📖《内网安全攻防-渗透测试实战指南》

一款基 于Knife4j 的 Swagger 接口自动化测试未授权工具

红队API接口Fuzz字典，WEB安全，渗透测试，API，字典

BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in se…

Burpsuite - Js Route Scan 正则匹配获取响应中的路由进行被动探测与递归目录探测的burp插件

Supports multi-person collaborative penetration testing graphical framework, Lua plug-in extension, domain front-end/CDN online, custom multiple modules, custom sRDI, file management, process manag…

我的电视 电视直播软件，安装即可使用

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

SpringScan 漏洞检测 Burp插件

一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

AntiAV shellcode loader

D-Eyes为M-SEC社区一款检测与响应工具

猫蛋儿安全团队编写的poc能报就能打。企业微信、海康、Metabase、Openfire、泛微OA......

A Clash GUI based on tauri. Supports Windows, macOS and Linux.

Java漏洞靶场

一个攻防知识仓库 Red Teaming and Offensive Security

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Deserialization payload generator for a variety of .NET formatters

🦕 常用正则大全, 支持web / vscode / idea / Alfred Workflow多平台

梳理【护网高利用率POC】并集成Nuclei模板仓库，针对解决网上同一资产漏洞一键检测工具参次不齐问题。

一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

一款代理扫描器

弱口令检测、 漏洞扫描、端口扫描（协议识别，组件识别）、web目录扫描、等保模拟定级、自动化运维、等保工具（网络安全等级保护现场测评工具）内置3级等保核查命令、基线核查工具、键盘记录器

SOCKS4/SOCKS4a/SOCKS5/HTTP/HTTPS fast proxy scanner

A tool to extract the IdP cert from vCenter backups and log in as Administrator

CVE-2021-21972 Exploit

Sudo Baron Samedit Exploit