[ICCV 2017] Torch code for Grad-CAM

WaNet - Imperceptible Warping-based Backdoor Attack (ICLR 2021)

Codes for Dual Stealthy Backdoor

Paper Code

ICCV 2021, We find most existing triggers of backdoor attacks in deep learning contain severe artifacts in the frequency domain. This Repo. explores how we can use these artifacts to develop strong…

Code for paper 'FIBA: Frequency-Injection based Backdoor Attack in Medical Image Analysis'

New ways of breaking app-integrated LLMs

红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool

This is a webshell open source project

A list of backdoor learning resources

Proxifier注册机

2022 护网行动 POC 整理

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

由Go语言实现的一款CMS指纹识别工具。

CDN真实IP扫描，易语言开发

Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址

Quake Command-Line Application

一款完全被动监听的谷歌插件，用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗

Blind WAF identification tool

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Automated & Manual Wordlists provided by Assetnote

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

递归式寻找域名和api。

一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.