SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

v1.0

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

从零开始内网渗透学习

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

MS17-010

各种安全相关思维导图整理收集

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Web path scanner

XSS平台 CTF工具 Web安全工具

A framework for CTF Attack with Defense Mode

Active Directory pentest scripts