Nuclei POC，每2小时更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现。已有41w+POC，其中3.5w+高质量POC

HackerOne "in scope" domains

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

Generate HTML/SVG payloads for testing Server-Side Request Forgery vulnerabilities

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

A small collection of File converter vulnerability

Webshell && Backdoor Collection

A collaborative hub for Nuclei templates. Contribute, share, and explore powerful vulnerability detection tools!

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Autoswagger by Intruder - detect API auth weaknesses

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Pre-Built Vulnerable Environments Based on Docker-Compose

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability

This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

BurnWP Advanced Exploiter System instead Scanner & Custom Plugin for Pentester

Prototype Pollution and useful Script Gadgets

Latest CVEs with their Proof of Concept exploits.

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

This repo collects nuclei template from 600+ github repos, updates every 6 hours.