Taielab Awesome Hacking Lists Save

平常看到好的渗透hacking工具和多领域效率工具的集合

Project README

Awesome Stars

A curated list of my GitHub stars! Generated by starred.

ASL
ActionScript
Ada
Arduino
AsciiDoc
Assembly
Astro
AutoHotkey
Batchfile
BitBake
Blade
BlitzBasic
Boo
C
C#
C++
CMake
CSS
Classic ASP
Clojure
CodeQL
ColdFusion
Dart
Dockerfile
Emacs Lisp
Erlang
F#
FreeMarker
Go
Groovy
HCL
HTML
Hack
Haskell
Inno Setup
Java
JavaScript
Jinja
Jupyter Notebook
KiCad Layout
Kotlin
LLVM
Logos
Lua
MATLAB
Makefile
Markdown
Mask
Max
Mercury
Mustache
Nginx
Nim
Nix
Nunjucks
OCaml
Objective-C
Objective-C++
Open Policy Agent
Others
PHP
PLpgSQL
Pascal
Perl
PostScript
PowerShell
Propeller Spin
Pug
Python
REXX
Rascal
Rich Text Format
Roff
Ruby
Rust
SCSS
Sage
SaltStack
Sass
Scala
Scheme
Shell
Smali
Smarty
Solidity
SourcePawn
Svelte
Swift
TSQL
Tcl
TeX
TypeScript
VBA
VBScript
VCL
Vim Script
Visual Basic
Visual Basic .NET
Vue
XSLT
YAML
YARA
Zeek
Zig
nesC

ASL

postgres-cn/pgdoc-cn - PostgreSQL manual Chinese translation by China PostgreSQL Users Group

ActionScript

appsecco/json-flash-csrf-poc - This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.

Ada

PatrikFehrenbach/amass-tools -

Arduino

UnicycleDumpTruck/MissionControl - This kids' homework desk has top that flips up to reveal a space-themed control panel.
spacehuhn/wifi_keylogger - DIY Arduino Wi-Fi Keylogger (Proof of Concept)

AsciiDoc

bitcoinbook/bitcoinbook - Mastering Bitcoin 2nd Edition - Programming the Open Blockchain

Assembly

enkomio/AlanFramework - A C2 post-exploitation framework
MortenSchenk/Token-Stealing-Shellcode -
xenoscr/SysWhispers2 - AV/EDR evasion via direct system calls.
timwhitez/Doge-Direct-Syscall - Golang Direct Syscall
klezVirus/inceptor - Template-Driven AV/EDR Evasion Framework
guitmz/memrun - Small tool to run ELF binaries from memory with a given process name
DownWithUp/DynamicKernelShellcode - An example of how x64 kernel shellcode can dynamically find and use APIs
mai1zhi2/SysWhispers2_x86 - X86 version of syswhispers2 / x86 direct system call
jthuraisamy/SysWhispers2 - AV/EDR evasion via direct system calls.
Cybereason/siofra -
mytechnotalent/Reverse-Engineering - A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
jjyr/jonesforth_riscv - Jonesforth RISC-V port.
vxunderground/MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
antonioCoco/Mapping-Injection - Just another Windows Process Injection
jthuraisamy/SysWhispers - AV/EDR evasion via direct system calls.
tinysec/windows-syscall-table - windows syscall table from xp ~ 10 rs4

Astro

kamranahmedse/developer-roadmap - Interactive roadmaps, guides and other educational content to help developers grow in their careers.

AutoHotkey

xianyukang/MyKeymap - MyKeymap: 我的按键映射工具
goreliu/runz - RunZ，专业的快速启动工具
kookob/smpic - Windows下面的SM.MS图床上传工具

Batchfile

lxgw/LxgwWenKai - An open-source Chinese font derived from Fontworks' Klee One. 一款开源中文字体，基于 FONTWORKS 出品字体 Klee One 衍生。
gsuberland/lbfo_win10 - Re-enable NIC teaming (LBFO) in Windows 10 using components from Windows Server.
SkyBlueEternal/jdk-change - 支持windows\linux\macOS | jdk一键切换版本\一键切换jdk版本\jdk版本更换
0xbinibini/emergency_response_batch - 应急响应，应急响应脚本，应急响应批处理；将Windows查看日志用户端口等命令集成在批处理脚本中。让熟练的应急人员能省去多次重复的敲击和记忆，并通过读取配置文件来调用Windows自带的命令结束进程服务等，本批处理尽量不调用任何外部的工具。任何调用的外部工具都将会存放在plugin目录下可按需使用，力图使用最原生的命令行来完成工作。
SoraShu/easyconn-socks5-for-HITsz - 在服务器上运行easyconnect并建立socks5代理，实现win电脑上免安装easyconnect访问校园内网。
r00t4dm/CVE-2020-27955 -
swagkarna/Defeat-Defender-V1.2.0 - Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
wafinfo/cobaltstrike - cobaltstrike插件
chroblert/JC-jEnv - windows java environ manage
kkzzhizhou/scoop-apps - 使用Github Action每天自动合并其他scoop仓库的更新，仓库地址：https://github.com/kkzzhizhou/scoop-apps
massgravel/Microsoft-Activation-Scripts - A Windows and Office activator using HWID / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
sagishahar/lpeworkshop - Windows / Linux Local Privilege Escalation Workshop
maguowei/k8s-docker-desktop-for-mac - Docker Desktop for Mac 开启并使用 Kubernetes
ihacku/winhardening - windows 加固脚本
frizb/Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts
acgbfull/IBM_Appscan_Batch_Scan_Script - IBM AppScan批量扫描脚本
crazywifi/RDP_SessionHijacking - Passwordless RDP Session Hijacking
so87/CISSP-Study-Guide - study material used for the 2018 CISSP exam
Tai7sy/fuckcdn - CDN真实IP扫描，易语言开发
NextronSystems/APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
auspbro/domain-admin-crack - :cactus: 入域电脑用户本地提权
bartblaze/Disable-Intel-AMT - Tool to disable Intel AMT on Windows
Phoenix1747/fake-sandbox - 👁‍🗨 This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid.
wzulfikar/ngrok-caddy - Script to run ngrok with (optional) caddy server

BitBake

xer0days/BugBounty - Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...

Blade

dbarzin/mercator - Mapping the information system / Cartographie du système d'information

BlitzBasic

eslam3kl/SQLiDetector - Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for differe
Sy3Omda/burp-bounty - Burp Bounty profiles
six2dez/burp-bounty-profiles - Burp Bounty profiles compilation, feel free to contribute!
PortSwigger/scan-check-builder - Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
1N3/IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
ghsec/BBProfiles - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

