1337 Wordlists for Bug Bounty Hunting

二进制漏洞扫描

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

📖 从 0 到 1，系统化学习 Android 逆向，让学习变得有趣、好玩、易上手！

Latest CVEs with their Proof of Concept exploits.

A tool for adding new lines to files, skipping duplicates

📚 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计

Vulnerability research assistant that locates calls to potentially insecure API functions in a binary file.

A True Instrumentable Binary Emulation Framework

A Frida based tool that traces usage of the JNI API in Android apps.

一款64位Exe程序动态追踪执行流程以及保存信息的工具

A collection of JavaScript engine CVEs with PoCs

APT & CyberCriminal Campaign Collection

专注于非越狱环境下iOS应用逆向研究，从dylib注入，应用重签名到App Hook

Work in progress...

As a bug hunter, are your bug bounty reports getting rejected because you don't use a "malicious" Proof of Concept (PoC) app to exploit the vulnerabilities? I've got you covered!

Reverse engineering and pentesting for Android applications

Generate Frida bypass scripts for Android APK root and SSL checks.

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

😜 记录日常的开发技巧，开发中遇到的技术重点、难点，各个知识点的总结，优质面试题等等。持续更新...

开源的安卓全版本ROM处理工具

Extracts URLs from OSINT Archives for Security Insights

Analyze HTTP and DNS requests and create custom DNS records for your subdomain

A powerful Burp Suite extension that helps in converting requests between different formats, making web application testing more efficient.