Stars
MaxMind's GeoIP2 GeoLite2 Country, City, and ASN databases
Umami is a modern, privacy-focused analytics platform. An open-source alternative to Google Analytics, Mixpanel and Amplitude.
Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
a tool to get web title for domain list or ip list
A little bit less hackish way to intercept and modify non-HTTP protocols through Burp & others.
云存储管理客户端。支持七牛云、腾讯云、青云、阿里云、又拍云、亚马逊S3、京东云,仿文件夹管理、图片预览、拖拽上传、文件夹上传、同步、批量导出URL等功能
This repository is in progress, it will keep updating as I come across to new learning materials. Feel free to contribute.
Top disclosed reports from HackerOne
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
shuxiaa / Log4j2Scan
Forked from whwlsfb/Log4j2ScanLog4j2 RCE Passive Scanner plugin for BurpSuite
A cross platform front-end GUI of the popular youtube-dl written in wxPython.
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…
Qftm / SQLInjectionWiki
Forked from ning1022/SQLInjectionWiki一个专注于聚合和记录各种SQL注入方法的wiki
lightos / hoover
Forked from cdaller/hooverWireless Probe Requests Sniffer
Handbook of information collection for penetration testing and src
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j rce命令执行 漏洞检测辅助工具
一个免费开源一键搭建的通用验证码识别平台,大部分常见的中英数验证码识别都没啥问题。
Continuous monitoring for JavaScript files
Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…