Starred repositories
a powerful tool designed to automate the detection of Server-Side Request Forgery (SSRF) and Open Redirect vulnerabilities
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more.
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
Update Xray1.9.11 Cracked for Windows,Linux and Mac OS.
已集成到 jar-analyzer 中 https://github.com/jar-analyzer/jar-analyzer
Deserialization payload generator for a variety of .NET formatters
davidkevork / reverse-sourcemap
Forked from paazmaya/shuji🔭 Reverse engineering JavaScript and CSS sources from sourcemaps
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
Go CLI and Library for quickly mapping organization network ranges using ASN information.
Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.