell] danielmiessler / robotsdisallowed禁止的最常见和最有趣的robots.txt目录的精选列表。
[ 826星] [10d] cveproject / cvelist通过GitHub提交CVE的试验程序
[ 823星] [3m] Feeicn / security-ppt大安全各领域各公司各会议分享的PPT
[ 822星] [3m] [Shell] shr3ddersec / shr3dkit红队工具包
[ 813星] [3y] [Py] scrapy / quotesbot这是一个用于教育目的的Scrapy示例项目
[ 805星] [3y] shmilylty / awesome-hacking真棒黑客中文版
[ 796星] [15d] [Shell] aqzt / kjyw快捷运维，代号kjyw，项目基于shell，python，运维脚本工具库，收集各种运维常用工具脚本，实现快速安装nginx，mysql，php， redis，nagios，运维经常使用的脚本等等…
[ 788星] [11m] v2-dev / awesome-social-engineering社会工程学资源集合
[ 778星] [2y] [Py] dagrz / aws_pwn AWS渗透测试垃圾的集合
[ 766星] [2m] daviddias / awesome-hacking-locations由“国家”和“城市”组织的“ Awesome Hacking 位置列表”，列出是否具有电源和wifi功能。
[ 761星] [1m] [Py] mubix / shellshocker-pocs #ShellShocker的概念证明和潜在目标证明合集
[ 760星] [3y] masatokinugawa / filterbypass浏览器XSS过滤绕过清单
[ 738星] [14d] [C ++] google / shaderc Vulkan着色器编译的工具，库和测试的集合。
[ 737星] [7m] [Py] devttys0 / ida IDA插件/脚本/模块收集
- wpsearch查找在MIPS WPS校验和实现中常见的立即数
- md5hash纯Python版的MD5哈希实现（IDA的hashlib有问题）
- alleycat查找向指定的函数内部代码块的路径，查找两个或多个函数之间的路径，生成交互调用图，变量
- codatify定义IDA自动化分析时未命中的ASCII字符串，函数，代码。将数据段的所有未定义字节转换为DWORD（于是IDA可识别函数和替换表指针）
- 荧光高亮函数调用指令
- leafblower识别常用的POSIX函数：printf，sprintf，memcmp，strcpy等
- localxrefs在当前函数内部查找所有对任意选择文本的引用
- mipslocalvars对栈上只用于存储寄存器的变量进行命名，简化栈数据分析（MISP）
- mipsrop在MIPS重置代码中搜寻ROP。查找常见的ROP
- rizzo对2个或多个IDB之间的函数进行识别和重命名，基于：函数签名，对唯一字符串/常量的引用，模糊签名，调用图
[ 736星] [1y] [Py] averagesecurityguy / scripts我在渗透测试中使用的脚本。
[ 733星] [5m] [Lua] cldrn / nmap-nse-scripts我的nmap NSE脚本集合
[ 728星] [3m] [C＃] harleyqu1nn / aggressorscripts从多个来源获取的Cobalt Strike 3.0+的Aggressor脚本集合
[ 725星] [2m] [HTML] j00ru / windows-syscalls Windows系统调用表（NT / 2000 / XP / 2003 / Vista / 2008/7/2012/8/10）
[ 722星] [29d] voorivex / pentest-guide基于OWASP的渗透测试指南，包括测试案例，资源和示例。
[ 714星] [1y] snifer / security-cheatsheets各种信息安全工具和主题的备忘单的集合。
[ 713星] [6m] leezj9671 / pentest_interview个人准备渗透测试和安全面试的经验之谈，和去部分厂商的面试题，干货真的满满〜
[ 712星] [5m] bit4woo / python_sec python安全和代码审核相关资料收集
[ 696星] [2m] [Py] iceyhexman /在线工具在线cms识别|信息索引|工控|系统|物联网安全| cms扫描| nmap端口扫描|子域名获取|待续
[ 695星] [4m] netflix / security-bulletins与Netflix开放源相关的安全公告
[ 693星] [2y] [C] 1n3 / privesc Windows，Linux和MySQL特权升级脚本和漏洞的集合。
[ 685星] [14d] [Py] gwen001 / pentest-tools日常使用的渗透工具集合
[ 684星] [2m] andrewjkerr / security-cheatsheets有用的作弊备忘单集合，着重于通过安全工具或流行的UNIX程序来帮助安全型人。
[ 682星] [3y] [PHP] xl7dev / webshell Webshell &&后门集合
[ 681星] [1m] [Shell] wslutilities / wslu Windows 10 Linux子系统的实用程序集合
[ 675星] [1y] [C] billy-ellis / exploit-challenges一组易受攻击的ARM二进制文件，用于练习漏洞利用开发
[ 668星] [2m] doridori / android-security-reference A WIP Android安全参考
[ 665星] [2m] redhuntlabs / awesome-asset-discovery真棒资产发现资源列表
[ 664星] [1y] chybeta /代码审核挑战代码审核挑战
[ 662星] [11d] the-akira / computer-science-resources计算机科学不同领域的资源列表（多种语言）
[ 653星] [1m] [YARA] 我们各种调查的危害/恶意软件入侵指标（IOC）
[ 643星] [2y] 危害/备忘单用于各种项目的备忘单。
[ 643星] [6m] [PHP] mattiasgeniar / php-exploit-scripts在调查被入侵的服务器时发现的一组PHP利用脚本。出于教育目的和测试模糊器和漏洞扫描程序的目的而存储它们。随时贡献。
[ 639星] [9m] cryptogenic / exploit-writeups一个集合，我当前和将来对exploit / CTF 的写作将在此收集
[ 638星] [12m] [HTML] bl4de / security_whitepapers与IT安全相关的其他白皮书，演示文稿，幻灯片的集合-黑客，漏洞赏金，Web应用程序安全性，XSS，CSRF，SQLi
[ 637星] [23d] [PS] olafhartong / sysmon-modular sysmon配置模块收集
[ 635星] [8m] yeyintminthuhtut / awesome-advanced-windows-exploitation-references很棒的Windows高级开发参考列表
[ 633星] [5m] 3gstudent / pestest-and-development提示一系列的渗透和开发提示
[ 632星] [10m]网络传教士/进攻性面试甄别进攻性（红队/最奔波）候选人的面试问题
[ 629星] [4m] 旁路007 /安全项目集合收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员建立企业安全能力。
[ 620星] [2y] turbo / openftp4 IPv4中允许匿名登录的所有FTP服务器的列表。
[ 619星] [1y] jiangsir404 / audit-learning记录自己对《代码审计》的理解和总结，对危险函数的深入分析以及在p牛的博客和代码审计圈的收获
[ 618星] [22d] 404notf0und / ai-for-security-learning安全场景，基于AI的安全算法和安全数据分析学习资料整理
[ 613星] [4m] [Shell] ashishb / osx-and-ios-security- OSX和iOS相关的安全工具
[ 608星] [3m] [Swift] 渐变/梯度精选的180个出色的Swift 渐变
[ 606星] [1y] [C] scottybauer / android_kernel_cve_pocs我的带有POC的CVE的列表
[ 604星] [2m] siguza / ios-resources适用于iOS黑客的有用资源
[ 601星] [2m] [Py] hslatman / awesome-工业控制系统-安全工控系统安全资源列表
[ 600星] [6m] fabrimagic72 / malware-samples恶意软件样本
[ 593星] [1m] 许可/ awesome-nodejs-security很棒的Node.js安全资源
[ 593星] [2m] [PS] Threatexpress / red-team-scripts以红队为中心的工具，脚本和笔记的集合
[ 592星] [3y] hack-with-github / windows很棒的工具，可以利用Windows！
[ 592星] [12m] pandazheng / ioshackstudy IOS安全学习资料汇总
[ 591星] [16d] [Perl] bollwarm / sectoolset安全项目工具集合
[ 591星] [1y] brunty / awesome-checker-services网站上针对站点，域，安全性等各种检查程序的链接列表
[ 590星] [15d] clarketm / proxy-list一组免费的公共转发代理服务器。每日更新！
[ 587星] [6m] d30sa1 / rootkits-list-download下载 Rootkit收集
[ 577星] [2y] hack-with-github / awesome-security-gists Gist收集
[ 574星] [3m] [HTML] gwillem / magento-malware-scanner用于检测Magento恶意软件的规则/样本集合
[ 573星] [2y] [Py] nnamon / linux-exploitation-course中级Linux入侵开发课程
[ 571星] [4m] r35tart / penetration_testing_case用于记录分享一些有趣的案例
[ 564星] [1y] [C] externalist / exploit_playground分析公共漏洞或我的1天漏洞
[ 564星] [3m] [HTML] netspi / sqlinjectionwiki一个专注于聚合和记录各种SQL注入方法的Wiki
[ 564星] [11m] Rapid7 / ssh-badkeys静态SSH密钥（公共和私有）的集合，这些密钥已进入软件和硬件产品。
[ 560星] [9m] guardrailsio / awesome-python-security很棒的Python安全性资源
[ 558星] [10m] guardrailsio / awesome-php-security很棒的PHP安全资源
[ 557星] [3y] secmobi / wiki.secmobi.com手机安全资源收集
[ 557星] [9m] [Py] yellowbyte /逆向工程参考手册逆向参考手册。包括很多工具的使用技巧
[ 550星] [4y] miyogurt /网络安全性思维导图网络安全基础知识思维导图
[ 549星] [4m] [C] espressif / esp-iot-solution Espressif IoT库。物联网设备驱动程序，文档和解决方案。
[ 530星] [30d] a13xp0p0v / linux-kernel-defence-map Linux内核防御图
[ 530星] [2y] [Py] ihack4falafel / oscp我的OSCP旅程中收集的东西
[ 521星] [3y] vasanthk / web-security-basics web安全基础
[ 504星] [2m] hugetiny / awesome-vpn免费的代理，科学上网，翻墙，梯子大集合
[ 501星] [4m] [PHP] susers / writeups国内各大CTF赛题及writeup整理
[ 500星] [3y] tengzhangchao / sec-box信息安全工具箱（信息安全工具以及资源集合）
[ 498星] [3m] govolution / betterdefaultpasslist列表包含来自各个制造商的产品（例如NAS，ERP，ICS等）的默认凭据。
[ 496星] [2y] sergey-pronin / awesome-vulnerability-research有关该漏洞研究的绝妙资源的精选列表
[ 494星] [2m] [C] hasherezade / demos恶意软件中各种注入技术的演示
[ 490星] [2y] [C ++] turbo / kpti-poc-collection Meltdown / Spectre PoC src集合。
[ 489星] [14d] [C] jiayy / android_vuln_poc-exp此项目包含我发现的漏洞的pocs和漏洞利用程序（主要是）
[ 488星] [2y] b-mueller / android_app_security_checklist Android应用程序安全性检查表
[ 487星] [2m] radreorg / awesome-radare2由Radare2提供支持的精选项目，文章和其他资料的精选清单
[ 486星] [1y] lmy375 / awesome-vmp虚拟机分析相关资料
[ 480星] [1y] ksluckow / awesome-symbolic-execution精选的极好的符号执行资源的清单，包括重要的研究论文，演讲，视频和工具。
[ 477星] [1y] hack-with-github / powerful-plugins面向黑客的强大插件和附加组件
[ 476星] [23d] [PS] mantvydasb / redteam-tactics-and-techniques红队策略和技术
[ 472星] [12m] [PHP] l3m0n / pentest_tools收集一些小型实用的工具
[ 470星] [3y] [Shell] g0tmi1k / os-scripts操作系统脚本的个人收藏
[ 468星] [29d] meitar / awesome-cybersecurity-blueteam一组很棒的资源，工具和其他吸引人的东西，适用于网络安全蓝色团队。
[ 465星] [2y] [Py] coalfire-research / java-deserialization-exploits一组精选的Java反序列化漏洞
[ 465星] [1m] gradiuscypher / infosec_getting_started资源/文档/链接/等的集合，以帮助人们了解Infosec并进入该领域。
[ 463星] [3y] remath / literature_review对程序分析研究的调查，重点是机器代码
[ 462星] [6m] [C] phoenhex /文件 Phoenhex团队的漏洞/ POC /演示
[ 461星] [2y] [Py] 0xdeadbeefjerky / office-dde-payloads脚本和模板的集合，以生成嵌入了DDE（无宏命令执行技术）的Office文档。
[ 460星] [5m] [C ++] comaeio / opcde OPCDE网络安全会议资料
[ 456星] [4y] [C] haka -security / haka捕获TCP / IP数据包，并根据Lua策略文件进行进行过滤
[ 455星] [22d] m1ghtym0 / browser-pwn针对浏览器开发的资源更新集合。
[ 454星] [10m] [C ++] ahupowerdns / hello-dns您好，欢迎使用DNS！
[ 449星] [4y] [Py] Alienvault-labs / alienvaultlabs Alienvault Labs项目随机资料
[ 442星] [17d] [TSQL] 404notf0und / security-data-analysis-and-visualization 2018-2020青年安全圈-活动技术博主/博客
[ 439星] [2y] magoo / redteam-plan规划redteam练习时要考虑的问题
[ 438星] [1y] meitar / awesome-lockpicking有关锁，锁定，钥匙的指南，工具及其他资源的列表
[ 437星] [4m] 信任/与golang一起使用 Golang安全资源合集
[ 431星] [2y] rsmudge / malleable-c2-profiles Malleable C2是一种领域特定语言，用于重新定义Beacon通信中的指标。该存储库是您可以使用的Malleable C2配置文件的集合。这些配置文件可用于Cobalt Strike3.x。
