A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Dex to Java decompiler

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

No longer maintained, see pinned issues

Pre-Built Vulnerable Environments Based on Docker-Compose

Fast web fuzzer written in Go

Web path scanner

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

Community curated list of templates for the nuclei engine to find security vulnerabilities.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

OneForAll是一款功能强大的子域收集工具

Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

windows-kernel-exploits Windows平台提权漏洞集合

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

You Know, For WEB Fuzzing ! 日站用的字典。

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

Cyber Security ALL-IN-ONE Platform

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Study Notes For Web Hacking / Web安全学习笔记

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

各种安全相关思维导图整理收集