Stars
Information Security (Web Security/Penetration Testing Direction) Interview Questions/Solutions 信息安全(Web安全/渗透测试方向)面试题/解题思路
EHole(棱洞)魔改。可对路径进行指纹识别;支持识别出来的重点资产进行漏洞检测(支持从hunter和fofa中提取资产)支持对ftp服务识别及爆破
In-depth attack surface mapping and asset discovery
Tips and Tutorials for Bug Bounty and also Penetration Tests.
This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways. 信息洞察,智探千方!
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations. 赋能白帽,高效作战!
高性能 HTTP 正向代理工具 | A high-performance http tunneling tool
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…
大宝剑-边界资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)
一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …