Gixy-Next: NGINX Configuration Security Scanner & Performance Checker

Tool to check for dependency confusion vulnerabilities in multiple package management systems

Using Socks4/5 or http proxies to make a multithreading Http-flood/Https-flood (cc) attack.

Takes a URL and checks the system for the tilde enum vuln and then find the files.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v…

基于优化后的vscan，继续走更多集成、自动化功能，集成subfinder（子域名爆破）、naabu(集成nmap，端口扫描、服务识别)、httpx(web扫描)、nuclei(漏洞扫描)、kscan 11种弱口令检测...

JSON Beautifier for Burp written in Java

Awvs批量扫描脚本，Awvs13批量扫描脚本（对低配置机器进行优化，避免跑死），对Scan进行控制

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Massive SQL Injection Vulnerability Scanner

This repository contains a list of tools that may be useful for consultants performing penetration testing engagements.

A list of web application security

ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!

Complete Listing and Usage of Tools used for Ethical Hacking

A powerful hacker toolkit which collects more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