Dom based XSS scanner.

MCP Server for Ghidra

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

Set of tools to assess and improve LLM security.

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

Script for searching the extracted firmware file system for goodies!

基础反检测 frida-server / Basic anti-detection frida-server

类似按键精灵的鼠标键盘录制和自动化操作 模拟点击和键入 | automate mouse clicks and keyboard input

Burp Plugin to Bypass WAFs through the insertion of Junk Data

jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

gRPC-Web Pentesting Suite + Burp Suite Extension / Hack gRPC-Web Applications (Official BApp Extension Available)

Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

IDEA静态代码安全审计及漏洞一键修复插件

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

一个用于前端加密Fuzz的Burp Suite插件

Burp Suite Certified Practitioner Exam Study

the LLM vulnerability scanner

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

“冰蝎”动态二进制加密网站管理客户端

❄️冰蝎客户端源码-V4.0.6🔞

开源社区第一个能下载、能运行的中文 LLaMA2 模型！

应急响应指南 / emergency response checklist

A browser extension for Penetration Testing

基于chrome、firefox插件的被动式信息泄漏检测工具

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.