Local Exploit for Meltdown https://github.com/dendisuhubdy/meltdown
Meltdown Spectre PoC https://github.com/paboldin/meltdown-exploit
Meltdown/Spectre PoC 源码集合 https://github.com/turbo/KPTI-PoC-Collection
meltdownspectre补丁 https://github.com/hannob/meltdownspectre-patches
SpecuCheck meltdownspectre win下检查工具 https://github.com/ionescu007/SpecuCheck
Linux本地root提权 https://github.com/5H311-1NJ3C706/local-root-exploits
漏洞研究集合 https://github.com/sergey-pronin/Awesome-Vulnerability-Research
Snyk漏洞库 https://github.com/snyk/vulndb
哈希长度扩展攻击EXP https://github.com/citronneur/rdpy
JAVA反序列化漏洞相关资源列表 https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
JBOSS verify & exp tool https://github.com/joaomatosf/jexboss
安卓十月漏洞POC https://github.com/jiayy/android_vuln_poc-exp
在sebug提交的漏洞详情及poc https://github.com/ganliuzhuo/Sebug
PacketWhisper:使用DNS查询和文本隐藏技术 https://github.com/TryCatchHCF/PacketWhisper
ExploitDB官方git版本 https://github.com/offensive-security/exploit-database
php漏洞代码分析 https://github.com/80vul/phpcodz
Parse: PHP安全扫码器 https://github.com/psecio/parse
NodeJsScan-Node.js应用静态安全代码扫码器 https://github.com/ajinabraham/NodeJsScan
proof-of-concept exploits developed by the Semmle Security Research Team. https://github.com/Semmle/SecurityExploits
CVE-2016-2107简单test程序 https://github.com/FiloSottile/CVE-2016-2107
CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547
一些漏洞和0day的blog https://github.com/pierrekim/pierrekim.github.io JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial
JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits
Jenkins cli漏洞 https://github.com/CaledoniaProject/jenkins-cli-exploit
CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe
web攻击的范例docker环境(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp
php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override
An exploit for Apache Struts CVE-2018-11776 https://github.com/mazen160/struts-pwn_CVE-2018-11776
Struts2 S2-045-Nmap NSE script https://github.com/Z-0ne/ScanS2-045-Nmap
XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost
scap安全指导 https://github.com/OpenSCAP/scap-security-guide
相对偏学术方向,有不少书籍、会议、报告等推荐 https://github.com/re-pronin/awesome-vulnerability-research
偏Web向的常见漏洞类型案例指导 https://github.com/ngalongc/bug-bounty-reference
13年到现在数十个CVE漏洞的PoC https://github.com/qazbnm456/awesome-cve-poc
恶意软件脚本集 https://github.com/seifreed/malware-scripts
Awesome XSS stuff https://github.com/s0md3v/AwesomeXSS
一大波常见Web攻击Payloads https://github.com/foospidy/payloads
后门仓库,包括各语言直接绑定和反射式的后门,后门加密以及Stager https://github.com/0x00-0x00/ShellPop
常见Web攻击Payloads https://github.com/swisskyrepo/PayloadsAllTheThings
OS X命令行、PowerShell命令行、Google Dorks、Shodan、exploit开发、Java反序列化等列表 https://github.com/coreb1t/awesome-pentest-cheat-sheets
漏洞赏金计划集合和著名赏金猎人博客列表 https://github.com/djadmin/awesome-bug-bounty
Exploit开发学习资源 https://github.com/FabioBaroni/awesome-exploit-development
mimic is a tool for covert execution on Linux x86_64. https://github.com/emptymonkey/mimic
二进制EXP编写工具 https://github.com/t00sh/rop-tool
CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools
python写的pwning开发IO库 https://github.com/zTrix/zio
跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida