Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

OneForAll是一款功能强大的子域收集工具

linux入侵排查脚本_整合版

用于检测maven项目的第三方依赖组件是否存在安全漏洞。

一款监控端口变化的系统——beholder_scanner端

An enterprise friendly way of detecting and preventing secrets in code.

资产端口实时监控系统，支持1-65525端口 7*24小时实时监控 ，支持异常发送邮件，邮箱hacker9090@126.com，作者：秋某人的傻逼[熊猫爱皮卡丘]

一个微小的服务端端口监控程序，带web界面，支持通过web重启服务器程序（需自定义配置）

对公网IP列表进行端口服务扫描，发现周期内的端口服务变化情况和弱口令安全风险

Proxy_Pool（代理资源池），一个小巧的代理ip抓取+评估+存储+展示的一体化的工具，包括了web展示和接口。

A Workflow Engine for Offensive Security

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform…

✍️ A curated list of CVE PoCs.

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件

Tool for checking Whether a domain or its multiple sub-domains are up and running.

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

Six Degrees of Domain Admin

CVE 2017-9805

Execute DLL via the Excel.Application object's RegisterXLL() method

A python3 program to filter Burp Suite log file.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

AndroidHttpCapture网络诊断工具 是一款Android手机抓包软件 主要功能包括：手机端抓包、PING/DNS/TraceRoute诊断、抓包HAR数据上传分享。你也可以看成是Android版的"Fiddler" \(^o^)/~

JumpServer is an open-source Privileged Access Management (PAM) platform that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints…

A little tool to play with Windows security

Windows Exploits