承影，愿你在光影之间，找到属于自己的锋芒。开源的类 BurpSuite 应用 ChYing — may you find your own edge between light and shadow. An open-source, BurpSuite-like application.

Open-source attack surface management and authorized security automation platform for asset discovery, service probing, scan orchestration, and security result management.

查询域名、APP、小程序、快应用以及企业的ICP备案信息，提供完全本地化的API

c3p0 new gadget

FastjsonScan4Burp 一款基于burp被动扫描的fastjson漏洞探测插件，可针对数据包中存在json的参数或请求体进行payload测试。旨在帮助安全人员更加便捷的发现、探测、深入利用fastjson漏洞，目前已实现fastjson探测、版本、依赖探测、出网及不出网利用和简易的bypass waf功能

burp插件,Oss漏洞被动扫描

Java Vulnerability Exploitation Platform

Java RMI Vulnerability Scanner

A Security Tool for Bug Bounty, Pentest and Red Teaming.

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

A very simple context menu component for Vue3 一个简洁美观简单的Vue3右键菜单组件

Fast passive subdomain enumeration tool.

A shell script to build fancy DMGs

Distributed reliable key-value store for the most critical data of a distributed system

High-performance port scanner. 高性能端口扫描器. syn scanner

帆软bi反序列化漏洞利用工具

一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)

A template for Wails with Vite + Vue + TypeScript + ElementPlus+ Pinia.

Apache ActiveMQ (版本 < 5.18.3) RCE

Focus on what matters instead of fighting with Git.

Cross platform GUI toolkit in Go inspired by Material Design

安全服务集成化工具集

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

一款golang编写的，批量检测frp server未授权访问、弱token的工具

A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager