domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

一个关于PHP的代码审计项目

关于ThinkPHP框架的历史漏洞分析集合

Binaries for the CodeQL CLI

Actions for running CodeQL analysis

Codeql学习笔记

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

快速搭建各种漏洞环境(Various vulnerability environment)

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

The all-in-one browser extension for offensive security professionals 🛠

List of Awesome CobaltStrike Resources

Metasploit Framework

Laravel is a web application framework with expressive, elegant syntax. We’ve already laid the foundation for your next big idea — freeing you to create without sweating the small things.

An integrated BurpSuite vulnerability detection plug-in.

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

WebGoat is a deliberately insecure application

Pre-Built Vulnerable Environments Based on Docker-Compose

🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

The Browser Exploitation Framework Project

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflo…

NoMoney 是一款集成了fofa，奇安信的鹰图平台，360quake，且完全免费的信息收集工具。fofa 借助爬虫实现，其余平台利用各自的api进行信息收集。

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.

Gather and update all available and newest CVEs with their PoC.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现。已有19w+POC，已校验格式的有效性并去重（验证的是格式的有效性）

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

各种漏洞poc、Exp的收集或编写

一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.