[ 431星] [24d] xuanhun / hackingresource “玄魂工作室-安全圈”知识星球内部资源汇总
[ 429星] [4m] [Shell] ashishb / android-malware android恶意软件样本集合
[ 426星] [1m] dropofzut / awesome-security-weixin-official-accounts网络安全类公共号推荐
[ 425星] [4m] jack-liang / kalitools Kali Linux工具清单
[ 424星] [3y] pgaijin66 / xss-payloads高级XSS有效负载列表
[ 424星] [2y] ring04h / papers我的安全峰会论文
[ 423星] [12m] [卢阿] w3h / icsmaster综合工控安全相关资源
[ 421星] [6m] preos-security / awesome-firmware-security很棒的固件安全和其他有用的文档
[ 420星] [9m] [Shell] sroberts / awesome-iocs危害指标的集合。
[ 415星] [2y] zhengmin1989 / greatiosjailbreakmaterial很棒的iOS越狱材料！-我读了数百篇论文和PPT。只在这里列出最有用的材料！
[ 411星] [15d] [Py] bl4de / security-tools主要使用Python创建的小型安全工具的集合。CTF，渗透测试等
[ 411星] [15d] [HTML] w3c / webappsec网络应用安全工作组
[ 411星] [2m] husnainfare / awesome-ethical-hacking-resources很棒的学习黑客和渗透测试的资源
[ 409星] [3m] ph055a / osint-collection维护OSINT相关资源的集合。（全部免费且可操作）
[ 407星] [2y] [JS] 0xdea / frida-scripts我的Frida.re工具脚本的集合，用于促进移动应用程序的反向工程。
[ 407星] [8m] kai5263499 / osx-security-awesome OSX和iOS安全资源的集合
[ 405星] [3y] [Py] xitu / macos-security-and-privacy-guide保证macOS安全的实用指南。
[ 397星] [7m] [HTML] gexos / hacking-tools-repository已从Internet上收集到的安全/黑客工具的列表。欢迎提出建议。
[ 396星] [4m] ansjdnakjdnajkd / ios iOS渗透测试最有用的工具
[ 395星] [2y] sweis / crypto-might-not-suck可能不吸引的加密项目列表
[ 393星] [2y] r0ysue / osg-translationteam看雪iOS安全小组的翻译团队作品集合，如有勘误，欢迎斧正！
[ 392星] [2m] dsopas / assessmentment-mindset安全相关的思维导图，可用于pentesting，漏洞赏金，红色团队评估
[ 391星] [2m] milabs / awesome-linux-rootkits awesome-linux-rootkits
[ 391星] [13d] [Py] 随机罗比/ my-shodan-scripts shodan搜索内容的脚本集合。
[ 389星] [2m] tobiasbueschel / awesome-pokemon精选的Pokémon和PokémonGO资源，工具等的精选列表。
[ 388星] [2y] [PS] shellntel / scripts来自安全专家的脚本集合，网址为www.shellntel.com。
[ 386星] [2y] m0l1ce / wooyunallbugs wooyun_all_bugs
[ 385星] [3m] [Jupyter笔记本] endgameinc / ember 110万PE文件的数据集合，可用于训练相关模型。PE文件信息主要包括：SHA256 /直方图（直方图）/ byteentropy（字节熵）/字符串/ PE头信息/段信息/导入表/导出表
[ 383星] [2m] thejambo / awesome-testing精选的测试资源列表
[ 379星] [1y] [CSS] nowsecure / secure-mobile-development安全移动开发最佳实践的集合
[ 378星] [2y] aozhimin / ios-debug-hacks
[ 376星] [5m] xtiankisutsa / awesome-mobile-ctf这是基于移动的CTF，脚本和易受攻击的应用的精选列表。由于该平台的普及，大多数都基于android。
[ 375星] [8m] opencybertranslationproject / linux-basics-for-hackers书籍《 Linux黑客基础》 2019版中文翻译版
[ 374星] [3m] [AngelScript] 询问/恶意软件样本恶意软件样本和相关解剖信息的集合，很可能是从
[ 373星] [3m] renwax23 / xss-payloads XSS向量/ 有效负载列表
[ 372星] [3y] [PHP] nikicat / web-malware-collection svn存储库的克隆
[ 370星] [11m] [Py] awslabs / aws-security-automation收集DevSecOps和自动事件响应安全性的脚本和资源
[ 369星] [30d] fkromer / awesome-ros2该机器人操作系统版本2.0很棒！
[ 366星] [2y] [PHP] Attackercan / regexp-security-cheatsheet
[ 366星] [2m] [转到] tomnomnom / httprobe获取域列表并探查工作的HTTP和HTTPS服务器
[ 366星] [2y] wtsxdev / malware-analysis很棒的恶意软件分析工具和资源列表
[ 364星] [8m] [Py] orangetw / awesome-jenkins-rce-2019自2017年5月以来，詹金斯没有预认证的RCE，但这是一个！
[ 363星] [10m] fr0gger / awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG插件收集
[ 363星] [13d] hongrisec /网络安全攻击 Web安全相关内容
[ 358星] [5m] b3nac / android-reports-and-resources一大堆Android Hackerone披露了报告和其他资源。
[ 356星] [5m] [Py] a3sal0n / cyberthreathunting威胁猎人的资源集合
[ 355星] [29d] [Py] lockgit / hacking黑客工具收集
[ 354星] [14d] [Py] alecmuffett /真实世界洋葱站点这是一个提供洋葱服务的，庞大的，具有商业或社会意义的主流网站的列表。
[ 354星] [4y] fireeye / iocs FireEye公开共享的危害指标（IOC）
[ 354星] [3y] virajkulkarni14 / webdevelopersecuritychecklist创建Web应用程序时应考虑的重要安全问题的清单。
[ 352星] [4y] [Java] rsmudge / cortana-scripts可以在Armitage和Cobalt Strike 2.x中使用的Cortana脚本集合。Cortana脚本与Cobalt Strike 3.x不兼容。Cobalt Strike 3.x使用Cortana的一个变体，称为Aggressor Script。
[ 351星] [4m] [Shell] maldevel / pentestkit渗透脚本和工具
[ 350星] [1m] [贝壳] fanyueciyuan / eazy-for-ss Bypassgfw收藏
[ 345星] [3m]地下软件/真棒开放地球科学来自于存储库，这些存储库使我们作为地球科学家，黑客和数据争吵者的生活变得更轻松或更令人敬畏
[ 342星] [2y] [C ++] ele7enxxh / poc-exp某些Android入侵的poc / exp
[ 341星] [2y] slowmist / eos-bp-nodes-security-清单 EOS超级实例安全执行指南
[ 335星] [2y] [PS] arno0x / powershellscripts PowerShell脚本集合
[ 335星] [10d] stamparm / ipsum不良IP的每日馈送（带有黑名单命中分数）
[ 334星] [15d] [PS] mgeeky / penetration-testing-tools我的渗透测试脚本，工具，备忘单的集合，这些脚本，工具，备忘单是多年来收集的，在实际任务中使用或从各种优质来源收集的。
[ 332星] [2m] [Jupyter Notebook] BEEVA中的beeva / beeva-best-practics最佳做法和样式指南
[ 331星] [3y] [Visual Basic .NET] khr0x40sh / macroshop脚本集合，以帮助通过Office宏传递有效负载。大多数是python。看到
[ 331星] [1y] snyk / vulnerabilitydb Snyk的公共漏洞数据库
[ 330星] [11m] [Py] 正义/自由战斗在您的自由斗争活动中可能会派上用场的脚本集。
[ 327星] [10m] pxlpnk / awesome-ruby-security很棒的Ruby安全性资源
[ 327星] [12m] [Py] secwiki / office-exploits office-exploits Office漏洞集合
[ 324星] [9m] [JS] zyszys / awesome-captcha精湛的验证码库和验证码破解工具的精选列表。
[ 323星] [4m] [PS] kmkz / pentesting渗透测试技巧
[ 321星] [3m] [HTML] eugenekolo / sec-tools一组与安全性相关的工具
[ 320星] [3m] xsleaks / xsleaks基于浏览器的边信道攻击向量的集合。
[ 318星] [13d] cryptax / confsec安全性，黑客会议（列表）
[ 316星] [1y] [PHP] grt1st / wooyun_search乌云公开漏洞，文献搜索来自wooyun.org
[ 315星] [2y] burntmybagel / oscp-prep准备考试时使用的资源列表
[ 315星] [1m] 整理/技术白皮书收集：IT报纸，PPT，PDF，黑客，Web应用程序安全性，数据库，逆向等
[ 312星] [11m] [Shell] swoodford / aws一组bash shell脚本，用于使用AWS CLI和jq通过Amazon Web Services自动执行各种任务。
[ 310星] [1y] 1522402210 / 2018-blackhat-tools-list 2018 BlackHat工具列表
[ 309星] [2m] no-github / dork-admin盘点串联的数据传输，供应链污染事件
[ 306星] [2m] [Py] rhinosecuritylabs / cves由Rhino Security Labs的团队针对各种CVE编写的概念验证漏洞脚本的集合。
[ 306星] [2y] [Py] timsutton / python-macadmin-tools基于Python的开源Mac sysadmin工具列表
[ 305星] [2y] [Java] joaomatosf / javadeserh2hc为2017年黑客到黑客大会杂志（H2HC）编写的示例代码。
[ 305星] [3y] [C ++] m0n0ph1 / malware-1恶意软件源代码样本已在线泄漏到GitHub中，以供需要分析代码的人员使用。
[ 301星] [12m] [程序集] guitmz / virii收集的古代计算机病毒源代码
[ 300星] [11m] [Shell] ctf-wiki / ctf-tools CTF工具集合
[ 299星] [25d] [JS] aws-samples / aws-serverless-security-workshop在本研讨会中，您将学习保护由AWS Lambda，Amazon API Gateway和RDS Aurora构建的无服务器应用程序的技术。我们将介绍可用于改善5个域中的无服务器应用程序安全性的AWS服务和功能：身份和访问管理，代码，数据，基础架构，日志记录和监控。
[ 299星] [2y] [C] 分发/文档运行CTF的提示，技巧和建议
[ 298星] [1y] [Shell] yw9381 / burp_suite_doc_zh_cn这是基于Burp Suite官方文档翻译而来的中文版文档
[ 297星] [5m] tanprathan / owasp-testing-checklist基于OWASP的Web应用程序安全性测试清单是基于Excel的清单，可帮助您跟踪已完成和未决测试用例的状态。
[ 295星] [1y] findneo / newbie-security-list网络安全学习资料，欢迎补充
[ 295星] [9m] vysecurity / domainfrontinglists CDN列出的可域域域名
[ 294星] [3y] lucyoa / ctf-wiki在CTF中有用的黑客技术
[ 294星] [7m] [JS] ma3k4h3d / papers有关网络安全的一些论文
[ 294星] [10m] [HTML] s1gh / ctf-literature收集与CTF挑战有关的免费书籍，论文和文章。
[ 292星] [8m] [Py] cesar-rodriguez / terrascan安全和最佳实践测试，用于Terraform模板的静态代码分析
[ 290星] [30d] [C＃] 令人反感的C＃工具集
[ 289星] [3y] [Py] dhilipsiva / webapp-checklist在将该站点公开之前，Web应用程序的程序员应考虑的技术细节。
[ 289星] [15d] [Java] mr-xn / penetration_testing_poc渗透测试有关的POC，EXP，脚本，提权，小工具等
[ 287星] [10m] wallarm / awesome-nginx-security NGNNX环境中与应用程序/ API安全性相关的很棒链接的精选列表。
[ 286星] [3y] [Py] nanshihui / poc基于python 收集了大量的poc
[ 285星] [3y] [HTML] buddhalabs / packetstorm- exploits来自Packetstorm的公开可用漏洞利用集合
[ 284星] [3m] [C] ayeks / sgx-hardware这是支持Intel SGX-Software Guard Extensions的硬件列表。
[ 282星] [23d] [PHP] nico3333fr / csp-有用的脚本集合，关于CSP（内容安全策略）的想法
[ 281星] [3m] [C] 0xdea / exploits植入0xdeadbeef的公开exploits收集
[ 277星] [2y] [程序集] tinysec / windows-syscall-table Win XP到Win 10的系统调用表，包括SSDT和Shadow SSDT
[ 276星] [4m] mattnotmax / cyberchef-recipes网络厨师食谱列表
[ 273星] [3m] [JS] hynekpetrak / javascript-malware-collection收集了将近40.000个javascript恶意软件样本
[ 272星] [18d] [JS] ropnop / serverless_toolkit进行渗透测试时使用的一组有用的无服务器功能
[ 272星] [18d] zodiacon / alltools所有相当稳定的工具
[ 271星] [8m] 攻击性安全性/ nethunter-lrt Nethunter Linux根工具包是bash脚本的集合，这些脚本将Nethunter安装到受支持的设备上。
[ 270星] [2y] [Java] reoky / android-crackme- challenge用于了解Android操作系统和移动安全性的逆向工程挑战的集合。
[ 267星] [2y] [PHP] sqlmapproject / testenv易受SQL注入漏洞攻击的网页集合
[ 265星] [13d] [Py] den4uk / andriller智能手机取证工具的集合
[ 260星] [5m] zhaoweiho /网络安全面试信息安全（网络安全/渗透测试指导）面试问题/解决方案信息安全（Web安全/渗透测试方向）面试题/解题思路
[ 260星] [1m] thelsa / cs-checklist PC客户端（CS架构）渗透测试清单/ Clientside（CS）渗透清单
[ 258星] [24d] [Jupyter笔记本] aws-samples / aws-security-workshops最新的AWS Security研讨会的集合
