The open source coding agent.

Your Personal AI Assistant; easy to install, deploy on your own machine or on the cloud; supports multiple chat apps with easily extensible capabilities.

SSRF (Server Side Request Forgery) testing resources

IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - …

Ai迷思录（应用与安全指南）

一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具

项目介绍: 自己闲来无事所写以及工作中抽取的安全/运维/开发方面的代码小脚本 ，希望大家多多star支持。

Let your Claude able to think

Prompt越狱手册

Java Vulnerability Exploitation Platform

daydayExp的漏洞POC仓库，慢慢更新...

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams

onedrive user enumeration - pentest tool to enumerate valid o365 users

渗透测试，渗透测试小技巧，渗透测试Tips，师傅们跟我一起维护更新吧~

A POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension.

综合漏洞后渗透利用工具

Here is useful scripts collections. You can forge tickets locally with secret keys or certificates. It's useful when you want backdoor/persistence with opsec

「Golang学习+面试指南」一份涵盖大部分 Golang程序员所需要掌握的核心知识。准备 Golang面试，首选 GolangGuide！

Collection of quality safety articles. Awesome articles.

旨在以攻促防，针对Docker TCP socket的开源利用工具

主要用来更新应用漏洞

蓝队应急工具

Yaegi is Another Elegant Go Interpreter

A Golang cli template based on Cobra Viper Survey...

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Directly access data objects stored in etcd by kubernetes.

Post-exploit a compromised etcd, gain persistence and remote shell to nodes.

EHole(棱洞)魔改。可对路径进行指纹识别；支持识别出来的重点资产进行漏洞检测(支持从hunter和fofa中提取资产)支持对ftp服务识别及爆破

Fast passive subdomain enumeration tool.