a powerful tool designed to automate the detection of Server-Side Request Forgery (SSRF) and Open Redirect vulnerabilities

DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more.

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

JNDI在java高版本的利用工具,FUZZ利用链

Memshell-攻防内存马研究

内网渗透过程中搜寻指定文件内容，从而找到突破口的一个小工具

主要用来更新应用漏洞

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

yuque 语雀知识库下载

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

一个辅助挖掘xss漏洞的工具

java-web 自动化鉴权绕过

一款burp插件,请看简介

Update Xray1.9.11 Cracked for Windows,Linux and Mac OS.

已集成到 jar-analyzer 中 https://github.com/jar-analyzer/jar-analyzer

Golang Malware Framework

Deserialization payload generator for a variety of .NET formatters

🔭 Reverse engineering JavaScript and CSS sources from sourcemaps

哥斯拉webshell管理工具二次开发规避流量检测设备

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

内网横向利用工具，用于ssh wmiexec等常规服务，也可以当作一个数据库执行命令工具

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

Libra [ 天秤座 ] | 网站篡改、暗链、死链监测平台

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Burp suite 分块传输辅助插件

CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.

Go CLI and Library for quickly mapping organization network ranges using ASN information.

用于Webshell木马免杀、流量加密传输，多多支持star

Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.