Local Exploit for Meltdown https://github.com/dendisuhubdy/meltdown
Meltdown Spectre PoC https://github.com/paboldin/meltdown-exploit
Meltdown/Spectre PoC 源码集合 https://github.com/turbo/KPTI-PoC-Collection
meltdownspectre补丁 https://github.com/hannob/meltdownspectre-patches
SpecuCheck meltdownspectre win下检查工具 https://github.com/ionescu007/SpecuCheck
Linux本地root提权 https://github.com/5H311-1NJ3C706/local-root-exploits
漏洞研究集合 https://github.com/sergey-pronin/Awesome-Vulnerability-Research
Snyk漏洞库 https://github.com/snyk/vulndb
按小时更新的保存使用JSON格式设置的CVE列表信息 https://github.com/CVEProject/cvelist
哈希长度扩展攻击EXP https://github.com/citronneur/rdpy
JAVA反序列化漏洞相关资源列表 https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
JBOSS verify & exp tool https://github.com/joaomatosf/jexboss
些 APT 组(APT28、APT29、APT32、Emotet...)所使用的恶意软件样本 https://github.com/Cherishao/APT-Sample
安卓十月漏洞POC https://github.com/jiayy/android_vuln_poc-exp
在sebug提交的漏洞详情及poc https://github.com/ganliuzhuo/Sebug
PacketWhisper:使用DNS查询和文本隐藏技术 https://github.com/TryCatchHCF/PacketWhisper
ExploitDB官方git版本 https://github.com/offensive-security/exploit-database
Vulncode-DB is a database for vulnerabilities and their corresponding source code https://github.com/google/vulncode-db
php漏洞代码分析 https://github.com/80vul/phpcodz
Parse: PHP安全扫码器 https://github.com/psecio/parse
NodeJsScan-Node.js应用静态安全代码扫码器 https://github.com/ajinabraham/NodeJsScan
proof-of-concept exploits developed by the Semmle Security Research Team. https://github.com/Semmle/SecurityExploits
CVE-2016-2107简单test程序 https://github.com/FiloSottile/CVE-2016-2107
CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547
一些漏洞和0day的blog https://github.com/pierrekim/pierrekim.github.io JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial
JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits
Jenkins cli漏洞 https://github.com/CaledoniaProject/jenkins-cli-exploit
CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe
web攻击的范例docker环境(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp
php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override
An exploit for Apache Struts CVE-2018-11776 https://github.com/mazen160/struts-pwn_CVE-2018-11776
Struts2 S2-045-Nmap NSE script https://github.com/Z-0ne/ScanS2-045-Nmap
SS payloads designed to turn alert(1) into P1 https://github.com/hakluke/weaponised-XSS-payloads
XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost
scap安全指导 https://github.com/OpenSCAP/scap-security-guide
相对偏学术方向,有不少书籍、会议、报告等推荐 https://github.com/re-pronin/awesome-vulnerability-research
偏Web向的常见漏洞类型案例指导 https://github.com/ngalongc/bug-bounty-reference
13年到现在数十个CVE漏洞的PoC https://github.com/qazbnm456/awesome-cve-poc
恶意软件脚本集 https://github.com/seifreed/malware-scripts
Awesome XSS stuff https://github.com/s0md3v/AwesomeXSS
一大波常见Web攻击Payloads https://github.com/foospidy/payloads
后门仓库,包括各语言直接绑定和反射式的后门,后门加密以及Stager https://github.com/0x00-0x00/ShellPop
常见Web攻击Payloads https://github.com/swisskyrepo/PayloadsAllTheThings
OS X命令行、PowerShell命令行、Google Dorks、Shodan、exploit开发、Java反序列化等列表 https://github.com/coreb1t/awesome-pentest-cheat-sheets
漏洞赏金计划集合和著名赏金猎人博客列表 https://github.com/djadmin/awesome-bug-bounty
Exploit开发学习资源 https://github.com/FabioBaroni/awesome-exploit-development
mimic is a tool for covert execution on Linux x86_64. https://github.com/emptymonkey/mimic
二进制EXP编写工具 https://github.com/t00sh/rop-tool
CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools
python写的pwning开发IO库 https://github.com/zTrix/zio
跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida
收集或编写各种漏洞PoC、ExP https://github.com/bollwarm/POC-EXP
xray:一款完善的安全评估工具,支持常见 web 安全问题扫描和POC自定义 https://github.com/chaitin/xray
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善 https://github.com/Mr-xn/Penetration_Testing_POC
基于Docker-Compose的漏洞预构建环境https://vulhub.org https://github.com/vulhub/vulhub
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Dubbo、Shiro、CAS、Tomcat、RMI等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。 https://github.com/threedr3am/learnjavabug
CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC
python3批量poc检测工具 https://github.com/saucer-man/saucerframe
AJPy aims to craft AJP requests in order to communicate with AJP connectors. https://github.com/hypn0s/AJPy