Cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Awesome XSS stuff

KCon is a famous Hacker Con powered by Knownsec Team.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

RTCMultiConnection is a WebRTC JavaScript library for peer-to-peer applications (screen sharing, audio/video conferencing, file sharing, media streaming etc.)

The XSS Hunter service - a portable version of XSSHunter.com

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

BurpSuite using the document and some extensions

中国蚁剑后渗透框架

A Xposed Module for Android Penetration Test, with NanoHttpd.

[NO MAINTENANCE] a jQuery plugin for preview markdown table of content jQuery.zTree_Toc.js toc ztree and online demo site v0.4.1

A front-end JavaScript toolkit for creating DNS rebinding attacks.

flash.cn钓鱼页（中文+英文）

DOM XSS scanner for Single Page Applications

avList - 杀软进程对应杀软名称

An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.

Collection of macOS persistence methods and miscellaneous tools in JXA

FileReader Exploit

An easy ATT&CK-based Sysmon hunting tool, showing in Blackhat USA 2019 Arsenal

Exploit for CVE-2018-4233, a WebKit JIT optimization bug used during Pwn2Own 2018

Chrome v8 1Day Exploit by István Kurucsai

大数据威胁态势感知，图标实时展示攻击状态

🚄 火车上写的，2015年的代码和数据了

Challenge Sources & Exploits for the 34C3 CTF

常见加密算法

HTTP Cache Poisoning Demo

自用xss平台