An advanced guide to learn English which might benefit you a lot 🎉 . 离谱的英语学习指南/英语学习教程/英语学习/学英语

Free Bootstrap 5 Admin Dashboard Template

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of public penetration test reports published by several consulting firms and academic security groups.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Solid - Re-decentralizing the web (project directory)

A guide to smart contract security best practices

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

Fluxion is a remake of linset by vk496 with enhanced functionality.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Automate the creation of a lab environment complete with security tooling and logging best practices

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Web-Security-Learning

Security-related Slide Presentation & Security Research Report（大安全各领域各公司各会议分享的PPT以及各类安全研究报告）

一款基于Shell的小米路由器工具箱，原为Monlor-Tools，A tool box for XiaoMi Router base on Shell.

HTTPLeaks - All possible ways, a website can leak HTTP requests

Tools, tips, tricks, and more for exploring ICS Security.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

CVE-2021-40444 PoC

A curated list of amazingly awesome WordPress resources, themes, plugins and shiny things. Inspired by awesome-php.

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

1000个PHP代码审计案例(2016.7以前乌云公开漏洞)

drops.wooyun.org 乌云Drops文章备份

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Utilities for MITRE™ ATT&CK

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

A Nmap XSL implementation with Bootstrap.

蒸米的文章（iOS冰与火之歌系列，一步一步学ROP系列，安卓动态调试七种武器系列等）