[ 258星] [30d] [Py] inforion / idapython-cheatsheet IDAPython的脚本和备忘单
[ 258星] [2y] [开始] netxfly / xsec-ip-database恶意IP和域名库。通过爬虫定期拉取网络中公开的恶意IP库来获取恶意IP和域名，并且支持与自有的其他安全产品联动（HIDS，WAF，蜜罐，防火墙等产品），实时更新IP库
[ 257星] [4y] [C] roxas75 / rxtools一组用于Nintendo 3DS / 3DSXL / 2DS的黑客工具，与4.1至9.2的所有系统版本兼容
[ 256星] [11m] [C ++] ramadhanamizudin /恶意软件恶意软件示例。已上传到GitHub，供那些想要分析代码的人使用。代码主要来自：
[ 253星] [5m] [C ++] tonychen56 / hackertools使用MFC 编写的病毒技术合集
[ 252星] [12m] crytic / awesome-ethereum-security精选的以太坊安全性参考清单
[ 250星] [9m] 0x4d31 / awesome-oscp精选的OSCP资源列表
[ 249星] [1m] pomerium / awesome-zero-trust零信任安全模型的精选真棒资源集合。
[ 246星] [30d] [C ++] strazzere / android-scripts Android逆向脚本收集
[ 245星] [2y] ludiosarchive / unfixed-security-bugs已公开但未修复的漏洞列表。包括Chrome，VirtualBox，WeeChat，Windows（7-10）等知名软件。
[ 244星] [2y] hsis007 / useful_websites_for_pentester该存储库使五星级的生活更加轻松，因为它是可供渗透测试者用于日常研究并保持最新状态的网站的集合。
[ 244星] [3y] [PHP] tdifg / webshell WebShell收集
[ 243星] [10m] Accordbox / awesome-scrapy精选的Scrapy社区软件包，文章和其他炫酷资源的清单。
[ 243星] [2m] croqaz / awesome-decentralized Awesome分布式，分散，p2p应用程序或工具
[ 243星] [17d] euphrat1ca / security_w1k1收集
[ 243星] [3y] misterch0c / awesome-hacking骇客，渗透测试者和安全研究人员的一系列绝妙清单
[ 241星] [2y] 激进/渗透测试很棒的渗透测试资源，工具和其他闪亮内容的列表
[ 239星] [16d] pe3zx / my-infosec-awesome我精选的有关信息安全相关主题的出色链接，资源和工具清单
[ 236星] [3m] [Py] hack-hack / airbug Airbug（空气洞），收集突破poc用于安全产品
[ 233星] [8m] [C] ctz / cifra针对嵌入式使用的密码原语的集合。
[ 233星] [2y] Wizardforcel / web-hacking-101-zh
[ 231星] [15d] cpuu / awesome-fuzzing精湛的Fuzzing（或Fuzz Testing）的精选列表，可确保软件安全
[ 228星] [6m] guardrailsio / awesome-dotnet-security很棒的.NET安全资源
[ 227星] [2y] [C＃] t3ntman / social-engineering-payloads社会工程有效载荷的集合
[ 224星] [23d] vixentael /我的谈话我的谈话和研讨会清单：安全工程，应用密码学，安全软件开发
[ 223星] [3m] [C] david942j / ctf-writeups脚本和文字集
[ 223星] [15d] decalage2 / awesome-security-hardening一系列很棒的安全性强化指南，工具和其他资源
[ 222星] [14d] [C＃] carlospolop / privilege-escalation-awesome-scripts-suite PEASS-特权升级Awesome Script SUITE（有颜色）
[ 222星] [9m] jesusprubio / awesome-nodejs-pentest适用于测试人员的 Awesome Node.js
[ 222星] [2m] [PS] tonyphipps / meerkat一组PowerShell模块，旨在为基于Windows的端点的工件收集和侦听而设计。
[ 221星] [2y] sh4hin / mobileapp-pentest-cheatsheet移动应用程序Pentest 速查表的创建旨在提供有关特定移动应用程序渗透测试主题的高价值信息的简洁集合。
[ 221星] [5m] 安全性检查清单/ php-security-check-list PHP安全性检查清单[EN]
[ 219星] [18d] [JS] 对APT和网络犯罪集团的恶意软件和网络威胁英特尔的分析realrealintel / cyberthreatintel分析
[ 217星] [3m] [CSS] 7dog7 / bottleneckosmosis渗透渗透，网络渗透，红色红队，模糊参数，注释，js字典，ctf
[ 217星] [2y] curing53 / browser-sec-whitepaper Cure53浏览器安全性白皮书
[ 217星] [2y] [Py] euphrat1ca / fuzzdb-collect网络上安全资源的搜集
[ 216星] [10m] puresec / awesome-serverless-security精湛的无服务器安全资源的精选列表，例如（e）书籍，文章，白皮书，博客和研究论文。
[ 214星] [13d] shogunlab / awesome-hyper-v-exploitation精选的Hyper-V开发资源，模糊测试和漏洞研究列表。
[ 213星] [11m]条牛仔裤/ redteam RedTeam资料收集整理
[ 209星] [7m] [PHP] momosecurity / rhizobia_p PHP安全SDK及编码规范
[ 209星] [1m] sigp / solidity-security-blog已知攻击媒介和常见反模式的完整列表
[ 207星] [1y] faizann24 / resources-for-learning-hacking我可以找到的所有学习道德黑客和渗透测试的资源。
[ 207星] [15d] vschiavoni / sgx- papers使用/关于英特尔SGX的系统文件列表
[ 204星] [2y] evnm / re-in-production生产中的研究论文的集合，由实施这些研究的现实系统分类
[ 201星] [13d] anudeepnd / blacklist精心策划且维护良好的主机文件，可阻止广告，跟踪，加密采矿等！定期更新。
[ 201星] [1y] [Py] sec-bit / awesome-buggy-erc20-tokens受到令牌影响的ERC20智能合约中的漏洞集合
[ 200星] [1y] iamcryptoki / snowden-archive
[ 199星] [4y] [Java] pwntester / serialkillerbypassgadgetcollection扩展和包装ysererial负载的旁路小工具的集合
[ 198星] [1m] [F＃] b2r2-org / b2r2 B2R2是有用的用于二进制分析的算法，函数和工具的集合。
[ 198星] [10m] hannoch / scaner开源扫描器的集合，包括子域枚举，数据库分区扫描器，弱密码或信息泄漏扫描器，端口扫描器，指纹扫描器以及其他大规模扫描仪，模块对于其他著名的扫描工具，如：awvs，nmap，w3af将不包含在集合范围内。
[ 198星] [5y] rutkai / pentest-bookmarks渗透测试相关站点的集合
[ 197星] [1y] [Py] pstirparo / mac4n6适用于Mac OS X和iOS的取证伪像位置集合
[ 196星] [4m] jdonsec / allthingsssrf这是一份与SSRF相关的文章，速查表，视频和书籍的集合
[ 196星] [3m] noorqureshi / kali-linux-cheatsheet渗透测试仪的Kali Linux 备忘单
[ 196星] [10m] zardus / wargame-nexus安全的战争游戏站点的排序和更新列表。
[ 195星] [9m] [Py] lingerhk / hacking_script开发或收集的一些网络安全方面的脚本，小工具
[ 195星] [12m] [JS] zer4tul / hacker-howto本文由著名黑客Hacker Eric S. Raymond撰写，教你如何成为一名黑客。
[ 194星] [1y] [HTML] yaseng / iot-security-wiki物联网安全Wiki
[ 193星] [4m] [ObjC] riusksk / secconarchive安全会议存档
[ 192星] [4m] [Py] jrspruitt / ubi_reader Python脚本集合，用于读取有关UBI和UBIFS图像的信息并从中提取数据。
[ 192星] [7m] pochubs / pochubs PocHubs是为了整合网上知名度开源框架的突破详细和POC
[ 188星] [4y] [Lua] automayt / ics-pcap ICS / SCADA PCAP收集
[ 186星] [2m] 收费/安全面试问题网络信息安全从业者面试指南（持续补充各公司招聘翻译和侧重点）
[ 186星] [1y] yellowbyte /有关反逆向工程的反分析著作
[ 185星] [3m] [Py] naategh / pyck面向初学者的有用的Python黑客脚本集合
[ 184星] [15d] enovella / tee-reversing公开的TEE资源精选列表，用于学习如何在ARM设备上进行反向工程和实现受信任的代码执行
[ 184星] [14d] fkie-cad /很棒的嵌入式和物联网安全性很棒的嵌入式和IoT安全资源的精选列表。
[ 184星] [3y] [Py] wavestone-cdt / hadoop-attack-library针对Hadoop环境的渗透测试工具和资源的集合
[ 183星] [4m] radareorg / r2con Radare Congress Stuff
[ 182星] [10m] [Py] hasecuritysolutions / logstash包含与Logstash相关的内容，包括大量Logstash配置
[ 182星] [3m] mre / awesome-dynamic-analysis用于各种编程语言的动态分析工具的精选清单
[ 181星] [2y] [PHP] lcatro / php-webshell-bypass-waf分享PHP WebShell绕过WAF的一些经验
[ 180星] [8m] pandazheng / threat-intelligence- analystst威胁情报，恶意样本分析，开源恶意软件代码收集
[ 179星] [2y] [CSS] bhdresh / socialengineeringpayloads这是用于凭证盗窃和鱼叉式网络钓鱼攻击的社交工程技巧和有效载荷的集合。
[ 177星] [2y] [Py] duo-labs / idapython Duo实验室使用的IDAPython脚本收集
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
[ 176星] [7y] [Py] gdssecurity / gwt渗透测试工具集辅助渗透测试GWT程序的3个工具
[ 175星] [9m] guardrailsio / awesome-java-security很棒的Java安全资源
[ 175星] [18d] winmin / awesome-vm-exploit共享了一些有关vm和qemuscape漏洞利用的有用档案。
[ 174星] [2m] chbrian / awesome-adversarial-examples-dl深度学习的对抗性示例的精选资源精选清单
[ 170星] [10m] 用于Android的thehackingsage / hackdroid渗透测试应用程序
[ 169星] [3y] [Py] Northernsec / cve-scan使用NMap扫描系统，并将输出解析为CVE，CWE和DPE的列表
[ 168星] [12m] [Py] mnkgrover08-zz / whatsapp_automation Whatsapp Automation是与在Android模拟器中运行的WhatsApp Messenger交互的API的集合，允许开发人员构建可自动发送和接收消息，添加新联系人和广播的项目向多个联系人发送消息。
[ 168星] [2y] [Py] monrocoury /取证工具取证分析工具的集合
[ 167星] [1分] [PY] botherder / targetedthreats国际石油公司的收藏品与有关公民社会的目标
[ 167星] [2y] [C ++] mortenschenk / bhusa2017 BHUSA 2017演讲的内容
[ 166星] [7m] [Ruby] r00t-3xp10it / msf-auxiliarys我的metasploit辅助后模块集合
[ 164星] [3m] mdrights / digital-rights抵抗国家机器对公民的监控
[ 163星] [3y] [Py] ctfs / write-ups-tools一组用于维护和创建CTF书写文件夹的工具
[ 163星] [2y] secwiki / hack-movie黑客相关的电视剧/电影/纪录片
[ 161星] [2y] javierolmedo / shodan-filters shodan过滤器的列表
[ 161星] [1y] splunk / botsv1示例安全数据集和CTF平台
[ 161星] [7m] [C＃] xorrior / random-csharptools集中于剥削后能力的CSharp 程序集
[ 160星] [1y] [HTML] exploitprotocol / mobile-security-wiki
[ 159星] [1y] joychou93 / sks安全知识汇总
[ 159星] [3y] [Py] nneonneo / eqgrp-free-file从所谓的Equation Group黑客程序中免费采样文件。
[ 159星] [6m] samanl33t / awesome-mainframe-hacking令人敬畏的大型机黑客/沉迷资源列表
[ 158星] [4m] [HTML] zer0yu / berserker Web应用程序安全性和Pentest / CTF的有用负载的列表
[ 157星] [9m] dckc / awesome-ocap令人敬畏的对象功能和基于功能的安全性
[ 156星] [1y] [YARA] mikesxrs / open-source-yara-rules我在互联网上遇到的YARA规则
[ 156星] [2y] [PS] psconfeu / 2018 PowerShell Conference Europe 2018幻灯片和演示脚本
[ 156星] [2y] [ASP] testsecer / webshell这是一个WebShell收集项目
[ 154星] [3y] zbetcheckin / pdf_analysis重新组合了几个PDF分析，并附带了其他技巧和工具
[ 151星] [1y] chryzsh / awesome-windows-security很棒的Windows安全资源列表
[ 151星] [3y] [C] pustladi / windows-2000 Windows 2000专业版的源码
[ 151星] [7m] shramos / awesome-cybersecurity-datasets精选的令人赞叹的网络安全数据集列表
[ 150星] [1y] brucetg / app_security
[ 150星] [2y] dragonquesthero / awesome-windows-security-development真棒-windows-security-development
[ 150星] [2m] leonjza / awesome-nmap-grep令人敬畏的Nmap Grep
[ 150星] [2y] [Py] 恶意软件tech / trickbot-toolkit用于处理TrickBot的工具集合
[ 149星] [ 6y ] [C ++] kaiserfarrell /恶意软件病毒收集源代码
[ 148星] [11m] [Shell] aturl / awesome-anti-gfw突破网络审查和封锁的开源工具清单。
[ 148星] [7m] [Shell] petermosmans / security-scripts与安全相关的Python和Bash Shell脚本的集合。分析主机的一般安全漏洞。封装了诸如nmap（portscanner），nikto（webscanner）和testssl.sh（SSL / TLS扫描器）之类的流行工具
[ 147星] [14d] [Shell] 独树一帜，必不可少的 HUST实验，报告和有用的工具。
