A local testing ground covering common PHP code auditing topics. Organized similarly to DVWA/Pikachu, it includes an installation wizard and a tutorial

PHP 59 12 Updated Nov 26, 2025

hegdepavankumar / Cisco-Images-for-GNS3-and-EVE-NG

Free Images for EVE-NG and GNS3 containing routers, switches,Firewalls and other appliances, including Cisco, Fortigate, Palo Alto, Sophos and more. Master the art of networking and improve your sk…

HTML 1,949 439 Updated Mar 14, 2025

Sugobet / API_Sword

NSFOCUS API_Sword：A Burp Suite extension, Automatically recursively collect API endpoints from any response

Java 319 14 Updated Nov 3, 2025

SantaVp3 / Moon-Gazing-Tower

202 56 Updated Dec 10, 2025

myugan / awesome-docker-security

📚 A curated list of awesome Docker security resources

701 108 Updated Nov 20, 2025

testssl / testssl.sh

Testing TLS/SSL encryption anywhere on any port

Shell 8,768 1,107 Updated Dec 16, 2025

qi4L / JYso

JNDIExploit or a ysoserial.

Java 1,721 189 Updated Nov 10, 2025

Tencent / AI-Infra-Guard

A.I.G (AI-Infra-Guard) is a comprehensive, intelligent, and easy-to-use AI Red Teaming platform developed by Tencent Zhuque Lab.

Python 2,620 256 Updated Dec 16, 2025

0x4m4 / hexstrike-ai

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Python 5,162 1,182 Updated Nov 6, 2025

0voice / expert_readed_books

2021年最新总结，推荐工程师合适读本，计算机科学，软件技术，创业，思想类，数学类，人物传记书籍

10,827 3,208 Updated Jun 20, 2025

Team-intN18-SoybeanSeclab / Phantom

一款面向SRC漏洞挖掘中，页面信息收集场景的浏览器扩展，自动收集页面及相关资源中的敏感信息与可疑线索，支持基础扫描、深度递归扫描、批量 API 测试及结果导出与自定义正则配置

JavaScript 523 29 Updated Dec 10, 2025

ax1sX / SecurityList

A list for Web Security and Code Audit

1,191 225 Updated Dec 3, 2024

Rubby2001 / Rshell---A-Cross-Platform-C2

Rshell是一款开源的golang编写的支持多平台的C2框架，旨在帮助安服人员渗透测试、红蓝对抗。

Go 423 117 Updated Dec 16, 2025

cckuailong / JNDI-Injection-Exploit-Plus

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Java 860 108 Updated Jun 24, 2024

HeyPuter / puter

🌐 The Internet Computer! Free, Open-Source, and Self-Hostable.

JavaScript 37,994 3,301 Updated Dec 18, 2025

cseroad / Webshell_Generate

用于生成各类免杀webshell

1,231 103 Updated Mar 4, 2024

whgojp / JavaSecLab

JavaSecLab is a comprehensive Java vulnerability platform｜ JavaSecLab是一款综合型Java漏洞平台，提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范，覆盖多种漏洞场景，友好用户交互UI……

JavaScript 795 67 Updated Mar 23, 2025

d0ctorsec / LearnJavaMemshellFromZero-Recurrence

基于W01fh4cker大佬的LearnJavaMemshellFromZero从零掌握java内存马的复现重组版本。

92 4 Updated Jul 7, 2025

vxunderground / MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

Assembly 17,546 1,985 Updated Sep 10, 2025

G4rb3n / Malbox

恶意软件容器靶机

Shell 103 17 Updated Mar 4, 2021

Pennyw0rth / NetExec

The Network Execution Tool

Python 5,020 620 Updated Dec 12, 2025

orion-lib / OrionTV

一个基于 React Native TVOS 和 Expo 构建的播放器，旨在提供流畅的视频观看体验。

TypeScript 4,799 1,698 Updated Dec 17, 2025

chinese-poetry / chinese-poetry

The most comprehensive database of Chinese poetry 🧶最全中华古诗词数据库, 唐宋两朝近一万四千古诗人, 接近5.5万首唐诗加26万宋诗. 两宋时期1564位词人，21050首词。

JavaScript 50,520 10,178 Updated Apr 2, 2025

aHlo666

Lists (32)

AI

Burp插件

Cobalt Strike

IPTV

JNDI工具

书籍

云安全&容器安全

代理工具

代码审计

免杀

入侵检测系统

其他

内网

反序列化利用工具

娱乐

安全综合工具

安卓工具

应急+基线

提权

搞机

教程

渗透小工具

漏洞POC

漏洞利用工具

漏洞扫描工具

漏洞靶场

理财

病毒木马收集

知识文库

网站导航页

网络镜像

远控工具

Starred repositories

gkd-subscription

Bug Bounty