Boo

byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

C

baidu/dperf - dperf is a DPDK based 100Gbps network performance and load testing software.
H4K6/CVE-2023-0179-PoC - 针对（CVE-2023-0179）漏洞利用该漏洞被分配为CVE-2023-0179，影响了从5.5到6.2-rc3的所有Linux版本，该漏洞在6.1.6上被测试。漏洞的细节和文章可以在os-security上找到。
Impalabs/CVE-2023-27326 - VM Escape for Parallels Desktop <18.1.1
libAudioFlux/audioFlux - A library for audio and music analysis, feature extraction.
chompie1337/Windows_LPE_AFD_CVE-2023-21768 - LPE exploit for CVE-2023-21768
xforcered/Windows_LPE_AFD_CVE-2023-21768 - LPE exploit for CVE-2023-21768
Esonhugh/sshd_backdoor - /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
MrEmpy/Pingoor - 「🚪」Linux Backdoor based on ICMP protocol
nelhage/reptyr - Reparent a running program to a new terminal
itm4n/PPLdump - Dump the memory of a PPL with a userland exploit
zh-explorer/dirtycow - exploit for dirtycow
Coldzer0/ReverseSock5Proxy - A tiny Reverse Sock5 Proxy written in C :V
Cerbersec/KillDefenderBOF - Beacon Object File PoC implementation of KillDefender
seventeenman/noELF - Linux下用于远程加载可执行文件以达到内存加载的目的
Kevin-sa/ebpf-supply-chain - 利用ebpf做pypi恶意包检测
yukar1z0e/cloudswordtsh - 多用户版linux/freebsd/openbsd/netbsd/cygwin/sunos/irix/hpux/osf的远控tiny shell
Octoberfest7/EventViewerUAC_BOF - Beacon Object File implementation of Event Viewer deserialization UAC bypass
Rvn0xsy/SchtaskCreator - 远程创建任务计划工具
Libraggbond/EventViewerBypassUacBof - EventViewer Bypass Uac Bof
randorisec/CVE-2022-34918-LPE-PoC -
h3xduck/TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
pytorch/cpuinfo - CPU INFOrmation library (x86/x86-64/ARM/ARM64, Linux/Windows/Android/macOS/iOS)
byt3bl33d3r/BOF-Zig - Cobalt Strike BOF with Zig!
crisprss/PetitPotam - 替代PrintBug用于本地提权的新方式，主要利用MS-EFSR协议中的接口函数借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized
Cracked5pider/Ekko - Sleep Obfuscation
helloexp/0day - 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
tr3ee/CVE-2022-23222 - CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
synacktiv/ica2tcp - A SOCKS proxy for Citrix.
thefLink/DeepSleep - A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
q77190858/CVE-2021-3156 - sudo提权漏洞CVE-2021-3156复现代码
nsacyber/Hardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as gene
nemo-wq/PrintNightmare-CVE-2021-34527 - PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits
LDrakura/Remote_ShellcodeLoader - 远程shellcode加载&权限维持+小功能
cloudflare/ebpf_exporter - Prometheus exporter for custom eBPF metrics
JDArmy/RPCSCAN - RPC远程主机信息匿名扫描工具
jituo666/AndroidEventRecorder - A recorder used for recording user actions on Android platforms.
liudf0716/xfrpc - The xfrpc project is an implementation of frp client written in C language for OpenWRT and IOT system. The main motivation of this project is to provide a lightweight solution for devices with limited
Mr-Un1k0d3r/WindowsDllsExport - A list of all the DLLs export in C:\windows\system32\
trustedsec/CS-Remote-OPs-BOF -
Threekiii/Awesome-Exploit - 一个漏洞利用工具仓库
outflanknl/C2-Tool-Collection - A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
grigoritchy/pocs -
chicharitomu14/AndScanner - This is the project for the paper “Large-scale Security Measurements on the Android Firmware Ecosystem” in ICSE2022
rbsec/sslscan - sslscan tests SSL/TLS enabled services to discover supported cipher suites
krisnova/boopkit - Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
bytedance/bhook - :fire: ByteHook is an Android PLT hook library which supports armeabi-v7a, arm64-v8a, x86 and x86_64.
r0ysue/AndroidFridaBeginnersBook - 《安卓Frida逆向与抓包实战》随书附件
easychen/pushdeer - 开放源码的无App推送服务，iOS14+扫码即用。亦支持快应用/iOS和Mac客户端、Android客户端、自制设备
emptymonkey/revsh - A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities.
Bonfee/CVE-2022-0995 - CVE-2022-0995 exploit
RfidResearchGroup/proxmark3 - The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator
gojue/ecapture - capture SSL/TLS text content without CA cert using eBPF. supports Linux/Android x86_64/Aarch64.
ly4k/PwnKit - Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
crisprss/PrintSpoofer - PrintSpoofer的反射dll实现，结合Cobalt Strike使用
AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits - A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
mponcet/subversive - x86_64 linux rootkit using debug registers
therealdreg/lsrootkit - Rootkit Detector for UNIX
Arinerron/CVE-2022-0847-DirtyPipe-Exploit - A root exploit for CVE-2022-0847 (Dirty Pipe)
Bonfee/CVE-2022-25636 - CVE-2022-25636
bopin2020/WindowsCamp - Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&
Lojii/Knot - 一款iOS端基于MITM(中间人攻击技术)实现的HTTPS抓包工具，完整的App，核心代码使用SwiftNIO实现
r4j0x00/exploits -
SentryPeer/SentryPeer - Protect your SIP Servers from bad actors at https://sentrypeer.org
b1n4r1b01/n-days -
linux-lock/bpflock - bpflock - eBPF driven security for locking and auditing Linux machines
Rvn0xsy/CVE-2021-4034 - CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation
0verSp4ce/CVE-2021-4034 - CVE-2021-4034, For Webshell Version.
MichaelDim02/Narthex - Modular personalized dictionary generator.
FlamingSpork/iptable_evil - An evil bit backdoor for iptables
kyleavery/inject-assembly - Inject .NET assemblies into an existing process
spieglt/whatfiles - Log what files are accessed by any Linux process
berdav/CVE-2021-4034 - CVE-2021-4034 1day
arthepsy/CVE-2021-4034 - PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
Ayrx/CVE-2021-4034 - Exploit for CVE-2021-4034
aaaddress1/Skrull - Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting te
thefLink/Hunt-Sleeping-Beacons - Aims to identify sleeping beacons
Rvn0xsy/linux_dirty - 更改后的脏牛提权代码，可以往任意文件写入任意内容，去除交互过程
revng/pagebuster - PageBuster - dump all executable pages of packed processes.
screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
f0rb1dd3n/Reptile - LKM Linux rootkit
lcatro/qemu-fuzzer - Qemu Fuzzer.针对Qemu模拟设备的模糊测试工具,主要思路是Host生成种子Data,然后传递给Guest中转程序,由中转程序访问MMIO,以达到和模拟设备的交互,不同于qtest自带的fuzzer.
chriskaliX/Hades - Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
n0b0dyCN/redis-rogue-server - Redis(<=5.0.5) RCE
wavestone-cdt/EDRSandblast -
OALabs/BlobRunner - Quickly debug shellcode extracted during malware analysis
SweetIceLolly/Huorong_Vulnerabilities - Huorong Internet Security vulnerabilities 火绒安全软件漏洞
scareing/cmd2shellcode - cmd2shellcode
securifybv/Visual-Studio-BOF-template - A Visual Studio template used to create Cobalt Strike BOFs
HexHive/USBFuzz - A Framework for fuzzing USB Drivers by Device Emulation
fortra/nanodump - The swiss army knife of LSASS dumping
0671/RedisModules-ExecuteCommand-for-Windows - 可在Windows下执行系统命令的Redis模块，可用于Redis主从复制攻击。
Lakr233/Decrypter - An easy way to decrypt UIKit app.
idealeer/xmap - XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
wolfpython/nids - 基于网络的入侵检测系统
dismantl/ImprovedReflectiveDLLInjection - An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security
aircrack-ng/mdk4 - MDK4
boku7/injectEtwBypass - CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
codewhitesec/HandleKatz - PIC lsass dumper using cloned handles
gentilkiwi/kekeo - A little toolbox to play with Microsoft Kerberos in C
EspressoCake/PPLDump_BOF - A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
microsoft/omi - Open Management Infrastructure
seL4/seL4 - The seL4 microkernel
outflanknl/PrintNightmare -
cube0x0/SharpSystemTriggers - Collection of remote authentication triggers in C#
paranoidninja/PIC-Get-Privileges - Building and Executing Position Independent Shellcode from Object Files in Memory
SolomonSklash/SleepyCrypt - A shellcode function to encrypt a running process image when sleeping.
limithit/NginxExecute - The NginxExecute module executes the shell command through GET POST and HEAD to display the result.
o8oo8o/GoWebSSH - 功能强大，Go 实现的一个WebSSH，支持文件上传下载
boku7/azureOutlookC2 - Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Micro
cyberark/rdpfuzz - Tools for fuzzing RDP
mprovost/NFStash - NFS client CLI toolkit
aaaddress1/PR0CESS - some gadgets about windows process and ready to use :)
superflexible/TGPuttyLib - An SFTP client shared library (dll/so/dylib) with bindings and classes for C++, Delphi and Free Pascal based on PuTTY
ttdennis/fpicker - fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
mgeeky/ElusiveMice - Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
boku7/whereami - Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
frkngksl/Huan - Encrypted PE Loader Generator
Yubico/yubico-c - YubiKey C low-level library (libyubikey)
RUB-SysSec/Nyx - USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
glmcdona/Process-Dump - Windows tool for dumping malware PE files from memory back to disk for analysis.
alfarom256/BOF-ForeignLsass -
knightswd/ProcessGhosting -
NoOne-hub/Beacon.dll - Beacon.dll reverse
boku7/BokuLoader - A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
aqi00/advanceapp - 《Android App开发进阶与项目实战》随书源码
horsicq/PDBRipper - PDBRipper is a utility for extract an information from PDB-files.
Gui774ume/ebpfkit - ebpfkit is a rootkit powered by eBPF
jrbrtsn/ban2fail - Simple & efficient log file scanning and iptable filtering
cdpxe/NELphase - Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel)
ZhangZhuoSJTU/StochFuzz - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
connormcgarr/cThreadHijack - Beacon Object File (BOF) for remote process injection via thread hijacking
boku7/injectAmsiBypass - Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
LloydLabs/process-enumeration-stealth -
hasherezade/process_ghosting - Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
djkaty/Il2CppInspector - Powerful automated tool for reverse engineering Unity IL2CPP binaries
merbanan/rtl_433 - Program to decode radio transmissions from devices on the ISM bands (and other frequencies)
killvxk/Beacon - Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
sliverarmory/COFFLoader -
cribdragg3r/Alaris - A protective and Low Level Shellcode Loader that defeats modern EDR systems.
OWASP/IoTGoat - IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
ndilieto/uacme - ACMEv2 client written in plain C with minimal dependencies
client9/libinjection - SQL / SQLI tokenizer parser analyzer
alipay/ios-malicious-bithunter - iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime. If you are inte
xuanxuan0/TiEtwAgent - PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
antonioCoco/RemotePotato0 - Windows Privilege Escalation from User to Domain Admin.
greenbone/gvmd - Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
topotam/PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
CCob/BOF.NET - A .NET Runtime for Cobalt Strike's Beacon Object Files
0xricksanchez/dlink-decrypt - D-Link firmware decryption PoC
boku7/spawn - Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG),
xforcered/InlineExecute-Assembly - InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional f
inspiringz/CVE-2021-3493 - CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)
wbenny/injdrv - proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
CCob/SylantStrike - Simple EDR implementation to demonstrate bypass
jattach/jattach - JVM Dynamic Attach utility
anthemtotheego/InlineExecute-Assembly - InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional f
praetorian-inc/PortBender - TCP Port Redirection Utility
hlldz/CVE-2021-1675-LPE - Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
blackorbird/PrintNightmare -
iqiyi/qnsm - QNSM is network security monitoring framework based on DPDK.
Yaxser/Backstab - A tool to kill antimalware protected processes
CaledoniaProject/rdpscan - RDP password verification tool - No external libraries required ;-P
wonderkun/go-packer - golang打包二进制进行免杀
cgwalters/cve-2020-14386 -
alipay/Owfuzz - Owfuzz: a WiFi protocol fuzzing tool
passthehashbrowns/hook-integrity-checks -
kevmitch/win_battery_log - command line battery stats for MS Windows
passthehashbrowns/hiding-your-syscalls - Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.
yarrick/iodine - Official git repo for iodine dns tunnel
airbus-cyber/afl_ghidra_emu -
ApsaraDB/PolarDB-for-PostgreSQL - A cloud-native database based on PostgreSQL developed by Alibaba Cloud.
season-lab/fuzzolic - fuzzing + concolic = fuzzolic :)
djhohnstein/macos_shell_memory - Execute MachO binaries in memory using CGo
ASkyeye/Zipper - Zipper, a CobaltStrike file and folder compression utility.
AdamWhiteHat/Judge-Jury-and-Executable - A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power
pbek/loganalyzer - LogAnalyzer is a tool that helps you to analyze your log files by reducing the content with patterns you define.
heiher/hev-socks5-core - A simple, lightweight socks5 library. (IPv4/IPv6/TCP/UDP/Client/Server)
orangetw/tsh - Tiny SHell is an open-source UNIX backdoor.
waldo-irc/CVE-2021-21551 - Exploit to SYSTEM for CVE-2021-21551
Iansus/SilentLsassDump - VisualStudio port of https://github.com/guervild/BOFs/tree/dev/SilentLsassDump
scythe-io/memory-module-loader - An implementation of a Windows loader that can load dynamic-linked libraries (DLLs) directly from memory
abcz316/rwProcMem33 - Linux read & write process memory module.
falcosecurity/pdig - ptrace-based event producer for udig
svengong/xcubebase_riru - 基于magisk 和riru的frida持久化方案
Al1ex/WindowsElevation - Windows Elevation(持续更新)
Al1ex/LinuxEelvation - Linux Eelvation(持续更新)
boazsegev/iodine - iodine - HTTP / WebSockets Server for Ruby with Pub/Sub support
xforcered/CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
dgoulet/kjackal - Linux Rootkit Scanner
rsmudge/ZeroLogon-BOF -
csandker/inMemoryShellcode - A Collection of In-Memory Shellcode Execution Techniques for Windows
pattern-f/TQ-pre-jailbreak - Hello from pattern-f.
darvincisec/AntiDebugandMemoryDump - Anti-Debug and Anti-Memory Dump for Android
decoder-it/juicy_2 - juicypotato for win10 > 1803 & win server 2019
9bie/exe2shellcode - Remote Download and Memory Execute for shellcode framework
trustedsec/COFFLoader -
akopytov/sysbench - Scriptable database and system performance benchmark
mtrojnar/osslsigncode - OpenSSL based Authenticode signing for PE/MSI/Java CAB files
jmk-foofus/medusa - Medusa is a speedy, parallel, and modular, login brute-forcer.
rewardone/OSCPRepo - A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and readi
aaaddress1/sakeInject - Windows PE - TLS (Thread Local Storage) Injector in C/C++
Rvn0xsy/CVE-2021-3156-plus - CVE-2021-3156非交互式执行命令
blasty/CVE-2021-3156 -
Mr-Un1k0d3r/RedTeamCCode - Red Team C code repo
lockedbyte/CVE-Exploits - PoC exploits for software vulnerabilities
mai1zhi2/ShellCodeFramework - 绕3环的shellcode免杀框架
ea/bosch_headunit_root - Documentation and code for rooting and extending a Bosch car head unit (lcn2kai)
LloydLabs/Windows-API-Hashing - This is a simple example and explanation of obfuscating API resolution via hashing
LloydLabs/delete-self-poc - A way to delete a locked file, or current running executable, on disk.
zznop/drow - Injects code into ELF executables post-build
outflanknl/FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
neil-wu/CatFrida - CatFrida is a macOS tool for inspecting a running iOS app.
jsherman212/xnuspy - an iOS kernel function hooking framework for checkra1n'able devices
rsmudge/unhook-bof - Remove API hooks from a Beacon process.
dacade/tools - some tools
lengjibo/FourEye - AV Evasion Tool For Red Team Ops
AFLplusplus/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
ethereal-vx/Persistence - Recreating and reviewing the Windows persistence methods
anantshri/Android_Security - This repository is a suplimentary material for Android Training's done by Anant Shrivastava from 2012-2017
outflanknl/WdToggle - A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
ajpc500/BOFs - Collection of Beacon Object Files
tomcarver16/BOF-DLL-Inject - Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
gnxbr/Fully-Undetectable-Techniques -
slaeryan/DetectCobaltStomp - Detects Module Stomping as implemented by Cobalt Strike
chroblert/JC-AntiPtrace - 安卓绕过ptrace反调试
mcepl/M2Crypto - OpenSSL for Python (both 2.x and 3.x) (generated by SWIG)
NixOS/patchelf - A small utility to modify the dynamic linker and RPATH of ELF executables
TannerJin/AntiMSHookFunction - AntiMSHookFunction (make MSHookFunction doesn't work)
ntop/n2n - Peer-to-peer VPN
gaffe23/linux-inject - Tool for injecting a shared object into a Linux process
code-scan/ssh-inject-auto-find-libdl -
geommer/yabar - A modern and lightweight status bar for X window managers.
cbwang505/CVE-2019-0708-EXP-Windows - CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell
strongcourage/uafuzz - UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
LloydLabs/wsb-detect - wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
g0dA/linuxStack - Linux技术栈
0voice/algorithm-structure - 2021年最新总结 500个常用数据结构，算法，算法导论，面试常用，大厂高级工程师整理总结
GeoSn0w/Blizzard-Jailbreak - An Open-Source iOS 11.0 -> 11.4.1 (soon iOS 13) Jailbreak, made for teaching purposes.
bytecode77/r77-rootkit - Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
ventoy/Ventoy - A new bootable USB solution.
SkewwG/domainTools - 内网域渗透小工具
StarCross-Tech/heap_exploit_2.31 -
XiphosResearch/netelf - Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
andreafioraldi/weizz-fuzzer -
hackerschoice/gsocket - Connect like there is no firewall. Securely.
phra/PEzor - Open-Source Shellcode & PE Packer
TimelifeCzy/Shell_Protect - VM一键加壳/脱壳，全压缩，反调试等
ish-app/ish - Linux shell for iOS
inspektor-gadget/inspektor-gadget - Introspecting and debugging Kubernetes applications using eBPF "gadgets"
gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
timwhitez/Cobalt-Strike-Aggressor-Scripts - Cobalt Strike Aggressor 插件包
brendan-rius/c-jwt-cracker - JWT brute force cracker written in C
bg6cq/whoisscanme -
aircrack-ng/rtl8188eus - RealTek RTL8188eus WiFi driver with monitor mode & frame injection support
dtcooper/fakehostname - Run a command and fake your hostname.
yifengyou/learn-kvm - Qemu KVM(Kernel Virtual Machine)学习笔记
blendin/3snake - Tool for extracting information from newly spawned processes
0vercl0k/sic - Enumerate user mode shared memory mappings on Windows.
CylanceVulnResearch/ReflectiveDLLRefresher - Universal Unhooking
DoctorWkt/acwj - A Compiler Writing Journey
limbenjamin/LogServiceCrash - POC code to crash Windows Event Logger Service
nil0x42/duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
blunderbuss-wctf/wacker - A WPA3 dictionary cracker
uf0o/CVE-2020-17382 - PoC exploits for CVE-2020-17382
libinjection/libinjection - SQL / SQLI tokenizer parser analyzer
blackarrowsec/redteam-research - Collection of PoC and offensive techniques used by the BlackArrow Red Team
chompie1337/s8_2019_2215_poc - PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass
DerekSelander/yacd - Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required
jvinet/knock - A port-knocking daemon
ThunderGunExpress/UAC-TokenDuplication -
Ascotbe/Kernelhub - :palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
fancycode/MemoryModule - Library to load a DLL from memory.
reactos/reactos - A free Windows-compatible Operating System
MobileForensicsResearch/mem - Tool used for dumping memory from Android devices
ARM-software/CSAL - Coresight Access Library
webview/webview_csharp - C# bindings for webview/webview - Batteries included
webview/webview - Tiny cross-platform webview library for C/C++/Golang. Uses WebKit (Gtk/Cocoa) and Edge (Windows)
gabrielrcouto/awesome-php-ffi - PHP FFI examples and use cases
bhassani/EternalBlueC - EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
mdsecactivebreach/firewalker -
hzqst/VmwareHardenedLoader - Vmware Hardened VM detection mitigation loader (anti anti-vm)
aligrudi/neatcc - A small arm/x86(-64) C compiler
bkerler/opencl_brute - MD5,SHA1,SHA256,SHA512,HMAC,PBKDF2,SCrypt Bruteforcing tools using OpenCL (GPU, yay!) and Python
marsyy/littl_tools -
n0b0dyCN/RedisModules-ExecuteCommand - Tools, utilities and scripts to help you write redis modules!
vulhub/redis-rogue-getshell - redis 4.x/5.x master/slave getshell module
TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
google/sanitizers - AddressSanitizer, ThreadSanitizer, MemorySanitizer
AntSwordProject/ant_php_extension - PHP 扩展, 用于 PHP-FPM、FastCGI、LD_PRELOAD等模式下突破 disabled_functions
m57/cobaltstrike_bofs - My CobaltStrike BOFS
anthemtotheego/C_Shot -
sailay1996/UAC_Bypass_In_The_Wild - Windows 10 UAC bypass for all executable files which are autoelevate true .
a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
github/securitylab - Resources related to GitHub Security Lab
qq4108863/hihttps - hihttps是一款完整源码的高性能web应用防火墙，既支持传统WAF的所有功能如SQL注入、XSS、恶意漏洞扫描、密码暴力破解、CC、DDOS等ModSecurity正则规则，又支持无监督机器学习，自主对抗未知攻击。
rvrsh3ll/BOF_Collection - Various Cobalt Strike BOFs
sailay1996/RpcSsImpersonator - Privilege Escalation Via RpcSs svc
libyal/liblnk - Library and tools to access the Windows Shortcut File (LNK) format
NtRaiseHardError/NINA - NINA: No Injection, No Allocation x64 Process Injection Technique
DanieleDeSensi/peafowl - High performance Deep Packet Inspection (DPI) framework to identify L7 protocols and extract and process data and metadata from network traffic.
elfmaster/libelfmaster - Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
elfmaster/ftrace - POSIX Function tracing
elfmaster/dsym_obfuscate - Obfuscates dynamic symbol table
ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit
redplait/armpatched - clone of armadillo patched for windows
dalvarezperez/CreateFile_based_rootkit -
mhaskar/Shellcode-In-Memory-Decoder - A simple C implementation to decoded your shellcode and writes it directly to memory
meme/hotwax - Coverage-guided binary fuzzing powered by Frida Stalker
avs333/Nougat_dlfunctions -
hack0z/byopen - 🎉A dlopen library that bypasses mobile system limitation
titansec/OpenWAF - Web security protection system based on openresty
ionescu007/faxhell - A Bind Shell Using the Fax Service and a DLL Hijack
ph4ntonn/Impost3r - 👻Impost3r -- A linux password thief
havocykp/Gh0st - 远控源码
yangyangwithgnu/bypass_disablefunc_via_LD_PRELOAD - bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
gentilkiwi/mimikatz - A little tool to play with Windows security
itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
sandboxie/sandboxie - The Sandboxie application
can1357/NtLua - Lua in kernel-mode because why not.
1d8/MailJack -
thebabush/bline - Naver LINE VoIP reversing stuff
kingToolbox/WindTerm - A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.
nccgroup/nccfsas - Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.
a1exdandy/checkm8-a5 - checkm8 port for S5L8940X/S5L8942X/S5L8945X
taviso/ctftool - Interactive CTF Exploration Tool
YutaroHayakawa/ipftrace2 - A packet oriented Linux kernel function call tracer
hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
rxwx/spoolsystem - Print Spooler Named Pipe Impersonation for Cobalt Strike
Katrovisch/KatroLogger - KeyLogger for Linux Systems
bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
HyperDbg/HyperDbg - State-of-the-art native debugging tool
AltraMayor/gatekeeper - The first open-source DDoS protection system
V-E-O/PoC - PoC of CVE/Exploit
vanhauser-thc/thc-hydra - hydra
luke-goddard/enumy - Linux post exploitation privilege escalation enumeration
oleavr/ios-inject-custom - Example showing how to use Frida for standalone injection of a custom payload
Echocipher/AUTO-EARN - 一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
zhuotong/Android_InlineHook - Android内联hook框架
juuso/keychaindump - A proof-of-concept tool for reading OS X keychain passwords
prbinu/tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
a2o/snoopy - Snoopy Command Logger is a small library that logs all program executions on your Linux/BSD system.
gentilkiwi/kirandomtpm - Get random bytes from the TPM (tool + BCrypt RNG provider)
wonderkun/CTFENV - 为应对CTF比赛而搭建的各种环境
antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
yusufqk/SystemToken - Steal privileged token to obtain SYSTEM shell
uknowsec/getSystem - webshell下提权执行命令 Reference:https://github.com/yusufqk/SystemToken
NLnetLabs/ldns - LDNS is a DNS library that facilitates DNS tool programming
noptrix/lulzbuster - A very fast and smart web directory and file enumeration tool written in C.
danigargu/CVE-2020-0796 - CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
twelvesec/passcat - Passwords Recovery Tool
chroblert/domainWeakPasswdCheck - 内网安全·域账号弱口令审计
chroblert/AssetManage -
paranoidninja/Shuriken - Offensive Android Kernel on Steroids - Shuriken is an Android kernel for Oneplus 5/5T which supports multiple features for pentesting.
newsoft/adduser - Programmatically create an administrative user under Windows
david378/ssocks - build static ssocks by cmake,cross build ssocks
V-E-O/rdp2tcp - rdp2tcp: open tcp tunnel through remote desktop connection.
brainsmoke/ptrace-burrito - a friendly wrapper around ptrace
Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
RITRedteam/Headshot - NGINX module to allow for RCE through a specific header
Genymobile/scrcpy - Display and control your Android device
bootleg/ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
pymumu/smartdns - A local DNS server to obtain the fastest website IP for the best Internet experience, support DoT, DoH. 一个本地DNS服务器，获取最快的网站IP，获得最佳上网体验，支持DoH，DoT。
outflanknl/Dumpert - LSASS memory dumper using direct system calls and API unhooking.
jonathanmetzman/wasm-fuzzing-demo - Demos of and walkthroughs on in-browser fuzzing using WebAssembly
turing-technician/FastHook - Android ART Hook
Aekras1a/darkRat_HVNC - DarkRats Standalone HVNC
SwiftLaTeX/SwiftLaTeX - SwiftLaTeX, a WYSIWYG Browser-based LaTeX Editor
GiacomoLaw/Keylogger - A simple keylogger for Windows, Linux and Mac
mohuihui/antispy - AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its
OWASP/igoat - OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
OWASP/iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
hmgle/graftcp - A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
abelcheung/rifiuti2 - Windows Recycle Bin analyser
vmonaco/kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
robertdavidgraham/rdpscan - A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.
q3k/cve-2019-5736-poc - Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)
gurnec/HashCheck - HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org
skeeto/endlessh - SSH tarpit that slowly sends an endless banner
Chion82/netfilter-full-cone-nat - A kernel module to turn MASQUERADE into full cone SNAT
hacksysteam/HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Windows Driver (HEVD)
y11en/BlockRDPBrute - [HIPS]RDP(3389)爆破防护
klsfct/getshell - 各大平台提权工具
wazuh/wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Halbmond/Introduction-to-Computer-Systems - Course : Introduction to Computer Systems
swaywm/sway - i3-compatible Wayland compositor
ambrop72/badvpn - NCD scripting language, tun2socks proxifier, P2P VPN
firebroo/UnixTools - 一些处理数据的Unix小工具，支持管道操作。
meyerd/n2n - A development branch of the n2n p2p vpn software
ValdikSS/p0f-mtu - p0f with patches to save MTU value and export it via API (for VPN detection)
rosehgal/BinExp - Linux Binary Exploitation
sfan5/fi6s - IPv6 network scanner designed to be fast
silight-jp/MacType-Patch - MacType Patch for DirectWrite Hook
andreiw/RaspberryPiPkg - DEPRECATED - DO NOT USE | Go here instead ->
aarond10/https_dns_proxy - A lightweight DNS-over-HTTPS proxy.
telekom-security/tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
lihaoyun6/axeldown-core - 基于axel-webm的优化项目. 通过webui调用axel进行下载
suvllian/process-inject - 在Windows环境下的进程注入方法：远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
sumatrapdfreader/sumatrapdf - SumatraPDF reader
zogvm/zogvm - zogna video manager
henkman/virgo - :virgo::computer::computer::computer::computer: Virtual desktops for Windows
netdata/netdata - Real-time performance monitoring, done right! https://www.netdata.cloud
RPISEC/MBE - Course materials for Modern Binary Exploitation by RPISEC
saaramar/execve_exploit - Hardcore corruption of my execve() vulnerability in WSL
Nat-Lab/eoip - EoIP/EoIPv6 for *nix.
tcp-nanqinlang/general - general mode via module loading
3proxy/3proxy - 3proxy - tiny free proxy server
coolstar/electra - Electra iOS 11.0 - 11.1.2 jailbreak toolkit based on async_awake
dyne/dnscrypt-proxy - DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)
agile6v/awesome-nginx - A curated list of awesome Nginx distributions, 3rd party modules, Active developers, etc. :octocat:
guanchao/AppProtect - 整理一些app常见的加固方法，包括java层、native层和资源文件加固等
firmianay/CTF-All-In-One - CTF竞赛权威指南
Wind4/vlmcsd - KMS Emulator in C (currently runs on Linux including Android, FreeBSD, Solaris, Minix, Mac OS, iOS, Windows with or without Cygwin)
Motion-Project/motion - Motion, a software motion detector. Home page: https://motion-project.github.io/
mpv-player/mpv - 🎥 Command line video player
gsliepen/tinc - a VPN daemon
hardenedlinux/linux-exploit-development-tutorial - a series tutorial for linux exploit development to newbie.
NoahhhRyan/krackattacks-test -
hfiref0x/UACME - Defeating Windows User Account Control
tinyproxy/tinyproxy - tinyproxy - a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
mitchellkrogza/apache-ultimate-bad-bot-blocker - Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
vanhoefm/krackattacks-scripts -
droberson/icmp-backdoor - Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.
giltu/KernelPCC - PCC is a new approach for TCP congestion control base on real-time performance analysis. This is a kernel implementation of it.
madeye/tcp_china - TCP China congestion control algorithm
gatieme/AderXCoding - 介绍各类语言，库，系统编程以及算法的学习
session-replay-tools/tcpcopy - An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc
sudeshnapal12/Web-Application-Firewall - Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, X
50m30n3/dsptunnel - IP over audio tunnel
usagiryu/unit - Unit 中文文档源，每 24 小时与官方同步。中文文档请点README_CN.md。
Ridter/Pentest - tools
dosgo/ngrok-c - ngrok client for c language,Due to the use of GO ngrok language development, porting to embedded devices some inconvenience, such as openwrt, so use C language rewrite a client. Very mini, the need to
dlundquist/sniproxy - Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
haiwen/seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
WireGuard/wireguard-monolithic-historical - Historical monolithic WireGuard repository, split into wireguard-tools, wireguard-linux, and wireguard-linux-compat.
git-hulk/tcpkit - the tcpkit was designed to make network packets programable with Lua script
snooda/net-speeder - net-speeder 在高延迟不稳定链路上优化单线程下载速度
unamer/vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5
axel-download-accelerator/axel - Lightweight CLI download accelerator
skywind3000/kcp - :zap: KCP - A Fast and Reliable ARQ Protocol
osqzss/gps-sdr-sim - Software-Defined GPS Signal Simulator
magkopian/keepassxc-debian - Debian source package for the KeePassXC password manager.
ScottyBauer/Android_Kernel_CVE_POCs - A list of my CVE's with POCs
axi0mX/ios-kexec-utils - boot LLB/iBoot/iBSS/iBEC image from a jailbroken iOS kernel
santoru/filewatcher - A simple auditing utility for macOS
Cn33liz/HSEVD-ArbitraryOverwrite - HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit
c0d3z3r0/sudo-CVE-2017-1000367 -
Chion82/kcptun-raw - Kcptun with raw socket and fake TCP headers.
klsecservices/Invoke-Vnc - Powershell VNC injector
DhavalKapil/icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.
shudo/shujit - Java Just-in-Time Compiler for x86 processors
opsxcq/exploit-CVE-2017-7494 - SambaCry exploit and vulnerable container (CVE-2017-7494)
raminfp/linux-4.8.0-netfilter_icmp - Anatomy of a linux kernel development
DhavalKapil/heap-exploitation - This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
ANSSI-FR/AD-control-paths - Active Directory Control Paths auditing and graphing tools
ValdikSS/GoodbyeDPI - GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)
ufrisk/pcileech - Direct Memory Access (DMA) Attack Software
Cybellum/DoubleAgent - Zero-Day Code Injection and Persistence Technique
gentilkiwi/wanakiwi - Automated wanadecrypt with key recovery if lucky
jtesta/ssh-mitm - SSH man-in-the-middle tool
SecWiki/linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
adafruit/Adafruit-GPIO-Halt - Press-to-halt program for headless Raspberry Pi. Similar functionality to the rpi_power_switch kernel module from the fbtft project, but easier to compile (no kernel headers needed).
greensea/mptunnel - MPUDP Tunnel (User space MultiPath UDP)
Riscure/Rhme-2016 - Rhme2 challenge (2016)
leechristensen/UnmanagedPowerShell - Executes PowerShell from an unmanaged process
peperunas/injectopi - A set of tutorials about code injection for Windows.
hasherezade/demos - Demos of various injection techniques found in malware
google/honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
mubix/post-exploitation - Post Exploitation Collection
hxp2k6/smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)
SpacehuhnTech/esp8266_deauther - Affordable WiFi hacking platform for testing and learning
s0lst1c3/eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
LukaSikic/Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
kala13x/scap - Network Sniffer (Scan and Capture Incoming Packets)
nmap/ncrack - Ncrack network authentication tool
SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
ele7enxxh/Android-Inline-Hook - thumb16 thumb32 arm32 inlineHook in Android
laginimaineb/cve-2015-6639 - QSEE Privilege Escalation Exploit using PRDiag* commands (CVE-2015-6639)
deamwork/inetutils - the copy of https://git.savannah.gnu.org/cgit/inetutils.git/ with knali support
traviscross/mtr - Official repository for mtr, a network diagnostic tool
kmyk/libproofofwork - Simple hash-mining c library and its python binding.
boywhp/wifi_crack_windows - wifi crack project for windows
zcgonvh/NTDSDumpEx - NTDS.dit offline dumper with non-elevated
derrekr/android_security - Public Android Vulnerability Information (CVE PoCs etc)
googleprojectzero/winafl - A fork of AFL for fuzzing Windows binaries
F-Stack/f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API.
mrschyte/pentestkoala - Modified dropbear server which acts as a client and allows authless login
openwall/john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
netblue30/firejail - Linux namespaces and seccomp-bpf sandbox
Azard/SE315-OperatingSystem - SJTU-SE315 Operating System labs from MIT 6.828, by a SE12er.
gamelinux/passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
spacehuhn/wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
danieljiang0415/android_kernel_crash_poc -
robertfisk/USG - The USG is Good, not Bad
ossec/ossec-hids - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
iovisor/bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
lionsoul2014/ip2region - Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming la
huntergregal/mimipenguin - A tool to dump the login password from the current linux user
SamyPesse/How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++
nonstriater/Learn-Algorithms - 算法学习笔记
wg/wrk - Modern HTTP benchmarking tool

