Automatic SQL injection and database takeover tool

Most advanced XSS scanner.

Web path scanner

Credentials recovery project

You Know, For WEB Fuzzing !

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

针对 Acunetix AWVS扫描器开发的批量扫描脚本，支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项，支持联动xray、burp、w13scan等被动批量

上传漏洞fuzz字典生成脚本

Shiro<=1.2.4反序列化，一键检测工具

绕过CDN查找网站的真实IP地址

shiro反序列化漏洞检测RCE工具