CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

各种漏洞poc、Exp的收集或编写

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles

一款部署于云端或本地的隧道代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

Notes about attacking Jenkins servers

TideFinger——指纹识别小工具，汲取整合了多个web指纹库，结合了多种指纹检测方法，让指纹检测更快捷、准确。

收集的文章 https://mrwq.github.io/tools/paper/

WEB安全手册(红队安全技能栈)，漏洞理解，漏洞利用，代码审计和渗透测试总结。【持续更新】

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

文本盲水印：把信息隐匿到文本中，put invisible blind watermark into a text.

微信小程序辅助渗透-自动化

一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

一款信息泄漏利用工具，适用于.git/.svn/.DS_Store泄漏和目录列出

基于Frida的脱壳工具

基于Memprocfs和Volatility的可视化内存取证工具

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

Bypass firewall for traffic forwarding using webshell

Flutter Reverse Engineering Framework

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

Burp Plugin to Bypass WAFs through the insertion of Junk Data

MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize

OA综合利用工具，集合将近20款OA漏洞批量扫描

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…

阿里云accesskey利用工具

六大云存储，泄露利用检测工具