Lists (7)
Starred repositories
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
云资产管理工具 目前工具定位是云安全相关工具,目前是两个模块 云存储工具、云服务工具, 云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等 云服务工具主要是针对rds、服务器的管理,查看、执行命令、接管等等
Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具
Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Find, verify, and analyze leaked credentials
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)
deadpool代理池工具,可从hunter、quake、fofa等网络空间测绘平台取高质量socks5代理,或本地导入socks5代理,轮询使用代理进行流量转发。
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect
KCon is a famous Hacker Con powered by Knownsec Team.
面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.
一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.
Gather and update all available and newest CVEs with their PoC.
Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。
Community curated list of templates for the nuclei engine to find security vulnerabilities.