A lightweight active and passive scanner that combines the advantages of local and distributed models, supports dynamic external plugin import, and is dedicated to exploring web black-box vulnerabi…

复杂请求下的Shiro反序列化利用工具

知道创宇研发技能表

Chrome-RCE-Poc

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

A lightweight reverse proxy server that converts TLS traffic to TCP, allowing secure communication between clients and upstream servers.

综合漏洞后渗透利用工具

最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.

华顺信安技术羊皮卷

一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.

Advanced SQL Injection Techniques for Bug Bounty Hunters

阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具，accesskey利用工具，包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,aws accesskey rce;remote command execute

A habit tracker app which treats your goals like a Role Playing Game.

This repository contains a number of insecure self-hosted applications that allows interested security engineers to test vulnerabilities found by Portswigger Research team.

A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions

ARL（灯塔系统）替换子域名字典和路径扫描字典

一款提高安全测试效率的工具

一个经典的XSS渗透管理平台

爬网站JS文件，自动fuzz api接口，指定api接口（针对前后端分离项目，可指定后端接口地址），回显api响应

一款网页批量截图工具

WeblogicTool，GUI漏洞利用工具，支持漏洞检测、命令执行、内存马注入、密码解密等（深信服深蓝实验室天威战队强力驱动）

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Web弱密码爆破工具, 驱动浏览器进行弱密码爆破, 支持所有Web系统. 协程练手项目

DOM fuzzer

🦀️ 一个完全使用Rust编写的代理池工具，从网络搜索socks5代理，检测可用性之后开启socks5代理服务。A proxy pool tool completely written in Rust, which searches for SOCKS5 proxies from the network, and after checking their availability, star…

记录安全方面的笔记/工具/漏洞合集

《Golang修养之路》本书针对Golang专题性热门技术深入理解，修养在Golang领域深入话题，脱胎换骨。