SoraWebui is an open-source Sora web client, enabling users to easily create videos from text with OpenAI's Sora model.

这是一款提高ChatGPT的数据安全能力和效率的插件。并且免费共享大量创新功能，如：自动刷新、保持活跃、数据安全、取消审计、克隆对话、言无不尽、净化页面、展示大屏、拦截跟踪、日新月异、明察秋毫等。让我们的AI体验无比安全、顺畅、丝滑、高效、简洁。

An integrated BurpSuite vulnerability detection plug-in.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Cobalt Strike < 4.4 dos CVE-2021-36798

Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)

WEB安全手册(红队安全技能栈)，漏洞理解，漏洞利用，代码审计和渗透测试总结。【持续更新】

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

信息安全面试题汇总

📚 Freely available programming books

JumpServer is an open-source Privileged Access Management (PAM) platform that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints…

🔥 🔥 🔥 Open Source Airtable Alternative

A lightning-fast search engine API bringing AI-powered hybrid search to your sites and applications.

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Free, open source crypto trading bot

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

这是一个抓取浏览器密码的工具，后续会添加更多功能

Arsenal is just a quick inventory and launcher for hacking programs

A tool to make socks connections through HTTP agents

Open Source Vulnerability Management Platform

Hunting queries and detections

Wiki-like CTF write-ups repository, maintained by the community. 2015

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Intranet penetration tools

一款适用于红蓝对抗中的仿真钓鱼系统

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…