https://linux-audit.com/ - Linux Audit - Linux Security: Auditing, Hardening and Compliance

The Linux security blog about Auditing, Hardening, and Compliance

https://github.com/0xInfection/Awesome-WAF - Everything awesome about web-application firewalls (WAF)

Everything awesome about web application firewalls (WAFs).

https://github.com/SecWiki/windows-kernel-exploits - windows-kernel-exploits

windows-kernel-exploits Windows平台提权漏洞集合

https://github.com/SecWiki/linux-kernel-exploits - linux-kernel-exploits

linux-kernel-exploits Linux平台提权漏洞集合

https://github.com/SecWiki/android-kernel-exploits - android-kernel-exploits

android kernel exploits漏洞集合 https://www.sec-wiki.com

https://github.com/SecWiki/macos-kernel-exploits - macos-kernel-exploits

macos-kernel-exploits MacOS平台提权漏洞集合 https://www.sec-wiki.com

https://github.com/SecWiki/office-exploits - office-exploits

office-exploits Office漏洞集合 https://www.sec-wiki.com

https://github.com/SecWiki

SecWiki http://www.sec-wiki.com

https://github.com/FallibleInc/security-guide-for-developers - Security Guide for Developers

A practical security guide for web developers (Work in progress)

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities

A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.

https://github.com/frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

https://github.com/danielmiessler/SecLists - SecLists is the security tester's companion

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

https://github.com/swisskyrepo/PayloadsAllTheThings - Payloads All The Things

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

https://github.com/fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery

FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.

https://github.com/j3ers3/PassList - PassList

👍 Awesome password to hack

https://www.sec-wiki.com/ - SecWiki-安全维基,汇集国内外优秀安全资讯、工具和网站

SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐, 专注安全领域最新资讯、专题和导航，做高质量聚合与评论

Open Web Application Security Project (OWASP) - https://www.owasp.org/
Web Application Security Consortium - http://www.webappsec.org/
Openwall - http://www.openwall.com/
SecuriTeam - http://www.securiteam.com/
XSSed - http://xssed.com/
WooYun.org - http://wooyun.org/
FreeBuf.COM关注黑客与极客 - http://www.freebuf.com/
Nuclear'Atk 网络安全研究中心 - http://lcx.cc/
SCAP安全内容自动化协议中文社区 - http://www.scap.org.cn/
Sebug Security Vulnerability(SSV) DB - http://sebug.net/
Software Assurance Maturity Model (SAMM) http://www.opensamm.org/
Exploits Database by Offensive Security - http://www.exploit-db.com/

http://new.cpc.com.tw/file/life/ - FIRST.org / FIRST - Improving security together

https://github.com/CaiJiJi/VulScritp - VulScritp

内网渗透脚本

https://github.com/SecWiki/WebShell-2 - Webshell
https://github.com/xl7dev/WebShell - Webshell

This is a webshell open source project https://github.com/xl7dev/WebShell