[ 147星] [1m] 安全性备忘单/反向壳备忘单
[ 146星] [2m] bin2415 / fuzzing_paper令人困惑的相关论文
[ 145星] [2y] chan9390 / awesome-mitm在GitHub上策划的MitM框架列表
[ 145星] [3m] [Py] 成熟的atlas-community / ripe-atlas-community-contrib存储库，用于指向黑客马拉松期间编写的工具的链接，以及RIPE Atlas可视化社区，分析测量工具的贡献集数据和其他脚本
[ 145星] [3y] [PHP] webshellpub / awsome-webshell webshell样本大合集。收集各种webshell用于webshell分析与发现
[ 144星] [10m] [Py] kacperszurek / exploits提权突破利用集合
[ 142星] [3y] [C] mdsecresearch / publications已出版的研究文件清单
[ 142星] [3y] kejane / securityrss网络安全相关的RSS订阅列表
[ 141星] [6m] [C ++] oatpp / oatpp-examples如何使用oat ++框架的示例项目的列表
[ 140星] [1y] laxa / hackingtools详尽的黑客工具清单
[ 140星] [8y] stefanesser / ida-ios-toolkit辅助处理iOS kernelcache的IDAPython收集
[ 139星] [29d] pomerium / awesome-security-audits公共安全审核的集合。
[ 138星] [2y] [Py] duoergun0729 / 3book《 Web安全之强化学习与GAN》
[ 137星] [11d] [Py] omegak2 / pypoe用于流放路径的Python工具集合
[ 136星] [8m] gaerae / awesome-algorithms-education一个精心挑选的清单，可用于学习和实践算法。
[ 136星] [3y] kurobeats / pentest-bookmarks渗透测试书签集
[ 136星] [2m] [Py] wudimahua / firewall美国国家安全局NSA下属方程式黑客组织（Equation Group）被影子经纪人（影子经纪人）hack出来的并免费分享的源码
[ 135星] [6m] [Makefile] cirosantilli / arm-assembly-cheat移动到：
[ 135星] [11m] [PS] securemode / invoke-apex一种基于PowerShell的工具包和框架，由用于红队，后剥削，敌方模拟或其他进攻性安全任务的技术和交易工具组成。
[ 135星] [2y] thec00n / smart-contract-honeypots智能合约蜜罐收集
[ 135星] [1y] [Shell] onmyway133 / swiftsnippets在Xcode中使用的Swift片段的集合
[ 134星] [3y] aqzt / sso项目主要是收集整理服务器安全运维规范，包括运维工程师必须遵守其规范，服务器运维中注意事项，故障预防措施等文档，以帮助运维工程师避免服务器安全和运维故障，方便运维工程师学习成长。
[ 133星] [3y] [C ++] chenenyu / androidsecurity Android安全实践
[ 133星] [2m] jlopp / physical-bitcoin-attacks肉空间中发生的针对比特币/加密资产拥有实体的已知攻击列表。
[ 133星] [10d] [Shell] adroitadorkhan /能量保护来自信誉良好的主机的合并集合。#StayEnergized！
[ 132星] [2y] [C＃] m0xiaoxi / ctftools本项目主要搜集一些关于信息安全攻防相关的知识与工具，便于个人的渗透工作。
[ 131星] [2y] [HTML] chybeta / waf-bypass WAF旁路备忘单
[ 131星] [10m] [HTML] minhaskamal / cuteviruscollection可爱但致命的病毒合集（小，无害，讨厌，无害，有趣的恶意软件，病毒，蠕虫，windows-xp-7-10）
[ 131星] [11m] [C] C / C ++程序的regehr / ub-canaries集合，试图使编译器利用未定义的行为
[ 130星] [30d] inquest / yara- rules我们希望与世界分享的YARA规则集合，最有可能是从
[ 130星] [1y] [PS] 异或功能/无深化用于网络红色分组的开发后工具集合。（迁移到无情项目）
[ 128星] [2y] mawenjian / china-cdn-domain-whitelist中国CDN服务提供商域名白名单（中国CDN服务提供商的域名白名单）
[ 127星] [10m] 喷油嘴/令人敬畏的进攻工具用GO语言编写的令人敬畏的进攻工具清单
[ 126星] [3m] [HTML] sundaysec / android-exploits android漏洞和黑客的集合
[ 123星] [2m] [HTML] edoverflow /概念验证收集了一些有趣的概念验证和创造性证明，以证明安全漏洞的潜在影响。
[ 123星] [2y] we5ter / awesome-platforms精选的很棒的安全平台列表，包括CTF / Security Response Center / Bug Tracker等。
[ 123星] [2y] [壳牌] averagesecurityguy /备忘单与开发和安全相关的各种备忘单
[ 122星] [1y] nagwww / s3-leaks S3黑客列表
[ 121星] [1y] [PHP] a0xnirudh / kurukshetra通过交互式解决问题的方式来学习安全编程
[ 121星] [4y] [Py] fengxuangit / dede_exp_collect收集dedecms exp使用pocsuite框架收集织梦的一些碎片，并用pocsuite框架写出利用程序。
[ 121星] [16d] [HTML] mozillasecurity / fuzzmanager一个模糊管理工具集合
[ 121星] [4y] sandysekharan / ctf-tool捕获标志（CTF）框架，库，资源和软件的精选列表。
[ 120星] [10m] byt3bl33d3r / ansibleplaybooks一组Ansible Playbook，用于配置Kali使用Fish并安装许多工具
[ 118星] [7m] fabionoth / awesome-cyber-security一系列很棒的软件，库，文档，书籍，资源，并为安全性提供了一些有用的知识。
[ 118星] [1y] [lua] tanjiti / icstools ics安全工具
[ 117星] [9m] marcosvalle / awesome-windows-red-team红队的精选 Windows框架，库，软件和资源的精选清单
[ 117星] [4m] [PS] thom-s / netsec-ps-scripts系统管理员的PowerShell网络安全脚本的集合。
[ 116星] [2m] govanguard / list-pentest-tools网络渗透测试工具的精选列表。
[ 111星] [1m] firmianay / security-paper（与本人兴趣强相关的）各种安全或计算机资料收集
[ 110星] [3m] [C ++] x64dbg / scripts x64dbg脚本的集合。随时提交请求请求以添加脚本。
[ 108星] [8m] binject / awesome-go-security酷Golang安全项目的专用场所
[ 108星] [2y] [Ruby] porterhau5 / bloodhound拥有的文件集合，用于在BloodHound中添加和利用自定义属性。
[ 107星] [3m] ajvb / awesome-tor很棒的Tor相关项目，文章，论文等的列表
[ 105星] [4m] [Py] ex16x41 / oscp-prep我的oscp准备集
[ 105星] [2y] gossithedog / threathunting用于寻找威胁的工具。
[ 105星] [4m] soffensive / windowsblindread列出文件/路径，以探究何时可以在Microsoft Windows操作系统上读取任意文件
[ 104星] [3y] [Py] landgrey / taoman快速收集
[ 103星] [3y] [C ++] azuregreen / injectcollection ring3中通过vc ++进行注入的集合
[ 102星] [8m] fox-it / cobaltstrike-extraneous-space {Cobalt Strike，NanoHTTPD}服务器的历史列表
[ 102星] [13d] houjingyi233 / cpu-漏洞收集
[ 102星] [3m] ashemery / linuxforensics与Linux取证有关的所有内容
[ 102星] [13d] chryzsh / awesome-bloodhound精选的BloodhoundAD资源精选列表
[ 101星] [2m] jonaschn / awesome-he 令人惊异的同态加密库，软件和资源的精选清单
[ 101星] [4m] xx0hcd / malleable-c2-profiles钴击-可锻 C2型材。使用Cobalt Strike在不同项目中使用的配置文件集合
[ 100星] [5y] [Py] blasty / moneyshot一系列python脚本，可帮助您进行二进制开发的最后步骤或构建缓冲区。
[ 100星] [17d] [Ruby] hahwul / mad-metasploit Metasploit定制模块，插件，资源脚本和..awesome metasploit集合
[ 99星] [19d] [TeX] misp / misp培训 MISP培训，威胁情报和信息共享培训材料以及源代码
[ 99星] [10y] [C] tecknicaltom / dsniff dsniff是用于网络审核和渗透测试的工具的集合。
[ 99星] [2y] [PS] testingpens / malwarepersistencescripts我编写的一组脚本，旨在帮助红色和蓝色团队使用恶意软件持久性技术。
[ 98星] [3m] byt3bl33d3r / slides多年来我发表的各种演讲的幻灯片
[ 98星] [2y] [Py] leesoh / yams自动化信息安全构建的Ansible角色集合。
[ 97星] [2y] [Shell] chorankates / h4ck与〜嵌入式设备〜hacking相关的文章和工具的集合
[ 97星] [1y] [Py] njcx / pocsuite_poc_collect收集一些poc with pocsuite框架
[ 97星] [3y] [C] s4n7h0 /使用Radare2的实用逆向工程培训教材
[ 97星] [4y] [Java] zencodex / hack-android hack android，java的收集工具
[ 96星] [3m] geeksonsecurity / vuln-web-apps脆弱的Web应用程序的精选列表。
[ 96星] [2y] [Java] jgillam / burp-co2 Portswigger流行的Burp Suite Web渗透测试工具的增强功能集合。
[ 95星] [2y] [C] cetfor / antidbg一堆Windows反调试技巧。
[ 95星] [3m] [PHP] commixproject / commix-testbed一系列网页，容易受到命令注入漏洞的攻击。
[ 95星] [5y] [Py] nihilus / ida-idc-scripts多个IDC 脚本收集
[ 94星] [14d] [Py] alanvivona / pwnshop漏洞利用开发和逆向工程主题
[ 94星] [10d] [Py] endermanch / malwaredatabase该存储库是GitHub上几个恶意软件集合之一。
[ 94星] [2y] [ObjC] r0ysue / osg-teams希望大家在合作中学习姿势，提升技术，交流感情。比赛第二，友谊第一。
[ 93星] [5y] [Py] debasishm89 / hack_audio_captcha编写的脚本集合，用于解决/破解音频reCapcha挑战
[ 93星] [4y] [Py] groundworkstech / pybfd GNU二进制文件描述符（BFD）库的Python接口。
[ 93星] [23d] [Py] log2timeline / dftimewolf协调取证，处理和数据导出的框架
[ 92星] [2m] [PS] dbheise / vm_setup脚本集，用于初始化Windows VM以运行所有恶意软件！
[ 92星] [1y] [PS] rasta-mouse / aggressor-script钴打击攻击者脚本集
[ 92星] [2y] [PS] sadprocessor / empiredog BloodHound /帝国编排的PowerShell模块集合
[ 92星] [2y] [C] secwiki / android-kernel-exploits android内核利用漏洞集合
[ 91星] [1y] 001spartan / aggressor_scripts钴击的有用脚本的集合
[ 91星] [2y] grrrdog / tls-redirection提高了对鲜为人知的一组攻击的认识，即TLS重定向/虚拟主机混乱，并将所有与此主题相关的信息结合在一起。
[ 91星] [6m] [C ++] niklasb / sploits
[ 91星] [2y] [PS] russelltomkins /活动目录用于查询和管理Active Directory和域控制器的脚本的集合
[ 90星] [10m] pandazheng / securitysite收集了一些安全公司的博客
[ 90星] [3m] [Py] raderorg / r2con2019幻灯片和材料
[ 90星] [1m] payloadbox / sql-injection-payload-list SQL注入有效负载列表
[ 89星] [8m] [Shell] hannob / tlshelpers一组有助于处理X.509证书和TLS问题的Shell脚本
[ 89星] [12m] paralax / awesome-internet-scanning精选的 Internet端口和主机扫描器清单，以及相关组件等等，其重点是免费和开源项目。
[ 89星] [19d] [C ++] sinakarvandi / process-magics这是有关Windows进程创建的有趣代码的集合。
[ 88星] [19d] claucece / useful-crypto-resources一个有用的与加密相关的资源以及我最喜欢的东西的地方
[ 88星] [4y] sql-injection和XSS字符串的dantaler / detectionstring列表
[ 88星] [6m] vpb / avpwn针对端点保护软件的实际威胁列表
[ 88星] [1y] [TeX] zxgio / r2-cheatsheet Radare2备忘单
[ 87星] [9m] [Py] laconicwolf / burp-extensions扩展Burp Suite的脚本的集合
[ 86星] [3y] aidanharris / free-security-ebooks-from-packtpub Packt Publishing提供的免费安全电子书集[定期更新]
[ 86星] [5m] chrisdiana / awesome-odroid-go 很棒的ODROID-GO模拟器，游戏和资源的集合
[ 86星] [9m] nongiach / awesome-cryptocurrency-security很棒的加密货币安全
[ 86星] [1y] [HTML] raderorg / r2con2018
[ 85星] [10d] caledoniaproject / awesome-opensource-security我没有时间进行测试/审查的有趣的东西的列表
[ 85星] [1y] ckjbug / kali-linux-learning
[ 85星] [2y] palmercluff / qemu-images QEMU仿真器可以使用的磁盘映像和虚拟机的集合
[ 85星] [1y] santosomar / who_and_what_to_follow在网络安全领域中谁该关注什么
[ 83星] [9m] kai5263499 / awesome-container-security与容器安全性相关的资源列表
[ 83星] [2y] [Py] am0nsec / exploit不同漏洞利用的集合
[ 83星] [17d] allsafecybersecurity / awesome-ghidra精选的令人敬畏的Ghidra材料清单
[ 82星] [4m] blockchainlabsnz / awesome-solidity精选的优秀Solidity资源列表
[ 82星] [9m] [Py] ciscodevnet / virlutils
