This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

《安卓逆向这档事》

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

🎉跨平台的剪贴板管理工具 | Cross-platform clipboard management tool

JavaScript API for Chrome and Firefox

GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)

Corax for Java: A general static analysis framework for java code checking.

Argo is an automated general crawler for automatically obtaining website URLs . Argo 是一个自动化扫描器爬虫 用于自动化获取网站的URL 基于go-rod实现了静态和动态结合的方式来实现

基于chrome、firefox插件的被动式信息泄漏检测工具

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

An enterprise friendly way of detecting and preventing secrets in code.

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables, designed to handle billions of files with O(1) disk access and effortless horizontal scaling.

ServerBox - server status & toolbox

学习安全运营的记录 | The knowledge base of security operation

WebGoat is a deliberately insecure application

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

本文详细分析了 Github Copilot 这个基于机器学习的代码自动补全工具的实现原理。作者通过逆向工程的方式,深入探索了 Copilot 的核心逻辑,包括代码提示的入口、获取提示的核心方法、以及相关的缓存策略、实验特性等。

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Asset inventory of over 800 public bug bounty programs.

Android APP漏洞之战系列，主要讲述如何快速挖掘APP漏洞

JARVIS, a system to connect LLMs with ML community. Paper: https://arxiv.org/pdf/2303.17580.pdf

为GPT/GLM等LLM大语言模型提供实用化交互接口，特别优化论文阅读/润色/写作体验，模块化设计，支持自定义快捷按钮&函数插件，支持Python和C++等项目剖析&自译解功能，PDF/LaTex论文翻译&总结功能，支持并行问询多种LLM模型，支持chatglm3等本地模型。接入通义千问, deepseekcoder, 讯飞星火, 文心一言, llama2, rwkv, claude2, m…

AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.