C#

0xb11a1/yetAnotherObfuscator - C# obfuscator that bypass windows defender
BeichenDream/GodPotato -
WesleyWong420/RedTeamOps-Havoc-101 - Materials for the workshop "Red Team Ops: Havoc 101"
darktohka/FlashPatch - FlashPatch! Play Adobe Flash Player games in the browser after January 12th, 2021.
daem0nc0re/TangledWinExec - PoCs and tools for investigation of Windows process execution techniques
sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY - Exploit for the CVE-2023-23397
Sq00ky/csharp-portscanner - simple C# portscanner - written for playing around with Metasploit's Execute-Assembly
zcgonvh/DCOMPotato - Some Service DCOM Object and SeImpersonatePrivilege abuse.
zR00t1/WannaCry - 基于C#编写的WannaCry模拟病毒，通常应用于网络安全应急演练
lele8/SharpUserIP - 在域控或远程提取登录日志，快速获取域用户对应的IP地址
mandiant/ADFSDump -
rasta-mouse/SharpC2 - Command and Control Framework written in C#
bugch3ck/SharpEfsPotato - Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
RikunjSindhwad/MSSQL-Attacker - MSSQL Database Attacker tool
F3eev/SharkExec - 内网渗透|红队工具|C#内存加载|cobaltstrike
BornToBeRoot/NETworkManager - A powerful tool for managing networks and troubleshoot network problems!
vletoux/PingCastleCloud - Audit program for AzureAD
BeichenDream/SharpToken - Windows Token Stealing Expert
casbin-net/redis-adapter - Redis adapter for Casbin.NET
pwn1sher/frostbyte - FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
CervantesSec/cervantes - Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
xpn/AppProxyC2 -
improsec/SharpEventPersist - Persistence by writing/reading shellcode from Event Log
EricZimmerman/evtx - C# based evtx parser with lots of extras
Ryze-T/CNVD-2022-10270-LPE - 基于向日葵RCE的本地权限提升，无需指定端口
Hagrid29/DuplicateDump - Dumping LSASS with a duplicated handle from custom LSA plugin
fox-it/LDAPFragger -
nettitude/SharpWSUS -
BloodHoundAD/SharpHoundCommon - Common library used by SharpHound.
nettitude/MalSCCM -
Viralmaniar/DDWPasteRecon - DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, password hashes. It also allow member of SOC & Blue Team to gain situational awareness of the organisation's
Dec0ne/KrbRelayUp - KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
whitesquirrell/C0deVari4nt - A variant analysis and visualisation tool that scans codebases for similar vulnerabilities
arsium/EagleMonitorRAT - Remote Access Tool Written In C#
onSec-fr/Http-Asynchronous-Reverse-Shell - [POC] Asynchronous reverse shell using the HTTP protocol.
yck1509/ConfuserEx - An open-source, free protector for .NET applications
daem0nc0re/AtomicSyscall - Tools and PoCs for Windows syscall investigation.
scotty-kdw/ARM-Analyzer - Backward Taint Analysis (GUI) on Desktop : Analyzing trace log to determine exploitability by tracking data propagation
RowTeam/SharpDecryptPwd - SharpDecryptPwd source, To Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc
Gr1mmie/AtlasC2 - C# C2 Framework centered around Stage 1 operations
wwh1004/ExtremeDumper - .NET Assembly Dumper
netero1010/ScheduleRunner - A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
Group3r/Group3r - Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
JDArmy/SharpXDecrypt - Xshell全版本密码恢复工具
cube0x0/KrbRelay - Framework for Kerberos relaying
0xthirteen/SharpStay - .NET project for installing Persistence
skahwah/SQLRecon - A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
tothi/SharpStay - .NET project for installing Persistence
dqcostin/SharpGetinfo - 关于工作组和域信息收集的工具
Flangvik/CobaltBus - Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
ly4k/SpoolFool - Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
py7hagoras/GetSystem - This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.
mrd0x/EvilSelenium - EvilSelenium is a tool that weaponizes Selenium to attack Chromium based browsers.
jfmaes/AmsiHooker - Hookers are cooler than patches.
VbScrub/Rubeus-GUI - GUI alternative to the Rubeus command line tool, for all your Kerberos exploit requirements
stomakun/WechatExport-iOS - Save iOS WeChat history as HTML or TXT with neat layout and picture & audio support.
snovvcrash/MirrorDump - Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
mandiant/SharPersist -
An0nySec/UserAdd - Bypass AV 用户添加
daem0nc0re/PrivFu - Kernel mode WinDbg extension and PoCs for token privilege investigation.
pwn1sher/WMEye - WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement
bohops/RogueAssemblyHunter - Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
VollRagm/KernelBypassSharp - C# Kernel Mode Driver to read and write memory in protected processes
punk-security/smbeagle - SMBeagle - Fileshare auditing tool.
evi1ox/sharpNetstat -
Jumbo-WJB/SharpAllowedToAct-Modify - resource-based constrained delegation RBCD
Ridter/SharpAddDomainMachine - SharpAddDomainMachine
cube0x0/noPac - CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
matterpreter/FindETWProviderImage - Quickly search for references to a GUID in DLLs, EXEs, and drivers
A-D-Team/SharpMemshell - Memshell
daem0nc0re/SharpWnfSuite - C# Utilities for Windows Notification Facility
FDlucifer/Proxy-Attackchain - proxylogon & proxyshell & proxyoracle & proxytoken & all exchange server vulns summarization :)
hackthedev/teardrop - Open-Source Ransomware Project for learning purpose only written in C# (csharp). Dont use it for bad things.
Jhangju/bypass-sandbox-antivirus-detection-using-human-interaction-technique-by-cheking-mouse-movement - This project actually checks for the mouse movement if reach to 100 pixel it will start cmd and open cmd.exe and chrome.exe. Just to give idea that some sandbox does not use mouse movements.
DamonMohammadbagher/NativePayload_ReverseShell - This is Simple C# Source code to Bypass almost "all" AVS, (kaspersky v19, Eset v12 v13 ,Trend-Micro v16, Comodo & Windows Defender Bypassed via this method Very Simple)
Kara-4search/MappingInjection_CSharp - MappingInjection via csharp
tedyyu/ProcDumpEx - ProcDumpEx = ProcDump in batch mode
rasta-mouse/ExternalC2.NET - .NET implementation of Cobalt Strike's External C2 Spec
ldqk/Masuit.Tools - 新手友好的C#万能工具库，包含一些常用的操作类，大都是静态类，加密解密，反射操作，权重随机筛选算法，分布式短id，表达式树，linq扩展，文件压缩，多线程下载和FTP客户端，硬件信息，字符串扩展方法，日期时间扩展操作，中国农历，大文件拷贝，图像裁剪，验证码，断点续传，集合扩展、Excel导出等常用封装。诸多功能集一身，代码量不到2MB！
ryhanson/ExternalC2 - A library for integrating communication channels with the Cobalt Strike External C2 server
chr0n1k/AH2021Workshop - Malware development for red teaming workshop
CanIPhish/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
knight0x07/ImpulsiveDLLHijack - C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
iomoath/PowerShx - Run Powershell without software restrictions.
leechristensen/SpoolSample - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.
plackyhacker/Shellcode-Injection-Techniques - A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some tec
plackyhacker/Suspended-Thread-Injection - Another meterpreter injection technique using C# that attempts to bypass Defender
0x727/SchTask_0x727 - 创建隐藏计划任务，权限维持，Bypass AV
7hr0wer/ProxyValidator - 用C#开发的简单的多线程代理验证工具。
tevora-threat/SharpView - C# implementation of harmj0y's PowerView
pornin/paradox-compress - Paper and Demo Implementation of Paradoxical Compression with VDF
StarZHF/Foxmail-Password-Recovery -
zacateras/sddl-parser - Security Descriptor Definition Language (SDDL) Parser
pentest-tools-public/Pass-to-hash-EWS -
GhostPack/SharpDPAPI - SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
lassehauballe/Eternalblue - Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
ChoiSG/SharpJfmaesWorkshop - things I learned from @jfmaes's .NET reflection workshop - thank you for the great workshop
RiccardoAncarani/LiquidSnake - LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
waf/CSharpRepl - A command line C# REPL with syntax highlighting – explore the language, libraries and nuget packages interactively.
eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
evilashz/SharpADUserIP - 提取DC日志，快速获取域用户对应IP地址
iomoath/SharpSpray - Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.
GhostPack/RestrictedAdmin - Remotely enables Restricted Admin Mode
X-C3LL/xlsxPoison - Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin)
fozavci/WeaponisingCSharp-Fundamentals - Weaponising C# - Fundamentals Training Content
bitsadmin/fakelogonscreen - Fake Windows logon screen to steal passwords
YDHCUI/csload.net - 一个cobaltstrike shellcode加载器，过国内主流杀软
EncodeGroup/UAC-SilentClean - New UAC bypass for Silent Cleanup for CobaltStrike
deadjakk/Reg1c1de - Registry permission scanner written in C# for finding potential privesc avenues within registry
mai1zhi2/SharpBeacon - CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
mobdk/Upsilon - Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
FortyNorthSecurity/EDD - Enumerate Domain Data
chvancooten/OSEP-Code-Snippets - A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
w1u0u1/smb2os - Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
iomoath/SharpStrike - A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
gellin/bantam - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
cube0x0/MiniDump - C# Lsass parser
uknowsec/SharpCryptPermute - Crypt/Decrypt Proxyshell Payload
PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, install
nettitude/SharpSocks - Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
med0x2e/SigFlip - SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
CCob/BeaconEye - Hunts out CobaltStrike beacons and logs operator command output
GhostPack/ForgeCert - "Golden" certificates
GhostPack/Certify - Active Directory certificate abuse.
Flangvik/DeployPrinterNightmare - C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
GhostPack/SharpWMI - SharpWMI is a C# implementation of various WMI functionality.
Flangvik/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
bats3c/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
med0x2e/GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
zcgonvh/EfsPotato - Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
tuian/subTee-gits-backups - subTee gists code backups
Inf0secRabbit/BadAssMacros - BadAssMacros - C# based automated Malicous Macro Generator.
cube0x0/CVE-2021-36934 - C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM
GhostPack/Rubeus - Trying to tame the three-headed dog.
FortyNorthSecurity/CIMplant - C# port of WMImplant which uses either CIM or WMI to query remote systems
aniqfakhrul/Sharperner - Simple executable generator with encrypted shellcode.
qwqdanchun/DcRat - A simple remote tool in C#.
dotnet/roslyn - The Roslyn .NET compiler provides C# and Visual Basic languages with rich code analysis APIs.
connormcgarr/LittleCorporal - LittleCorporal: A C# Automated Maldoc Generator
CuteLeon/LogFactory - 企业日志分析工具
OG-Sadpanda/SharpSword - Read the contents of DOCX files using Cobalt Strike's Execute-Assembly
klezVirus/CheeseTools - Self-developed tools for Lateral Movement/Code Execution
OG-Sadpanda/SharpExcelibur - Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly
AnErrupTion/LoGiC.NET - A more advanced free and open .NET obfuscator using dnlib.
Mr-Un1k0d3r/ADHuntTool - official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
MythicAgents/Apollo - A .NET Framework 4.0 Windows Agent
Yaxser/SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
Kara-4search/DInvoke_shellcodeload_CSharp - ShellCodeLoader via DInvoke
Flangvik/SharpProxyLogon - C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
dahall/Vanara - A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
LimerBoy/FireFox-Thief - :fox_face: Decrypt gecko based browsers passwords, cookies, history, bookmarks.
gourk/FirePwd.Net - Password reader for Mozilla Firefox and Thunderbird
BinaryScary/NET-Obfuscate - Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI
sourceincite/CVE-2021-24085 -
cube0x0/CVE-2021-1675 - C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
DamonMohammadbagher/FSWatch - File System Watcher via C# (Monitoring File Activity , Create/Delete/Change/Rename events + some Activity like Size/Attribute/Security Changes & LastAccess, LastWrite etc...)
nettitude/RunPE - C# Reflective loader for unmanaged binaries.
GhostPack/SharpDump - SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
IlanKalendarov/SharpHook - SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
improsec/ImproHound - Identify the attack paths in BloodHound breaking your AD tiering
GetRektBoy724/SharpUnhooker - C# Based Universal API Unhooker
rasta-mouse/AsyncSockets - Example of async client/server sockets in .NET 5
d3adzo/shepard - In progress persistent download/upload/execution tool using Windows BITS.
enkomio/ManagedInjector - A C# DLL injection library
lithnet/ad-password-protection - Active Directory password filter featuring breached password checking and custom complexity rules
dionach/NtdsAudit - An Active Directory audit utility
AaronRobinsonMSFT/COMInterop - Example on how to consume a COM server from a .NET client and a .NET server from a COM client. Examples are for both using the Registry and for RegFree.
S3cur3Th1sSh1t/SyscallAmsiScanBufferBypass - AmsiScanBufferBypass using D/Invoke
mitchmoser/SharpShares - Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
Dliv3/DomainBorrowing - Domain Borrowing PoC
Cerbersec/DomainBorrowingC2 -
marius-rothenbuecher/PentestBro - Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes f
jfmaes/SharpNukeEventLog - nuke that event log using some epic dinvoke fu
RowTeam/SharpNTLMSSPExtract - 利用 NTLMSSP 探测 Windows 信息
xpnas/inotify - 一个简易消息通知系统，支持企业微信、电报机器人、邮件推送、内置BARK推送、钉钉群机器人、飞书群机器人，类似Server酱，支持私有Docker部署
cyberark/Evasor - A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
S3cur3Th1sSh1t/SharpNamedPipePTH - Pass the Hash to a named pipe for token Impersonation
Ben0xA/DoUCMe -
juliourena/SharpNoPSExec - Get file less command execution for lateral movement.
TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk.
Hzllaga/JsLoader - js免杀shellcode，绕过杀毒添加自启
mgeeky/SharpWebServer - Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
uknowsec/SharpOSS - Quickly upload files to aliyun OSS by aliyun-oss-csharp-sdk
checkymander/Sharp-SMBExec - SMBExec C# module
DebugST/STPortScanner - [端口扫描器] 采用.NET开发的端口扫描器支持端口协议探测内置多种类型扫描器 TCP/UDP/SYN/SMB/ICMP 等采用IOCP模型开发性能表现不错可视为轻量级NMAP
dahall/TaskScheduler - Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.
FSecureLABS/SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by th
S3cur3Th1sSh1t/Sharp-HackBrowserData - C# binary with embeded golang hack-browser-data
w1u0u1/exec - Use current thread token to execute command
Hzllaga/RDODecrypt - Remote Desktop Organizer 密码破解
ChoiSG/UuidShellcodeExec - PoC for UUID shellcode execution using DInvoke
airzero24/WMIReg - PoC to interact with local/remote registry hives through WMI
proxysu/ProxySU - Xray,V2ray，Trojan，NaiveProxy, Trojan-Go, ShadowsocksR(SSR),Shadowsocks-libev及相关插件,MTProto+TLS 一键安装工具，windows下用（一键科学上网）
WithSecureLabs/physmem2profit - Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
odedshimon/BruteShark - Network Analysis Tool
calebstewart/bypass-clm - PowerShell Constrained Language Mode Bypass
hausec/MaliciousClickOnceMSBuild - Basic C# Project that will take an MSBuild payload and run it with MSBuild via ClickOnce.
Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
mdsecactivebreach/Farmer -
KINGSABRI/DotNetToJScriptMini - A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
Kevin-Robertson/Sharpmad - C# version of Powermad
swisskyrepo/SharpLAPS - Retrieve LAPS password from LDAP
Flangvik/AzureC2Relay - AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.
FuzzySecurity/Dendrobate - Managed code hooking template.
soufianetahiri/HttpRquestPlayer - This small utility could help you to find authorization bugs.
rvrsh3ll/SharpSMBSpray - Spray a hash via smb to check for local administrator access
BeichenDream/WhetherMysqlSham - 检测目标Mysql数据库是不是蜜罐
An0nySec/ShadowUser - 影子用户克隆
bats3c/EvtMute - Apply a filter to the events being reported by windows event logging
JoniRinta-Kahila/WPCracker - WordPress pentest tool
zcgonvh/CVE-2020-0688 - Exploit and detect tools for CVE-2020-0688
JamesCooteUK/SharpSphere - .NET Project for Attacking vCenter
py7hagoras/CovenantTasks - Source for tasks I have used with Covenant
srini0x00/dvta - Damn Vulnerable Thick Client App developed in C# .NET
uknowsec/SharpSQLTools - SharpSQLTools 和@Rcoil一起写的小工具，可上传下载文件，xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。
Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
b4rtik/SharpKatz - Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
jnqpblc/SharpTask - SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
ReverendThing/Carnivore - Microsoft External Attack Tool
FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
FatRodzianko/SharpBypassUAC - C# tool for UAC bypasses
GoSecure/WSuspicious - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
bitsadmin/nopowershell - PowerShell rebuilt in C# for Red Teaming purposes
wuhan005/Asteroid - 💫 CTF AWD 实时 3D 攻击大屏
rasta-mouse/EWSToolkit - Abusing Exchange via EWS
mubix/solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
zcgonvh/CVE-2020-17144 - weaponized tool for CVE-2020-17144
Airboi/CVE-2020-17144-EXP - Exchange2010 authorized RCE
securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
cube0x0/SharpMapExec -
jas502n/SSCMS_Decrypt - sscms database decrypt
outflanknl/EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
RcoIl/CSharp-Tools - .NET C# Tools
Ch1ngg/SharpGetTitle - SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器
antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
rocksdanister/lively - Free and open-source software that allows users to set animated desktop wallpapers and screensavers powered by WinUI 3.
huiyadanli/RevokeMsgPatcher - :trollface: A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁（我已经看到了，撤回也没用了）
cobbr/SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
med0x2e/NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
NVISOsecurity/DInvisibleRegistry - DInvisibleRegistry
matterpreter/DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
3F/DllExport - .NET DllExport with .NET Core support (aka 3F/DllExport aka DllExport.bat)
TheWover/DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
mandiant/OfficePurge -
hayasec/360SafeBrowsergetpass - 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具，用于节省红队工作量，通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
smartlockpicking/BLE_HackMe - Bluetooth Low Energy hardware-less HackMe
awaescher/Fusion - 🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)
rasta-mouse/ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
xforcered/StandIn - StandIn is a small .NET35/45 AD post-exploitation toolkit
EncodeGroup/AggressiveProxy - Project to enumerate proxy configurations and generate shellcode from CobaltStrike
xiaoxiaoleo/Scan-and-Clean-Macro-Virus - Scan and clean specific Macro Virus, #C Sharp
Mr-Un1k0d3r/RedTeamCSharpScripts - C# Script used for Red Team
TGSAN/CMWTAT_Digital_Edition - CloudMoe Windows 10/11 Activation Toolkit get digital license, the best open source Win 10/11 activator in GitHub. GitHub 上最棒的开源 Win10/Win11 数字权利（数字许可证）激活工具！
wesleydekraker/xamarin-security-scanner - A tool to find security vulnerabilities in Xamarin.Android apps.
dev-2null/KerberosRun - A little tool to play with Kerberos.
ustayready/SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments
tyranid/DotNetToJScript - A tool to create a JScript file which loads a .NET v2 assembly from memory.
EncodeGroup/AggressiveGadgetToJScript - A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
EncodeGroup/Gopher - C# tool to discover low hanging fruits
b4rtik/SharpAdidnsdump - c# implementation of Active Directory Integrated DNS dumping (authenticated user)
mez-0/DecryptRDCManager - .NET 4.0 Remote Desktop Manager Password Gatherer
uknowsec/SharpSQLDump - 内网渗透中快速获取数据库所有库名，表名，列名。具体判断后再去翻数据，节省时间。适用于mysql，mssql。
Apr4h/CobaltStrikeScan - Scan files or process memory for CobaltStrike beacons and parse their configuration
r3nhat/SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation.
CCob/Rubeus - Trying to tame the three-headed dog.
rasta-mouse/Fork-n-Run -
checkymander/Zolom - C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed
r3nhat/GRAT2 - We developed GRAT2 Command & Control (C2) project for learning purpose.
Kudaes/LOLBITS - ** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
vivami/SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords..
mez-0/MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement
passthehashbrowns/SharpBuster - SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and similar tools, when running a similar tool over a SOCKS proxy is
ph09nix/APSoft-Web-Scanner-v2 - Powerful dork searcher and vulnerability scanner for windows platform
G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
chromelyapps/Chromely - Build Cross Platform HTML Desktop Apps on .NET using native GUI, HTML5, JavaScript, CSS, Owin, AspNetCore (MVC, RazorPages, Blazor)
slyd0g/LNKMod - C# project to create or modify existing LNKs
lontivero/Open.NAT - Lightweight and easy-to-use class library to allow port forwarding in NAT devices with UPNP and/or PMP
sf197/GetPwd - 用CSharp写的一款信息搜集工具，目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密
BeichenDream/MysqlT - 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
rasta-mouse/MiscTools - Miscellaneous Tools
mez-0/CSharpWinRM - .NET 4.0 WinRM API Command Execution
RiccardoAncarani/DirSync-Poc - A PoC that uses the DirSync protocol to poll Active Directory for changes
BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
BloodHoundAD/SharpHound2 - The Old BloodHound C# Ingestor (Deprecated)
WayneJLee/CsharpAmsiBypass - C# loader for msfvenom shellcode with AMSI bypass
aduskin/AduSkin - A Beautiful WPF Control UI
TalAloni/SMBLibrary - Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library
rnwood/smtp4dev - smtp4dev - the fake smtp email server for development and testing
3xpl01tc0d3r/ProcessInjection - This program is designed to demonstrate various process injection techniques
Flangvik/SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet
vletoux/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
RythmStick/ProxyPunch - Finding SSL Blindspots for Red Teams
Mr-B0b/SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
jfmaes/GG-AESY - Hide cool stuff in images :)
MrFooL137/WebSocketRemoteControl - Remote Control With WebSocket
checkymander/Carbuncle - Tool for interacting with outlook interop during red team engagements
fullmetalcache/PowerLine -
djhohnstein/SharpSearch - Search files for extensions as well as text within.
crawl3r/FunWithAMSI - A repo to hold any bypasses I work on/study/whatever
Flangvik/SharpDllProxy - Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
jfmaes/TrustJack - Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
Fody/Costura - Embed references as resources
EquiFox/KsDumper - Dumping processes using the power of kernel space !
tomcarver16/ADSearch - A tool to help query AD via the LDAP protocol
bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
mvelazc0/PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
git-ecosystem/git-credential-manager - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
360-Linton-Lab/Telemetry - WINDOWS TELEMETRY权限维持
GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
mdsecactivebreach/sitrep -
jfmaes/Clippi-B -
thiagomayllart/Covenant_Alternate - Covenant is a collaborative .NET C2 framework for red teamers.
Hzllaga/ShellcodeLoader - 将shellcode用rsa加密并动态编译exe，自带几种反沙箱技术。
SpiderLabs/SharpCompile - SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into
dotnet/ILMerge - ILMerge is a static linker for .NET Assemblies.
RedLectroid/SearchOutlook - A C# tool to search through a running instance of Outlook for keywords
Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into me
QAX-A-Team/sharpwmi - sharpwmi是一个基于rpc的横向移动工具，具有上传文件和执行命令功能。
am0nsec/SharpHellsGate - C# Implementation of the Hell's Gate VX Technique
RythmStick/AMSITrigger - The Hunt for Malicious Strings
QAX-A-Team/BrowserGhost - 这是一个抓取浏览器密码的工具，后续会添加更多功能
WingsOfDoom/ICU - quick 'n dirty poc based on PoC windows auth prompt in c# based on https://gist.githubusercontent.com/mayuki/339952/raw/2c36b735bc51861a37194971a5e944f22c94df7c/CredentialUI.cs
dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
ZecOps/CVE-2020-1206-POC - CVE-2020-1206 Uninitialized Kernel Memory Read POC
FuzzySecurity/Sharp-Suite - Also known by Microsoft as Knifecoat :hot_pepper:
malwareinfosec/EKFiddle - Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.
1y0n/AV_Evasion_Tool - 掩日 - 免杀执行器生成工具
reconness/reconness - ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
TheKingOfDuck/MatryoshkaDollTool - MatryoshkaDollTool-程序加壳/捆绑工具
goichot/CVE-2020-3153 - Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal
Tycx2ry/SweetPotato_CS - 修改的SweetPotato，使之可以用于CobaltStrike v4.0
3gstudent/SharpRDPCheck - Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)
Soledge/BlockEtw - .Net Assembly to block ETW telemetry in current process
Viralmaniar/HiveJack - This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM hives and once copied to the atta
CCob/SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
djhohnstein/SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
BeichenDream/BadPotato - Windows 权限提升 BadPotato
infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
cube0x0/SharpeningCobaltStrike - in realtime v35/40 dotnet compiler for your linux Cobalt Strike C2. New fresh compiled and obfuscated binary for each use
pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
uknowsec/SweetPotato - Modifying SweetPotato to support load shellcode and webshell
uknowsec/SharpNetCheck -
cobbr/Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
cobbr/Elite - Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraf
cyberark/zBang - zBang is a risk assessment tool that detects potential privileged account threats
MichaelGrafnetter/DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
rveldhoven/chocoProxy -
mandiant/SilkETW -
gerardog/gsudo - Sudo for Windows
rasta-mouse/Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
gabrielxvx/zh-fiddler - Fiddler Web Debugger 中文版
harleyQu1nn/AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
guillaC/wsManager - Webshell Manager
restran/shellcat - ⚡️ ShellCat is a Reverse Shell Manager
uknowsec/SharpCheckInfo - 收集目标主机信息，包括最近打开文件，系统环境变量和回收站文件等等
Cn33liz/p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
netchx/netch - A simple proxy client
kenvix/USBCopyer - 😉 用于在插上U盘后自动按需复制该U盘的文件。”备份&偷U盘文件的神器”（写作USBCopyer，读作USBCopier）
P1CKLES/SharpBox - SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
Wohlstand/Destroy-Windows-10-Spying - !!!UNMAINTAINED!!! Destroy Windows Spying tool
djhohnstein/EventLogParser - Parse PowerShell and Security event logs for sensitive information.
samk1/IISPowershellModule - IIS Handler for *.ps1 files
AnyListen/YaVipCore - Net Core Music Interface
duplicati/duplicati - Store securely encrypted backups in the cloud!
Kevin-Robertson/Inveigh - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
GangZhuo/kcptun-gui-windows - GUI for kcptun (https://github.com/xtaci/kcptun). (Need .NET framework 4.5)
mo-xiaoxi/CTFtools - 本项目主要搜集一些关于信息安全攻防相关的知识与工具，便于个人的渗透工作。
zgcwkj/TestBaiduPassword - 百度网盘分享文件密码测试器
greenshot/greenshot - Greenshot for Windows - Report bugs & features go here: https://greenshot.atlassian.net or look for information on:
TheM4hd1/JCS - Joomla Vulnerability Component Scanner
xupefei/Locale-Emulator - Yet Another System Region and Language Simulator
YalcinYolalan/WSSAT - WEB SERVICE SECURITY ASSESSMENT TOOL
ShareX/ShareX - ShareX is a free and open source program that lets you capture or record any area of your screen and share it with a single press of a key. It also allows uploading images, text or other types of file
bitbeans/SimpleDnsCrypt - A simple management tool for dnscrypt-proxy
TheM4hd1/PenCrawLer - An Advanced Web Crawler and DirBuster
yingDev/WGestures - Modern mouse gestures for Windows. (C#)
digimezzo/knowte-windows - Note taking
MediaPortal/MediaPortal-2 - Development of MediaPortal 2
Rushyo/VindicateTool - LLMNR/NBNS/mDNS Spoofing Detection Toolkit
RadioWar/NFCGUI - NFCGUI 一个万恶的无聊的Windows图形界面！ GUI for libnfc
microsoft/DbgShell - A PowerShell front-end for the Windows debugger engine.
VahidN/GitHubFolderDownloader - It lets you to download a single folder of a repository without cloning or downloading the whole repository.
hexadezi/adbGUI - Wrapper for Android Debug Bridge (ADB) written in C#
mili-tan/mV2RayConfig -
nccgroup/UPnP-Pentest-Toolkit - UPnP Pentest Toolkit for Windows
KeeTrayTOTP/KeeTrayTOTP - Tray TOTP Plugin for KeePass2.
JanisEst/KeePassQRCodeView - KeePass 2.x plugin which shows QR Codes for entry fields.
securifybv/ShellLink - A .NET Class Library for processing ShellLink (LNK) files
canton7/SyncTrayzor - Windows tray utility / filesystem watcher / launcher for Syncthing
TkYu/ChromeUpdater - :)
oneo-me/Arthas-WPFUI - WPF 控件库，支持 .Net 7.0 Windows Desktop
chenjia404/ChromeAutoUpdate - 一个自动更新chrome的小工具
thoemmi/7Zip4Powershell - Powershell module for creating and extracting 7-Zip archives
p3nt4/PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.
tomrus88/CASCExplorer - CASCExplorer
marx-yu/WopiHost - Office Online Server Wopi Host implement, No need Cobalt. Support DOCX, XLSX, PPTX online editing.
zcgonvh/cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
t3ntman/Social-Engineering-Payloads - Collection of social engineering payloads
Choudai/R10 - Lightweight Ransomware @Choudai
thangchung/awesome-dotnet-core - :honeybee: A collection of awesome .NET core libraries, tools, frameworks and software
nsacyber/Windows-Event-Log-Messages - Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber
DEVSENSE/Phalanger - PHP 5.4 compiler for .NET/Mono frameworks. Predecessor to the opensource PeachPie project (www.peachpie.io).
isukces/cs2php - C# to PHP compiler
zcgonvh/SSMSPwd - SQL Server Management Studio(SSMS) saved password dumper
dxflatline/flatpipes - A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.
Kyrodan/KeeAnywhere - A cloud storage provider plugin for KeePass Password Safe
googleprojectzero/sandbox-attacksurface-analysis-tools - Set of tools to analyze Windows sandboxes for exposed attack surface.
shack2/SuperSQLInjectionV1 - 超级SQL注入工具（SSQLInjection）是一款基于HTTP协议自组包的SQL注入工具,采用C#开发，直接操作TCP会话来进行HTTP交互，支持出现在HTTP协议任意位置的SQL注入，支持各种类型的SQL注入，支持HTTPS模式注入；支持以盲注、错误显示、Union注入等方式来获取数据；支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite
sacwtv/Altman - the cross platform webshell tool in .NET
keepwn/Altman - the cross platform webshell tool in .NET
LazoCoder/Windows-Hacks - Creative and unusual things that can be done with the Windows API.
gaochundong/Cowboy - Cowboy.Sockets is a C# library for building sockets based services.
magicdict/MongoCola - A MongoDB Administration Tool