[ 82星] [11m] sderosiaux /创建强大网站的指南制作高质量网站或webapp时要考虑的所有事项的列表。
[ 82星] [14d] yingtongdou / graph-adversarial-learning-literature有关基于图结构的数据的对抗性攻击和防御论文的精选清单。
[ 82星] [21d] alphaseclab / sec-tool-list几乎18K与安全相关的开源工具，按星数排序。markdown和json格式。
[ 81星] [4y] fabiobaroni / awesome-chinese-infosec-websites精选的有关道德黑客和渗透测试的中国网站和个人博客清单
[ 81星] [3y] [Py] januzellij / hopperscripts我在料斗反汇编程序中使用的脚本集合
[ 81星] [1m] [ObjC] poomsmart / idaobjctypes有用的Objective-C二进制分析的类型和函数定义的集合。
[ 79星] [2y] iamhdt / ecommerce-website-security-checklist用于商业站点审核和安全团队的注意事项列表。这是需要在技术特定文档中建立的动作点和领域的摘要，或者将在安全性测试阶段进行检查。
[ 79星] [2y] [Py] imiyoo2010 / teye_scanner_for_book《白帽子讲网络扫描》书籍参考代码
[ 79星] [3y] yeyintminthuhtut / awesome-study-resources-for-kernel-hacking内核黑客学习资料集
[ 78星] [ 6y ] [CSS] gajus / bugger Bugger是用于调试PHP代码的功能的集合。
[ 78星] [3y] [HTML] malqr / malqr.github.io MalQR是恶意QR码和条形码的集合，可用于测试扫描仪的安全性。
[ 78星] [3y] [Py] securitystreak / security- scripts面向InfoSec学生的与公共攻击性和防御性安全相关的脚本的集合。
[ 77星] [4y] [HTML] f47h3r / hackingteam_exploits HackingTeam漏洞的初始收集
[ 76星] [4y] hardhatdigital / rails-security-audit Rails安全审核清单
[ 76星] [4m] ivbeg / awesome-forensicstools令人敬畏的数字取证工具清单
[ 76星] [10m] misterch0c / crimeboards私有和公共（或多或少）黑帽板的列表
[ 76星] [4m] ivbeg / awesome-forensicstools令人敬畏的数字取证工具清单
[ 75星] [2y] [HTML] cyberheartmi9 / payloadsallthethings
[ 75星] [9m] edelahozuah / awesome-wifi-security一系列与802.11安全性，工具及其他相关的真棒资源
[ 75星] [4m] gouveaheitor / awesome-biohacking 关于Biohacking的真棒收藏。
[ 75星] [3m] [C ++] shellvm / shellvm LLVM转换和分析的集合通过以常规C语言编写shellcode
[ 75星] [1y] tianjifou / ios-security-attack-and-prevent iOS安全攻防，详细的列出了，在iOS开发中，项目会存在的安全漏洞以及解决方法。
[ 74星] [6m] [HTML] ph0en1x-xmu / awesome-ctf-book研究CTF，研究安全性
[ 74星] [3y] wtsxdev / android-security-list Android安全相关资源的集合
[ 73星] [3y] lcatro / hacker_document收集一些以前看过对于入门和进阶很有用的攻击原理文档。
[ 73星] [3y] [Py] 编程语言/ hexag00n Hexag00n：高通数字信号处理器（QDSP6）的反向工程工具集合
[ 72星] [5y] [C＃] khr0x40sh / whitelistevasion脚本，二进制文件等的集合，以帮助Microsoft Windows Network上的WhiteList Evasion。
[ 72星] [3y] [Py] roothaxor / ransom与勒索软件开发相关的各种代码
[ 72星] [9m] wufengxue / android-reverse安卓逆向工具汇总
[ 72星] [2y] zntfdr / awesome-twitter-bots最佳Twitter机器人的精选集
[ 71星] [8y] [Py] hellais / buckle-up脚本，用于在沙箱和安全带配置文件集中运行Mac OS X应用程序
[ 70星] [5m] 浅景深/渗透脑图
[ 70星] [2y] hacker0x01 / h1-212-ctf- solutions人们为H1-212 Capture The Flag事件编写的解决方案的集合
[ 70星] [3y] [Ruby] melvinsh / subresolve解决并快速进行portcan（子）域列表。
[ 70星] [4y] [C ++] nccgroup / windowsdaclenumproject枚举和分析Windows DACL的工具集合
[ 70星] [3y] [HTML] skylined / bugs SkyLined发现的软件错误集合
[ 70星] [7m] [C ++] thomasthelen / antidebugging一组c ++程序，这些程序演示了检测连接的调试器是否存在的常用方法。
[ 70星] [4y] [C ++] waleedassar / antidebug反调试技巧的集合
[ 70星] [6m] wbierbower / awesome-physics一张探索物理学概念的出色软件的协作列表
[ 70星] [16d] [Shell] sclorg / s2i-php-container基于Red Hat Software Collections的PHP容器映像，旨在用于OpenShift和常规用法，它们提供了构建和运行PHP应用程序的平台。用户可以在Red Hat Enterprise Linux，Fedora和基于CentOS的映像之间进行选择。
[ 70星] [3m] opentoallctf /技巧
[ 69星] [3m] [C] aerosoul94 / ida_gel用于各种游戏机ELF的IDA装载机的集合。（PS3，PSVita，WiiU）
[ 67星] [11d] [TSQL] mitchellkrogza /被黑客入侵的恶意软件网站的大列表此存储库包含我遇到的所有遭到黑客攻击或故意托管恶意软件，勒索软件的网站的列表，病毒或木马。
[ 67星] [2y] shmilylty / awesome-malware-analysis精选的超棒恶意软件分析工具和资源列表
[ 66星] [3y] [Py] jgamblin / badactors从公共IP黑名单中创建不良行为者列表。
[ 66星] [2y] tkmru / awesome-linux-rootkits令人敬畏的Linux Rootkits
[ 66星] [10m] [Py] phxbandit /脚本和工具可帮助您满足黑客需求的脚本和实用程序
[ 66星] [10m] 安全性备忘单/ wireshark备忘单 Wireshark备忘单
[ 65星] [5m] [JS] 暴露js /公开 JavaScript的动态符号执行（DSE）引擎
[ 65星] [1y] [Py] 免疫/ XIP XIP通过应用一组绕过安全措施（例如黑名单过滤，WAF等）的转换来生成IP地址列表。
[ 65星] [5m] [Py] integeruser / on-pwning针对某些CTF挑战的解决方案以及有关充值内容的有趣资源列表
[ 65星] [12m] [HTML] mtesauro / owasp-wte OWASP WTE开发的所在地-Web测试环境，它是用于创建预配置VM或已安装的预打包Linux AppSec工具，应用程序和文档的集合您选择的Linux中的菜单。
[ 65星] [1y] [Py] naivenom /倒车清单倒车清单
[ 65星] [2y] [HTML] secwiki / ipot蜜罐技术研究小组
[ 64星] [2y] opsxcq / proxy-list免费公共代理服务器的精选列表
[ 64星] [1y] [Lua] pr4jwal / quick-scripts我的快速脚本和肮脏脚本的集合，用于漏洞POC和检测
[ 64星] [3y] secdr / sec-ml与安全相关的机器学习资料
[ 63星] [9m] [Shell] ernw / static-toolbox静态编译工具的集合，例如Nmap和Socat。
[ 63星] [3y] funkmyster / awesome-cloud-security精选的云安全博客，播客，标准，项目和示例的精选列表。
[ 63星] [28d] tiaotiaolong / sec_interview_know_list信息安全方面面试清单
[ 62星] [9m] [Py] 3lackrush / poc-bank专注网络安全| PoC和漏洞利用的集合
[ 62星] [1y] pfalcon / awesome-linux-android-hacking提示和常见问题解答列表，可让您使用大多数Linux / Android设备
[ 62星] [3y] shmilylty / sec-box信息安全工具箱（信息安全工具集合）
[ 62星] [30d] ga1ois / bluehat-2019-seattle将在此处重新获得BlueHat 2019 Seattle中的所有材料。
[ 61星] [2y] im-bug / blockchain-security-list
[ 61星] [3y] [Py] samyk / awesome-vehicle-security精选的令人敬畏的资源，书籍，硬件，软件，应用程序，要关注的人员以及关于汽车安全性，汽车黑客和修补的更酷内容的精选清单汽车的功能。
[ 61星] [7y] [JS] enablesecurity / webapp-exploit-payloads常见Webapp的有效负载集合
[ 60星] [2m] infosec-community / apac-conferences一个社区贡献了亚太地区InfoSec聚会的合并列表。
[ 60星] [5y] [Go] jgrahamc / torhoney获取TOR出口节点的列表并将其与Project Honeypot数据进行匹配
[ 60星] [2y] [Shell] kevthehermit / pentest只是笔笔材料的集合
[ 59星] [1y] [Roff] cloudriseriseup / hacker_ezines多年来精心策划的电子黑客杂志集，其来源多种多样
[ 59星] [1y] Latestalexey / awesome-web-hacking Web应用程序安全性列表
[ 59星] [3m] lgg / awesome-keepass与KeePass相关的项目的精选清单
[ 59星] [3m] [Py] williballenthin / idawilli IDA Pro资源，脚本和配置文件等
- hint_calls以Hint的形式战士函数引用的call和字符串
- dynamic_hints演示如何为动态数据提供自定义提示的示例插件
- add_segment将已存在文件的内容添加为新的segment
- color对指令进行着色
- find_ptrs扫描.text段查找可能为指针的值，并进行标记
- yara_fn创建yara规则，匹配当前函数的基本块
- idawilli是一个python模块，其中包含用于idapython脚本接口的实用程序。
- 主题颜色和皮肤
[ 58星] [4y] [C] dev-zzo / exploits-nt-privesc用于NT特权升级的漏洞利用集合
[ 58星] [22d] [Py] lich4 / personal_script 010编辑器/ BurpSuite / Frida / IDA等多个工具的多个脚本
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA脚本
- IDA-read_unicode.py IDA插件，识别程序中的中文字符
- IDA-add_xref_for_macho辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb使用gdbserver和IDA调试Android时，读取模块列表和段
- IDA-trace_instruction追踪指令流
- IDA-detect_ollvm检测OLLVM，在某些情况下修复（Android / iOS）
- IDA-add_block_for_macho分析macho文件中的块结构
[ 57星] [3m] [PS] 极乐世界/螺丝式驱动程序集中的知识来源，其中包含确定为易受攻击的驱动程序列表以及如何使用这种功能的示例代码。
[ 57星] [2y] [PS] invokethreatguy / csasc钴打击攻击者脚本集合
[ 57星] [2y] 崩溃/ AFL-CVE AFL模糊器（afl-fuzz）发现的漏洞的集合
[ 57星] [2y] wangyihang / awesome-web-security很棒的网络安全
[ 57星] [3y] shmilylty / awesome-application-security很棒的应用程序安全性中文版
[ 56星] [2m] [Py] dedsecinside / awesome- scripts来自世界各地的开发人员的令人敬畏的脚本集合。
[ 56星] [13d] [PS] jaapbrasser / sharedscripts这是我在线共享的一组脚本
[ 56星] [2y] myndtt / ctf-site介绍了一些CTF训练的站点
[ 55星] [26d] Guyanqi / awesome-privacy存储库，用于收集有关隐私的研究论文。
[ 55星] [10m] muhammd /最棒的-最棒的渗透测试一组很棒的渗透测试资源
[ 55星] [23d] [C] 规模/数据包数据包库是一个网络砖的集合，您可以将其连接以形成网络图。
[ 55星] [2y] yrzx404 / free-security-resources安全总是无处不在…
[ 54星] [3y] ansec / awesome-cybersecurity精选的优秀网络安全公司和解决方案列表。
[ 54星] [1y] cujanovic / subdomain-bruteforce-list子域蛮力列表
[ 54星] [4m] mikerah / awesome-privacy-on-blockchains精选的区块链资源隐私列表
[ 54星] [2y] [Py] nezza / scada-stuff用于逆向工程和破解SCADA / ICS设备的脚本和工具的集合。
[ 54星] [5y] [Py] nnewsom / webbies用于Web侦查和枚举的工具集合。
[ 54星] [2m] b-mueller / awesome-mythx-smart-contract-security-tools MythX智能合约安全API的资源和工具的精选清单
[ 53星] [2y] 1522402210 / blockchain-security-list BlockChain-Security-List
[ 53星] [2m] [HTML] brampat / security指向安全性内容的链接的集合
[ 53星] [2m] [C ++] cirosantilli / algorithm-cheat移动到：
[ 53星] [6m] [Py] 死位/恶意软件分析脚本各种恶意软件分析任务的脚本集合
[ 53星] [2y] [Py] hj-13 / malicious_domain_whois
[ 53星] [3y] hack-with-github / awesome-hacking-tools各种针对黑客和渗透者的黑客和利用工具。
[ 52星] [2y] [Py] 0xd34db33f / gfyp dnstwist + SQLite +电子邮件报告的统一。将其设置为每小时运行的cron作业，为它提供要报告的域和电子邮件地址列表，然后看着它查找内容。
[ 52星] [2y] harshilpatel007 / hackinglabs针对希望以道德方式学习或实践IT安全/黑客/渗透测试的人员（学生）的实验室列表。
[ 52星] [6m] hitripod / awesome-blockchain精选的区块链列表，令人敬畏
[ 51星] [2y] [JS] gnijuohz / awesome-developers令人敬畏的开发人员列表
[ 51星] [3m] jcesarstef / ghhdb-github-hacking-database Github黑客数据库-我的Github Dorks私人收藏，用于搜索机密信息（是的，它是Google Dorks的Github版本）
[ 50星] [12d] [Py] command-tab / awesome-n64-development Nintendo 64开发资源的精选列表，包括工具链，文档，仿真器等
