2-day current streak·11-day longest streak
Hi there 👋 About Me…
Hi there 👋
About Me
弱鸡
ID : RuoJi6
博客:https://ruoji6.github.io/-
CACM ★ PINNED
Linux权限维持
★ 1.1k 26d agoExplain → -
audit-skills ★ PINNED
专注于代码审计skill,最小化轻量化skill,只负责安全边界。
Python ★ 951 20d agoExplain → -
xxl-job-FLM ★ PINNED
xxl-job内存马
Java ★ 233 1y agoExplain → -
database_scan ★ PINNED
No description.
Go ★ 101 19d agoExplain → -
script-demo ★ PINNED
No description.
Python ★ 10 8mo agoExplain → -
Deskbypass
No description.
★ 460 1y agoExplain → -
DarKnuclei
No description.
★ 106 1y agoExplain → -
java-decompile-mcp
No description.
Python ★ 75 5mo agoExplain → -
Code-Audit-Scanner
jetbrains 编辑器代码审计插件,适配:phpStorm,webStorm,rider,IntelliJ IDEA,pyCharm
★ 68 6mo agoExplain → -
ruoji ▣
No description.
Python ★ 65 3y agoExplain → -
net-audit-skills
net-audit-skills
★ 51 1mo agoExplain → -
awd_ruoji_waf
No description.
Python ★ 47 3y agoExplain → -
dbx-audit ⑂
DBX 数据审计版
Rust ★ 33 34m agoExplain → -
CVE-2025-55182-RCE-shell
Burp Suite/antsword - Interactive shell (HTTP hijack + POST + AES-256-CBC/BASE64)
Python ★ 31 7mo agoExplain → -
fuzzhound
FuzzHound是一款专为 API 安全测试设计的智能 Fuzz 工具,支持 Swagger/OpenAPI 文档自动解析,提供多种 Fuzz 模式和漏洞检测能力。像猎犬一样嗅探 API 中的安全漏洞!
Python ★ 27 2mo agoExplain → -
memory-shell-mcp
This repository is designed to automate the detection and cleanup of in-memory web shells using MCP in combination with the memory-shell-detector tool. / 本仓库旨在结合 MCP 与 memory-shell-detector 工具,实现对内存 WebShell(内存马)的自动化检测与清除。
Python ★ 25 5mo agoExplain → -
ez-web_sign_in
ez-web_sign_in https://msec.nsfocus.com/ ez每天自动签到脚本
Python ★ 24 11mo agoExplain → -
ruoji_scan_poc
No description.
Python ★ 19 3y agoExplain → -
cloud-security
No description.
★ 17 2y agoExplain → -
ctf-prompt-converter
ctf-prompt-converter
★ 16 3mo agoExplain → -
All-Defense-Tool ⑂
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms漏洞利用工具,爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
★ 15 3y agoExplain → -
-
BurpSuite字典
★ 6 5y agoExplain → -
fofa_quake_hunter_mcp
No description.
Python ★ 5 4mo agoExplain → -
Behinder-WebView-XSS-Fix
Non-official patch for Behinder client Issue #313 (WebView 0-click NTLM hash leak)
Java ★ 4 2mo agoExplain → -
Vulnerability-Wiki-PoC ⑂
🚀 2024-至今 1Day 漏洞 PoC 深度研究与复现归档。涵盖 OA、ERP、安防、数通、大模型及容器等 高价值资产漏洞,实战导向,助力安全研究与合规检测。
★ 3 6mo agoExplain → -
ChatGPT-Next-Web ⑂
A well-designed cross-platform ChatGPT UI (Web / PWA / Linux / Win / MacOS). 一键拥有你自己的跨平台 ChatGPT 应用。
TypeScript ★ 3 2y agoExplain → -
K8sPenTool ⑂
一款针对K8s综合利用GUI工具
★ 2 2mo agoExplain → -
RuoJi6
No description.
