oneliner commands for bug bounties

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

针对各个系统、服务收集的常见User与Password弱口令字典合集

Dumping App Bound Protected Credentials & Cookies Without Privileges.

参数 | 字典 collections

A modular all-stack network scanner for next-generation internet surveys!

A collection of one-liners for bug bounty hunting.

Hengge team develops JavaScript specifically for loading Webpack for batch reading

A Go implementation of Cobalt Strike style BOF/COFF loaders.

📁 #AISecurity

Agentic LLM Vulnerability Scanner / AI red teaming kit 🧪

收集整理Android开发所需的Android SDK、开发中用到的工具、Android开发教程、Android设计规范，免费的设计素材等。

👩🏿‍💻👨🏾‍💻👩🏼‍💻👨🏽‍💻👩🏻‍💻中国独立开发者项目列表 -- 分享大家都在做什么

A modular vulnerability scanner with automatic report generation capabilities.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SwordfishSuite - Web安全测试利器 一款轻量、高速、插件化的现代Web安全测试工具，专为安全研究员和渗透测试者打造。 ✨ 核心特性： 智能代理：无缝拦截与修改HTTP/S请求，流畅度超越BurpSuite。 高度集成：集成云端虚拟手机，快速定位APP漏洞。 强大插件：支持自定义Python扩展插件，轻松定制专属功能。 直观界面：提供清晰直观的GUI操作体验。 致力于成为安全…

Fenrir 是一个基于 MCP 协议与 AST 技术的代码审计工具，旨在解决安全研究与自动化代码审计领域中，面对大规模、结构复杂甚至反编译代码时，传统代码搜索与分析手段效率低、准确性差的问题。

AIL framework - Analysis Information Leak framework

Ultra-high-performance, secure, all-in-one acceleration engine for developer resources whose performance far surpasses traditional accelerators, delivering a unified, efficient acceleration experie…

在Burp的两端部署基于mitmproxy的上下游代理，以应对HTTP请求的加密传输问题，得益于mitmproxy为Python提供了丰富的API。

开源的端到端产品级通用智能体

Kyanos is a networking analysis tool using eBPF. It can visualize the time packets spend in the kernel, capture requests/responses, makes troubleshooting more efficient.

Buttercup finds and patches software vulnerabilities

《一人企业方法论》第二版，也适合做其他副业（比如自媒体、电商、数字商品）的非技术人群。

jxscout superpowers JavaScript analysis for security researchers

猫鼠信安应急响应工具包

红队武器库漏洞利用工具合集整理

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

💖🧸 Self hosted, you owned Grok Companion, a container of souls of waifu, cyber livings to bring them into our worlds, wishing to achieve Neuro-sama's altitude. Capable of realtime voice chat, Minec…