[ 50星] [2y] [PHP] daudmalik06 / reconcat一个小的Php应用程序，用于从archive.org获取存档URL快照。使用它，您可以获取任何年份的快照URL的完整列表或可能的所有年份的完整列表。专为渗透测试而设计。
[ 50星] [1y] [PS] dgg-it / match-adhashes构建AD NTLM哈希/用户名的哈希表，并循环访问第二个哈希表，以检查AD NTLM哈希表中是否存在每个条目
[ 50星] [9m] [Swift] joncardasis / to-the-apples-core反向设计的iOS专用api上的非越狱代码片段的集合
[ 50星] [30d] [PHP] tsug0d / myawesomewebchallenge在任何级别收集我的“标帜”网络挑战
[ 49星] [3y] maldevel / rootkits-list-download在Github和其他站点上找到的rootkit的经过整理的列表。
[ 49星] [1y] opensourcepentest / tools用于渗透测试/ Red Teaming的工具
[ 49星] [2y] [JS] sola-da / redos-vulnerabilities TU Darmstadt的软件实验室发现的npm模块中的ReDoS漏洞列表。对于每个漏洞，都有一个概念验证漏洞利用，显示减慢可能如何发生。此存储库中的资源仅用于研究目的。请阅读下面的详细信息。
[ 49星] [6m] [Shell] t3chnocat / oscp-ctf oscp-ctf是基本的Bash脚本的小集合，无论您是在OSCP实验室，HackThebox还是在使用CTF，都可以简化工作并节省时间。
[ 48星] [4m] blackint3 / awesome-debugging为什么要调试？（为什么要调试？）
[ 48星] [1y] pbnj / infosec-interview-questions
[ 48星] [3m] [C] 空间/网络犯罪 CSIRT是安全和企业日常活动中很棒的精选链接和资源清单。
[ 47星] [9m] anhkgg / awesome-windbg-extensions很棒的windbg扩展
[ 47星] [5m] [C] ihack4falafel / osee我准备接受OSEE期间收集的东西
[ 47星] [5y] [Py] neohapsis / mptcp-abuse一组工具和资源，用于在您的网络上浏览MPTCP。最初在2014年美国黑帽大会上发布。
[ 47星] [22d] raderorg / cutter-plugins为Cutter编写的社区插件和脚本的精选列表
[ 47星] [9m] 区块链上的图灵链/蜜罐这个仓库收集了几乎所有在Google搜索的前三页中可以找到的智能合约蜜罐。
[ 47星] [2m] mohitkhemchandani / oscp_bible这是资源，脚本，书签，文字，笔记，备忘单的集合，可帮助您进行OSCP准备以及一般的笔试和学习。如果您愿意，可以为此做出贡献。请这样做，谢谢您。
[ 46星] [9m] syst3ma / awesome-baseband-research精选的优秀基带研究资源列表
[ 46星] [2y] gdssecurity /白皮书公开发布的白皮书的集合
[ 46星] [9m] syst3ma / awesome-baseband-research精选的优秀基带研究资源列表
[ 45星] [2y] [帕斯卡] 0x48piraj / malwarex杀手Collection！
[ 44星] [3y] shmilylty / nmap-reference-guide Nmap参考指南（Nmap参考指南）
[ 43星] [4m] [TSQL] abrignoni / dfir-sql-query-repo SQL查询模板的集合，供平台和应用程序使用数字取证。
[ 43星] [1y] [Py] ambionics / prestashop-exploits收集的PrestaShop cookie漏洞的漏洞/ POC（CVE-2018-13784）
[ 43星] [1y] bulentrahimkazanci / windbg-cheat-sheet实用指南，使用Windbg分析.Net应用程序的内存转储
[ 43星] [2y] [C] rbaron / fitless ID115健身追踪器的玩具固件集合
[ 43星] [2y] [Py] robertbaruch / polychip Python应用程序从Inkscape图中提取NMOS晶体管的网表。
[ 43星] [8m] [C] sensepost / frida-windows-playground Frida挂钩的集合，用于Windows平台上的实验。
[ 43星] [2y] [C] shipcod3 / irc-bot-hunters用于IRC僵尸网络的Metasploit PoC攻击集合，允许RCE
[ 43星] [2y] [Shell] wh1t3rh1n0 / pentest- scripts用于渗透测试的其他脚本
[ 42星] [1y] [Py] daddycocoaman / ironpentest IronPython脚本和可执行程序的集合，用于渗透测试
[ 42星] [3m] [Py] dhn / osee为我准备获得OSEE认证准备的资源集合。
[ 42星] [2m] mikalv / awesome-i2p精选的I2P实现，库，资源，项目和精彩内容的精选列表。I2P是匿名覆盖网络-网络中的网络。它旨在保护通信不受诸如ISP之类的第三方进行的Dragnet监视和监视。
[ 42星] [2y] [C] nixawk / awesome-windows-debug调试Windows应用程序/内核
[ 41星] [3y] [C ++] avdbg / saber《 macOS软件安全与逆向分析》随书的调试器代码
[ 41星] [3y] [程序集] ilovepp / firminsight自动从Internet收集固件，解压缩，查找二进制代码，提取信息，文件关系和功能关系
[ 40星] [10m] 54yimeng / sia-websites这里是我在youtube等上收集的一些科学上网网站的集合，以各自的网站名命名文件夹。
[ 40星] [2y] milkdevil / ultimateapplockerbypasslist
[ 40星] [2y] [Py] mxmssh / idametrics收集x86体系结构的二进制文件的静态软件复杂性指标
[ 39星] [3y] [JS] auth0-blog / nodejs-awesome-polls
[ 39星] [4y] [C ++] corelan / pin引脚工具集合
[ 39星] [2m] d1nfinite / sec-interview信息安全面试题汇总
[ 39星] [29d] [Shell] userlandkernel / plataoplomo我发现的（发布时）iOS bug的集合
[ 38星] [3y] certtools / intelmq-feeds-文档网络威胁情报源
[ 38星] [7y] [Py] evilcry / pythonscripts我的Python脚本集合
[ 38星] [2y] [HTML] keenrivals / bugsite-index遵循heartbleed.com的原则发布错误的网站索引
[ 38星] [1y] [Py] lnxg33k / misc有用脚本的集合。
[ 38星] [1y] [Jupyter Notebook] nfrumkin / forecast-prometheus带有Prometheus指标的时间序列预测的分析和机器学习技术的集合
[ 38星] [16d] [HTML] q1271964185 / cyberspace_security_learning在学习CTF，网络安全路上整合自己的博客和一些资料，持续更新〜
[ 38星] [2y] [Py] saelo / ida_scripts多脚本
- 内核缓存识别并重命名的iOS内核缓存函数stub.ARM64只有
- ssdt解析Windows内核中的syscall表
[ 38星] [1y] [Py] tanc7 / arms-commander恶意软件套件/菜单，用于“快速无误渗透测试”，以Python 2.7.13编写，并在Kali Linux 4.6和4.9上进行了测试，最初仅用于执行侦察和枚举阶段（现在它的作用已大大扩展）。需要Python 2.7 + Pip + Termcolor模块。所有代码都是完全免费的，可以在您的网站上使用。
[ 38星] [3y] wtsxdev / exploit-development学习漏洞利用开发的资源
[ 37星] [2m] [Py] michaelstott / crlf-injection-scanner命令行工具，用于测试域列表中的CRLF注入。
[ 37星] [2y] [C] mlafeldt / ps2rd远程调试PS2游戏的工具集合
[ 37星] [2m] [Lua] r00t-3xp10it / nmap-nse-modules我的nmap nse模块集合
[ 37星] [3y] vduddu / pentestresources各种来源的渗透测试资源列表
[ 37星] [2y] rivaill / blockchain-security-awesome精选的与区块链安全性相关的事物列表
[ 36星] [17d] [Perl] gouveaheitor / security-spellbook我的自定义脚本，插件，漏洞利用和其他小东西的集合
[ 36星] [10m] [Py] phage-nz / malware-hunting与恶意软件狩猎相关的脚本/信息收集
[ 36星] [1y] [JS] 威胁表达/攻击者脚本钴击攻击者脚本
[ 35星] [3y] [Shell] diekmann / net-network防火墙转储的公共集合。
[ 35星] [5y] [Py] kitctf / ctfcode对CTF事件有用的东西的集合
[ 35星] [7m] [Shell] kitsun3sec / pentest-cheat-sheets一系列代码和命令片段，使您的生活更轻松！
[ 35星] [16d] [C] atrosinenko / kbdysch基于LKL的特定于用户空间Linux内核的引导模糊器的集合
[ 34星] [2m] [HTML] adulau / misp-osint-collection的最佳实践集合，用于将OSINT添加到MISP和/或MISP社区
[ 34星] [2y] [Py] anbai-inc / secrss RSS安全订阅每日安全信息推送
[ 34星] [4y] [Py] madsc13ntist / idapython IDAPython脚本收集（无文档）
[ 33星] [3y] cert-w / hadoop-attack-library针对Hadoop环境的渗透测试工具和资源的集合
[ 33星] [4y] [HTML] gosecure / security-cheat-sheet极简主义的备忘单，供开发人员编写安全代码
[ 33星] [10m] kiyadesu / android-reversing-challenges存在一些CTF挑战或其他一些有助于提高android反向技能的问题。
[ 33星] [10m] kiyadesu / android-reversing-challenges存在一些CTF挑战或其他一些有助于提高android反向技能的问题。
[ 33星] [16d] [Py] angr / angr-platforms angr扩展集，用于处理新平台
[ 33星] [2m] [Py] landgrey / toolsparty用于渗透测试的脚本工具集合
[ 32星] [1y] lylemi / dom-vuln-db具有PoC的浏览器DOM漏洞的集合
[ 32星] [3y] nextco / android-decompiler高质量的工具列表，可用于从android反向工程代码。
[ 32星] [19d] [Java] 智障/ skidsuite-3 Java逆向工程工具和信息链接的集合
[ 32星] [ 6y ] [PS] roo7break / powershell-scripts为我的使用而创建的PowerShell脚本列表（欢迎使用）
[ 31星] [10m] [JS] codebox / monkeyshine稍微邪恶的JavaScript的集合
[ 31星] [5m] [C] csandker / inmemoryshellcode Windows的内存中Shellcode执行技术的集合
[ 31星] [4y] danielmiessler / ctfsolutiontypes CTF解决方案类型的集合，即不是针对特定CTF挑战的解决方案，而是这些解决方案所属的一般类别。包括针对Web，二进制，网络，加密等的CTF解决方案类别。请贡献！
[ 31星] [10m] mmarfil / tinfoilhat跟踪您的应用和服务的隐私保护替代品列表。
[ 31星] [ 6y ] [Ruby] zeknox / scripts一组适用于渗透测试人员的有用脚本
[ 31星] [2m] zoranpandovski /真棒测试工具
[ 30星] [2y] biprodeep / awesome-ml-for-cybersecurity
[ 30星] [3y] [Py] 死角/弹药集合，用于渗透测试
[ 30星] [5m] [PS] kendalvandyke / sqlpowerdoc SQL Power Doc是Windows PowerShell脚本和模块的集合，这些脚本和模块可发现，记录和诊断SQL Server实例及其基础的Windows OS和计算机配置。
[ 30星] [1y] [Tcl] mohemiv / tcltools选择用于Cisco IOS渗透测试的TCL脚本
[ 30星] [4y] neu5ron / malware-traffic-analysis-pcaps网站malware-traffic-analysis.net的pcap文件托管
[ 29星] [2y] syst3ma / awesome_cisco_exploitation精选的Cisco 出色开发资源列表
[ 29星] [2y] [Lua] foxmole / pwnadventure3有关Pwn Adventure 3的博客系列
[ 29星] [3y] [Py] scubsrgroup /每周一次的信息安全-知识-演讲厅 “每周一讲，信息安全基础知识讲堂”由四川大学信息安全研究所挖掘挖掘和利用组同学共同创作，通过每组成员每周一讲的形式展开，主要涉及信息安全的基础知识，包括窗户安全，移动安全等，改为还对通过该平台对外发布一些小组的研究成果！对新同学轴向引导作用，替代则是扩展挖掘与利用研究组同学信息安全研究经验和知识的积累！
[ 29星] [2m] hrt / anticheatjs Javascript反作弊101
[ 29星] [3m] [C] iaik / transientfail网站和PoC收集，用于进行瞬时执行攻击
[ 29星] [2y] syst3ma / awesome_cisco_exploitation精选的Cisco 出色开发资源列表
[ 28星] [ 6y ] [Ruby] andrewsmhay / brisket Brisket是Masscan，zmap和nmap的前端脚本的集合，此外还有数据处理脚本
[ 28星] [1y] [C] mrmacete / r2scripts雷达2的脚本集合
[ 28星] [ 6y ] [Shell] packetforger / localroot在Linux上用于privesc的工具集合
[ 28星] [3y] [Shell] rccoder / awesome-shadowsocks-qt5-debian上的安装脚本Debian上的shadowsocks-Qt5安装脚本
[ 28星] [2y] secarmalabs / iotchecklist基线物联网安全检查表。尽早考虑安全性并获得回报。
[ 28星] [2y] [HTML] shikarisenpai / leak-ntlm-hash-via-html泄漏NTLM哈希的HTML标签列表
[ 28星] [2m] [JS] benoitsevens / applying-ttd-to-malware-analysis研讨会的资源，标题为“重新包装拆包器：将时间旅行调试应用于恶意软件分析”，在HackLu 2019上发表
[ 27星] [1y] alonemonkey / iosrebook-issues《 iOS应用逆向与安全》勘误
[ 27星] [2y] [PHP] blackfan / web-inf-dict来自WEB-INF和META-INF的配置文件列表，用于未验证的转发和JSP包含漏洞。
[ 27星] [9m] [Py] nullarray / amplispy检查DNS服务器的本地或远程列表是否适合DNS放大DoS。
[ 27星] [3y] stayliv3 / iotsec收集物联网安全相关资料
[ 27星] [23d] 安全王子/应用安全资源一些不错的资源，可帮助您开始应用安全
[ 26星] [2m] infosec-community / apac-meetups一个社区贡献了亚太地区InfoSec聚会的合并列表。
[ 26星] [2y] [Shell] jchrisfarris / aws-service-control-policies半有用的服务控制策略和用于管理它们的脚本的集合
[ 26星] [3y] lucifer1993 / awesome-hacking真棒黑客中文版
