A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Information gathering framework for phone numbers

Fast web fuzzer written in Go

Open-Source Phishing Toolkit

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A next-generation crawling and spidering framework.

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

Fast passive subdomain enumeration tool.

Directory/File, DNS and VHost busting tool written in Go

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

A vulnerability scanner for container images and filesystems

Adversary Emulation Framework

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

A Tool for Domain Flyovers

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

📦 Make security testing of K8s, Docker, and Containerd easier.

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

A Security Tool for Bug Bounty, Pentest and Red Teaming.

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Contextual Content Discovery Tool

The Swiss Army knife for automated Web Application Testing

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...