二开KillWxapkg项目，添加实时检测和开启web端服务

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it sign…

Get acquisitions by scraping titles of crunchbase.

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

A cheatsheet for exploiting server-side SVG processors.

一款代码审计辅助插件

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

JSNinja is a powerful tool designed for security researchers and developers looking to extract sensitive information and Urls from JavaScript files.

riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议，将请求发送的自身浏览器中，从而绕过了瑞数WAF的检测。

ShodanX is a tool to gather information of targets using shodan dorks⚡.

Burp插件，快速探测可能存在SQL注入的请求并标记，提高测试效率

AutoBypass403-BurpSuite 插件二开重构，优化执行逻辑

Looks for parameters in urls

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).

服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件

“铲子”是一款简单易用的JAVA SAST工具，旨在为安全工程师提供一款简单、好用、价格厚道的代码安全扫描产品，支持语言: java（Servlet、spring、dubbo、thirft、mybatis、jsp） ，采用轻量级污点分析，铲子会将java、xml（mybatis、dubbo）等统一构建数据流图，然后进行污点分析，无需编译，也可以反编译扫描jar或class，内置了 sql 注…

目标是成为当下最完善的API挖掘工具，实现自动提取响应敏感信息、URI信息，并且对URI进行自动|手动递归检查

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.

SubOwner - A Simple tool check for subdomain takeovers.

Chrome extension for automating CSPT discovery

A tech enumeration toolkit focused on 404 Not found pages.

dirsx 是一款能够自动化过滤扫描结果的目录扫描工具

The Ultimate Information Gathering Toolkit

yuque 语雀知识库下载

🔥🕷️ Crawl4AI: Open-source LLM Friendly Web Crawler & Scrapper

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

Improve your recon with this list of the most used subdomains for each ccTLD.

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.