★ 2 2mo agoExplain → -
cybersecurity-interview-boilerplate
本来不屑于看面试题的,直到碰到大聪明面试官问的大聪明问题,所以就爬了一份,欢迎PR,一起维护一个。
★ 2 9mo agoExplain → -
LinkSec
安全工具工作流
★ 2 9mo agoExplain → -
XG_NTAI ⑂
用于Webshell木马免杀、流量加密传输,多多支持star
★ 2 1y agoExplain → -
vagent ⑂
多功能 java agent 内存马
★ 2 2y agoExplain → -
SubTracker
软件订阅管理工具 - Subscription Management App
TypeScript ★ 1 1mo agoExplain → -
duckmail
No description.
TypeScript ★ 1 4mo agoExplain → -
KitsuneMagisk ⑂
A fork of KitsuneMagisk. Thanks to the original author @HuskyDG.
★ 1 10mo agoExplain → -
sensitive-info-tool ⑂
No description.
Vue ★ 1 9mo agoExplain → -
CloudX ⑂
一个基于规则的加解密破签工具
★ 1 1y agoExplain → -
Rscan ⑂
自动化扫描利器,指纹识别更精准,漏洞扫描更全面
★ 1 1y agoExplain → -
Pentest-Windows ⑂
矛·盾 武器库 - Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境
★ 1 1y agoExplain → -
SecurityList ⑂
A list for Web Security and Code Audit
★ 1 1y agoExplain → -
0day ⑂
各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
★ 1 2y agoExplain → -
ruoyi-Vue-tools ⑂
若依Vue漏洞检测工具
★ 1 1y agoExplain → -
KillWxapkg ⑂
自动化反编译微信小程序,小程序安全评估工具,发现小程序安全问题,自动解密,解包,可还原工程目录,支持Hook,小程序修改
★ 1 1y agoExplain → -
ShiroAttack2_Pro ⑂
Shiro反序列化漏洞综合利用,在原版工具上进行一些功能增加。
★ 1 1y agoExplain → -
ShadowMeld ⑂
🕶️ 隐蔽Shellcode嵌入与反检测免杀加载器生成框架 / Stealthy Payload Delivery Framework with Anti-EDR Capabilities
★ 1 1y agoExplain → -
Fusion ⑂
A cross platform C2/post-exploitation framework
★ 1 1y agoExplain → -
ENScan_GO ⑂
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
★ 1 1y agoExplain → -
VulnArk ⑂
No description.
★ 1 1y agoExplain → -
cursor-reset ⑂
Cursor Trial Reset Tool
★ 1 1y agoExplain → -
pdfrip ⑂
A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
★ 1 2y agoExplain → -
Ollama-Scan ⑂
助你实现Ollama自由,配合FOFA等搜索引擎体验更佳
Python ★ 1 1y agoExplain → -
theAIMythbook ⑂
Ai迷思录(应用与安全指南)
★ 1 1y agoExplain → -
AI-Infra-Guard ⑂
AI infrastructure security assessment tool designed to discover and detect potential security risks in AI systems.
★ 1 1y agoExplain → -
csIntruder ⑂
本项目包含CobaltStrike密码爆破、伪造上线以及DDos功能。其中伪造上线支持常见魔改版CS。This project includes CobaltStrike password blasting, fake online and DDos functions. Among them, fake online supports common secondary development version CS.
★ 1 3y agoExplain → -
api_fuzz
api fuzz
★ 1 3y agoExplain → -
hh
burp汉化包
★ 1 5y agoExplain → -
aiscan ⑂
pi-like agentic security scanner for redteam — single binary for AI-driven pentesting, from red team ops to bug bounty
Go ★ 0 11d agoExplain → -
JarLibsConsolidator ⑂
一个IDEA插件:一键收集项目中所有jar包依赖的工具插件。遍历项目目录收集所有jar文件,复制到all-in-one文件夹,并自动添加为项目库。
★ 0 8mo agoExplain → -
found ⑂
nuclei file protocol engine
★ 0 26d agoExplain → -
CyberStrikeAI ⑂
CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.
★ 0 1mo agoExplain → -
RuoJi6.github.io
No description.
HTML ★ 0 1mo agoExplain → -
tools-
No description.
★ 0 1mo agoExplain → -
dirtyfrag ⑂
No description.
★ 0 2mo agoExplain → -
JoySafeter ⑂
please add desp
Python ★ 0 4mo agoExplain → -
memory-shell-detector ⑂
No description.
