🧡 Everything is RSSible

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

Faker is a Python package that generates fake data for you.

Faker is a PHP library that generates fake data for you

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

PoC for CVE-2019-5736

A small utility to modify the dynamic linker and RPATH of ELF executables

psutil for golang

A vi editor implementation in Golang.

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

HackerOne "in scope" domains

Run PowerShell command without invoking powershell.exe

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

Docker security analysis & hacking tools

Detect and decode encoded strings, recursively.

CTFs as you need them

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Simple reverse ICMP shell

Database takeover UDF repository

Most advanced XSS scanner.

Topic Modelling for Humans

Data Hacking Project

Convolutional Neural Network for Text Classification in Tensorflow

scikit-learn: machine learning in Python

🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…