一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

自动抓取微信公众号安全漏洞文章，转换为Markdown格式并建立本地知识库，每日持续更新。本项目(https://github.com/4ESTSEC/wxvl) [基于] [原版wxvl](https://github.com/20142995/wxvl) 进行扩展。

Latest CVEs with their Proof of Concept exploits.

Scoop-Buket for Penetration Suite Toolkit - Windows渗透测试工具仓库For Scoop

Pre-Built Vulnerable Environments Based on Docker-Compose

XRN 是一个面向跨平台应用开发的 React Native 一体化解决方案，旨在为开发者提供统一的 应用开发、构建、发布、依赖管理 能力，并支持灵活的业务模块化扩展。

Study Notes For Web Hacking / Web安全学习笔记

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件

各大漏洞文库合集

🔥Open source RASP solution

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

network visualization & vulnerability management/reporting

枚举注册网站撞库，注册过哪些网站?输入邮箱或手机号,一搜便知。此项目模仿reg007(https://www.reg007.com/)功能 ，但不是该网站源码。

Web Pentesting Fuzz 字典,一个就够了。

在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..

Windows 下的提权大合集

BCS（北京网络安全大会）2019 红队行动会议重点内容

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, securit…

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform…

dump

绿盟科技漏洞扫描器(RSAS)漏洞库

🦍 The Cloud-Native API Gateway

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

阿里云安全恶意程序检测比赛

Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)

Gitbook

渗透测试插件化并发框架

This is a webshell open source project

Source code about machine learning and security.