★ 0 5mo agoExplain → -
NET-Deserialize ⑂
总结了20+.Net反序列化文章,持续更新
★ 0 2y agoExplain → -
Golin ⑂
弱口令检测、 漏洞扫描、端口扫描(协议识别,组件识别)、web目录扫描、等保工具(网络安全等级保护现场测评工具)内置3级等保核查命令、基线核查工具、键盘记录器
Go ★ 0 11mo agoExplain → -
de4dot ⑂
.NET deobfuscator and unpacker.
★ 0 5y agoExplain → -
de4dot-cex ⑂
📦 de4dot deobfuscator with full support for vanilla ConfuserEx
★ 0 6y agoExplain → -
SpecOps_cn ⑂
SpecOps is a Burp Suite extension that ingests an OpenAPI or Swagger spec and instantly builds a workbench to test every documented endpoint.
★ 0 7mo agoExplain → -
POC_YUUKI4O4 ⑂
POC
★ 0 2y agoExplain → -
CVE-2025-32463_chwoot ⑂
sudo Local Privilege Escalation CVE-2025-32463
Shell ★ 0 1y agoExplain → -
templates ⑂
chainreactors templates
Go ★ 0 9mo agoExplain → -
PHP-Code ⑂
通过ThinkPHP框架学习PHP代码审计
★ 0 2y agoExplain → -
SecurityProduct ⑂
开源安全产品源码,IDS、IPS、WAF、蜜罐等
★ 0 1y agoExplain → -
ViewState-Cracker ⑂
ASP.net ViewState密钥被动扫描爆破BurpSuite插件
★ 0 10mo agoExplain → -
Rshell---A-Cross-Platform-C2 ⑂
Rshell是一款开源的golang编写的支持多平台的C2框架,旨在帮助安服人员渗透测试、红蓝对抗。
Go ★ 0 10mo agoExplain → -
Crypto-Asset-Tracing-Handbook ⑂
No description.
★ 0 10mo agoExplain → -
turnt ⑂
A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.
★ 0 11mo agoExplain → -
e0e1-wx ⑂
微信小程序辅助渗透-自动化
★ 0 1y agoExplain → -
GateSentinel ⑂
GateSentinel 是一个现代化的 C2 (Command and Control) 框架,专为安全研究和渗透测试设计。该项目采用 Go 语言开发服务端,C 语言开发客户端,提供了强大的远程控制和管理功能。
★ 0 11mo agoExplain → -
cai ⑂
Cybersecurity AI (CAI), an open Bug Bounty-ready Artificial Intelligence
★ 0 1y agoExplain → -
java-memshell ⑂
Java内存马教程
★ 0 1y agoExplain → -
malefic ⑂
IoM implant, C2 Framework and Infrastructure
★ 0 1y agoExplain → -
QDoctor ⑂
The first Computer Emergency Response (ARK) Tools for young people ;) 年轻人的第一款应急响应(ARK)工具 ;)
★ 0 1y agoExplain → -
SharpScan ⑂
内网资产收集、探测主机存活、端口扫描、域控定位、文件搜索、各种服务爆破(SSH、SMB、MsSQL等)、Socks代理,一键自动化+无文件落地扫描
★ 0 1y agoExplain → -
ChkApi_0x727 ⑂
辅助甲方安全人员巡检网站资产,发现并分析API安全问题
★ 0 1y agoExplain → -
Whoamifuck ⑂
用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。
★ 0 1y agoExplain → -
blackjump ⑂
JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021
Python ★ 0 1y agoExplain → -
reinstall ⑂
一键DD/重装脚本 (One-click reinstall OS on VPS)
★ 0 1y agoExplain → -
veinmind-tools ⑂
veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
★ 0 2y agoExplain → -
AppScan ⑂
安全隐私卫士(AppScan)一款免费的企业级自动化App隐私合规检测工具。
★ 0 1y agoExplain → -
RexLeo ⑂
RexLeo / ByPassDownLoadFile / Code By:Tas9er / A.E.0.S Security Team
★ 0 1y agoExplain → -
GzWebsocket ⑂
哥斯拉webshell管理工具的插件,用于连接websocket型webshell
★ 0 2y agoExplain → -
TrafficEye ⑂
