📚 Freely available programming books

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🚀🚀 「大模型」2小时完全从0训练64M的小参数GPT！🌏 Train a 64M-parameter GPT from scratch in just 2h!

Automatic SQL injection and database takeover tool

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Most advanced XSS scanner.

Image augmentation for machine learning experiments.

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

an awesome list of honeypot resources

OneForAll是一款功能强大的子域收集工具

The recursive internet scanner for hackers. 🧡

本项目集成了全网优秀的攻防武器工具项目，包含自动化利用，子域名、目录扫描、端口扫描等信息收集工具，各大中间件、cms、OA漏洞利用工具，爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全攻防资料。

RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

Web application fuzzer

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Common User Passwords Profiler (CUPP)

Top disclosed reports from HackerOne

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

爆破字典

Code examples in pyTorch and Tensorflow for CS230

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

一个攻防知识库。A knowledge base for red teaming and offensive security.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

A `.git` folder disclosure exploit

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.