Asset inventory of over 800 public bug bounty programs.

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

TestNet资产管理系统（资产管理|信息收集|暴露面管理|子域名扫描|C段扫描|端口扫描|漏洞扫描|Hunter|Fofa）

A curated list of Awesome Threat Intelligence resources

小米 BootLoader《解锁资格答题测试》更新记录

GPT4All: Run Local LLMs on Any Device. Open-source and available for commercial use.

程序语言与编译技术相关资料（持续更新中）

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

A Workflow Engine for Offensive Security

🕵️‍♂️ All-in-one OSINT tool for analysing any website

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Fast Application Layer Scanner

Corax for Java: A general static analysis framework for java code checking.

A collection of one-liners for bug bounty hunting.

AsamF是集成Fofa、Quake、Hunter、Shodan、Zoomeye、Chinaz、0.zone及爱企查的一站式企业信息资产收集、网络资产测绘工具。

Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率。

Attack Surface Management Platform

A next-generation crawling and spidering framework.

Go client to communicate with Chaos DB API.

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Enterprise job scheduling middleware with distributed computing ability.

Distributed high performance task scheduling framework

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

📦 Make security testing of K8s, Docker, and Containerd easier.

Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas

一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入

一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services