大宝剑-边界资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

SMBExec C# module

承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能

A fast DOM based XSS vulnerability scanner with simplicity.

Script to steal passwords from ssh.

webhook is a lightweight incoming webhook server to run shell commands

⛷ Lightweight Markdown app to help you write great sentences. 轻灵的 Markdown 笔记本伴你写出妙言

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

Mimikatz implementation in pure Python

Some setup scripts for security research tools.

ModHeader for Selenium

Automatic SSRF fuzzer and exploitation tool

This repository is currently only used for issue tracking for www.regex101.com

An executable to convert SOCKS5 proxy into HTTP proxy

Various Cobalt Strike BOFs

云函数代理服务

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

PowerShell Script Obfuscator

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

A crossplatform mDNS enumeration tool.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Simple HS256, HS384 & HS512 JWT token brute force cracker.

Rust library for walking directories recursively.

Irregular methods on regular expressions

Source code of exploiting windows API for red teaming series

Accurately Locate Smartphones using Social Engineering