A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clusters.

提取远程 git 泄露或本地 git 的工具

A frida tool to dump dex in memory to support security engineers analyzing malware.

域控安全one for all

Yet Another Golang binary parser for IDAPro

高危漏洞精准检测与深度利用框架

A simple script just made for self use for bypassing 403

安全、快捷、高交互、企业级的蜜罐管理系统，护网；支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functi…

A CAT called tabby ( Code Analysis Tool )

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Collection of methodology and test case for various web vulnerabilities.

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exc…

基于领英的企业用户名收集

👻Stowaway -- Multi-hop Proxy Tool for pentesters

A system for distributing and managing secrets

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

通用web弱口令破解脚本，旨在批量检测那些没有验证码的管理后台，可用于刷分~

工欲善其事，必先利其器

代码审计相关的一些知识

The cheat sheet about Java Deserialization vulnerabilities

安全场景、基于AI的安全算法和安全数据分析业界实践

Collection of CTF Web challenges I made

Minimal code to connect to a CEF debugger.

Redress - A tool for analyzing stripped Go binaries

又一款敏感文件泄漏检测工具