Web Pentesting Fuzz 字典,一个就够了。

自动化反编译微信小程序，小程序安全评估工具，发现小程序安全问题，自动解密，解包，可还原工程目录，支持Hook，小程序修改

这个项目主要用于辅助测试Swagger的XSS漏洞

ddddocr训练工具

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

面向网络安全从业者的知识文库🍃

梳理【护网高利用率POC】并集成Nuclei模板仓库，针对解决网上同一资产漏洞一键检测工具参次不齐问题。

爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)

Fast web fuzzer written in Go

Gather and update all available and newest CVEs with their PoC.

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

Fofa网络测绘命令汇总（长期更新～）

A Security Tool for Bug Bounty, Pentest and Red Teaming.

essential templates for kenzer [DEPRECATED]

All Nuclei Templates

一个漏洞POC知识库 目前数量 1000+

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1100多个poc/exp，长期更新。

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

451个goby poc，是否后门及重复自行判断，来源于网络收集的Goby&POC，不定时更新。

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

A curated list of GPT agents for cybersecurity

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

.git 泄漏利用工具，可还原历史版本

7kbscan-WebPathBrute Web路径暴力探测工具