Burp被动扫描流量转发插件

Log4j2 RCE Passive Scanner plugin for BurpSuite

渗透测试报告/资料文档/渗透经验文档/安全书籍

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

An open source trusted cloud native registry project that stores, signs, and scans content.

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/…

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

yarGen is a generator for YARA rules

边界打点后的自动化渗透工具

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API

阿里云accesskey利用工具

Impacket is a collection of Python classes for working with network protocols.

AV Evasion Tool For Red Team Ops

Ladon Network Scanner For Golang (Full platform penetration scanner framework)LadonGo一款开源内网渗透扫描器框架，使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.2版本包含24个模块功能，高危漏洞检测MS17010、SmbGhost，远程执行SshCm…

一款内网扫描工具，方便一键大保健~

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Intelligent proxy pool for Humans™ (Maintainer needed)

适用于Cobalt Strike的插件

generate CobaltStrike's cross-platform payload

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）