C++

0x727/UserRegEnum_0x727 - 域内普通域用户权限查找域内所有计算机上登录的用户
bestspear/Realproxy - Fake proxy tool
0xHossam/Killer - Is a tool created to evade AVs and EDRs or security tools.
fgfxf/HttpStageDownloader - cobaltstrike的http分阶段下载器 cpp版本;cobaltstrike stage downloader;
TaoistBrickscarrier/WFPKit - 粗暴地枚举管理内核的WFP对象。 Manage kernel WFPs in a brutal way.
matthieu-hackwitharts/Win32_Offensive_Cheatsheet - Win32 and Kernel abusing techniques for pentesters
ZeroMemoryEx/Amsi-Killer - Lifetime AMSI bypass
stealth/fraud-bridge - ICMP and DNS tunneling via IPv4 and IPv6
Ascotbe/virus - 病毒&免杀脚本&乱七八糟的脚本
deamwork/WinMTR - WinMTR Redux, extended fork of Appnor's WinMTR with IPv6 support and other enhancements
capt-meelo/laZzzy - laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
seventeenman/CallBackDump - dump lsass进程工具
0xJs/RedTeaming_CheatSheet - Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
ADOOO/Joker - 一款基于Http.sys的利用工具
zha0gongz1/iscsicpl_bypassUAC - UAC bypass for x64 Windows 7 - 11（无弹窗版）
antonioCoco/JuicyPotatoNG - Another Windows Local Privilege Escalation from Service Account to System
Tatsu-syo/noMeiryoUI - No!! MeiryoUI is Windows system font setting tool on Windows 8.1/10/11.
ReversingID/Shellcode-Loader - Open repository for learning dynamic shellcode loading (sample in many programming languages)
NtQuerySystemInformation/NlsCodeInjectionThroughRegistry - Dll injection through code page id modification in registry. Based on jonas lykk research
wanttobeno/AntiDebuggers - 30种方法检测程序是否被调试
hasherezade/process_overwriting - Yet another variant of Process Hollowing
yanghaoi/LaunchSystemCmd - 在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。
lab52io/LeakedHandlesFinder - Leaked Windows processes handles identification tool
TUGOhost/anti_Android - Is a protect Android App anti any attacks and environments.
3nock/sub3suite - a free, open source, cross platform Intelligence gathering tool.
webraybtl/CVE-2022-25943 - CVE-2022-25943
ZeroMemoryEx/U-Boat - Russia Wipers Dropper (educational-purposes )
trailofbits/maat - Open-source symbolic execution framework: https://maat.re
VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution - This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)
qiang/Riru-ModuleFridaGadget - 一个magisk 的模块，简化版，依赖 riru，能够简单的hook，并且加载动态库，目前用来加载 frida 的gadget 库，从而使hook脱离命令行和server，并且能够在多进程中加载
FULLSHADE/Auto-Elevate - Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
midisec/BypassAnti-Virus - 免杀姿势学习、记录、复现。
44670/p7zip-wasm -
LuxNoBulIshit/Smug_Fu3k -
thiagoralves/OpenPLC_v3 - OpenPLC Runtime version 3
zeek/zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
blackbox114/Captive_Portal_Gofishing - level:Copper 连接上就会强制弹出钓鱼页面的热点
NtQuerySystemInformation/CustomKeyboardLayoutPersistence - Achieve execution using a custom keyboard layout
Fortiphyd/GRFICSv2 - Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)
djformby/GRFICS - Graphical Realism Framework for Industrial Control Simulations
riverar/mach2 - Windows Feature Control Multi-tool
nielsolie/ICSUnitSim - Simulation of Industrial process unit on ESP32 board with ModbusTCP interface
RedSection/printjacker - Hijack Printconfig.dll to execute shellcode
thesecretclub/ArbitraryDirectoryDeletion - From directory deletion to SYSTEM shell
KaLendsi/CVE-2022-21882 - win32k LPE
notdodo/adduser-dll - Simple DLL that add a user to the local Administrators group
cmu-sei/pharos - Automated static analysis tools for binary programs
ytk2128/dll-merger - Merging DLLs with a PE32 EXE without LoadLibrary
pwn1sher/KillDefender - A small POC to make defender useless by removing its token privileges and lowering the token integrity
lcatro/Source-and-Fuzzing - 一些阅读源码和Fuzzing 的经验,涵盖黑盒与白盒测试..
APTortellini/DefenderSwitch - Stop Windows Defender using the Win32 API
hlldz/RefleXXion - RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCrea
StarCrossPortal/bug-hunting-101 -
xbyl1234/android_analysis - a few android analysis tools, jni trace by native hook, libc hook, write log with caller's addr in file or AndroidLog
y35uishere/Antivirus_R3_bypass_demo - 分别用R3的0day与R0的0day来干掉杀毒软件
crisprss/BypassUserAdd - 通过反射DLL注入、Win API、C#、以及底层实现NetUserAdd方式实现BypassAV进行增加用户的功能,实现Cobalt Strike插件化
Rvn0xsy/PDacl - Play Doh Windows ACL Tools
FULLSHADE/Jektor - A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses
theSecHunter/Hades-Windows - Hades HIDS/HIPS for Windows
NyaMisty/fouldecrypt - A lightweight and simpling iOS binary decryptor
Ghost2097221/selfMimikatz - 自不量力的mimikatz分离计划
abcz316/SKRoot-linuxKernelRoot - 新一代SKRoot，挑战全网root检测手段，跟面具完全不同思路，摆脱面具被检测的弱点，完美隐藏root功能，全程不需要暂停SELinux，实现真正的SELinux 0%触碰，通用性强，通杀所有内核，不需要内核源码，直接patch内核，兼容安卓APP直接JNI调用，稳定、流畅、不闪退。
NtRaiseHardError/Antimalware-Research - Research on Anti-malware and other related security solutions
S3cur3Th1sSh1t/MultiPotato -
hugsy/CFB - Canadian Furious Beaver is a tool for monitoring IRP handler in Windows drivers, and facilitating the process of analyzing, replaying and fuzzing Windows drivers for vulnerabilities
echo-devim/fhex - A Full-Featured HexEditor compatible with Linux/Windows/MacOS
r-richter/hyenae-ng - Hyenae NG is an advanced cross-platform network packet generator and the successor of Hyenae. It features full network layer spoofing, pattern based address randomization and flood detection breaking
kindtime/nosferatu - Windows NTLM Authentication Backdoor
lab52io/StopDefender - Stop Windows Defender programmatically
lab52io/StealAllTokens - This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
CCob/lsarelayx - NTLM relaying for Windows made easy
BlueMatthew/WechatExporter - Wechat Chat History Exporter 微信聊天记录导出备份程序
wecooperate/iMonitorSDK - 系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）
qtfreet00/AntiFrida - 通过内存特征检测frida
mgeeky/ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
ideaslocas/aDLL -
TonyChen56/160-Crackme - 对160个Crackme的详细分析记录
ly4k/CallbackHell - Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
networkit/networkit - NetworKit is a growing open-source toolkit for large-scale network analysis.
thewhiteninja/ntfstool - Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
magnusstubman/MagnusKatz - Research project for understanding how Mimikatz work and become better at C
EspressoCake/Firewall_Walker_BOF - A BOF to interact with COM objects associated with the Windows software firewall.
mgeeky/ShellcodeFluctuation - An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
aristocratos/btop - A monitor of resources
waleedassar/SyscallNumberFinder -
hotnops/RemoteDebugView - A DLL that serves OutputDebugString content over a TCP connection
APTortellini/unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
mez-0/winrmdll - C++ WinRM API via Reflective DLL
airbus-cert/Yagi - Yet Another Ghidra Integration for IDA
NoOne-hub/bypass-BeaconEye - bypass BeaconEye
0x727/CloneX_0x727 - 进行克隆用户、添加用户等账户防护安全检测的轻巧工具
danzajork/evasion - Windows packer
evilashz/RemoteMemorymodule - Load the evilDLL from socket connection without touch disk
geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
manyfacedllama/amsi-tracer - Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
kavika13/RemCom - Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)
x64dbg/ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
last-byte/unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
ivan-sincek/keylogger - Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
EvanMcBroom/microsocks11 - A cross-platform SOCKS5 library and server based on the microsocks project.
rr-debugger/rr - Record and Replay Framework
zer0fl4g/DebugDetector -
ZLMediaKit/ZLMediaKit - WebRTC/RTSP/RTMP/HTTP/HLS/HTTP-FLV/WebSocket-FLV/HTTP-TS/HTTP-fMP4/WebSocket-TS/WebSocket-fMP4/GB28181/SRT server and client framework based on C++11
0x727/ShuiYing_0x727 - 检测域环境内，域机器的本地管理组成员是否存在弱口令和通用口令，对域用户的权限分配以及域内委派查询
jacob-baines/concealed_position - Bring your own print driver privilege escalation tool
aaaddress1/Windows-APT-Warfare - 著作《Windows APT Warfare：惡意程式前線戰術指南》各章節技術實作之原始碼內容
0x727/SqlKnife_0x727 - 适合在命令行中使用的轻巧的SQL Server数据库安全检测工具
GJDuck/e9patch - A powerful static binary rewriting tool
tpoechtrager/osxcross - Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android (Termux)
JohnnyZhouX/Intranet-Hacking - 内网渗透相关总结
olliencc/WindowsPatchDetector - Experimental: Windows .text section compare - disk versus memory
citp/BlockSci - A high-performance tool for blockchain science and exploration
huoji120/CobaltStrikeDetected - 40行代码检测到大部分CobaltStrike的shellcode
Cr4sh/KernelForge - A library to develop kernel level Windows payloads for post HVCI era
hasherezade/pin_n_sieve - An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
zodiacon/TotalRegistry - Total Registry - enhanced Registry editor/viewer
mandiant/flare-wmi -
AzAgarampur/byeintegrity-uac - Bypass UAC by hijacking a DLL located in the Native Image Cache
rajiv2790/FalconEye -
BSI-Bund/RdpCacheStitcher - RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
GossiTheDog/HiveNightmare - Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
google/lyra - A Very Low-Bitrate Codec for Speech Compression
k-k-k-k-k/CVE-2021-1732 - CVE-2021-1732 Microsoft Windows 10 本地提权漏研究及Poc/Exploit开发
GoSSIP-SJTU/Armariris - 孤挺花（Armariris） -- 由上海交通大学密码与计算机安全实验室维护的LLVM混淆框架
HackerDev-Felix/WechatDecrypt - 微信消息解密工具
wh201906/Proxmark3GUI - A cross-platform GUI for Proxmark3 client | 为PM3设计的跨平台图形界面
kkent030315/PageTableInjection - Code Injection, Inject malicious payload via pagetables pml4.
S1ckB0y1337/TokenPlayer - Manipulating and Abusing Windows Access Tokens.
sogou/workflow - C++ Parallel Computing and Asynchronous Networking Engine
uknowsec/JuicyPotato - Modifying JuicyPotato to support load shellcode and webshell
CodingGay/BlackDex - BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in sever
KongKong20/WeChatPCHook - 微信电脑机器人入门教程基于HOOK
uknowsec/CreateService - 创建服务持久化
Barbarisch/forkatz - credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
netbiosX/AMSI-Provider - A fake AMSI Provider which can be used for persistence.
AzAgarampur/byeintegrity5-uac - Bypass UAC at any level by abusing the Task Scheduler and environment variables
Paulo-D2000/ShellCodeObfuscator - Simple shellcode obfuscator using PYTHON and C / C++
dr0op/CrossNet-Beta - 红队行动中利用白利用、免杀、自动判断网络环境生成钓鱼可执行文件。
chroblert/JCTokenUtil - Windows访问令牌查看及利用工具
Cr4sh/MicroBackdoor - Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]
xuanxuan0/DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC)
vusec/collabfuzz - CollabFuzz: A Framework for Collaborative Fuzzing
FeJQ/AUPK -
jozemberi/PE-Crypter - Simple runtime crypter in C/C++.
klecko/kvm-fuzz - PoC of fuzzing closed-source userspace binaries with KVM
jxy-s/herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
L3cr0f/DccwBypassUAC - Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
RedCursorSecurityConsulting/PPLKiller - Tool to bypass LSA Protection (aka Protected Process Light)
h4ms1k/samdump -
BlackINT3/OpenArk - OpenArk is an open source anti-rookit(ARK) tool for Windows.
0xZ0F/Z0FCourse_ReverseEngineering - Reverse engineering focusing on x64 Windows.
UndefinedIdentifier/LCX - 自修改免杀lcx端口转发工具
notify-bibi/ScyllaHide-IDA7.5 - ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool
aahmad097/AlternativeShellcodeExec - Alternative Shellcode Execution Via Callbacks
hasherezade/bearparser - Portable Executable parsing library (from PE-bear)
kdrag0n/safetynet-fix - Google SafetyNet attestation workarounds for Magisk
purerosefallen/ygopro - KoishiPro
deepinstinct/LsassSilentProcessExit - Command line interface to dump LSASS memory to disk via SilentProcessExit
ChaitanyaHaritash/Callback_Shellcode_Injection - POCs for Shellcode Injection via Callbacks
huoji120/DuckMemoryScan - 检测绝大部分所谓的内存免杀马
ajayrandhawa/Keylogger - Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continue
TimelifeCzy/kHypervisorBasic - VT Hook
WormChickenWizard/hikvision-decrypter - A simple cross platform program written in C++ used for decrypting the configuration files created by Hikvision Security Cameras. Successor to my hikvision-xor-decrypter
codingo/dooked - DNS and Target HTTP History Local Storage and Search
itm4n/Perfusion - Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
stealth/psc - E2E encryption for multi-hop tty sessions or portshells + TCP/UDP port forward
fastogt/fastonosql - FastoNoSQL is a crossplatform Redis, Memcached, SSDB, LevelDB, RocksDB, UnQLite, LMDB, ForestDB, Pika, Dynomite, KeyDB GUI management tool.
WerWolv/ImHex - 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
OmerYa/Invisi-Shell - Hide your Powershell script in plain sight. Bypass all Powershell security features
ioncodes/CVE-2020-16938 - Bypassing NTFS permissions to read any files as unprivileged user.
DockDroid/openvmi - 鹏城实验室与北弓联合开发的VMI开源版本
0xnobody/vmpdump - A dynamic VMP dumper and import fixer, powered by VTIL.
bats3c/ChromeTools - A collection of tools to abuse chrome browser
Rvn0xsy/Cooolis-ms - Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
0x09AL/RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking.
lcatro/vuln_javascript - 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode (a JavaScript Execute Envirment which study browser vuln and how to write Shellcode ) ..
ggerganov/kbd-audio - 🎤⌨️ Acoustic keyboard eavesdropping
scanfsec/AggressorCNA - Cobalt Strike Aggressor Scripts
googleprojectzero/Jackalope - Binary, coverage-guided fuzzer for Windows and macOS
yazhiwang/ollvm-tll - Ollvm+Armariris+LLVM 6.0.0
m-y-mo/android_nfc_fuzzer -
Alamot/code-snippets - Various code snippets
miek/inspectrum - Radio signal analyser
NytroRST/ShellcodeCompiler - Shellcode Compiler
knownsec/shellcodeloader - shellcodeloader
WithSecureLabs/C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
cbwang505/CVE-2020-1066-EXP - CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统
google/CTAP2-test-tool - Test tool for CTAP2 authenticators
yardenshafir/CVE-2020-1034 - PoC demonstrating the use of cve-2020-1034 for privilege escalation
PetoiCamp/OpenCat-Old - A programmable and highly maneuverable robotic cat for STEM education and AI-enhanced services.
k-fire/shellcode-to-dll - shellcode 异或加密并生成dll
solemnwarning/rehex - Reverse Engineers' Hex Editor
sensepost/rattler - Automated DLL Enumerator
mohuihui/DingTalk_Assistant - 钉钉助手，主要功能包括：聊天消息防撤回、程序多开、屏蔽频繁升级等。
horsicq/XAPKDetector - APK/DEX detector for Windows, Linux and MacOS.
crossroadsfpga/pigasus - 100Gbps Intrusion Detection and Prevention System
CheckPointSW/showstopper - ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
ION28/BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
anhkgg/SuperDllHijack - SuperDllHijack：A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术，不再需要手工导出Dll的函数接口了
gitjdm/dumper2020 - Yet another LSASS dumper
itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
tobimensch/aqemu - Official AQEMU repository - a GUI for virtual machines using QEMU as the backend
upx/upx - UPX - the Ultimate Packer for eXecutables
vaibhavpandeyvpz/apkstudio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
am0nsec/wspe - Windows System Programming Experiments
zodiacon/ProcMonXv2 - Process Monitor X v2
Neo23x0/Raccine - A Simple Ransomware Vaccine
siemens/fluffi - FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A distributed evolutionary binary fuzzer for pentesters
binarly-io/efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation
mubix/netview - Netview enumerates systems using WinAPI calls
klzgrad/naiveproxy - Make a fortune quietly
facebook/hermes - A JavaScript engine optimized for running React Native.
cyberark/DLLSpy - DLL Hijacking Detection Tool
mmozeiko/aes-finder - Utility to find AES keys in running processes
Almamu/linux-wallpaperengine - Wallpaper Engine backgrounds for Linux!
HexHive/FuZZan - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
illera88/Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
TheWover/Manager - Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
crvvdev/MasterHide - A x64 Windows Rootkit using SSDT or Hypervisor hook
iPower/KasperskyHook - Hook system calls on Windows by using Kaspersky's hypervisor
Soulghost/iblessing - iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and
hhlxf/USO_Info_Leak - two heap address leak bugs in usosvc service
0xnobody/vmpattack - A VMP to VTIL lifter.
Cc28256/CcRemote - 这是一个基于gh0st远程控制的项目，使自己更深入了解远控的原理，采用VS2017，默认分支hijack还在修改不能执行，master分支的项目可以正常的运行的，你可以切换到该分支查看可以执行的代码
s1kr10s/Load_DLL -
can1357/NoVmp - A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
baidu/openrasp - 🔥Open source RASP solution
br-sn/CheekyBlinder - Enumerating and removing kernel callbacks using signed vulnerable drivers
D4stiny/spectre - A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
snorez/srcinv - source code audit tool
irsl/CVE-2020-1313 - Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
k0keoyo/my_vulnerabilities -
hlldz/dazzleUP - A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
DimopoulosElias/Primitives -
frida/cryptoshark - Self-optimizing cross-platform code tracer based on dynamic recompilation
yeyiqun/FUPK3-hook_kill - 本分支解决部分爱加密加固应用无法脱壳成功的问题。演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3
uknowsec/OXID_Find - OXID_Find by C++（多线程）通过OXID解析器获取Windows远程主机上网卡地址
Q4n/CVE-2020-1362 - writeup of CVE-2020-1362
collin80/SavvyCAN - QT based cross platform canbus tool
agauniyal/rang - A Minimal, Header only Modern c++ library for terminal goodies 💄✨
hmoytx/RdpThief_tools - 窃取mstsc中的用户明文凭据
alphaSeclab/anti-debug -
alphaSeclab/bypass-uac -
snort3/snort3 - Snort++
hasherezade/exe_to_dll - Converts a EXE into DLL
Gyoonus/deoptfuscator - Deobfuscator for Android Application
tindy2013/subconverter - Utility to convert between various subscription format
Rvn0xsy/Cobaltstrike-atexec - 使得Cobaltstrike支持Atexec
tklab-tud/BSF - Botnet Simulation Framework
itm4n/UsoDllLoader - Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
KDE/latte-dock - Replacement dock for Plasma desktops, providing an elegant and intuitive experience for your tasks and plasmoids
ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
hasherezade/tag_converter -
hasherezade/tiny_tracer - A Pin Tool for tracing API calls etc
ksnip/ksnip - ksnip the cross-platform screenshot and annotation tool
horsicq/XPEViewer - PE file viewer/editor for Windows, Linux and MacOS.
A2kaid/Get-WeChat-DB - 获取目标机器的微信数据库和密钥，但是有很多bug需要解决，需要继续完善
b4rtik/metasploit-execute-assembly - Custom Metasploit post module to executing a .NET Assembly from Meterpreter session
itm4n/BitsArbitraryFileMove - Microsoft Windows BITS Arbitrary File Move Local Privilege Escalation
ZanderChang/anti-sandbox - Windows对抗沙箱和虚拟机的方法总结
cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION - Support ALL Windows Version
JelinYao/HttpInterface - Windows上C++封装的HTTP库，包含三种实现模式（WinInet、WinHttp、socket）
LDrakura/DLLhijack-ShellcodeLoader - DLLhijack winmm.dll
idiotc4t/ReflectiveBase64DLL - This is a project to receive Base64 data and decode it in process
idiotc4t/Mapping-injection - NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection
idiotc4t/GetSystemEarlyBird - 这是一个直接取得系统权限的项目
HexHive/FuzzGen -
jafarlihi/serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
ameenmaali/urldedupe - Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
anbox/anbox - Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system
antonioCoco/RogueWinRM - Windows Local Privilege Escalation from Service Account to System
jafarlihi/revp - Reverse HTTP proxy that works on Linux, Windows, and macOS. Made with C++ and Boost.
sailay1996/WerTrigger - Weaponizing for privileged file writes bugs with windows problem reporting
SerenityOS/serenity - The Serenity Operating System 🐞
ivan-sincek/invoker - Penetration testing utility and antivirus assessment tool.
ylcangel/crack_dexhelper - 梆梆企业加固详细逆向分析过程，包含两种对该加固的脱壳机（直接解密classes0.jar和基于frida hook）
Bareflank/MicroV - A micro hypervisor for running micro VMs
Qv2ray/Qv2ray - :star: Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 :star:
earthquake/Socks5Server - Windows C/C++ Socks5 Server
nccgroup/SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
SongFGH/USTC-CS-Courses-Resource - :heart:中国科学技术大学计算机学院课程资源(https://mbinary.xyz/ustc-cs/)
DayBreak-u/chineseocr_lite - 超轻量级中文ocr，支持竖排文字识别, 支持ncnn、mnn、tnn推理 ( dbnet(1.8M) + crnn(2.5M) + anglenet(378KB)) 总模型仅4.7M
F8LEFT/FUPK3 - 演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3
0x09AL/IIS-Raid - A native backdoor module for Microsoft IIS (Internet Information Services)
dothook/FunnyMeterpreter - 与反病毒软件老大哥们的打闹日常
trojan-gfw/trojan - An unidentifiable mechanism that helps you bypass GFW.
huoji120/Antivirus_R3_bypass_demo - 分别用R3的0day与R0的0day来干掉杀毒软件
lengjibo/NetUser - 使用windows api添加用户，可用于net无法使用时.分为nim版，c++版本，RDI版，BOF版。
panda-re/lava - LAVA: Large-scale Automated Vulnerability Addition
outflanknl/Spray-AD - A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
tstack/lnav - Log file navigator
horsicq/x64dbg-Plugin-Manager - Plugin manager for x64dbg
horsicq/XOpcodeCalc - Opcode calculator / ASM calculator
ffffffff0x/1earn - 暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
binspector/binspector - A binary format analysis tool
JaanusKaapPublic/HyperViper - Toolkit for Hyper-V security research
rizinorg/cutter - Free and Open Source Reverse Engineering Platform powered by rizin
decaf-project/Droidscope - A dynamic analysis platform for Android
zmeadows/lldbg - A lightweight native GUI for LLDB.
facebookarchive/ds2 - Debug server for lldb.
gdbinit/ExtractMacho2 - IDA plugin to extract Mach-O binaries located in the disassembly or data
jmpews/DobbyDrill - hook MachO file based on Dobby (NOT DONE)
codilime/veles - Binary data analysis and visualization tool
WrBug/dumpDex - 💯一款Android脱壳工具，需要xposed支持, 易开发已集成该项目。
AloneMonkey/iOSREBook - 《iOS应用逆向与安全》随书源码
martinrotter/rssguard - Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
xorrior/raven - CobaltStrike External C2 for Websockets
yuanyuanxiang/SimpleRemoter - 基于gh0st的远程控制器：实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能，优化全部代码及整理排版，修复内存泄漏缺陷，程序运行稳定。项目代码仅限于学习和交流用途。
ossrs/srs - SRS is a simple, high efficiency and realtime video server, supports RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH and GB28181.
saulty4ish/Dir_Scan_ByQT5 - qt实现仿御剑风格路径扫描工具，增加延时，代理池Bypass功能，同时支持批量扫描，附带简单whois信息搜集与端口扫描模块，界面更加美观。
HyperSine/SdoKeyCrypt-sys-local-privilege-elevation - CVE-2019-9729. Transferred from https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
deadash/pbb_crack - PBB视频解密
KikoPlayProject/KikoPlay - KikoPlay - NOT ONLY A Full-Featured Danmu Player 不仅仅是全功能弹幕播放器
GodofMonkeys/Arma-III-Chinese-Localization-Enhanced - 武裝行動3(Arma 3)官方中文潤飾、加強、在地化翻譯模組。
zhongyang219/TrafficMonitor - 这是一个用于显示当前网速、CPU及内存利用率的桌面悬浮窗软件，并支持任务栏显示，支持更换皮肤。
TranslucentTB/TranslucentTB - A lightweight utility that makes the Windows taskbar translucent/transparent.
snowie2000/mactype - Better font rendering for Windows.
klesh/fu - fu stands for File to URL, a utility design to help you upload images/files and produce Markdown/HTML snippets with couple of clicks.
xdnice/PCShare - PCShare是一款强大的远程控制软件，可以监视目标机器屏幕、注册表、文件系统等。
dekuan/VwFirewall - 微盾®VirtualWall®防火墙整套源代码
gqrx-sdr/gqrx - Software defined radio receiver powered by GNU Radio and Qt.
gnuradio/gnuradio - GNU Radio – the Free and Open Software Radio Ecosystem
zcgonvh/MS16-032 - MS16-032(CVE-2016-0099) for SERVICE ONLY
kanryu/quickviewer - A image/comic viewer application for Windows, Mac and Linux, it can show images very fast
Chuyu-Team/MINT - Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
oyyd/nysocks - Nysocks binds kcp and libuv to provide an aggressive tcp tunnel in nodejs.
vnotex/vnote - A pleasant note-taking platform.
guoming0000/BatchRunTrayTool - A tray tool under windows to open any file by system default or any executable program.
rexdf/CommandTrayHost - A command line program monitor systray for Windows
Gregwar/fatcat - FAT filesystems explore, extract, repair, and forensic tool
0x09AL/DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
wangyu-/tinyfecVPN - A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
wangyu-/UDPspeeder - A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction, possible for All Traffics(TCP/UDP/ICMP)
cbayet/Exploit-CVE-2017-6008 - Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.
apache/incubator-pagespeed-ngx - Automatic PageSpeed optimization module for Nginx
rakshasa/rtorrent - rTorrent BitTorrent client
qwinff/qwinff - A Qt4/5 GUI Frontend for FFmpeg
simsong/tcpflow - TCP/IP packet demultiplexer. Download from:
NotGlop/SysExec - [Windows] Local Privilege Escalation - WebClient
hatRiot/token-priv - Token Privilege Research
XhmikosR/notepad2-mod - LOOKING FOR DEVELOPERS - Notepad2-mod, a Notepad2 fork, a fast and light-weight Notepad-like text editor with syntax highlighting
wangyu-/udp2raw - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
securesocketfunneling/ssf - Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
pipesocks/pipesocks - A pipe-like SOCKS5 tunnel system.
vah13/extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
miguelfreitas/twister-core - twister core / daemon
wbenny/mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
jks-prv/Beagle_SDR_GPS - KiwiSDR: BeagleBone web-accessible shortwave receiver and software-defined GPS
PurpleI2P/i2pd - 🛡 I2P: End-to-End encrypted and anonymous Internet
samizzo/hexed - Windows console-based hex editor
pavel-odintsov/fastnetmon - FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
gatieme/CodingInterviews - 剑指Offer——名企面试官精讲典型编程题
oguzhaninan/Stacer - Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web
sam-b/HackSysDriverExploits -
psi-im/psi - XMPP client
rime/librime - Rime Input Method Engine, the core library
bee13oy/AV_Kernel_Vulns - Pocs for Antivirus Software‘s Kernel Vulnerabilities
nladuo/captcha-break - captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.
3gstudent/From-System-authority-to-Medium-authority - Penetration test
SpiderLabs/ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming langu
secrary/InjectProc - InjectProc - Process Injection Techniques [This project is not maintained anymore]
JLospinoso/gargoyle - A memory scanning evasion technique
ladislav-zezula/CascLib - An open-source implementation of library for reading CASC storages from Blizzard games since 2014
homenc/HElib - HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations
aguinet/wannakey - Wannacry in-memory key recovery
KernelMaker/rocksutil - A c++ develop toolkit
google/security-research-pocs - Proof-of-concept codes created as part of security research done by Google Security Team.
Dor1s/libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
whdlgp/ARMv6m_Simulator - Simple Simulator of ARMv6m instructions
hidviz/hidviz - A tool for in-depth analysis of USB HID devices communication
x64dbg/x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
steven-michaud/HookCase - Tool for reverse engineering macOS/OS X
ele7enxxh/poc-exp - poc or exp of android vulnerability
jackullrich/ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
msuiche/OPCDE - OPCDE Cybersecurity Conference Materials
richkmeli/Richkware - Framework for building Windows malware, written in C++
lcatro/network_backdoor_scanner - This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
secrary/InfectPE - InfectPE - Inject custom code into PE file [This project is not maintained anymore]
lcatro/SISE_Traning_CTF_RE - SNST Traning RE Project .华软网络安全小组逆向工程训练营,尝试以CTF 的形式来使大家可以动手训练快速提升自己的逆向工程水平.CTF 的训练程序又浅到深,没有使用太复杂的算法,在逆向的过程中遇到的难关都是在分析病毒和破解中遇到的实际情况,注重于实用.训练营还包含有源代码文件,训练程序和思路.希望可以帮助小伙伴们入门逆向工程这个神奇的世界..
microsoft/CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit
StevenHickson/PiAUISuite - Raspberry PI AUI Suite
hteso/iaito - This project has been moved to:
DimitriFourny/koalaOS - x86 Microkernel
silverf0x/RpcView - RpcView is a free tool to explore and decompile Microsoft RPC interfaces
cinience/RedisStudio - RedisStudio Redis GUI client(tool) for windows
yanyiwu/simhash - 中文文档simhash值计算

