A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

In-depth attack surface mapping and asset discovery

Fast passive subdomain enumeration tool.

Directory/File, DNS and VHost busting tool written in Go

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

An automated e-mail OSINT tool

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

📦 Make security testing of K8s, Docker, and Containerd easier.

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

边界打点后的自动化渗透工具

netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

The Swiss Army knife for automated Web Application Testing

无状态子域名爆破工具

Quickly discover exposed hosts on the internet using multiple search engines.

一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。

A tool to perform Kerberos pre-auth bruteforcing

Fetch all the URLs that the Wayback Machine knows about for a domain

一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入

a drop-in replacement for Nmap powered by shodan.io

A powerful browser crawler for web vulnerability scanners