safe6Sec/PentestNote

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/safe6Sec/PentestNote)

safe6Sec / PentestNote

一些渗透姿势记录

☆500

Alternatives and similar repositories for PentestNote

Users that are interested in PentestNote are comparing it to the libraries listed below

Sorting:

safe6Sec / PentestDB
View on GitHub
各种数据库的利用姿势
☆1,033Jan 3, 2025Updated last year
safe6Sec / command
View on GitHub
红队常用命令速查
☆1,016Updated this week
ybdt / post-hub
View on GitHub
Lateral Movement
☆943Mar 13, 2026Updated last week
safe6Sec / GolangBypassAV
View on GitHub
研究利用golang各种姿势bypassAV
☆816Apr 11, 2022Updated 3 years ago
bit4woo / domain_hunter_pro
View on GitHub
domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等
☆2,118Mar 3, 2026Updated 2 weeks ago
SafeGroceryStore / MDUT
View on GitHub
MDUT - Multiple Database Utilization Tools
☆2,194Sep 22, 2023Updated 2 years ago
exp1orer / JNDI-Inject-Exploit
View on GitHub
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
☆770Jan 26, 2022Updated 4 years ago
ffffffff0x / Pentest101
View on GitHub
一些关于渗透测试的Tips
☆611Dec 19, 2022Updated 3 years ago
0range-x / Domain-penetration_one-stop
View on GitHub
域渗透一条龙
☆738Feb 16, 2022Updated 4 years ago
shmilylty / netspy
View on GitHub
netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）
☆2,203Jul 25, 2023Updated 2 years ago
JKme / cube
View on GitHub
内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描
☆609Jan 31, 2024Updated 2 years ago
achuna33 / MYExploit
View on GitHub
OAExploit一款基于产品的一键扫描工具。
☆1,481Sep 20, 2022Updated 3 years ago
biggerduck / RedTeamNotes
View on GitHub
红队笔记
☆2,123Updated this week
chriskaliX / AD-Pentest-Notes
View on GitHub
用于记录内网渗透(域渗透)学习 :-)
☆1,238Nov 9, 2020Updated 5 years ago
pmiaowu / BurpFastJsonScan
View on GitHub
一款基于BurpSuite的被动式FastJson检测插件
☆1,237Oct 1, 2022Updated 3 years ago
shmilylty / SharpHostInfo
View on GitHub
SharpHostInfo是一款快速探测内网主机信息工具（深信服深蓝实验室天威战队强力驱动）
☆625Dec 15, 2022Updated 3 years ago
r0eXpeR / redteam_vul
View on GitHub
红队作战中比较常遇到的一些重点系统漏洞整理。
☆2,521Jul 17, 2021Updated 4 years ago
xiaoy-sec / Pentest_Note
View on GitHub
渗透测试常规操作记录
☆4,053May 22, 2023Updated 2 years ago
wyzxxz / aksk_tool
View on GitHub
AK资源管理工具，阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/百度云/七牛云存储/火山引擎 AccessKey AccessKeySecret，利用AK获取资源信息和操作资源，ECS/CVM/E2/UHOST/ECI/BCC执行命令，OSS/COS/S3/BOS…
☆779Feb 13, 2025Updated last year
Ryze-T / Sylas
View on GitHub
数据库综合利用工具
☆543Feb 16, 2022Updated 4 years ago
a1phaboy / FastjsonScan
View on GitHub
Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
☆1,050Oct 7, 2022Updated 3 years ago
Schira4396 / VcenterKiller
View on GitHub
一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webs…
☆1,468Apr 25, 2024Updated last year
UzJu / Cloud-Bucket-Leak-Detection-Tools
View on GitHub
六大云存储，泄露利用检测工具
☆1,245Mar 28, 2025Updated 11 months ago
DawnFlame / POChouse
View on GitHub
POC&EXP仓库、hvv弹药库、Nday、1day
☆1,101Nov 11, 2022Updated 3 years ago
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,014May 21, 2024Updated last year
gh0stkey / Web-Fuzzing-Box
View on GitHub
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
☆2,454May 28, 2025Updated 9 months ago
Bl0omZ / JNDIEXP
View on GitHub
JNDI在java高版本的利用工具,FUZZ利用链
☆597Oct 8, 2022Updated 3 years ago
czz1233 / GBByPass
View on GitHub
冰蝎哥斯拉 WebShell bypass
☆763Jan 15, 2026Updated 2 months ago
threedr3am / JSP-WebShells
View on GitHub
Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势
☆1,405Jan 18, 2022Updated 4 years ago
safe6Sec / Fastjson
View on GitHub
Fastjson姿势技巧集合
☆1,833Oct 20, 2023Updated 2 years ago
Power7089 / PenetrationTest-Tips
View on GitHub
渗透测试，渗透测试小技巧，渗透测试Tips，师傅们跟我一起维护更新吧~
☆878Jun 8, 2021Updated 4 years ago
r0eXpeR / fingerprint
View on GitHub
各种工具指纹收集分享
☆529Nov 3, 2021Updated 4 years ago
xiaoZ-hc / redtool
View on GitHub
日常积累的一些红队工具及自己写的脚本，更偏向于一些diy的好用的工具，并不是一些比较常用的msf/awvs/xray这种
☆1,416Aug 18, 2024Updated last year
lintstar / LSTAR
View on GitHub
LSTAR - CobaltStrike 综合后渗透插件
☆1,262Jan 30, 2022Updated 4 years ago
Daybr4ak / C2ReverseProxy
View on GitHub
一款可以在不出网的环境下进行反向代理及cs上线的工具
☆491Apr 26, 2023Updated 2 years ago
sairson / Yasso
View on GitHub
强大的内网渗透辅助工具集-让Yasso像风一样支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis…
☆1,595Jul 27, 2022Updated 3 years ago
zilong3033 / fastjsonScan
View on GitHub
fastjson漏洞burp插件，检测fastjson<1.2.68基于dnslog，fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
☆125May 14, 2021Updated 4 years ago
AlphabugX / Alphalog
View on GitHub
DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全匿名产品(fuzz.red)，Alphalog与传统DNSLog不同，更快、更安全。
☆457Aug 20, 2025Updated 7 months ago
pmiaowu / BurpShiroPassiveScan
View on GitHub
一款基于BurpSuite的被动式shiro检测插件
☆1,797Dec 14, 2022Updated 3 years ago