oss存储桶遍历漏洞利用脚本

🧯风险控制笔记，适用于互联网企业

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A Post Exploitation Tool for High Value Systems

人人都能用英语

常用操作系统、数据库、中间件等安全配置基线

🔓A curated list of modern Android exploitation conference talks.

Report and exploit of CVE-2023-36427

A black-box fuzzer to detect custom permission related privilege escalation vulnerabilities in Android.

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

自用的动态代理小工具

POC集合，框架nday漏洞利用

EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

A curated list of awesome GraphQL Security frameworks, libraries, software and resources

Obtain GraphQL API schema even if the introspection is disabled

ELF 文件解析程序

Script to quickly hook natives call to JNI in Android

🔓A Curated List Of Modern Android Exploitation Conference Talks.

爬网站JS文件，自动fuzz api接口，指定api接口（针对前后端分离项目，可指定后端接口地址），回显api响应

安全服务集成化工具集

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

CVE-2023-42820

用于渗透测试中对40x页面进行bypass并发扫描,采用go编写

侦查守卫(observer_ward)Web应用和服务指纹识别工具

A next-generation crawling and spidering framework.

A library for debugging android databases and shared preferences - Make Debugging Great Again

助力每一位RT队员，快速生成免杀木马

Burp Extension for a passive scanning JS files for endpoint links.