Peirates - Kubernetes Penetration Testing tool

强大的敏感信息搜索工具

A flexible scanner

Pillager是一个适用于后渗透期间的信息收集工具

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…

Fast web fuzzer written in Go

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

多功能 java agent 内存马

解密oss-browser里面sqlite加密存放的数据

WatchAD2.0是一款针对域威胁的日志分析与监控系统

A list for Web Security and Code Audit

高性能 HTTP 正向代理工具 | A high-performance http tunneling tool

JNDI在java高版本的利用工具,FUZZ利用链

一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接

A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.

FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件，目前兼容 Chrome、Firefox、Opera。

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

一个以python3编写的的漏洞检测框架，可自定义，添加poc，exp，，不需要修改其他内容，只需要编写POC自动执行检测

A cross-platform password harvester for known softwares (Chrome / Chromium, Firefox, Internet Explorer / MS Edge, FileZilla)

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

Watchdog是bayonet修改版，重新优化了数据库及web及扫描程序,加入多节点

Credentials recovery project

Java web common vulnerabilities and security code which is base on springboot and spring security

WebGoat is a deliberately insecure application

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-sto…

本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫描.前端采用vue技术,后端采用python fastapi.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统