[ 26星] [1m] meitar / awesome-pentest
[ 26星] [5m] pushinertia / ip-blacklist一个Apache httpd配置文件，该文件拒绝从列入黑名单的IP列表中访问服务器
[ 26星] [20d] thehive-project / awesome与TheHive和Cortex相关的精选事物的精选清单
[ 25星] [1y] [Go] opennota / hydra渗透测试工具。该存储库已迁移到
[ 25星] [3y] 意料之外/令人敬畏的-pentest-tools安全档案工具和软件的列表，通常用于促进安全性和渗透性研究。向所有人开放将有助于知识转移。希望初始设置会增长和扩展。
[ 25星] [5y] wirelesscollege / securitytools android安全工具大全
[ 25星] [3y] wtsxdev / application-security用于学习应用程序安全性的资源
[ 24星] [1y] bountymachine / about跟踪有关Bounty机器对话，博客和有趣事物的中心！
[ 24星] [2y] evilmog / hashcat-hcstat hashcat-hcstat文件的集合
[ 24星] [3m] jmscory / security-tool-chest有用的安全和清除工具列表，这些工具对于红色和蓝色团队活动非常有用。所提供的参考资料使列表成为可能。
[ 24星] [6m] meitar / awesome-malware
[ 24星] [6m] redshiftzero / awesome-threat-modeling精选的有用威胁建模资源列表
[ 23星] [3y] [PHP] 3xp10it / xwebshell免杀webshell集合
[ 23星] [3y] johnnydep / cobaltstrike我从github上收集到的钴打击资料
[ 23星] [29d] [Shell] meisterp / torbrowser-overlay与Tor浏览器相关的ebuild的Gentoo覆盖
[ 23星] [2y] [Py] simonuvarov / expdev
[ 23星] [6m] [HTML] tarafans / collections PoC和漏洞利用的混杂现象
[ 23星] [2m] [Py] torpyorg / torpy Tor协议的纯Python Tor客户端实现
[ 22星] [4y] [Java] ernw / burpsuite-extensions Burp Suite扩展的集合
[ 22星] [3y] [PHP] gr33ntii / malware-collection
[ 22星] [2y] [JS] jamesacampbell / elector TOR浏览器在电子中
[ 22星] [4m] [Py] nlitsme / idascripts枚举多种类型数据：Texts / NonFuncs / …
- idapython的枚举器枚举实用程序
[ 22星] [4y] [Py] onethawt / idapyscripts IDAPython脚本
- DataXrefCounter枚举指定分段的所有交叉引用，计算使用频率
[ 21星] [3y] aozhimin / ios-monitor-resources对各厂商的iOS SDK性能监控方案的整理和收集后的资源
[ 21星] [ 6y ] [Py] carlpulley / volatility Volatility框架插件的集合。
[ 21星] [2y] [TeX] citp / anomalous-tor-keys存档的Tor中继RSA 公钥分析
[ 21星] [5m] [C] cyclaero / void-zones-tools准备一个空域列表，这些空域可以很容易地输入到FreeBSD上的Unbound中
[ 21星] [1m] extremecoders-re / re-list以二进制分析为重点的开源逆向工程工具列表
[ 21星] [4y] fabiobaroni / awesome-pentest很棒的渗透测试资源，工具和其他闪亮内容的集合
[ 21星] [5y] shieldfy / awesome-pentest很棒的渗透测试资源，工具和其他闪亮内容的集合
[ 21星] [10m] slowmist / awesome-blockchain-bug-bounty精选的可用Blockchain Bug赏金计划的完整列表。
[ 21星] [2m] status-im / awesome-secure-messaging安全邮件的精选链接集合。
[ 21星] [2y] 0x90 / firmware-arsenal固件反向工程的工具和脚本
[ 21星] [3m] 亚历山大通/ top-100-hacking-security-e-books-free-download-2019-2019黑客和网络安全电子书| 更多访问-
[ 20星] [3y] [TeX] edelahozuah / awesome-tls-security与TLS，PKI和相关内容相关的（尚不那么）很棒的资源的集合
[ 20星] [2m] edwardqiu / awesome-infosec精选的infosec博客文章，课程，书籍等精选清单！
[ 20星] [1y] seifreed / awesome-sandbox-evasion有关测试如何逃避恶意软件沙箱系统的不同项目/演示文稿/工具的摘要
[ 19星] [1y] annalorimer / security-resources清单，可进一步了解安全性！
[ 19星] [1y] exaybachay-ak / securityadvice为新的IT安全人员收集的建议
[ 19星] [3y] [Shell] operatorequals / oneliner-sh oneliner是一种工具，列出了兼容的反向shell字符串oneliner
[ 19星] [2y] voidhack / toolset对CTF比赛有用的工具
[ 19星] [2y] hunter-github / evil-and-not-wholly-awesome-firefox [自Mozilla变为邪恶以来不推荐使用] Mozilla Firefox及相关资源的列表
[ 19星] [7m] [C＃] rainkin1993 / remote-access-trojan-database从Internet收集的RAT数据库
[ 18星] [3y] [Shell] mitchellkrogza / linux-server-administration- scripts适用于Linux的简单bash管理脚本可简化您的生活。
[ 18星] [3y] shakenetwork / malwareanalysis恶意软件分析工具和资源列表
[ 17星] [2y] cherishao / security-box安全盒子，这里主要指的是自己备份的安全行业相关小工具项目集。
[ 17星] [4y] fabiobaroni / awesome-web-hacking Web应用程序安全性列表
[ 17星] [7m] imfht / websecurityscannerwhitepaper收集网络上公开的入侵扫描器的白皮书。
[ 16星] [3y] 0xc1r3ng / malware-sandboxes-malware-source恶意软件沙箱和恶意软件源
[ 16星] [2y] [Py] b4zinga / explib Explib：poc和exp的集合。
[ 16星] [4y] demonsec666 / pentest_study从零开始内网渗透学习
[ 16星] [1y] [Py] portswigger / additional-scanner-checks Burp中缺少扫描仪检查的集合
[ 15星] [10m] anyeduke / at-p-list攻防清单：用于整理当前收集的所有攻防相关资源
[ 15星] [2y] [Py] ecbftw / poc已发布的漏洞利用和概念证明代码的集合。
[ 15星] [1y] ilovecode2018 / awesome-osint精选的令人赞叹的开源智能工具和资源列表
[ 15星] [1y] nytrorst / presentations来自不同会议的演示
[ 15星] [7m] [C] yuawn / ais3-2019-pre-exam我对AIS3 2019考试前的挑战。
[ 15星] [2y] shmilylty / malware-analysis-tools恶意软件分析套件
[ 15星] [1y] adhdproject / awesome-active-defense大量的主动防御资源
[ 14星] [2y] 3xp10it / xlearn记录安全界大牛分享经验
[ 14星] [3y] [Py] ernw / ctf-writeups CTF编写的集合
[ 14星] [1y] [JS] osrdrivers / windbg-exts各种WinDbg扩展和脚本
[ 14星] [1y] probely / security_checklist Web应用程序安全性检查表
[ 14星] [30d] [Py] ricardojoserf / wifi-pentesting-guide WiFi渗透测试指南
[ 14星] [1y] vagnes / infosecguide infosec.guide是infosec字段中任何人的资源集合
[ 14星] [3y] xeushack / awesome-hacking-practice精选的网站和应用程序列表，可帮助您练习黑客行为
[ 13星] [4y] djadmin / awesome-security很棒的软件，库，文档，书籍，资源的集合，并介绍了有关安全性的知识。
[ 13星] [4y] joesecurity / awesome-malware-analysis精选的超棒恶意软件分析工具和资源列表
[ 12星] [2y] alchu4n / sec_chart有关信息安全的一些截图及流程图分享
[ 12星] [3y] paralax / awesome-pentest-1令人敬畏的渗透测试一系列令人敬畏的渗透测试资源
[ 12星] [5m] wuseman / wnmap这是掌握nmap的备忘单
[ 12星] [30d] gaurav-gogia / dftools精选的数字取证工具列表。
[ 12星] [1m] albertzsigovits / mal-analysis-tools精选的恶意软件存储库，跟踪器和恶意软件分析工具列表
[ 11星] [28d] [YARA] 遗嘱/ yara-rules个别研究收集的YARA签名
[ 11星] [2y] 字典库/ sql-injection-fuzzpayload-collection Sql-injection FuzzPayload集合
[ 11星] [7m] [HTML] lambdacasserole / hack-this常见的Web编程安全性错误的集合。
[ 11星] [4y] [PHP] yunkaiyueming / php_back_door_code PHP后门代码汇总
[ 11星] [2y] [Py] redteamwing / pentest-wiki PENTEST-WIKI是一个免费的在线安全知识库，供渗透测试者/研究人员使用。如果您有个好主意，请与他人分享。
[ 11星] [1y] hackinfinity / honey-pots-我的Honeypot资源集合
[ 10星] [1y] [Py] ecx86 / ida-scripts IDA Pro / Hex-Rays配置，脚本和插件
[ 10星] [2y] hxy9243 / whotofollow谁在Twitter / Telegram上关注
[ 10星] [4y] [Py] randomsctf / ctf-scripts用于分析，加密和取证的简短脚本集合，可用于CTF和/或安全评估
[ 10星] [9m] [JS] twlinux / lets-talk故意受攻击的网站，演示了初学者级别的注入漏洞
[ 9星] [4y] gavz / awesome-windows-exploitation精选的 Windows Exploitation资源和闪亮内容的精选列表。
[ 8星] [28d] [Shell] kbnlresearch / forensicimagingregresources和资源，这些资源和文档与建立实验性小型法医成像设施有关。
[ 8星] [1y] newcon / securitytools安全工具列表，其中也包括免费，opensourse和付费工具。
[ 8星] [1y] testrockytesting / awesome-cloud-osint此存储库将托管用于收集有关云提供商的信息的资源-SaaS，IaaS，PaaS，DaaS等。
[ 7星] [1y] [Py] aye-whitehat / ctf-collection
[ 7星] [2y] cuccs / ns网络安全课程作业收集
[ 7星] [2y] dictionaryhouse / the-security-handbook-kali-linux对于入门者来说，这是一本有用的参考指南和安全基础手册。
[ 7星] [1m] mitchellkrogza / badd-boyz-bitcoin- scammers勒索软件和Sextortion骗局中使用的比特币地址列表
[ 7星] [2m] [Shell] 用于网络安全的oldbonhart / cheat_sheets速查表
[ 7星] [28d] [HTML] arch3rpro / pentesttools很棒的Pentest工具集合
[ 6星] [2y] [Py] benterpan / pocs整理收集的一些突破利用POC +一些扫描类的实现。
[ 6星] [3y] [C] 垃圾/开发仓库，用于各种开发工具/ PoC / Shellcodes / CTF解决方案
[ 6星] [3y] jasonmiacono / iocs威胁情报泄露的指标
[ 6星] [4y] mattulm / sfiles_yara我在网上发现的YARA签名集合。
[ 6星] [4y] [Shell] thoqbk / code-collection一个用于反编译多个jar文件并重新排列源代码的shell脚本工具
[ 6星] [8m] stendarr / funny-tech- talks关于技术和计算机科学的有趣演讲列表
[ 5星] [3y] agnosticlines / binaryninja-plugins一个带有二进制忍者脚本+插件列表的存储库（灵感来自
[ 5星] [2m] repnz / windbg-cheat-sheet我使用WinDbg进行内核调试的个人备忘单
[ 4星] [1m] arkecosystem / security- vulnerabilities与我们的产品相关的已知和已关闭安全漏洞列表。
[ 4星] [4y] [PHP] blackhalt / webshells Webshell漏洞注入列表。
[ 4星] [7m] gexos / malrepo DIONAEA Honeypot捕获的恶意软件样本集合
[ 4星] [2y] netseclab / paper_for_digital_forensics这是数字取证的论文，代码和问题的集合。
[ 3星] [5y] api0cradle / shmoocon-2015 ShmooCon幻灯片/会议记录草稿
[ 3星] [5m] [Java] hktalent / myhktools
[ 2星] [2y] androidtamer / awesome_android_pentest令人敬畏的android pentest工具集合
[ 2星] [4y] [C] geekben / cve-collection收集最近CVE的POC和EXP
[ 2星] [2y] kanglib / edu_for数字取证的备忘单
[ 2星] [2y] [PS] truekonrads / powerspells少量的powershell脚本集，在横向移动时很有用
[ 1星] [2y] [PHP] 12345bt / webshell webshell收集项目
[ 1星] [1y] iamprbkr / awesomebugbounty4noob很棒的资源，适合初学者，如何查找网站/域名/目标，以获取漏洞/认真/负责任的披露
[ 1星] [2y] [Py] monkeyman79 / janitor用于低级调试的GDB命令集合，旨在将debug.exe风格引入GDB命令行界面。
[ 1星] [3y] sunu11 / sec-box信息安全工具箱（信息安全工具集合）
[ 1星] [6m] sv4us / ebook电子书编程反向渗透
[ 1星] [3m] kingsabri / aggressorscripts钴罢工侵略者剧本集
[ 0星] [2y] goel42 / meltdown-spectre-bug-poc-collection聚合了概念验证，到目前为止已发布。
[ 0星] [2y] goel42 / meltdown-spectre-poc-collection汇总了概念证明，目前已经发布。
[ 0星] [10m] [Py] ponusjang / poc-exp-collection Poc＆Exp集合
[ 0星] [11m] s3curityb3ast / s3curityb3ast.github.io Kaustubh的安全建议
[ 0星] [5y] andrewsmhay / research我的研究收藏