CMake

TheLartians/ModernCppStarter - 🚀 Kick-start your C++! A template for modern C++ projects using CMake, CI, code coverage, clang-format, reproducible dependency management and much more.
pothosware/PothosSDR - Pothos SDR windows development environment

CSS

subframe7536/obsidian-theme-maple - Maple —— an obsidian theme for desktop with grace animation and awesome components
LinWin-Cloud/setool-master - SetoolMaster是一款让你入门即入狱的python3开发的进阶型社会工程学工具。包括了全球定位、Ngrok内网穿透、Seeker高精度定位、网页钓鱼、病毒攻击、恐吓勒索信、爬虫、网站克隆、物联网设备搜索等，同时拥有中文支持，内置大量钓鱼模板，设计用于组织级别红队渗透测试，用于团队组织设备型协同，经过非常多的实战演练，效果出众，远超同行产品
paulbricman/dual-obsidian-client - A skilled virtual assistant for Obsidian.
twotreesus/V2RayPi - 将树莓派配置为 V2Ray 透明代理旁路由，只需要主路由设置好网关，即可代理主路由器下所有设备透明科学上网，接入网络的终端不需要做任何设置，只需要连入主路由WiFi或有线即可。支持直连\智能分流\全局代理三种模式，并能自动管理订阅和各种高级策略设置，原理参考透明代理(TPROXY) ，TG讨论组:https://t.me/v2raypi
paranoidninja/O365-Doppelganger - A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user
LimberDuck/nessus-cheat-sheet - Nessus Cheat Sheet in HTML, PDF, PNG, ADOC
Escher1108/mailqq - 模拟QQ邮箱登录的钓鱼程序，数据实时发送到手机，能运行html 就可跑，告别PHP等环境
dwisiswant0/nuclei-templates-dir - Nuclei Templates Directory
Yavuzlar/VulnLab -
P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
opensec-cn/conote-community - Conote 综合安全测试平台社区版。
du33169/typora-theme-essay_cn - a theme for Typora(a markdown editor), designed for chinese essay
lbc-team/deep_ethereum - 电子书：以太坊技术与实现
Pithus/bazaar - Android security & privacy analysis for the masses
abhijithb200/investigator - An online handy-recon tool
nccgroup/Solitude - Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating us
admin360bug/PHP - PHP训练靶场
hrqmonteiro/joplin-theme - My Joplin theme files, including userchrome.css and userstyles.css, as well as some markdown templates for my notes.
andrejilderda/joplin-macos-native-theme - Native looking macOS theme for note taking app Joplin
pierce403/nweb - web based nmap scan collection and search
shifa123/clickjackingpoc - A Proof of Concept for Clickjacking Attacks
andev-software/graphql-ide - ⚡️ GraphQL IDE - An extensive IDE for exploring GraphQL API's
m0chan/BugBounty - RepoToStoreBugBountyInfo
Chudry/Xerror - fully automated pentesting tool
marcinguy/CVE-2020-15999 - CVE-2020-15999
mrtc0/container-security-book -
elrumo/macOS_Big_Sur_icons_replacements - Replacement icons for popular apps in the style of macOS Big Sur
EstamelGG/Nessus-EN-2-CN - 将Nessus的英文版报告处理为中文版，能够在网页上预览，并导出为中文版CSV报告。导出的报告格式为“带有BOM的UTF-8编码”，可供测评能手等软件导入。
GoogleInside/Typora-Themes - 全部Typora主题+自定义修改
Aneureka/push-to-kindle - 📘 A web-based tool for pushing documents to your lovely kindle.
zseano/JS-Scan - a .js scanner, built in php. designed to scrape urls and other info
gwen001/bugbountytips - Webapp to search tips on Twitter through #bugbountytips
varchashva/vPrioritizer - vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerabi
mike-goodwin/owasp-threat-dragon-desktop - An installable desktop variant of OWASP Threat Dragon
leonjza/frida-boot - Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
yingshang/banruo -
zsxsoft/my-ctf-challenges - My CTF Challenges
sp4rkw/Reaper - 一款用于src资产信息收集的工具
pythonran/Pcap_tools - 网络流量可配置嗅探，流量包解析，漏洞规则扫描
weev3/LKWA - Lesser Known Web Attack Lab
pratikborsadiya/vali-admin - Free Bootstrap 4 admin/dashboard template
wultra/powerauth-docker - Docker images for PowerAuth 2.0 Software
nowsecure/secure-mobile-development - A Collection of Secure Mobile Development Best Practices
josherich/repo-to-pdf - repository to pdf
varkai/hugo-theme-zozo - :star2: A simple and beautiful theme for Hugo
Area39/Webug4.0-Docker - Docker版本的Webug4.0
theme-nexmoe/hexo-theme-nexmoe - 🔥 A special Hexo theme.
Wei-Xia/most-frequent-technology-english-words - 程序员工作中常见的英语词汇
chokcoco/iCSS - 不止于 CSS
HackerYunen/Django-XSS-Platform -
UndeadSec/SocialFish - Phishing Tool & Information Collector
vinceliuice/Mojave-gtk-theme - Mojave is a macos Mojave like theme for GTK 3, GTK 2 and Gnome-Shell
appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows - Repository for all the workshop content delivered at nullcon X on 1st of March 2019
w-digital-scanner/w12scan - 🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
LiangJunrong/document-library - jsliang 的文档库. 里面包含了个人撰写的所有前端文章，例如 Vue、React,、ECharts、微信小程序、算法、数据结构等……
billryan/hugo-theme-even - 🚀 A super concise theme for Hugo https://blog.olowolo.com/example-site/
ba0gu0/WebRange - 一个Web版的docker管理程序，可以用来运行各种docker漏洞环境和CTF环境。
smartFlash/pySecurity - Python tutorials
SukkaW/hexo-theme-suka - 🎨Modern, powerful and simple theme for Hexo.
muzishanshi/tongleer_for_wordpress - tongleer_for_wordpress是一个Wordpress版本的WeiboForWordPress微博主题，又名TleWeiboForWordPress。
smartping/smartping - 综合性网络质量(PING)检测工具，支持正/反向PING绘图、互PING拓扑绘图与报警、全国PING延迟地图与在线检测工具等功能
w-digital-scanner/w11scan - 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
710leo/ZVulDrill - Web漏洞演练平台
nizarmah/tintedarc - An XFCE custom arc and tint2 auto-themer, voila you have yourself a nice theme
luodaoyi/CloudFlarePartner - CloudFlare partner website with python and flask
vinceliuice/vimix-gtk-themes - Vimix is a flat Material Design theme for GTK 3, GTK 2 and Gnome-Shell etc.
ProgrammingFonts/ProgrammingFonts - This is a collection of programming fonts, just share this with the programmers. Now there are 108 kinds of fantastic fonts!
FunctionClub/V2ray.Fun - 正在开发的全新 V2ray.Fun
hashview/hashview-old - A web front-end for password cracking and analytics
houshanren/hangzhou_house_knowledge - 2017年买房经历总结出来的买房购房知识分享给大家，希望对大家有所帮助。买房不易，且买且珍惜。Sharing the knowledge of buy an own house that according to the experience at hangzhou in 2017 to all the people. It's not easy to buy a own house, so I
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
jbtronics/CrookedStyleSheets - Webpage tracking only using CSS (and no JS)
hltj/kotlin-reference-chinese - Kotlin 官方文档（参考部分）中文版
cheng-kang/wildfire - 🔥From a little spark may burst a flame.
appsecco/dvna - Damn Vulnerable NodeJS Application
programster/Apaxy - A simple, customisable theme for your Apache directory listing.
ronggang/transmission-web-control - 一个 Transmission 浏览器管理界面。Transmission Web Control is a custom web UI.
caspartse/QQ-Groups-Spider - QQ Groups Spider（QQ 群爬虫）
justdeleteme/justdelete.me - A directory of direct links to delete your account from web services.
chaynHQ/diy-online-privacy-starter - Chayn's Do It Yourself Online Safety guide helps women keep their online accounts and social profiles secure against harassment, and stalkers. This guide is open source.
malaohu/Arukas-API - Arukas API 自动获取IP和端口，SSR服务器订阅，Arukas 监测启动
juliocesarfort/public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
sunnyyoung/Farbox-NexT - A hexo theme NexT for Farbox.
zhangjikai/gitbook-use - 记录GitBook的一些配置及插件信息
wentin/cssicon - icon set made with pure css code, no dependencies, "grab and go" icons
Tencent/tmt-workflow - A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
PJtools/pd3 - 基于D3 v4+进行二次封装及扩展。示例来源于日常项目及客户提出的需求，转化成数据可视化。
smartdengjie/hbase-manager - 可视化hbase数据库

Classic ASP

xiaopan233/AntSword-Cryption-WebShell - Some traffic encryption webshell and encoder for AntSword. 蚁剑流量加密马及编码器
LandGrey/webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell

Clojure

ntestoc3/burp-clj - clojure实现burp插件，提供clj脚本加载环境

CodeQL

advanced-security/codeql-queries - GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations
ice-doom/CodeQLRule - 个人使用CodeQL编写的一些规则
synacktiv/QLinspector - Finding Java gadget chains with CodeQL
safe6Sec/CodeqlNote - Codeql学习笔记
cldrn/codeql-queries - My CodeQL queries collection
pwntester/codeql_grehack_workshop - GreHack 2021 CodeQL for Java workshop
SummerSec/LookupInterface - CodeQL 寻找 JNDI利用 Lookup接口
zbazztian/codeql-debug -
kanav99/github-java-ctf - Winning submission for the GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition

ColdFusion

foundeo/fixinator - ColdFusion / CFML Code Security Scanner

Dart

LuckyLi706/flutter_mobile_command_tools - flutter写的桌面可视化操作android和ios的简单命令
daixianceng/cron_dingding - 钉钉自动打卡
bingoogolapple/bga_issue_blog - Flutter 或 Vue 全家桶（Vue + VueRouter + Vuex + Axios）抓取 GitHub 上的 Issues，结合 GitHub Pages 搭建个人博客站点，支持 GitHub 登录和评论

