Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Fast web fuzzer written in Go

A next-generation crawling and spidering framework.

In-depth attack surface mapping and asset discovery

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

The Havoc Framework

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入

An OOB interaction gathering server and client library

EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具

Expose local http, tcp or websocket connections to the public internet

A powerful browser crawler for web vulnerability scanners

Contextual Content Discovery Tool

微信小程序反编译工具，.wxapkg 文件扫描 + 解密 + 解包工具

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Golang实现的IP代理池

Fast and customizable subdomain wordlist generator using DSL

自用的动态代理小工具

GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)

An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应靶站的工具

随机代理

监控 MySQL 执行语句并实时打印的工具 🤖️

WeblogicScan一键检测