Linux应急处置/信息搜集/漏洞检测工具，支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

高性能 HTTP 正向代理工具 | A high-performance http tunneling tool

The one and only one gfwlist here

A rule-based tunnel for Android.

A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services

No root required Android DNS modifier and Hosts/DNSMasq resolver.

Playwright MCP server

DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全匿名 产品(fuzz.red)，Alphalog与传统DNSLog不同，更快、更安全。

Pre-Built Vulnerable Environments Based on Docker-Compose

The SPIFFE Runtime Environment

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)

Vitess is a database clustering system for horizontal scaling of MySQL.

面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams

Collection of publicly available IPTV channels from all over the world

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

👻Stowaway -- Multi-hop Proxy Tool for pentesters

A Security Tool for Bug Bounty, Pentest and Red Teaming.

📦 Make security testing of K8s, Docker, and Containerd easier.

A tool for secrets management, encryption as a service, and privileged access management

一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Automatic Yara Rule Generation

一个攻防知识库。A knowledge base for red teaming and offensive security.

一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.