Wordlists for creating statistically likely username lists for use in password attacks and security testing

Active Directory certificate abuse.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

自研JavaFX图形化漏洞扫描工具，支持ThinkPHP 2.x RCE，Thinkphp5 5.0.22/5.1.29RCE，ThinkPHP5 5.0.23RCE和ThinkPHP5 SQL注入漏洞和敏感信息泄露漏洞的漏洞检测，以及命令执行的功能。漏洞POC基本适用ThinkPHP全版本漏洞。

一个全新的敏感文件发现工具

一个安全工具集合平台，用来提高乙方安全人员的工作效率，请勿用于非法项目

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

正方教务系统源码

Web安全测试中常用的爆破字典，包括网站后台、文件包含、WebShell密码、常用管理员用户名及密码等等！

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

XSS平台 CTF工具 Web安全工具

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A simple wrapper around libpcap for the Go programming language

List of awesome penetration testing resources, tools and other shiny things

🎉 第二版 🎉 — 从零开始构建 JavaScript 技术栈

Tabler is free and open-source HTML Dashboard UI Kit built on Bootstrap 4

translate project of Drops

A simple Blockchain in Python

30 seconds of code 中文版翻译。收集有用的 Javascript 片段, 你可以在30秒或更少的时间里理解。

A face detection library in 200 lines of JavaScript

从零开始构建 JavaScript 技术栈

eslint-config-airbnb 中文版

A list of web application security

爆破字典

HERCULES is a special payload generator that can bypass antivirus softwares.