Dockerfile

akkuman/docker-awvs - 可便捷配置账号密码apikey的docker-awvs
teamssix/TWiki - T Wiki 云安全知识文库，可能是国内首个云安全知识文库？
p0dalirius/Awesome-RCE-techniques - Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
aress31/docker_burp-enterprise - Attempt at dockerizing Burp Enterprise v2022.4.
n0madic/nmap-vulners-vulscan - Docker image for advanced vulnerability scanning with Nmap NSE scripts
sonnyyu/docker-nmap - Nmap is utility for network discovery and security auditing
xiecat/sec-docker - 常用安全工具 docker镜像自动更新仓库
geerlingguy/docker-ubuntu2204-ansible - Ubuntu 22.04 LTS (Jammy Jellyfish) Docker container for Ansible playbook and role testing.
puzzlepeaches/sneaky_proxy - Hiding your infrastructure from the boys in blue.
ericmjl/essays-on-data-science - In which I put together my thoughts on the practice of data science.
moranbw/https-dns-proxy-docker - Docker container for https-dns-proxy
Yogehi/Drozer-Docker -
caphosra/CTFDocker - This is a docker image for Capture The Flag and many useful and famous tools are on this image.
jumpserver/Dockerfile - Jumpserver all in one Dockerfile
Cl0udG0d/AWDDocker - 标准化AWD靶场Docker
eikendev/java-decompiler - A Docker image with four popular Java decompilers in one place (CFR, Fernflower, Krakatau, and Procyon) :rocket::hammer:
phith0n/phpsrc-debug-docker - Debug environment for PHP inside a Docker container. Document waiting to be completed.
sherifabdlnaby/elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
qeeqbox/chameleon - 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET,
mablanco/docker-reconftw - Docker image for reconftw, a simple script intended to perform a full recon on an objective with multiple subdomains
rosehgal/k8s-In-30Mins - Learn how to set up the Kubernetes cluster in 30 mins and deploy the application inside the cluster.
parzel/Damn-Vulnerable-WooCommerce-Plugins - This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities.
himazawa/bento - Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.
lazychanger/docker-kunlun-mirror - 昆仑镜docker镜像
Swordfish-Security/Pentest-In-Docker - Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
evi0s/Openresty-WAF - Openresty with WAF installed
mozilla/docker-sbt - Dockerfile for sbt (Scala build tool)
drandin/docker-php-workspace - PHP development environment for Docker
zjuchenyuan/dockerized_fuzzing - Run fuzzing experiments in Docker
heroku/bheu19-attacking-cloud-builds - Slides, Cheatsheet and Resources from our Blackhat EU talk
AlexisAhmed/BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
multiarch/crossbuild - :earth_africa: multiarch cross compiling environments
madhuakula/hacker-container - The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.
masahiro331/CVE-2020-9484 -
hexpwn/drozer-docker - Drozer (2.4.4) docker container
hysnsec/awesome-threat-modelling - A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
AvasDream/pentesting-dockerfiles - Pentesting/Bugbounty Dockerfiles.
FingerLeakers/docker-inurlbr - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. http://blog.inurl.c
Xyphex/docker-mara-framework - Unofficial Docker image for MARA Framework
OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Eadom/ctf_xinetd - A docker repository for deploying pwnable challenges in CTF
ferrarimarco/docker-pxe - A virtualized implementation of PXE supported by DNSMasq
laradock/laradock - Full PHP development environment for Docker.
e3net/rapidscan-docker - Docker image of rapidscan
knqyf263/CVE-2019-6467 - CVE-2019-6467 (BIND nxdomain-redirect)
nVentiveUX/docker-ttrss - A multiarch docker image for Tiny Tiny RSS feed reader
HenryQW/Awesome-TTRSS - [maintainer wanted] 🐋 Awesome TTRSS, a powerful Dockerised all-in-one RSS solution.
davevs/dvxte - Damn Vulnerable eXtensive Training Environment
hitian/docker-shadowsocks-with-simple-obfs - shadowsocks-libev with simple-obfs
khs1994-docker/lnmp - :computer: :whale: :elephant: :dolphin: :penguin: :rocket: Start Docker LNMP(LEMP) In less than 2 minutes Powered by Docker Compose. 让 PHP 开发者快速（一键）搭建基于容器技术（Docker、Kubernetes）的开发、测试、生产（CI/CD by Drone）
linuxserver/docker-transmission -
diameter/rtorrent-rutorrent - Docker container with supervisor/rtorrent/nginx/ruTorrent 64/32 bit
filerun/docker - FileRun Docker Image
MyKings/docker-vulnerability-environment - Use the docker to build a vulnerability environment
vulhub/Dockertools - Some tools based on docker
luodaoyi/kms-server - a docker image for kms
johackim/docker-hacklab - My personal hacklab, create your own.
vulhub/vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
mikesplain/openvas-docker - A Docker container for Openvas

Emacs Lisp

jinzhu/configure - My dot files for Emacs, Openbox, XMonad, VIM, Golang, Zsh/Bash, tmux, URXVT, ArchLinux, Git, Ruby/Rails, Xbindkey, Vrome...

Erlang

kudelskisecurity/scannerl - The modular distributed fingerprinting engine

F#

microsoft/rest-api-fuzz-testing - REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enable
jmhickman/Fetters - Port of Seatbelt in F#

FreeMarker

API-Security/APISandbox - Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.

