A collective list of free APIs

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Deepfakes Software For All

Python ProxyPool for web spider

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

OneForAll是一款功能强大的子域收集工具

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

An advanced memory forensics framework

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Static Analyzer for Solidity and Vyper

HTTP parameter discovery suite.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

收集全国各高校招生时不会写明，却会实实在在影响大学生活质量的要求与细节

A frida tool to dump dex in memory to support security engineers analyzing malware.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

Veil 3.1.X (Check version info in Veil at runtime)

Mythril is a symbolic-execution-based securty analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Symbolic execution tool

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Interesting APT Report Collection And Some Special IOCs

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

Stealing Signatures and Making One Invalid Signature at a Time