macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

A curated list of resources related to Industrial Control System (ICS) security.

在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..

An open source Bitcoin wallet password and seed recovery tool designed for the case where you already know most of your password/seed, but need assistance in trying different possible combinations.

Cloudflare, Sucuri, Incapsula real IP tracker.

Python3编写的CMS漏洞检测框架

SQL views for Dune

Quick SQLMap Tamper Suggester

阿里云accesskey利用工具

Enumerate the permissions associated with AWS credential set

The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.

openvpn-monitor is a web based OpenVPN monitor, that shows current connection information, such as users, location and data transferred.

macOS (& ios) Artifact Parsing Tool

Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload

非付费会员，fofa数据采集工具

一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo

文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)

TCP tunneling over HTTP/HTTPS for web application servers

XssPayload List . Usage:

纯真IP数据库，每天从官方授权方式自动抓取最新文件

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities

根据关键词，对搜索引擎内容检索结果的网址内容进行采集的一款程序。可自动从多个搜索引擎采集相关网站的真实地址与标题等信息，可保存为文件，自动去除重复URL。同时，也可以自定义忽略多条域名等。

100行Python代码快速获得一个代理池，两分钟获得数千个有效代理

Msmap is a Memory WebShell Generator.

MAIAN: automatic tool for finding trace vulnerabilities in Ethereum smart contracts

RCE 0-day for GhostScript 9.50 - Payload generator

JShell - Get a JavaScript shell with XSS.