Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

Fastjson姿势技巧集合

Tools to work with android .dex and java .class files

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。

FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

强化fscan的漏扫POC库

SQL 审核查询平台

Biny is a tiny, high-performance PHP framework for web applications

FastGPT is a knowledge-based platform built on the LLMs, offers a comprehensive suite of out-of-the-box capabilities such as data processing, RAG retrieval, and visual AI workflow orchestration, le…

linux-kernel-exploits Linux平台提权漏洞集合

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrar…

Path traversal in Ollama with rogue registry server

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…

这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描

一款java漏洞集合工具

LC（List Cloud）是一个多云攻击面资产梳理工具

Continuous Inspection

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios.

Apache JMeter open-source load testing tool for analyzing and measuring the performance of a variety of services

BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.

MeterSphere 是新一代的测试管理和接口测试工具，让软件测试工作更简单、更高效，不再成为持续交付的瓶颈。

自动化漏洞扫描系统，包括IP基础信息探测模块(位置、属性、操作系统、端口、绑定的域名、公司名称、公司位置信息、网站标题、CDN信息、绑定网站指纹、子域名)，漏洞扫描模块，(weblogic、struts2、nuclei、xray、rad、目录扫描、js链接扫描、端口扫描、调用威胁情报抓取历史绑定url、网站指纹、信息泄露、vulmap、afrog、fscan、DNS日志、shiro、spri…

CMAK is a tool for managing Apache Kafka clusters

The Cloud Native Application Proxy

CVE-2023-25157 - GeoServer SQL Injection - PoC

ScopeSentry-网络空间测绘、子域名枚举、端口扫描、敏感信息发现、漏洞扫描、分布式节点