该工具适用于 HW 蓝队对网络流量的深入分析,帮助安全研究人员、渗透测试人员及网络管理员等专业人士识别潜在的安全威胁,尤其是针对 Web 应用的攻击(如 SQL 注入、XSS、WebShell 等)。其模块化设计使用户能够根据实际需求自由选择并定制各类功能模块。 This tool is designed to help penetration testers and network administrators identify potential security threats, especially those targeting web applications such as SQL injection, XSS, and WebShells. Its modular desig
★ 0 1y agoExplain → -
SecDictionary ⑂
实战沉淀字典
★ 0 1y agoExplain → -
POC-ep ⑂
备份的漏洞库,3月开始我们来维护
★ 0 1y agoExplain → -
PassGet ⑂
Post-exploitation Tool For Windows
Go ★ 0 1y agoExplain → -
e0e1-config ⑂
综合后渗透方面的杂烩
★ 0 1y agoExplain → -
WebCrack ⑂
WebCrack是一款web后台弱口令/万能密码批量检测工具,在工具中导入后台地址即可进行自动化检测。
Python ★ 0 1y agoExplain → -
CVE-2025-30208-EXP ⑂
CVE-2025-30208-EXP
Python ★ 0 1y agoExplain → -
GeoServerExploit ⑂
GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具
★ 0 1y agoExplain → -
fine ⑂
网络空间资产测绘、ICP备案、天眼查股权结构图、IP138域名解析与IP反查、外部HTTP调用与小程序反编译。
★ 0 1y agoExplain → -
Nday-Exploit-Plan ⑂
历史漏洞的细节以及利用方法汇总收集
★ 0 1y agoExplain → -
poc2jar ⑂
Java编写,Python作为辅助依赖的漏洞验证、利用工具,添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块,加快测试效率
★ 0 2y agoExplain → -
teamsix_cf ⑂
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
★ 0 2y agoExplain → -
FingerprintHub ⑂
侦查守卫(ObserverWard)的指纹库
Rust ★ 0 1y agoExplain → -
observer_ward ⑂
侦查守卫(observer_ward)Web应用和服务指纹识别工具
Rust ★ 0 1y agoExplain → -
yuze ⑂
A socksv5 proxy tool Written by CLang. 一款纯C实现的轻量内网穿透工具,支持正向,反向socks5代理隧道的搭建,支持跨平台使用。
★ 0 1y agoExplain → -
POC ⑂
收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1100多个poc/exp,长期更新。
★ 0 1y agoExplain → -
AdaptixC2 ⑂
No description.
★ 0 1y agoExplain → -
fscan ⑂
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
★ 0 1y agoExplain → -
hackshell ⑂
Make BASH stealthy and hacker friendly with lots of bash functions
★ 0 1y agoExplain → -
FastjsonExploit ⑂
Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
Java ★ 0 1y agoExplain → -
port_reuse ⑂
golang 实现的windows and linux 端口复用工具。
Go ★ 0 1y agoExplain → -
git_rce ⑂
Exploit PoC for CVE-2024-32002
★ 0 2y agoExplain → -
qiniuClient ⑂
云存储管理客户端。支持七牛云、腾讯云、青云、阿里云、又拍云、亚马逊S3、京东云,仿文件夹管理、图片预览、拖拽上传、文件夹上传、同步、批量导出URL等功能
★ 0 3y agoExplain → -
BurpLoaderKeygen-Modified ⑂
BurpLoaderKeygen Modified
★ 0 3y agoExplain → -
One-Fox-T00ls ⑂
No description.
★ 0 2y agoExplain → -
ExpLangcn ⑂
No description.
★ 0 3y agoExplain → -
CodeTest ⑂
脚本工具合集GUI版本,内置漏洞验证、利用模块,可自定义脚本实现批量验证。
★ 0 4y agoExplain → -
NTML-hasi-LN-hash
Windows LM and NTLM hash----------------------------converter
★ 0 4y agoExplain → -
CreateHiddenAccount ⑂
A tool for creating hidden accounts using the registry || 一个使用注册表创建隐藏帐户的工具
★ 0 4y agoExplain → -
cs
cs
★ 0 4y agoExplain → -
WindowsExploits ⑂
Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.
★ 0 5y agoExplain → -
IPC-FUZZ-Connection-test
icp-fuzz
★ 0 4y agoExplain →
No repos match these filters.