A simple tool to download all files from a webserver's "Index of" page

Hunt for security weaknesses in Kubernetes clusters

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

对在测试中常见的swagger页面泄露 ，进行批量的测试，未授权和被动扫描

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

A Swagger API Exploit

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

Burp plugin able to find reflected XSS on page in real-time while browsing on site

SSRF plugin for burp Automates SSRF Detection in all of the Request

burp插件 ShiroScan 主要用于框架、无dnslog key检测

🎯 Fast CORS misconfiguration vulnerabilities scanner

免费获取在 Microsoft Store 中收费 ￥7.00 的 HEVC 视频扩展

微信小程序辅助渗透-自动化

Burpsuite Extension to bypass 403 restricted directory

[NeurIPS 2022] Towards Robust Blind Face Restoration with Codebook Lookup Transformer

EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具

Directory/File, DNS and VHost busting tool written in Go

Web path scanner

Fast passive subdomain enumeration tool.

信息收集自动化工具

httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.

OneForAll是一款功能强大的子域收集工具

扫描存在CORS跨域漏洞的网站。

JSONP Hunter in burpsuite.

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

xTools，一个辅助小工具