笔记&&文章&&教程

[ 24956星] [10d] xitu / gold-miner翻译优质互联网技术文章的社区
[ 15776星] [10m] micropoor / micro8从业10年渗透笔记
[ 5513星] [9m] carpedm20 / awesome-hacking Hacking教程，工具和资源
[ 4174星] [2y] forter / security-101-for-saas-startups初学者安全小窍门
[ 2918星] [10d] secfigo /令人敬畏的fuzzing模糊学习资源（书籍，课程-免费和付费，视频，工具，教程和易受攻击的应用程序）的精选清单，用于学习fuzzing和Exploit开发的初始阶段（如root）原因分析。
[ 2529星] [4m] kbandla / aptnotes关于APT运动的各种公共文档，白皮书和文章
[ 1871星] [5m] bypass007 /紧急响应笔记紧急响应实战笔记，一个安全工程师的自我修养。
[ 1679星] [7m] dsasmblr /游戏黑客教程，工具以及与逆向工程视频游戏有关的更多内容。
[ 1457星] [3y] tiancode / learn-hacking开始学习Kali Linux各种破解教程渗透测试逆向工程HackThisSite挑战问题解答
[ 1229星] [6m] 粉笔/笔记一些公共笔记
[ 893星] [1m] aptnotes /数据 APTnotes数据
[ 883星] [4m] escapingbug / awesome-browser-exploit很棒的浏览器开发教程列表
[ 773星] [1y] pfarb / awesome-crypto-papers精选的加密技术论文，文章，教程和howtos。
[ 750星] [4y] fabiobaroni / awesome-exploit-development精选的资源列表（书籍，教程，课程，工具和易受攻击的应用程序），用于学习利用Exploit开发
[ 723星] [4m] uknowsec / active-directory-pentest-notes个人域渗透学习笔记
[ 683星] [1y] [HTML] zhengmin1989 / myarticles蒸米的文章（iOS冰与火之歌系列，一步一步ROP系列，安卓动态调试七种武器系列等）
[ 671星] [1y] dsasmblr /黑客在线游戏黑客在线游戏的精选教程/资源列表。
[ 607星] [2y] [HTML] jiji262 / wooyun_articles drop.wooyun.org乌云Drops文章备份
[ 558星] [3y] 高级威胁研究/固件安全培训固件安全教程：从攻击者和防卫者的角度看BIOS / UEFI系统固件的安全
[ 478星] [2m] xiangpasama / jdsrc-small-classroom京东SRC小课堂系列文章
[ 448星] [8m] jnusimba / miscsecret有关Web / Cloud / Docker安全性，渗透测试，安全性构建的一些学习笔记
[ 425星] [10m] [C] hardenedlinux / linux-exploit-development-tutorial一个针对Linux开发新手的系列教程。
[ 383星] [7m] jnusimba / androidsecnotes有关Android安全性的一些学习笔记
[ 383星] [1y] [HTML] maestron / reverse-engineering-tutorials逆向工程教程
[ 379星] [7m] 无法证明的/ pentesthardware公开笔记整理
[ 369星] [2y] jaybosamiya / security-notes关于我观看的与安全相关的视频的笔记（作为快速回忆的一种方式）。
[ 359星] [3y] [Py] sangaline / advanced-web- scraping -tutorial在高级Web爬网教程中开发的Zipru刮板。
[ 299星] [1y] [Py] anasaboureada / penetration-testing-study-notes渗透测试说明，资源和脚本
[ 269星] [2y] sam-b / windows_kernel_resources有关学习Windows内核利用，内部和（r | b）ootkits的论文，博客文章，教程等
[ 233星] [2y] [C] hardenedlinux / grsecurity-101-tutorials增强Linux内核安全的内核补丁集
[ 222星] [1y] [C ++] wnagzihxa1n / browsersecurity我在学习浏览器安全过程中整理的突破分析笔记与相关的学习资料
[ 220星] [2y] [Py] wwong99 / pentest-notes 我所有的渗透测试研究笔记，渗透测试工具，脚本，技术，技巧以及许多脚本，我发现它们对整个Internet都很有用。
[ 213星] [4m] [Shell] xu-jian / vps个人笔记汇总
[ 204星] [2y] [C] peperunas / injectopi一堆Windows代码注入教程
[ 176星] [1m] microsvuln / awesome-afl精选的AFL叉子和AFL启发性模糊器的精选清单，并提供详尽的等效学术论文以及AFL模糊指导
[ 174星] [2y] [C] geosn0w / reverse-engineering-tutorials面向初学者的一些反向工程教程
[ 161星] [1y] jnusimba / linuxsecret有关Linux安全性的一些学习笔记
[ 140星] [2y] spoock1024 /网络安全 Web安全中比较好的文章
[ 133星] [3y] [PHP] ksanchezcld / hacking_cheat_sheet我的所有骇客|登录须知
[ 128星] [2y] [C] firmianay /终身学习者有关一切的个人说明。
[ 103星] [2y] [Py] 1111joe1111 / tuts逆向工程教程
[ 98星] [11d] smi1esec / web-security-note记录一些常见的Web安全站点
[ 74星] [2y] [HTML] anquanquantao / pentraining一个网络安全基础知识的教程。内容比较杂，好在都是实验视频和工具提供，可以自行动手完成实验。
[ 74星] [2y] [程序集] azeria-labs / arm-assembly-examples ARM程序集片段
[ 63星] [10m] [C] zigzagsecurity / survival-guide-radare2带有radare2的逆向工程基础教程
[ 60星] [13d] 莱比锡/令人敬畏的可复制研究精选的可复制研究案例研究，项目，教程和媒体清单
[ 52星] [12m] feicong / zsxq_archives【软件安全与知识星球】精华文章列表
[ 47星] [27d] [Py] ercoppa / symbolic-execution-tutorial有关符号执行的教程。动手练习基于angr框架。
[ 41星] [1m] Mykings / security-study-tutorial在线学习材料摘要
[ 41星] [10m] [C ++] thebabush / dumb-obfuscator教程，介绍如何编写我能想到的最笨的混淆器。
[ 28星] [1y] [JS] wahengchang / nodejs-security-must-know这是有关nodejs安全性的说明
[ 20星] [28d] [Py] 0x25 /有用的笔试音符
[ 12星] [1m] [HTML] gnebbia / nmap_tutorial一些有关nmap的注释
[ 0星] [1y] [C ++] linux-sir / arm_reverse_engineer ARM平台逆向工程学习笔记

密码表

[ 6033星] [28d] berzerk0 / probable-wordlists第2版正式发布！按最初为密码生成和测试创建的概率对单词列表进行排序-确保您的密码不受欢迎！
[ 2314星] [2y] [Py] rootphantomer / blasting_dictionary爆破字典
[ 917星] [15d] [批处理文件] mr-xn / burpsuite-collection BurpSuite收集：包括不包含Burp文章，破解版，插件（非BApp Store），汉化等相关教程
[ 628星] [4y] jeanphorn / wordlist收集一些常用单词列表，例如RDP密码，用户名列表，用于暴力破解的ssh密码单词列表。IP摄像机默认密码。
[ 315星] [2y] [Shell] kennyn510 / wpa2-wordlists一组用于密码破解的单词表词典
[ 314星] [8m] [Py] screetsec / brutesploit BruteSploit是具有交互式shell的自动生成，暴力破解和操纵单词表方法的集合。可以在渗透测试期间使用它来枚举，也可以在CTF中用于操纵，组合，转换和置换某些单词或文件文本：p
[ 180星] [4y] [Shell] nccgroup / cisco-snmp-enumeration自动Cisco SNMP枚举，蛮力，配置下载和密码破解
[ 136星] [6m] tarraschk / richelieu最常见的法语密码列表
[ 82星] [ 6y ] [Java] schierlm / javapayload JavaPayload是纯Java有效负载的集合，可用于纯Java漏洞利用或常见错误配置（例如不受密码保护的Tomcat管理器或调试器端口）的后期利用。
[ 77星] [2y] [Py] stasinopoulos / jaidam Jaidam是一个开源渗透测试工具，它将输入域名列表，进行扫描，确定是否使用了wordpress或joomla平台，最后自动对其进行检查。使用两个著名的开源工具WPScan和Joomscan的Web漏洞。
[ 70星] [3y] screetsec / wordlist-dracos收藏我的单词表
[ 58星] [7m] [HTML] tgeaus /弱密码字典
[ 35星] [3y] arnaudsoullie / ics-default-passwords工业控制系统的默认密码列表
[ 27星] [8m] [PS] oneologicmyth / invoke-gppcse根据通常包含密码的已知客户端扩展（CSE）获取GPO列表
[ 24星] [2y] [PHP] skyzyx / bad-passwords黑客入侵的密码列表中前10,000个最常用密码的列表。
[ 23星] [3y] [Go] hgfischer / domainerator用Go语言编写的简单应用程序，它结合了两个单词列表和一个TLD列表以形成域名，并检查它们是否已经注册。
[ 21星] [2y] troydo42 / awesome-pen-test实验与渗透测试WordPress，iOS，MacOS，Wifi和Car的指南和工具
[ 12星] [2y] cujanovic / virtual-host-wordlist虚拟主机单词列表
[ 8星] [3y] [Py] nyxxxie / awesome-default-passwords各种设备和服务的默认密码的有组织的集合。
[ 5星] [3y] cujanovic / dirsearch-wordlist塞尔维亚/英语单词表

爬虫

[ 11489星] [2m] facert / awesome-spider爬虫集合
[ 5807星] [3m] [Py] luyishisi / anti-anti-spider越来越多的网站具有反爬虫特性，有的用图片隐藏关键数据，有的使用反人类的验证码，建立反反爬虫的代码仓库，通过与不同特性的网站做斗争（无恶意）提高技术。
[ 4407星] [2y] [Py] lining0806 / pythonspidernotes Python入门网络爬虫之精华版
[ 3901星] [3m] brucedone / awesome-crawler一系列令人敬畏的网络爬虫，各种语言的蜘蛛
[ 3504星] [6m] [PHP] hanc00l / wooyun_public此仓库已存档。感谢wooyun！乌云公开漏洞，知识库爬虫和搜索爬网并搜索wooyun.org公共bug（漏洞）和删除
[ 2753星] [2m] [Py] kr1s77 / python-crawler-tutorial-starts-from-zero python爬虫教程，带你从零到一，包含js反向，硒，tesseract OCR识别，mongodb的使用，以及框架
[ 2479星] [1y] [Py] geekan / scrapy-examples各种各样的Scrapy示例。Alexa / Amazon / Douban / Douyu / github / linkedin等的蜘蛛
[ 2437星] [2m] [Py] the0demiurge / shadowsocksshare从ss（r）共享网站爬虫获取共享
[ 1997星] [2m] [Py] wistbean / learn_python3_spider python爬虫教程系列，从0到1学习python爬虫，包括浏览器抓包，手机APP抓包，如提琴手，mitmproxy，各种爬虫涉及的模块的使用
[ 1130星] [1m] [HTML] ehco1996 / python-crawler从头开始系统化的学习如何写Python爬虫。Python版本3.6
[ 509星] [12d] [Py] mozillasecurity / funfuzz用于测试SpiderMonkey JavaScript引擎的工具中的模糊器集合。
[ 384星] [4y] [PHP] spiderlabs / mcir神奇的代码注入Rainbow！MCIR是用于构建可配置漏洞测试平台的框架。MCIR也是可配置漏洞测试平台的集合。
[ 215星] [3y] liinnux / awesome-crawler-cn互联网爬虫，蜘蛛，数据采集器，网页解析器的汇总，因新技术不断发展，新框架层出不穷，此文会不断更新…
[ 51星] [2m] [Py] ahmia / ahmia-crawler ahmia搜索引擎使用的爬虫集合
[ 37星] [1y] chenjiandongx / awesome-spider爬虫集合

以上内容由Google自动翻译,拗口之处请参考原文自行翻译:
github.com/alphaSeclab/awesome-security-collection

↧

密码泄露查询 XposedOrNot 随机密码生成器

January 6, 2020, 7:07 pm

≫ Next: Burp Suite Pro 2020.8 破解版下载burp_2020.8 cracked

≪ Previous: 2020年信息安全资源集合渗透测试笔记文章教程工具

什么是Xposed密码？

这个项目的主要目的是为公众提供一个免费的平台，以检查他们的密码是否被暴露和泄露过.
这些泄露出来的密码是否与你正在使用的密码相同,如果有的话请尽快修改密码,因为黑客使用的密码字典里正好有你在使用的密码,相当于能打开你门的钥匙正好在小偷手里也有同样的一把,当你成为目标时,小偷只要把手里面的钥匙全部试一遍,你的家便被盗了.

xposde包含了大量真实密码收集积累，总共包括约8.5亿个实时密码,这些密码在世界各地的各种数据泄露中暴露出来。密码是从诸如Collection＃1，Yahoo等暴露的违规行为中挑选出来的。此外，密码也通常在pastebin.com的 “ 粘贴 ”中暴露。我们已经进行了40,000多次此类曝光，并且再次添加到这个庞大的列表中。排序后的密码使用高度安全的哈希算法SHA-3（Keccak-512）进行哈希处理.

查询地址: https://www.xposedornot.com/

例如查询123456这个弱密码,可见该密码在此前泄露过的数据库中出现过11999477次(1199万次)
123456这个密码使用人很多,具体有多少呢?

1.2÷85= 0.0141176471 =1.4%

也就是说平均200个人中就有3人使用123456作为密码.
好像并不多—–但是.

理想化状态下,10亿人就有1400万人使用123456作为密码,可见这个数量还是很可观的,按照这个概率来进行简单攻击,收获颇丰,更何况还有其他的弱口令密码字典加持.

既然这么多人使用这个密码,那么黑客密码字典里自然要把该密码加进去.所以,这里推荐一个随机密码生成器来强化你的密码,保护你的安全.

随机密码生成器: https://www.ddosi.com/mm.html

下面来看看随机生成的密码强度测试:随机生成27个16位密码

Az5ZrC9jfe3Vo4Rk
CdYh382zPkKGvpVM
Cpoc5zUuleWhBD2j
k6tmdbchqlsUGPK0
1rvzZ3o5yMBO4E8X
UZRuKLbhrMkmfATa
RlYodMITrc2bikAa
VXomb2QT3f814SuB
aVI5hLfU7TitFrA0
PU76Nhg3BqtbLiFd
gJhULwR4FIy09bkn
H47MPQGegEBnhjRL
5nVH39GAL6sBlCeR
NDR3P5fqYSGnVp4E
tW8pcYGPdof3r10F
E0GDN3MI2RABKjxQ
YWgRTOVauhMdeb4c
PHOuaXYAJlrdnsmR
WZlpMrRLd0uEoqNv
4TFMGEx3mrLNjQpS
J4gKkPxW3a0lXVLM
OX5Zq7D9dQm3xzka
v0uanVzJix45w6PY
ZjFXBydTQ29keU0r
d0Fv2T8IGr9X7ekN
8DXl5tRe1ZfjzabA
U2tpsBfnuFMoEb4C

密码泄露查询地址: https://www.xposedornot.com/
随机密码生成器: https://www.ddosi.com/mm.html

↧

Burp Suite Pro 2020.8 破解版下载burp_2020.8 cracked

August 8, 2020, 9:03 pm

≫ Next: 临兵漏洞扫描系统

≪ Previous: 密码泄露查询 XposedOrNot 随机密码生成器

Burp Suite Pro 2020.8 破解版下载burp_2020.8 cracked

↧

临兵漏洞扫描系统

August 9, 2020, 9:49 pm

≫ Next: 安恒信息《渗透攻击红队百科全书》下载

≪ Previous: Burp Suite Pro 2020.8 破解版下载burp_2020.8 cracked

本系统是对目标进行漏洞扫描的一个系统,前端采用vue技术,后端采用flask.核心原理是扫描主机的开放端口情况,然后根据端口情况逐个去进行poc检测,poc有110多个,包含绝大部分的中间件漏洞,本系统的poc皆来源于网络或在此基础上进行修改,在centons7环境下使用nginx和uwsgi部署.

↧