Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

xp_CAPTCHA(瞎跑 白嫖版) burp 验证码 识别 burp插件

大模型基础: 一文了解大模型基础知识

侦查守卫(ObserverWard)的指纹库

PoC: fully unprivileged container escape to node-level code execution on Kubernetes via CVE-2026-31431 page-cache corruption + shared image layers. Validated on Alibaba Cloud ACK, Amazon EKS and Go…

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

🧠「大模型」2小时完全从0训练64M的小参数LLM！Train a 64M-parameter LLM from scratch in just 2h!

渗透测试常用密码字典合集(持续更新)

The great THC-HYDRA tool compiled for Windows

Hydra is a framework for elegantly configuring complex applications

基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本（动态执行Java/Js代码并获得回显）

Exploit for CVE-2025-55182 & CVE-2025-66478

Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency

Recent CVE PoC & reproduction scripts. Focused on high-severity vulnerabilities across Linux kernel, Windows, macOS and more.

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Robust Speech Recognition via Large-Scale Weak Supervision

SRK Toolbox - a web app (based on CyberChef) for encryption, encoding, compression and data analysis, translated to Chinese locale

Web path scanner

jQuery-XSS-poc

A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040)

哥斯拉

CSTServer全球云服务器：高性能裸金属，CN2直连线路，性价比之选

基于 Y4er/ysoserial 与 marshalsec 的 Java 反序列化利用 GUI 工具，集成 Payload 生成、JNDI Reference、LDAP 反序列化与调用图编辑。

AICryptoProxy 是一个基于 Claude Code(https://claude.ai/code) + MCP(https://docs.claude.ai) 的智能渗透测试框架，专为解决前端加密 Web 应用的流量加解密问题而设计。

A little toolbox to play with Microsoft Kerberos in C

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.