PHP-Code-Audit-Skill是一个专注于PHP代码审计的Skill

最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.

🚀 2024-至今 1Day 漏洞 PoC 深度研究与复现归档。涵盖 OA、ERP、安防、数通、大模型及容器等 高价值资产漏洞，实战导向，助力安全研究与合规检测。

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

备份的漏洞库，3月开始我们来维护

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

用友漏洞检测，持续更新漏洞检测模块

Windows remote execution multitool

关于红队方面的学习资料

Self‑healing Gossip Mesh C2 with Assisted Peer Discovery, Modular Post‑Exploitation, and OPSEC‑Focused Transport

Golang weaponization for red teamers.

GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisper/RefleXXion golang implementation

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

一个攻防知识库。A knowledge base for red teaming and offensive security.

对/wgpsec/ENScan_GO的修改，只保留了爱企查接口，支持对外投资企业和子公司递归

修改自geacon的多功能linux运维管理工具

451个goby poc，是否后门及重复自行判断，来源于网络收集的Goby&POC，不定时更新。

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

H是一款强大的资产收集管理平台

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A flexible scanner

冰蝎 哥斯拉 WebShell bypass

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

OneForAll是一款功能强大的子域收集工具

递归式寻找域名和api。

PoCBox - Vulnerability Test Aid Platform