Scoop-Buket for Penetration Suite Toolkit - Windows渗透测试工具仓库For Scoop

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

HaE - BurpSuite Highlighter and Extractor

XRN 是一个面向跨平台应用开发的 React Native 一体化解决方案，旨在为开发者提供统一的 应用开发、构建、发布、依赖管理 能力，并支持灵活的业务模块化扩展。

network visualization & pentest reporting

洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。

Detect Tactics, Techniques & Combat Threats

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

Security Paper

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform…

BCS（北京网络安全大会）2019 红队行动会议重点内容

一些漏洞检测/利用脚本

关于大数据的面试题，包括hadoop、hbase、hive、spark、storm、zookeeper、kafka、flume、logstash、redis、ELK、ETL、算法等等，持续更新中

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, securit…

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

平时用到的注入模板

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python3编写的CMS漏洞检测框架

攻击日志分析工具

CMS和中间件指纹库

My NSE Scripts

Python2编写的struts2漏洞全版本检测和利用工具

Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)

100-Days-Of-ML-Code中文版

🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)

TangScan

《Chrome插件开发全攻略》配套完整Demo，欢迎clone体验

Study Notes For Web Hacking / Web安全学习笔记