This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

爆破字典

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

FofaMap是一款基于Python3开发的跨平台FOFA API数据采集器，支持普通查询、网站存活检测、统计聚合查询、Host聚合查询、网站图标查询、批量查询等查询功能。同时FofaMap还能够自定义查询FOFA数据，并根据查询结果自动去重和筛选关键字，生成对应的Excel表格。另外春节特别版还可以调用Nuclei对FofaMap查询出来的目标进行漏洞扫描，让你在挖洞路上快人一步。

在线cms识别|旁站|c段|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

参数 | 字典 collections

Generates permutations, alterations and mutations of subdomains and then resolves them

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security…

上传漏洞fuzz字典生成脚本