The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Malicious traffic detection system

Metasploit Framework

The Python programming language

Open-source, self-hosted note-taking tool built for quick capture. Markdown-native, lightweight, and fully yours.

Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀

NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enumeration te…

Nightingale is to monitoring and alerting what Grafana is to visualization.

📦 Make security testing of K8s, Docker, and Containerd easier.

Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.

Small and highly portable detection tests based on MITRE's ATT&CK.

PandaWiki 是一款 AI 大模型驱动的开源知识库搭建系统，帮助你快速构建智能化的 产品文档、技术文档、FAQ、博客系统，借助大模型的力量为你提供 AI 创作、AI 问答、AI 搜索等能力。

Find, verify, and analyze leaked credentials

Cross Platform Terminal UI toolkit for .NET

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

Adversary tradecraft detection, protection, and hunting

Obfuscate Go builds

DNS Enumeration Script

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

Daily feed of bad IPs (with blacklist hit scores)

爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)

Convert code from C# to VB.NET and vice versa using Roslyn

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

The most widely used Python to C compiler

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

A fast, simple, recursive content discovery tool written in Rust.

Pre-Built Vulnerable Environments Based on Docker-Compose

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…