A Security Tool for Bug Bounty, Pentest and Red Teaming.

SecGPT网络安全大模型

Python ProxyPool for web spider

Free proxy list UPDATED HOURLY! -- for api visit

JackProxy: 一个高性能SOCKS5代理客户端，支持自动代理池管理、负载均衡和连接保持。跨平台支持(Windows/macOS/Linux)，易于配置和使用。

Face SDK: Liveness, quality and matching.

Zero shot vulnerability discovery using LLMs

OneForAll是一款功能强大的子域收集工具

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

CVS is a powerful comprehensive attack surface management platform. 森罗万象-强大的网络空间测绘、资产管理、漏洞扫描等全生命漏洞周期的综合攻击面管理平台，化繁为简，以一御百。

XposedBridgeApi54~89

The Java part of the Xposed framework.

Braintree SDK for Android

Flutter Reverse Engineering Framework

Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.

Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets

arl灯塔自动化扫描工具

无状态子域名爆破工具

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

A powerful JavaScript monitoring tool for bug bounty hunters. Track changes in JavaScript files across websites, detect new attack surfaces, and stay ahead of security vulnerabilities.

Private key usage verification

子域名爆破，增加了智能爬虫功能

This repository contains documentation for developers to use to call Selling Partner APIs.

主动获取js中敏感信息

Find, verify, and analyze leaked credentials

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

Find secrets with Gitleaks 🔑