Go

20142995/Goby -
kost/dnstun - DNS tunnel library in Go
kost/chashell - Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
zan8in/pyxis - pyxis can automatically identify http and https requests, and get response headers, status codes, response size, response time, tools for fingerprinting (favicon has, service, CMS, framework, etc.)
xiao-zhu-zhu/noterce - 一种另辟蹊径的免杀执行系统命令的木马
Ggasdfg321/SmallProxyPool - 一个免费高质量的小代理池，解决一些站点有WAF的情况下，进行目录扫描或者字典爆破
chushuai/wscan - 一款开源的安全评估工具支持常见的 web 安全问题扫描和自定义 POC。此外，该工具还具备机器学习的漏洞检测和自动化测试功能。
AbelChe/evil_minio - EXP for CVE-2023-28434 MinIO unauthorized to RCE
Kento-Sec/chatGPT-CodeReview - 这是一个调用chatGPT进行代码审计的工具
Mob2003/rakshasa - 基于go编写的跨平台、稳定、隐秘的多级代理内网穿透工具
zema1/watchvuln - 一个高价值漏洞采集与推送服务 | A valueable vulnerability collection and push service
nirsarkar/vscan -
ifacker/cscan-go - cscan-go 版本，主要用于C段扫描，信息收集、红队横向渗透等...（相信我，点进来不会后悔的！）
mmM1ku/Mscan - Mscan是一款基于go语言开发的内网资产探测工具。
jhaddix/awsScrape - A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.
vitorfhc/queryxss - Tool for testing reflections in the HTTP responses
allanpk716/xray_pool - 基于 Xray-core、glider 的代理池工具
corunb/Dirscan - Dirscan是一款由go编写的高性能、高并发的目录扫描器，现在已经支持GET、HEAD、递归扫描、代理、爬虫等功能功能,后续努力实现更多功能。
taythebot/archer - Distributed network and vulnerability scanner
nu1r/GlangYsoserial.java - 一个生成JAVA反序列化流的GO库
godzeo/go-gin-vul - GO语言漏洞靶场 GIN框架支持docker一键启动
xiaoyaochen/yscan - yscan是一款基于go写的端口扫描工具，集masscan+nmap+wappalyzer+证书于一体
rustgopy/RGPScan - 红队渗透测试、内网资产探测、通用漏洞扫描、弱口令爆破
XinRoom/go-portScan - High-performance port scanner. 高性能端口扫描器. syn scanner
vitorfhc/hacks - Collection of scripts that I use while bug hunting
SeeFlowerX/estrace - 基于eBPF的syscall追踪工具，适用于安卓平台
kost/tty2web - Share your terminal as a web application in bind/reverse mode
zt2/uncover-turbo - 一个简单的测绘引擎巴别塔
SpenserCai/GoWxDump - SharpWxDump的Go语言版。微信客户端取证，获取信息(微信号、手机号、昵称)，微信聊天记录分析(Top N聊天的人、统计聊天最频繁的好友排行、关键词列表搜索等)
HZzz2/go-shellcode-loader - GO免杀shellcode加载器混淆AES加密
4ra1n/CVE-2023-21839 - Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)
zema1/suo5 - 一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
Aur0ra-m/APIKiller - API Security DAST & Oprations
WAY29/pocV - Compatible with xray and nuclei poc framework
djun/wechatbot - 为个人微信接入ChatGPT
DVKunion/SeaMoon - 月海 (Sea Moon) 是一款 FaaS/BaaS 实现的 Serverless 云渗透工具集，致力于开启云原生的渗透模式。
ExpLangcn/EPScan - 被动收集资产并自动进行SQL注入检测（插件化自动Bypass）、XSS检测、RCE检测、敏感信息检测
pingc0y/go_proxy_pool - 无环境依赖开箱即用的代理IP池
dhn/udon - A simple tool that helps to find assets/domains based on the Google Analytics ID.
musana/mx-takeover - mx-takeover focuses DNS MX records and detects misconfigured MX records.
google/kctf - kCTF is a Kubernetes-based infrastructure for CTF competitions. For documentation, see
TD0U/WeaverScan - 泛微oa漏洞利用工具
optiv/Ivy - Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment t
trickest/mkpath - Make URL path combinations using a wordlist
Goqi/Cell - Cell-nuclei二开
niudaii/crack - 弱口令爆破工具。Weak Password Blaster Tool.
musana/fuzzuli - fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
sh1yan/Lscan - 一款内网快速打点的辅助性扫描工具，方便红队人员在内网横向移动前期的信息搜集、漏洞探测利用环节的工作开展。其工具特性主要为支持一键化三个档位的便捷式信息与漏洞扫描或每个功能模块单独式扫描探测功能。
seventeenman/Forest - 基于frp(0.44.0)二次开发，删除不必要功能，加密配置文件，修改流量以及文件特征
Goqi/Erfrp - Erfrp-frp二开-免杀与隐藏
ddosify/ddosify - High-performance load testing tool, written in Golang. For distributed and Geo-targeted load testing: Ddosify Cloud - https://ddosify.com 🚀
kubesphere/kubeeye - KubeEye aims to find various problems on Kubernetes, such as application misconfiguration, unhealthy cluster components and node problems.
edoardottt/csprecon - Discover new target domains using Content Security Policy
wgpsec/CreateHiddenAccount - A tool for creating hidden accounts using the registry || 一个使用注册表创建隐藏帐户的工具
hanc00l/pocGoby2Xray - 将Goby的json格式Poc转为xray的yaml格式Poc
niudaii/zpscan - 一个有点好用的信息收集工具。A somewhat useful information gathering tool.
ChineseSubFinder/ChineseSubFinder - 自动化中文字幕下载。字幕网站支持 shooter、xunlei、arrst、a4k、SubtitleBest 。支持 Emby、Jellyfin、Plex、Sonarr、Radarr、TMM
sea-team/gofound - GoFound GoLang Full text search go语言全文检索引擎，毫秒级查询。使用使用http接口调用，集成Admin管理界面，任何系统都可以使用。
Lengso/iplookup - IP反查域名
HavocFramework/Havoc - The Havoc Framework.
Ptkatz/OrcaC2 - OrcaC2是一款基于Websocket加密通信的多功能C&C框架，使用Golang实现。
Schira4396/VcenterKiller - 一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接
ItsIgnacioPortal/hacker-scoper - Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
ffffffff0x/gendict - 字典生成工具
MY0723/goby-poc - 447个goby poc，是否后门及重复自行判断，来源于网络收集的Goby&POC，实时更新。
chenjiandongx/yap - 🚥 Yet another pinger: A high-performance ICMP ping implementation build on top of BPF technology.
lzzbb/Adinfo - 域信息收集工具
Ciyfly/microwaveo - 将dll exe 等转成shellcode 最后输出exe 可定制加载器模板支持白文件的捆绑 shellcode 加密
Peony2022/shiro_killer - 批量ShiroKey检测爆破工具
a1phaboy/MenoyGone - Attack cobalt strike server’s FCS by DoW
360quake/quake_go - Quake Command-Line Application With Golang
CTF-MissFeng/mysql-check - mysql蜜罐检查小工具,输出mysql认证及认证后交互数据
c3l3si4n/godeclutter - Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.
TideSec/GoBypassAV - 整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术，并搜集汇总了一些资料和工具。
ShadowFl0w/YNM3000 - 要你命三千，集多种渗透工具于一身的终极武器霸王。
LubyRuffy/rproxy - 自动化的代理服务器
boy-hack/ksubdomain - Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
trickest/mksub - Generate tens of thousands of subdomain combinations in a matter of seconds
GREENHAT7/pxplan - CVE-2022-2022
pingc0y/URLFinder - 类似JSFinder的golang实现，一款用于快速提取检测页面中JS与URL的工具，更快更全更舒服
RedTeamPentesting/pretender - Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
redhuntlabs/HTTPLoot - An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.
j5s/accelerator - Use Golang to batch analyze class files for Java security research
mstxq17/MoreFind - 一款用于快速导出URL、Domain和IP的小工具
u21h2/nacs - 事件驱动的渗透测试扫描器 Event-driven pentest scanner
safe6Sec/GolangBypassAV - 研究利用golang各种姿势bypassAV
merlinepedra25/SCA4ALL -
code-scan/Goal - Goal Go Red-Team 工具类
teamssix/cf - Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作
jmoiron/sqlx - general purpose extensions to golang's database/sql
inbug-team/SweetBabyScan - Red Tools 渗透测试
hktalent/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
daffainfo/apiguesser - Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/
0xsha/ChainWalker - Rapid Smart Contract Crawler
burpheart/cdnlookup - 一个使用 Edns-Client-Subnet(ECS) 遍历智能CDN节点IP地址的工具
779789571/rsasZipToExcel - RSAS绿盟科技漏洞扫描html报告转excel
TryGOTry/edit-gencon - geacon:简单适配了一个profile配置文件,可直接拿来修改使用,用于cs上线linux.
RicterZ/CVE-2021-3560-Authentication-Agent - PolicyKit CVE-2021-3560 Exploit (Authentication Agent)
ofasgard/ungoliant - A web reconnaissance tool that proxies its results through Burp or ZAP.
patrickhener/gonh - Nessus Parser and query tool written in go
wikiZ/RedGuard - RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
alexbakker/log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
kubernetes/minikube - Run Kubernetes locally
tangxiaofeng7/zsxq_notice - 知识星球提醒
zan8in/afrog - A Vulnerability Scanning Tools For Penetration Testing
deatil/lakego-admin - lakego-admin 是使用 gin、JWT 和 RBAC 的 go 后台管理系统。An admin api system with gin, JWT and RBAC.
wrenchonline/glint - glint 是一款基于浏览器爬虫golang开发的web漏洞主动(被动)扫描器
yarox24/EvtxHussar - Initial triage of Windows Event logs
LubyRuffy/gofofa - fofa client in Go
Yihsiwei/GoFileBinder - golang免杀捆绑器
TryGOTry/xray_free_crack - xray_free_crack,通用xray白嫖高级版.
chroblert/jishell - jishell - A powerful modern CLI and SHELL,with a msfconsole-like style
optionalCTF/SSOh-No - User enumeration and password spraying tool for testing Azure AD
openclarity/kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
1ight-2020/GoRottenTomato - Go实现部分Rubeus功能，可执行asktgt, asktgs, s4u, describe ticket, renew ticket, asreproast等
sealerio/sealer - Build, Share and Run Both Your Kubernetes Cluster and Distributed Applications (Project under CNCF)
redcode-labs/GoSH - Golang reverse/bind shell generator
s4hm4d/shodanidb - Fetch data (open ports, CVEs, CPEs, ...) from shodan internetDB API
alanEG/Gosna - Dynamic url monitor
cycraft-corp/Prometheus-Decryptor - Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware.
sourque/louis - Linux EDR written in Golang and based on eBPF.
snehshah22/DNS_poison_attack - On-path DNS poisoning attack tool.
Ciyfly/woodpecker - 兼容xray nuclei yaml格式以及go代码格式的poc验证扫描器
ac0d3r/xssfinder - XSS discovery tool
xwjdsh/manssh - Manage your ssh alias configs easily.
SummerSec/SpringExploit - 🚀 一款为了学习go而诞生的漏洞利用工具
ExpLangcn/Aopo - 内网自动化快速打点工具｜资产探测｜漏洞扫描｜服务扫描｜弱口令爆破
hakluke/hakoriginfinder - Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
mittwald/kubernetes-replicator - Kubernetes controller for synchronizing secrets & config maps across namespaces
AlphabugX/Alphalog - DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全匿名产品(fuzz.red)，Alphalog与传统DNSLog不同，更快、更安全。
ipfs/kubo - An IPFS implementation in Go
j3ssie/cdnstrip - Striping CDN IPs from a list of IP Addresses
ferreiraklet/airixss - Finding XSS during recon
chaosblade-io/chaosblade - An easy to use and powerful chaos engineering experiment toolkit.（阿里巴巴开源的一款简单易用、功能强大的混沌实验注入工具）
fuxiaohei/pugo - a simple site generator
hakluke/hakip2host - hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
yuyan-sec/RedisEXP - Redis 漏洞利用工具
lal0ne/vulnerability - 收集、整理、修改互联网上公开的漏洞POC
ShangRui-hash/siusiu - 一款基于docker的渗透测试工具箱，致力于做到渗透工具随身携带、开箱即用、按需下载。
google/licensecheck - The licensecheck package classifies license files and heuristically determines how well they correspond to known open source licenses.
step-security/secure-repo - Automatically apply security best practices and get a higher OpenSSF Scorecard score
brokercap/Bifrost - Bifrost ---- 面向生产环境的 MySQL,MariaDB,kafka 同步到Redis,MongoDB,ClickHouse等服务的异构中间件
learnerLj/geth-analyze - go-ethereum source code analyzation under the perspective of smart contract security
sjatsh/unwxapkg - 微信小程序.wxapkg解码工具
wfinn/redirex - tool that generates bypasses for open redirects
wfinn/ucors - tool that scans for CORS bypasses
AidenPearce369/ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
six2dez/ipcdn - Check which CDN providers an IP list belongs to
atsud0/frp-modify - frp0.38.1 支持域前置、远程加载配置文件、配置文件自删除、流量特征修改
xntrik/hcltm - Documenting your Threat Models with HCL
utkusen/wholeaked - a file-sharing tool that allows you to find the responsible person in case of a leakage
corazawaf/coraza - OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
firefart/stunner - Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
common-fate/granted - The easiest way to access your cloud.
timwhitez/gobusterdns - lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具
brentp/gargs - better(?) xargs in go
login546/domainhouse - 子域名查询工具,接口来自【www.domainhouse.buzz】
ZhuriLab/Starmap - 一个轮子融合的子域名收集小工具
utkusen/socialhunter - crawls the website and finds broken social media links that can be hijacked
bonjourmalware/melody - Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation.
ferreiraklet/Jeeves - Jeeves SQLI Finder
codeyourweb/fastfinder - Incident Response - Fast suspicious file finder
deepfence/PacketStreamer - :star: :star: Distributed tcpdump for cloud native environments :star: :star:
tmoneypenny/conspirator - An enhanced collaborator-like standalone server
takshal/freq - This is go CLI tool for send fast Multiple get HTTP request.
MrTuxx/OffensiveGolang - A collection of offensive Go packages inspired by different Go repositories.
mytechnotalent/turbo-attack - A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.
mitchellh/golicense - Scan and analyze OSS dependencies and licenses from compiled Go binaries
alist-org/alist - 🗂️A file list program that supports multiple storage, powered by Gin and Solidjs. / 一个支持多存储的文件列表程序，使用 Gin 和 Solidjs。
damit5/gitdorks_go - 一款在github上发现敏感信息的自动化收集工具
s0md3v/Smap - a drop-in replacement for Nmap powered by shodan.io
ahhh/Ducky_Maker - A fun script to teach automation and create ducky scripts, from existing scripts or ASCII art files
lithammer/fuzzysearch - :pig: Tiny and fast fuzzy search in Go
murphysecurity/murphysec - An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。
pry0cc/tew - A quick ‘n dirty nmap parser written in Golang to convert nmap xml to IP:Port notation.
binodlamsal/zerophish - Zero phish phishing simulated platform
YaoApp/yao - :rocket: A performance app engine to create web services and applications in minutes.Suitable for AI, IoT, Industrial Internet, Connected Vehicles, DevOps, Energy, Finance and many other use-cases.
Azure/AzureDefender-K8S-InClusterDefense -
hudangwei/codemillx - codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
zombiezen/go-sqlite - Low-level Go interface to SQLite 3
j3ssie/sdlookup - IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io
wumansgy/goEncrypt - go语言封装的各种对称加密和非对称加密，可以直接使用，包括3重DES，AES的CBC和CTR模式，还有RSA非对称加密,ECC椭圆曲线的加密和数字签名
chaitin/veinmind-tools - veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集
projectdiscovery/uncover - Quickly discover exposed hosts on the internet using multiple search engines.
JustinTimperio/gomap - A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)
bytedance/godlp - sensitive information protection toolkit
goreleaser/goreleaser - Deliver Go binaries as fast and easily as possible
tidwall/gjson - Get JSON values quickly - JSON parser for Go
p7e4/dnsearch - using rapid7 open dns data search subdomain and reverse ip
lprat/spyre - simple YARA-based IOC scanner (Forked project Spyre)
bufsnake/aiqicha - 基于无头浏览器查询爱企查内的企业信息
ffffffff0x/ones - 可用于多个网络资产测绘引擎 API 的命令行查询工具
wagoodman/dive - A tool for exploring each layer in a docker image
hahwul/authz0 - 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Kevin-fqh/learning-k8s-source-code - k8s、docker源码分析、读书笔记
naiba/nezha - :trollface: Self-hosted, lightweight server and website monitoring and O&M tool
chroblert/JSigThief - Golang 版SigThief
DataDog/stratus-red-team - :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
trufflesecurity/driftwood - Private key usage verification
mhmdiaa/second-order - Second-order subdomain takeover scanner
devploit/dontgo403 - Tool to bypass 40X response codes.
khuedoan/homelab - Modern self-hosting framework, fully automated from empty disk to operating services with a single command.
Le0nsec/SecCrawler - 一个方便安全研究人员获取每日安全日报的爬虫和推送程序，目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客，持续更新中。
feiyu563/nbping - nbping是为解决局域网大批量IP实例或主机探活,采用go协程并发处理,可以自定义并发的协程数量和输出结果.效率远高于现有的批量ping工具.
antonmedv/fx - Terminal JSON viewer
wallarm/gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
kenjoe41/goSubsWordlist - Generate wordlist from already collected subdomains for bruteforcing purposes.
aau-network-security/riotpot - Resilient IoT and Operational Technology Honeypot
busterb/msmailprobe - Office 365 and Exchange Enumeration
timwhitez/Doge-Gabh - GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisper/RefleXXion golang implementation
wgpsec/ENScan_GO - 一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
sairson/Yasso - 强大的内网渗透辅助工具集-让Yasso像风一样支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis一键利用，mysql数据库查询，winrm横向利用，多种服务利用支持socks5代理执行）
bufsnake/blueming - 备份文件扫描，并自动进行下载
fiatjaf/jiq - jid on jq - interactive JSON query tool using jq expressions
phith0n/zkar - ZKar is a Java serialization protocol analysis tool implement in Go.
shmilylty/netspy - netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）
binganao/golang-shellcode-bypassav - 2021.12.9 使用go语言免杀360、微软、腾讯、火绒
google/log4jscanner - A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
xiecat/fofax - fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!
Hackmanit/Web-Cache-Vulnerability-Scanner - Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
ariary/TrojanSourceFinder - 🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators (CI/CD)
1ultimat3/tld-scan - Top level domain scanner in Go
ravro-ir/log4shell-looker - log4jshell vulnerability scanner for bug bounty
unp4ck/gospf - Golang tool to parse netblocks and domain names from SPF and get information about ASN.
N0MoreSecr3ts/wraith - Uncover forgotten secrets and bring them back to life, haunting security and operations teams.
panjf2000/gnet - 🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
freshcn/qqwry - 纯真ip库的golang服务
wolfeidau/golang-massl - Simple examples of configuring mutual authentication (MASSL)
LeakIX/l9fuzz - Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload
hupe1980/scan4log4shell - Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system
nodauf/GoMapEnum - User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
ariary/fileless-xec - Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)
mmcdole/gofeed - Parse RSS, Atom and JSON feeds in Go
palantir/log4j-sniffer - A tool that scans archives to check for vulnerable log4j versions
0xInfection/LogMePwn - A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
proferosec/log4jScanner - log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services
veo/vscan - 开源、轻量、快速、跨平台的网站漏洞扫描工具，帮助您快速检测网站安全隐患。功能端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
40a/go-powershell - Go wrapper for running PowerShell sessions
containers/podman - Podman: A tool for managing OCI containers and pods.
imgproxy/imgproxy - Fast and secure standalone server for resizing and converting remote images
dvyukov/go-fuzz - Randomized testing for Go
0xInfection/PewSWITCH - A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.
CTF-MissFeng/jsForward - 解决web及移动端H5数据加密Burp调试问题
jas502n/Grafana-CVE-2021-43798 - Grafana Unauthorized arbitrary file reading vulnerability
shirdonl/goWebActualCombat - 🔥🔥🔥🔥🔥🔥重磅！《Go Web编程实战派从入门到精通》随书源码开源啦，Go语言/Web开发/高并发/微服务/Gin/Redis/MongoDB/并发编程/Docker源码！欢迎star~
krishpranav/webinfo - A web information gathering tool made in go - DNS / Subdomains / Ports / Directories enumeration
lord3ver/gctsubdomains - Discover subdomains in Certificate Transparency logs using Google's Transparency Report
channyein1337/gup - gup aka Get All Urls parameters to create wordlists for brute forcing parameters.
lanyi1998/DNSlog-GO - DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具，自带WEB界面
redtoolskobe/scaninfo - fast scan for redtools
tomatome/grdp - pure golang rdp protocol
code-scan/AutoSubtitles -
zyylhn/zscan - Zscan a scan blasting tool set
zema1/yarx - An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应靶站的工具
NyDubh3/CuiRi - 一款红队专用免杀木马生成器，基于shellcode生成绕过所有杀软的木马。
akkuman/toolset - 免杀小小工具集
yqcs/ZheTian - ::ZheTian / 强大的免杀生成工具，Bypass All.
NetSPI/goddi - goddi (go dump domain info) dumps Active Directory domain information
botherder/androidqf - androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.
tanc7/EXOCET-AV-Evasion - EXOCET - AV-evading, undetectable, payload delivery tool
box/kube-applier - kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.
lal0ne/monitor - 监控网站目录下的文件变更，通过钉钉机器人发送告警。
vbouchaud/k8s-ldap-auth - Kubernetes webhook token authentication plugin implementation using ldap.
mutagen-io/mutagen - Fast file synchronization and network forwarding for remote development
p4gefau1t/trojan-go - Go实现的Trojan代理，支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件，多平台，无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
XiaoMi/soar - SQL Optimizer And Rewriter
mainfunx/frpc_android - frpc_android 最新版本0.39.1
lqqyt2423/go-mitmproxy - mitmproxy implemented with golang. 用 Golang 实现的中间人攻击（Man-in-the-middle），解析、监测、篡改 HTTP/HTTPS 流量。
Maka8ka/NGLite - A major platform RAT Tool based by Blockchain/P2P.Now support Windows/Linux/MacOS
lwch/natpass - 🔥居家办公，远程开发神器
akkuman/gSigFlip - A SigFlip implement in golang
IngoKl/HTTPUploadExfil - A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
looCiprian/GC2-sheet - GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.
Rvn0xsy/zipcreater - ZipCreater主要应用于跨目录的文件上传漏洞的利用，它能够快速进行压缩包生成。
Metarget/cloud-native-security-book - 《云原生安全：攻防实践与体系构建》资料仓库
vyrus001/go-mimikatz - A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
cckuailong/hostscan - 自动化Host碰撞工具，帮助红队快速扩展网络边界，获取更多目标点
R4yGM/dorkscout - DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
Tylous/ZipExec - A unique technique to execute binaries from a password protected zip
akkuman/rotateproxy - 利用fofa搜索socks5开放代理进行代理池轮切的工具
SkewwG/henggeFish - 自动化批量发送钓鱼邮件（横戈安全团队出品）
super-l/codelines - 一款基于GO语言，支持跨平台，可以统计项目代码行数的软件(命令行软件，无界面)，支持多种自定义过滤。主要用于代码安全审计服务相关的费用评估。
FourCoreLabs/EDRHunt - Scan installed EDRs and AVs on Windows
openrdap/rdap - RDAP command line client
Shu1L/avbypass - 简单go加载器实现免杀360 火绒
glebarez/cero - Scrape domain names from SSL certificates of arbitrary hosts
knes1/elktail - Command line utility to query, search and tail EL (elasticsearch, logstash) logs
mhmdiaa/chronos - Extract pieces of info from a web page's Wayback Machine history
un4gi/fave - Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.
kirides/screencapture - This repository has been moved to https://github.com/kirides/go-d3d
fuzz7j/cDogScan - 多服务口令爆破、内网常见服务未授权访问探测，端口扫描
ariary/QueenSono - Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)
sh4hin/GoPurple - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
raverrr/plution - Prototype pollution scanner using headless chrome
Rvn0xsy/red-tldr - red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel wit
akkuman/EvilEye - A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.
galli-leo/emmutaler - A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
lucaslorentz/caddy-docker-proxy - Caddy as a reverse proxy for Docker
yunginnanet/prox5 - 🧮 SOCKS5/4/4a 🌾 validating proxy pool and upstream SOCKS5 server for 🤽 LOLXDsoRANDum connections 🎋
BishopFox/dufflebag - Search exposed EBS volumes for secrets
drosseau/degob - Go library/tool for viewing and reversing Go gob data [Moved to GitLab]
0xERR0R/blocky - Fast and lightweight DNS proxy as ad-blocker for local network with many features
xjasonlyu/tun2socks - tun2socks - powered by gVisor TCP/IP stack
xiecat/goblin - 一款适用于红蓝对抗中的仿真钓鱼系统
CasperGN/GoHead - Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info
harleo/knockknock - A simple reverse whois lookup tool which returns a list of domains owned by people or companies
MPaandeey/dlevel - A tool get level of subdomain from 1....n
i5nipe/nipejs - Detects JavaScript leaks via regex patterns
un4gi/dirtywords - A targeted word list generation tool
incogbyte/gojsx - Find juicy information inside javascript files.
FleexSecurity/fleex - Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
0xTeles/jsleak - a Go code to detect leaks in JS files via regex patterns
cryonayes/GoFilter - A tool to filter URLs by parameter count or size
hanc00l/nemo_go - Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率，用Go语言完全重构了原Python版本。
thelikes/fuzznav - parse ffuf & map endpoints to wordlists
dqcostin/fxr - 使用fscan联动Xray
slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
haojie06/selfhelp-iptables - 通过http api自助添加iptables白名单与黑名单的工具，防止nmap等程序的端口扫描和恶意主动探测，防止ssh、mysql等敏感服务受到攻击，并能对探测进行记录。
darkb1rd/DarkGld - A tool for quickly generating fishing Trojan horse.
ethicalhackingplayground/tprox - TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
jakubd/apkreport - Generate CSV Reports of MobSF Results
pwnesia/dnstake - DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
neex/http2smugl -
wrfly/gus-proxy - "打一枪换一个地方" 一个HTTP代理
ossf/allstar - GitHub App to set and enforce security policies
mosajjal/dnsmonster - Passive DNS Capture and Monitoring Toolkit
j3ssie/goverview - goverview - Get an overview of the list of URLs
alexzorin/cve-2021-34558 -
zhzyker/dismap - Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点
JKme/cube - 内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描
0voice/Introduction-to-Golang - 【未来服务器端编程语言】最全空降golang资料补给包（满血战斗），包含文章，书籍，作者论文，理论分析，开源框架，云原生，大佬视频，大厂实战分享ppt
marv2097/siprocket - Fast SIP and SDP Parser
desertbit/grumble - A powerful modern CLI and SHELL
praetorian-inc/gokart - A static analysis tool for securing Go code
Tylous/SourcePoint - SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
timwhitez/doge-getsys - An easy way to getsystem by golang.
binwiederhier/replbot - Slack/Discord bot for running interactive REPLs and shells from a chat.
sanity-io/litter - Litter is a pretty printer library for Go data structures to aid in debugging and testing.
deepfence/ThreatMapper - Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
h0x0er/andromanifest - AndroidManifest.xml parser written in go
krishpranav/sshpot - A simple ssh honey pot, fake ssh server that lets anyone to connect and monitor their activty
ContainerSSH/ContainerSSH - ContainerSSH: Launch containers on demand
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
saferwall/saferwall - :cloud: Collaborative Malware Analysis Platform at Scale
kube-tarian/tarian - Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-a
perlogix/cmon - NIST Information Security Continuous Monitoring (ISCM) and configuration baseline data collector
VerSprite/alpnpass - This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most S
antihax/gambit - GaMBiT Honeypot
octarinesec/kube-scan - kube-scan: Octarine k8s cluster risk assessment tool
endorama/devid - Securely manage your developer personas
aveyuan/icpquery - ICP备案查询库
gofiber/fiber - ⚡️ Express inspired web framework written in Go
KalbiProject/kalbi - Kalbi - Golang Session Initiated Protocol Framework
iiiusky/webrtc-proxy - 反向代理+webrtc 神不知鬼不觉的获取真实IP
EatonChips/wsh - Web shell generator and command line interface.
k0kubun/pp - Colored pretty printer for Go language
Rvn0xsy/goDomain - Windows活动目录中的LDAP信息收集工具
Ne0nd0g/merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Dc4ts/ChangeTower - ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
Ne0nd0g/go-shellcode - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
hueristiq/hqurlfind3r - A passive reconnaissance tool for known URLs discovery.
capnspacehook/taskmaster - Windows Task Scheduler Library for Go
tooBugs/golang-ReflectiveDLLInjection - golang ReflectiveDLLInjection
banzaicloud/dast-operator - Dynamic Application and API Security Testing
jeessy2/ddns-go - 简单好用的DDNS。自动更新域名解析到公网IP(支持阿里云、腾讯云dnspod、Cloudflare、Callback、华为云、百度云、Porkbun、GoDaddy、Google Domain)
haochen233/socks5 - A Go library about socks5, supports all socks5 commands. That Provides server and client and easy to use. Compatible with socks4 and socks4a.
koho/frpmgr - Windows 平台的 FRP GUI 客户端 / A user-friendly desktop GUI client for FRP on Windows.
VulnTotal-Team/Vehicle-Security-Toolkit - 汽车/安卓/固件/代码安全测试工具集
daffainfo/Git-Secret - Go scripts for finding sensitive data like API key / some keywords in the github repository
benmanns/goworker - goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.
fullstorydev/grpcurl - Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
miku/esbulk - Bulk indexing command line tool for elasticsearch
For-ACGN/MS17-010 - An EternalBlue exploit implementation in pure go
cockroachdb/pebble - RocksDB/LevelDB inspired key-value database in Go
derekparker/delve - Delve is a debugger for the Go programming language.
m-mizutani/octovy - Trivy based vulnerability management service
inspiringz/fofa - 一款 Go 语言编写的小巧、简洁、快速采集 fofa 数据导出到 Excel 表单的小工具。
Li4n0/revsuit - RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
nicocha30/ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
fengziHK/bypass_go - bypass_go cs免杀
Lmg66/shellcodeloading - shellcode加载器 golang 分离免杀
TryGOTry/go-shellcode-webimg-load - golang shellcode loader 远程图片隐写加载执行无文件落地
projectdiscovery/simplehttpserver - Go alternative of python SimpleHTTPServer
Josue87/roboxtractor - Extract endpoints marked as disallow in robots files to generate wordlists.
daffainfo/Key-Checker - Go scripts for checking API key / access token validity
lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
kleiton0x00/ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
i11us0ry/goon - goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含：ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、tomcat等爆破以及如netbios探测等功能。
allyomalley/dnsobserver - A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications vi
Ullaakut/Gorsair - Gorsair gives root access on remote docker containers that expose their APIs
redcode-labs/neurax - A framework for constructing self-spreading binaries
aktsk/ipa-medit - Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
immunIT/TeamsUserEnum - User enumeration with Microsoft Teams API
lesnuages/hershell - Multiplatform reverse shell generator
txthinking/tun2brook - Proxy all traffic just one line command. tun2socks, tun2brook. IPv4 and IPv6, TCP and UDP. 只需一行命令. 让系统所有流量全部走socks5, brook.
ThreeDotsLabs/watermill - Building event-driven applications the easy way in Go.
google/cel-spec - Common Expression Language -- specification and binary representation
Fahrj/reverse-ssh - Statically-linked ssh server with reverse shell functionality for CTFs and such
esrrhs/spp - A simple and powerful proxy
daffainfo/bypass-403 - Go script for bypassing 403 forbidden
Maka8ka/Faygo - A major platforms RAT Tools .High scalability.Now support Windows/Linux/MacOS
xm1k3/cent - Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
iammaguire/MeetC2 - Modular C2 framework aiming to ease post exploitation for red teamers.
irsl/gcp-dhcp-takeover-code-exec - Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
ethicalhackingplayground/erebus - Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
grines/scour -
edoardottt/cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
xxjwxc/uber_go_guide_cn - Uber Go 语言编码规范中文版. The Uber Go Style Guide .
Mdxjj/ByPassAVAddUser -
seccome/Ehoney - 安全、快捷、高交互、企业级的蜜罐管理系统，护网；支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions
KubeOperator/KubeOperator - KubeOperator 是一个开源的轻量级 Kubernetes 发行版，专注于帮助企业规划、部署和运营生产级别的 K8s 集群。
spf13/viper - Go configuration with fangs
