reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Gather and update all available and newest CVEs with their PoC.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

The most trusted Go module proxy in China.

微信公众号文章批量下载工具，支持评论、合集下载，支持保存html/mhtml/md/pdf/docx文件，保存文章内图片、视频、音频文件

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Official OWASP Top 10 Document Repository

Knife4j is a set of Swagger2 and OpenAPI3 All-in-one enhancement solution

A Security Tool for Bug Bounty, Pentest and Red Teaming.

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

Security-related Slide Presentation & Security Research Report（大安全各领域各公司各会议分享的PPT以及各类安全研究报告）

ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.

Application Security Verification Standard

AI-Powered Python & Python-Powered AI (Python-Use)

《FRIDA操作手册》by @hluwa @r0ysue

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

HTTPLeaks - All possible ways, a website can leak HTTP requests

一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.

Active Directory and Internal Pentest Cheatsheets

Jekyll Themes / GitHub Pages 博客模板 / A template repository for Jekyll based blog

Malware samples, analysis exercises and other interesting resources.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)

drops.wooyun.org 乌云Drops文章备份

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

proxylist, generate by fate0/getproxy project in every 15 minute

Java漏洞学习笔记 Deserialization Vulnerability