Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Modlishka. Reverse Proxy.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

📦 Make security testing of K8s, Docker, and Containerd easier.

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

Fetch all the URLs that the Wayback Machine knows about for a domain

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

DEPRECATED: Data collection and processing made easy.

EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

A tool to perform Kerberos pre-auth bruteforcing

Real-time HTTP Intrusion Detection

Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.

Scan for misconfigured S3 buckets across S3-compatible APIs!

A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.

微信小程序反编译工具，.wxapkg 文件扫描 + 解密 + 解包工具

Project Wycheproof tests crypto libraries against known attacks.

ScareCrow - Payload creation framework designed around EDR bypass.

Quickly discover exposed hosts on the internet using multiple search engines.

Adversary tradecraft detection, protection, and hunting

无状态子域名爆破工具

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

XRay is a tool for recon, mapping and OSINT gathering from public networks.

A tool to abuse Exchange services

[archived] 一款实验性质的主机入侵检测系统

p2p tunnel,(udp mode work with kcp,https://github.com/skywind3000/kcp)

A static analysis tool for securing Go code

netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）

Venom - A Multi-hop Proxy for Penetration Testers

Subdomain Takeover tool written in Go