一款专为 CTF 竞赛设计的智能流量分析工具，支持多协议解析与自动化 Flag 提取，助力快速解题。

一个IDEA插件：一键收集项目中所有jar包依赖的工具插件。遍历项目目录收集所有jar文件，复制到all-in-one文件夹，并自动添加为项目库。

A command-line tool for tweaking WeChat - 首款微信 macOS 客户端撤回拦截与多开 🔨

A new bootable USB solution.

JNDIExploit or a ysoserial.

A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions

一个使用Rust编写的SOCKS5代理池管理工具，能够自动测速、管理多个代理服务器，提供高效稳定的匿名代理服务。

面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams

备份的漏洞库，3月开始我们来维护

CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.

Java Vulnerability Exploitation Platform

A Security Tool for Bug Bounty, Pentest and Red Teaming.

首个由DeepSeek独立开发的AI网络安全工具箱

闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数

Recovers/brute forces the key for PHP files protected with PHP Screw

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

Automatically converts Python source code to Pickle opcode

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Attify OS - Distro for pentesting IoT devices

基于frp-0.58.1魔改二开，随机化socks5账户密码及端口、钉钉上线下线通知、配置文件oss加密读取、域前置防止溯源、源码替换/编译混淆等

通过Dump内存读取ToDesk设备代码、连接密码

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

Six Degrees of Domain Admin

Impacket is a collection of Python classes for working with network protocols.

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应靶站的工具

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.