ccfos/nightingale - An enterprise-level cloud-native monitoring system, which can be used as drop-in replacement of Prometheus for alerting and Grafana for visualization.
projectdiscovery/hmap - Hybrid memory/disk map
SPuerBRead/mqtts - MQTT安全测试工具 (MQTT Security Tools)
dumorewithcode/purl -
jafarlihi/rconn - rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.
redcode-labs/UnChain - A tool to find redirection chains in multiple URLs
xiaobaiTech/golangFamily - 【超全golang面试题合集+golang学习指南+golang知识图谱+入门成长路线】一份涵盖大部分golang程序员所需要掌握的核心知识。常用第三方库(mysql,mq,es,redis等)+机器学习库+算法库+游戏库+开源框架+自然语言处理nlp库+网络库+视频库+微服务框架+视频教程+音频音乐库+图形图片库+物联网库+地理位置信息+嵌入式脚本库+编译器库+数据库+金融库+电子邮件库+电子
yumusb/DNSLog-Platform-Golang - DNSLOG平台 golang 一键启动版
redcode-labs/Coldfire - Golang malware development library
sigstore/cosign - Container Signing
zu1k/proxypool - 自动抓取tg频道、订阅地址、公开互联网上的ss、ssr、vmess、trojan节点信息，聚合去重测试可用性后提供节点列表
tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
adamyi/CTFProxy - Your ultimate infrastructure to run a CTF, with a BeyondCorp-like zero-trust network and simple infrastructure-as-code configuration.
eikendev/hackenv - Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) :rocket::wrench:
togettoyou/ipashare - 🚤 share and install your Apple ipa 分享你的 ipa 应用给别人安装
KCarretto/paragon - Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
spyse-com/go-spyse - The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
Daybr4ak/C2ReverseProxy - 一款可以在不出网的环境下进行反向代理及cs上线的工具
jiaocoll/GoWebBanner - Go语言web指纹识别
niudaii/webscan - web信息收集工具。Web Information Collection Tool.
WhiteHSBG/fofaSearch-go - go实现的fofa搜索批量工具需要高级会员
canc3s/judas - 轻便的恶意反代
idiotc4t/Reflective-HackBrowserData - HackBrowserData的反射模块
marmotedu/iam - 企业级的 Go 语言实战项目：认证和授权系统（带配套课程）
edoardottt/lit-bb-hack-tools - Little Bug Bounty & Hacking Tools⚔️
kubecost/kubectl-cost - CLI for determining the cost of Kubernetes workloads
ahmetak4n/radar - Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.
TardC/fofadump - A small utility that calls fofa api to download data.
koderover/zadig - Zadig is a cloud native, distributed, developer-oriented continuous delivery product.
golang/vulndb - [mirror] The Go Vulnerability Database
Josue87/AnalyticsRelationships - Get related domains / subdomains by looking at Google Analytics IDs
umputun/reproxy - Simple edge server / reverse proxy
ipinfo/cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
Sakurasan/scf-proxy - 云函数代理服务
activecm/rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
work-helper/command-search-alfred - alfred命令搜索workflow
akavel/rsrc - Tool for embedding .ico & manifest resources in Go programs for Windows.
FunnyWolf/ligolo - Ligolo : 用于内网渗透的反向隧道
jweny/pocassist - 傻瓜式漏洞PoC测试框架
optiv/Dent - A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
TryGOTry/multiplexing_port_socks5 - 一款golang写的支持http与socks5的端口复用小工具，并且可以开启socks5代理。
superfashi/pwnlib - A Go rewrite of pwntools.
hashsecteam/scf-proxy -
yonyoucloud/install_k8s - 一键安装kubernets(k8s)系统，采用RBAC模式运行（证书安全认证模式），既可以单台安装、也可以集群安装，并且完全是生产环境的安装标准。有疑问大家可以加我微信沟通：bsh888
projectdiscovery/interactsh - An OOB interaction gathering server and client library
hanc00l/TXPortMap - Port Scanner & Banner Identify From TianXiang
4dogs-cn/TXPortMap - Port Scanner & Banner Identify From TianXiang
chenjia404/p2ptunnel - 一个基于p2p的tcp、udp内网穿透隧道工具
vugu/vugu - Vugu: A modern UI library for Go+WebAssembly (experimental)
1340691923/ElasticView - 这是一个简单好用的ElasticSearch可视化客户端，支持连接6，7，8版本的ES，不妨一试
binyoucai/sec -
redcode-labs/GodSpeed - Fast and intuitive manager for multiple reverse shells
0xrawsec/whids - Open Source EDR for Windows
k3s-io/kine - Run Kubernetes on MySQL, Postgres, sqlite, dqlite, not etcd.
yunxu1/dnsub - dnsub一款好用且强大的子域名扫描工具
Matrix86/flowdownloader - Simple software to download HLS encrypted files used by FlowPlayer video player
charmbracelet/glow - Render markdown on the CLI, with pizzazz! 💅🏻
inbug-team/InScan - 边界打点后的自动化渗透工具
assetnote/kiterunner - Contextual Content Discovery Tool
Alaa-abdulridha/SerpScan - Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.
cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
redcode-labs/SNOWCRASH - A polyglot payload generator
nyancrimew/goop - Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
glitchedgitz/cook - The Wordlist Framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.
rootklt/snowball - fofa+xray vul scan golang
d3mondev/puredns - Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
genkiroid/cert - Cert is the Go tool to get TLS certificate information.
kgoins/ldsview -
Tylous/Limelighter - A tool for generating fake code signing certificates or signing real ones
terorie/cve-2021-3449 - CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻
labring/sealos - Sealos is a Kubernetes distribution, a general-purpose Cloud Operating System designed for managing cloud-native applications. Demo: https://cloud.sealos.io
sw33tLie/bbscope - Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
muraenateam/muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
hakluke/haktrails - Golang client for querying SecurityTrails API data
evilsocket/stork - A small utility that aims to automate and simplify some tasks related to software release cycles.
LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
daehee/mildew - Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
canc3s/cIPR - 将域名转为ip段权重
staaldraad/turner - SOCKS5 and HTTP over TURN/STUN proxy
joanbono/gap - Google Maps API checker
AdguardTeam/dnsproxy - Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
canc3s/cSubsidiary - 利用天眼查查询企业子公司
flavio/kube-image-bouncer - Simple endpoint for the ImagePolicyWebhook and the GenericAdmissionWebhook Kubernetes admission controllers
canc3s/cDomain - 利用天眼查查询企业备案
EgeBalci/amber - Reflective PE packer.
ZupIT/horusec - Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
kitabisa/mubeng - An incredibly fast proxy checker & IP rotator with ease.
rakyll/hey - HTTP load generator, ApacheBench (ab) replacement
1ight-2020/Struts2Scanner - 一款Golang编写的Struts2漏洞检测和利用工具，支持并发批量检测
M4DM0e/DirDar - DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
lcvvvv/kscan - Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。
gustavorobertux/gcs -
Rvn0xsy/Pricking - 基于反向代理的水坑部署工具
optiv/CVE-2020-15931 - Netwrix Account Lockout Examiner 4.1 Domain Admin Account Credential Disclosure Vulnerability
kost/revsocks - Reverse SOCKS5 implementation in Go
kuriv/civil-service-exam - 公务员考试知识思维导图，我们岸上见！
liamg/traitor - :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
deepfence/SecretScanner - :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
hahwul/backbomb - 💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
hahwul/gee - 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
ryandamour/ssrfuzz - SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
gustavorobertux/goshock - SonicWall VPN-SSL Exploit* using Golang ( * and other targets vulnerable to shellshock ).
jaswdr/faker - :rocket: Ultimate fake data generator for Go with zero dependencies
mehrdadrad/tcpdog - eBPF based TCP observability.
R0X4R/ssrf-tool - An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
runZeroInc/recog-go - Recog-Go: Pattern Recognition using Rapid7 Recog
seventh-letter/DictGenerate - 使用Go语言编写的社工字典生成器(The social engineering dictionary generator written by Go)
evilsocket/uroboros - A GNU/Linux monitoring and profiling tool focused on single processes.
cyal1/host_scan - 这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。https://github.com/fofapro/Hosts_scan implement in Go
optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
evilsocket/ditto - A tool for IDN homograph attacks and detection.
tehmoon/http-fuzzer -
n9e/k8s-mon - 滴滴夜莺Kubernetes monitor
EdgeSecurityTeam/EHole - EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
juicedata/juicefs - JuiceFS is a distributed POSIX file system built on top of Redis and S3.
doitintl/kubeip - Assign static external IPs from predefined pool of external IP addresses to Google GKE nodes so your customers could whitelist them
thibmaek/go-volumio-mqtt-proxy -
JavierOlmedo/ipdiscover - 🔍 A simple tool to obtain long lists of ips from domains using goroutines
bytedance/Elkeid - Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices
hahwul/MobileHackersWeapons - Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
C4o/FBI-Analyzer - A Flexible Log Analysis System Based on Golang and Lua-Plugins. 插件化的准实时日志分析系统。
moloch--/denim - Automated compiler obfuscation for nim
alltom/dirgui - turn a directory into a GUI, slash example of VNC-based GUI
gomodules/notify - Send notification via Email, SMS, Chat etc.
0xsapra/fuzzparam -
Charlie-belmer/nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
acme-dns/acme-dns-client - A client software for https://github.com/joohoi/acme-dns
goretk/redress - Redress - A tool for analyzing stripped Go binaries
riza/gigger - Git folder digger, I'm sure it's worthwhile stuff.
alpkeskin/mosint - An automated e-mail OSINT tool
nytr0gen/deduplicate - Remove duplicate urls from input
edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
m7shapan/querycsv - QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file
tomnomnom/meg - Fetch many paths for many hosts - without killing the hosts
michenriksen/Amass - In-depth Attack Surface Mapping and Asset Discovery
jm33-m0/emp3r0r - Linux/Windows post-exploitation framework made by linux user
assetnote/commonspeak2 - Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
CTF-MissFeng/GoScan - GoScan是采用Golang语言编写的一款分布式综合资产管理系统，适合红队、SRC等使用
posener/h2conn - HTTP2 client-server full-duplex connection
Ridter/p12tool - A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
ranon-rat/sayBruh - its a rebuild of saycheese with golang
mlcsec/headi - Customisable and automated HTTP header injection
bp0lr/linkz -
netxfly/sec-dev-in-action-src - 《白帽子安全开发实战》配套代码
pelaohxc/postMessageFinder -
C-Sto/GoGitDumper - Dump exposed HTTP .git fast
sudosammy/knary - A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support
ameenmaali/qsfuzz - qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
hahwul/mzap - ⚡️ Multiple target ZAP Scanning
ezekg/git-hound - Git plugin that prevents sensitive data from being committed.
root4loot/rescope - A scope generation tool for Burp Suite & ZAP
awgh/madns - DNS server for pentesters
braaaax/gfz -
gen2brain/url2img - HTTP server with API for capturing screenshots of websites
arkrz/v2sub - 用于 linux 下订阅 v2ray 的小工具。
jimareed/casbin-auth0-rbac-backend - Example RBAC implementation with Casbin and Auth0
Hackl0us/GeoIP2-CN - 小巧精悍、准确、实用 GeoIP2 数据库
bp0lr/dmut - A tool to perform permutations, mutations and alteration of subdomains in golang.
tismayil/rsdl - Subdomain Scan With Ping Method.
projectdiscovery/proxify - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
rmb122/rogue_mysql_server - A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
bp0lr/dnsfaster - Test the speed and reliability of a list of DNS servers
projectdiscovery/cloudlist - Cloudlist is a tool for listing Assets from multiple Cloud Providers.
mehrdadrad/tcpprobe - Modern TCP tool and service for network performance observability.
ReddyyZ/urlbrute - Directory/Subdomain scanner developed in GoLang.
fzakaria/autopatchelf -
dwisiswant0/galer - A fast tool to fetch URLs from HTML attributes by crawl-in.
denandz/sourcemapper - Extract JavaScript source trees from Sourcemap files
cloudquery/cloudquery - The open source high performance data integration platform built for developers.
FairwindsOps/nova - Find outdated or deprecated Helm charts running in your cluster.
matryer/xbar - Put the output from any script or program into your macOS Menu Bar (the BitBar reboot)
gorse-io/gorse - An open source recommender system service written in Go
ribbybibby/ssl_exporter - Exports Prometheus metrics for TLS certificates
sysdream/chashell - Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
utkusen/urlhunter - a recon tool that allows searching on URLs that are exposed via shortener services
lobuhi/byp4xx - 40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
Cgboal/exclude-cdn - Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin
ipipdotnet/ipdb-go - IPIP.net officially supported IP database ipdb format parsing library
idoubi/goz - A fantastic HTTP request libarary used in Golang.
MaxSecurity/BurpSuite-MacOS-Crack -
projectdiscovery/collaborator - BurpSuite Standard/Private Collaborator Library
digininja/GitHunter - A tool for searching a Git repository for interesting content
cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
rvrsh3ll/RendezvousRAT - Self-healing RAT utilizing libp2p
shadow1ng/fscan - 一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
xo/xo - Command line tool to generate idiomatic Go code for SQL databases supporting PostgreSQL, MySQL, SQLite, Oracle, and Microsoft SQL Server
PaddlePaddle/PaddleCloud - PaddlePaddle Docker images and K8s operators for PaddleOCR/Detection developers to use on public/private cloud.
tomnomnom/gron - Make JSON greppable!
uknowsec/keylogger - 键盘记录，支持定时回传
aquasecurity/starboard - Moved to https://github.com/aquasecurity/trivy-operator
ossf/scorecard - OpenSSF Scorecard - Security health metrics for Open Source
k8gege/LadonGo - LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫
yolossn/Prometheus-Basics - Prometheus-Basics is part of Prometheus Docs now, checkout 👇
RedTeamPentesting/CVE-2020-13935 - Exploit for WebSocket Vulnerability in Apache Tomcat
projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go -
kitabisa/teler - Real-time HTTP Intrusion Detection
iiiusky/alicloud-tools - 阿里云ECS、策略组辅助小工具
anchore/grype - A vulnerability scanner for container images and filesystems
Ridter/DomainHiding - external c2 use domainhiding.
timwhitez/Doge-Loader - 🐶Cobalt Strike Shellcode Loader by Golang
ThreatUnkown/jsubfinder - jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
Shivangx01b/BountyIt - A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures
StamusNetworks/gophercap - Accurate, modular, scalable PCAP manipulation tool written in Go.
C-Sto/recursebuster - rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
facebookincubator/nvdtools - A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
hashicorp/waypoint - A tool to build, deploy, and release any application on any platform.
nscuro/fdnssearch - Swiftly search FDNS datasets from Rapid7 Open Data
jimen0/fdns - Concurrent Rapid7 FDNS dataset parser
rootless-containers/bypass4netns - [Experimental] Accelerates slirp4netns using SECCOMP_IOCTL_NOTIF_ADDFD. As fast as --net=host.
mzfr/takeover - A tool for testing subdomain takeover possibilities at a mass scale.
vsec7/urlive - Check url is live (HTTP status code "200 ok" only).
valyala/fasthttp - Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
gwen001/github-subdomains - Find subdomains on GitHub.
aquasecurity/tfsec - Security scanner for your Terraform code
tstillz/webshell-analyzer - Web shell scanner and analyzer.
falcosecurity/kilt - Kilt is a project that defines how to inject foreign apps into containers
C-Sto/gosecretsdump - Dump ntds.dit really fast
GoogleContainerTools/kpt - Automate Kubernetes Configuration Editing
berty/berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
LukaSikic/subzy - Subdomain takeover vulnerability checker
liamg/scout - 🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
OWASP/Go-SCP - Go programming language secure coding practices guide
bp0lr/wurl - A tool to test working urls.
mergestat/mergestat-lite - Query git repositories with SQL. Generate reports, perform status checks, analyze codebases. 🔍 📊
nkanaev/yarr - yet another rss reader
sw33tLie/bcscope - Get the scope of your bugcrowd programs
dstotijn/hetty - An HTTP toolkit for security research.
liamg/gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
code-scan/s5_server -
dwisiswant0/go-stare - A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
crowdsecurity/crowdsec - CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI data
incogbyte/quickpress - Small tool to automate SSRF wordpress and XMLRPC finder
RedTeamPentesting/monsoon - Fast HTTP enumerator
harleo/asnip - ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
projectdiscovery/mapcidr - Small utility program to perform multiple operations for a given subnet/CIDR ranges.
Shpota/goxygen - Generate a modern Web project with Go and Angular, React or Vue in seconds 🎲
EddieIvan01/gld - Go shellcode LoaDer
theblackturtle/wildcheck - A simple tool to detect wildcards domain based on Amass's wildcards detector.
dwisiswant0/unew - A tool for append URLs, skipping duplicates/paths & combine parameters.
0xsha/CloudBrute - Awesome cloud enumerator
Becivells/iconhash - fofa shodan favicon.ico hash icon ico 计算器
shenwei356/rush - A cross-platform command-line tool for executing jobs in parallel
awake1t/linglong - 一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
mingrammer/go-web-framework-stars - :star: Web frameworks for Go, most starred on GitHub
imroc/req - Simple Go HTTP client with Black Magic
arminc/clair-scanner - Docker containers vulnerability scan
FiloSottile/age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
schollz/croc - Easily and securely send things from one computer to another :crocodile: :package:
Ladicle/kubectl-rolesum - Summarize Kubernetes RBAC roles for the specified subjects.
kalmhq/kalm - Kalm | Kubernetes AppLication Manager
lamoda/gonkey - Gonkey - a testing automation tool
jcatala/gqm - Go quick message
fanjq99/dnslog - dnslog reverse vul-verify 反连平台漏洞验证
chennqqi/godnslog - An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
ArturSS7/TukTuk - Tool for catching and logging different types of requests.
ethicalhackingplayground/wordlistgen - Generates target specific word lists for Fuzzing with fuff
BishopFox/smogcloud - Find cloud assets that no one wants exposed 🔎 ☁️
containerd/stargz-snapshotter - Fast container image distribution plugin with lazy pulling
ethicalhackingplayground/ssrf-tool -
chroblert/JCRandomProxy - 随机代理
hahwul/jwt-hack - 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
ethicalhackingplayground/dorkX - Pipe different tools with google dork Scanner
ethicalhackingplayground/linkJS -
KathanP19/Gxss - A tool to check a bunch of URLs that contain reflecting params.
mhewedy/vermin - The smart virtual machines manager. A modern CLI for Vagrant Boxes.
dwisiswant0/wadl-dumper - Dump all available paths and/or endpoints on WADL file.
alfarom256/ExternalC2Go -
qq431169079/PortScanner-3 - golang 版本的分布式端口扫描器，可快速方便部署，扫描核心基于 masscan & nmap
FunnyWolf/TFirewall - 防火墙出网探测工具,内网穿透型socks5代理
mitchellh/gox - A dead simple, no frills Go cross compile tool
projectcalico/calico - Cloud native networking and network security
awake1t/PortBrute - 一款跨平台小巧的端口爆破工具，支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compact port blasting tool that supports blasting FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD
nerdswords/yet-another-cloudwatch-exporter - Prometheus exporter for AWS CloudWatch - Discovers services through AWS tags, gets CloudWatch metrics data and provides them as Prometheus metrics with AWS tags as labels
codingo/bbr - An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
dwisiswant0/slackcat - A simple way of sending messages from the CLI output to your Slack with webhook.
alexellis/registry-creds - Replicate Kubernetes ImagePullSecrets to all namespaces
Threagile/threagile - Agile Threat Modeling Toolkit
knownsec/ksubdomain - 无状态子域名爆破工具
tkmru/dumproid - Android process memory dump tool without ndk.
pkujhd/goloader - load and run golang code at runtime.
inguardians/peirates - Peirates - Kubernetes Penetration Testing tool
hirochachacha/go-smb2 - SMB2/3 client library written in Go.
capnspacehook/rose -
burrowers/garble - Obfuscate Go builds
dalconan/NaviPassRead - Read Navicat 12 Password
thought-machine/dracon - Security scanning & static analysis tool
optiv/Go365 - An Office365 User Attack Tool
dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
MilindPurswani/whoxyrm - A reverse whois tool based on Whoxy API.
ameenmaali/wordlistgen - Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
openservicemesh/osm - Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microser
Masterminds/sprig - Useful template functions for Go templates.
C4o/Juggler - A system that may trick hackers. 针对黑客的拟态欺骗系统。
zu1k/nali - 一个查询IP地理信息和CDN服务提供商的离线终端工具.An offline tool for querying IP geographic information and CDN provider.
hasura/gitkube - Build and deploy docker images to Kubernetes using git push
xct/xc - A small reverse shell for Linux & Windows
impost0r/Misc-Tools - Miscellaneous tools I've developed over the years for help in infosec.
x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
ayoul3/reflect-pe - Reflectively load PE
vmware-archive/octant - Highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
CloudyKit/jet - Jet template engine
moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
lunixbochs/usercorn - dynamic binary analysis via platform emulation
he1m4n6a/cve-db - 一个用于生成cve数据库的程序并提供简单的http协议查询接口
sourcegraph/sourcegraph - Code Intelligence Platform
jpillora/chisel - A fast TCP/UDP tunnel over HTTP
paranoidninja/Boomerang - Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal servic
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
dwisiswant0/go-dork - The fastest dork scanner written in Go.
hakluke/hakq - A basic golang server/client for distributing tasks over multiple systems.
ctoyan/ponieproxy - Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.
greyireland/algorithm-pattern - 算法模板，最科学的刷题方式，最快速的刷题路径，你值得拥有~
optiv/Talon - A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.
CTF-MissFeng/NmapTools - Go语言练习，第一个小工具，nmaptools解析xml导出xlsx结果、进行web服务探测、进行socket数据探测等
lifei6671/interview-go - golang面试题集合
hsiafan/httpdump - Capture and parse http traffics
moloch--/leakdb - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
cybercdh/kitphishr - A tool designed to hunt for Phishing Kit source code
gokrazy/gokrazy - turn your Go program(s) into an appliance running on the Raspberry Pi 3, Pi 4, Pi Zero 2 W, or amd64 PCs!
aktsk/apk-medit - memory search and patch tool on debuggable apk without root & ndk
sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
kubernetes-sigs/kustomize - Customization of kubernetes YAML configurations
Static-Flow/gofingerprint - GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
D00MFist/Go4aRun - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
riza/medusa - Fastest recursive HTTP fuzzer, like a Ferrari.
sunshinev/go-sword - 【Go-sword】可视化CRUD管理后台生成工具
jckuester/awsls - A list command for AWS resources
go-rod/rod - A Devtools driver for web automation and scraping
mailhog/MailHog - Web and API based SMTP testing
kinvolk/lokomotive - 🪦 DISCONTINUED Further Lokomotive development has been discontinued. Lokomotive is a 100% open-source, easy to use and secure Kubernetes distribution from the volks at Kinvolk
stefanoj3/dirstalk - Modern alternative to dirbuster/dirb
sethvargo/go-envconfig - A Go library for parsing struct tags from environment variables.
seata/seata-go - Go Implementation For Seata
ncarlier/feedpushr - A simple feed aggregator daemon with sugar on top.
michelin/ChopChop - ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
lesnuages/go-execute-assembly - Allow a Go process to dynamically load .NET assemblies
EddieIvan01/iox - Tool for port forwarding & intranet proxy
TheMMMdev/addSome - Simple Go script to check if found domains in a file are already saved in your Findomain database
fuzzitdev/fuzzit - CLI to integrate continuous fuzzing with Fuzzit (no longer available)
1ndianl33t/1ndiList - Recon Custom WordList Ganerator
smallstep/autocert - ⚓ A kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers
ameenmaali/whoareyou - whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)
ethicalhackingplayground/Zin - A Payload Injector for bugbounties written in go
hakluke/haktldextract - Extract domains/subdomains from URLs en masse
ngrok/sqlmw - Interceptors for database/sql
hwholiday/gid - Golang 分布式ID生成系统，高性能、高可用、易扩展的id生成服务
BishopFox/sliver - Adversary Emulation Framework
projectdiscovery/chaos-client - Go client to communicate with Chaos DB API.
projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
dwisiswant0/cf-check - CloudFlare Checker written in Go
vidar-team/Cardinal - CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD platform - 欢迎 Star~ ✨
wunderwuzzi23/KoiPhish - A simple yet beautiful phishing proxy.
caddyserver/forwardproxy - Forward proxy plugin for the Caddy web server
Binject/backdoorfactory - A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire.
go-vgo/robotgo - RobotGo, Go Native cross-platform GUI automation @vcaesar
erbbysam/DNSGrep - Quickly Search Large DNS Datasets
random-robbie/ssrf-finder - Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
1ndianl33t/1ndi-hacks - Bug Bounty Tools
gobysec/GobyVuls - Vulnerabilities of Goby supported with exploitation.
projectdiscovery/public-bugbounty-programs - Community curated list of public bug bounty and responsible disclosure programs.
xluohome/phonedata - 手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新：2023年02月
tomnomnom/fff - The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
praetorian-inc/slack-c2bot - Slack C2bot that executes commands and returns the output.
esrrhs/pingtunnel - Pingtunnel is a tool that send TCP/UDP traffic over ICMP
pry0cc/subgen - A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
ctoyan/waybackcollector - Fetch wayback machine historical content for a given url
cruise-automation/rbacsync - Automatically sync groups into Kubernetes RBAC
uber-go/ratelimit - A Go blocking leaky-bucket rate limit implementation
Shivangx01b/CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
leobeosab/sharingan - Offensive Security recon tool
Sh1Yo/rate-limit-checker - Check whether the domain has a rate limit enabled.
asciimoo/wuzz - Interactive cli tool for HTTP inspection
zmap/zgrab2 - Fast Go Application Scanner
ndelphit/apkurlgrep - Extract endpoints from APK files
GameXG/TcpRoute2 - TcpRoute , TCP 层的路由器。对于 TCP 连接自动从多个线路(电信、联通、移动)、多个域名解析结果中选择最优线路。
heroku/terrier - Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
xfhg/intercept - INTERCEPT / Policy as Code Static Analysis Auditing / SAST
chai2010/go-ast-book - :books: 《Go语言定制指南》(原名：Go语法树入门/开源免费图书/Go语言进阶/掌握抽象语法树/Go语言AST)
tillson/git-hound - Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
ihaiker/sudis - Sudis !! Distributed supervisor process control system
tailscale/tailscale - The easiest, most secure way to use WireGuard and 2FA.
QSoloX/whoisyou - Take a list of domains and output the hostname and ip.
virink/xray-weblisten-ui - Xray 被动扫描管理
Dliv3/Venom - Venom - A Multi-hop Proxy for Penetration Testers
jjf012/gopoc - 用cel-go重现了长亭xray的poc检测功能的轮子
go-admin-team/go-admin - 基于Gin + Vue + Element UI & Arco Design & Ant Design 的前后端分离权限管理系统脚手架（包含了：多租户的支持，基础用户管理功能，jwt鉴权，代码生成器，RBAC资源控制，表单构建，定时任务等）3分钟构建自己的中后台项目；项目文档》：https://www.go-admin.pro V2 Demo： https://vue2.go-admin.d
tismayil/ohmybackup - Scan Victim Backup Directories & Backup Files
drk1wi/Modlishka - Modlishka. Reverse Proxy.
joanbono/Gurp - Burp Commander written in Go
projectdiscovery/dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
zmap/zdns - Fast CLI DNS Lookup Tool
jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
hahwul/dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
shomali11/go-interview - Collection of Technical Interview Questions solved with Go
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
gudegg/yunSpider - 百度云网盘爬虫
master-coder-ll/v2ray-web-manager - v2ray-web-manager 是一个v2ray的面板，也是一个集群的解决方案；同时增加了流量控制/账号管理/限速等功能。key: admin , panel ,web,cluster,集群,proxy
tuxotron/docker-image-generator - Customized docker images generation toolkit
Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
argoproj/argo-workflows - Workflow engine for Kubernetes
theblackturtle/fprobe - Take a list of domains/subdomains and probe for working http/https server.
madneal/gshark - Scan for sensitive information easily and effectively.
ATpiu/asset-scan - asset-scan是一款适用甲方企业的外网资产周期性扫描监控系统
jesseduffield/lazydocker - The lazier way to manage everything docker
parsiya/Hacking-with-Go - Golang for Security Professionals
projectdiscovery/shuffledns - MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
rhaidiz/broxy - An HTTP/HTTPS intercept proxy written in Go.
TheKingOfDuck/ReverseGoShell - A Golang Reverse Shell Tool With AES Dynamic Encryption
darkr4y/geacon - Practice Go programming and implement CobaltStrike's Beacon in Go
kozlice/slack-webm-sentinel - A bot that tracks .webm links and converts them to .mp4
Go-zh/tour - Go 语言官方教程中文版
gophish/gophish - Open-Source Phishing Toolkit
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
xfiftyone/STS2G - Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
ZeroDream-CN/SakuraFrp - 基于 Frp 二次开发定制的版本，可实现多用户管理、限速等商业化功能
phil-fly/goWeakPass - 使用golang编写的服务弱口令检测
ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
geph-official/geph2 - (ARCHIVED) Geph (迷霧通) is a modular Internet censorship circumvention system designed specifically to deal with national filtering.
tomnomnom/hacks - A collection of hacks and one-off scripts
tomnomnom/qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
phuslu/iploc - Fastest IP To Country Library
ac0d3r/Hyuga - Hyuga 是一个用来监控带外(Out-of-Band)流量的工具。🪤
hakluke/hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.
runZeroInc/runzero-tools - Open source tools, libraries, and datasets related to the runZero product and associated research
hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
yuxiaokui/gohtran - 反向socks5代理, 关键词: go htran 重复造轮子 ssocks ew
sundowndev/phoneinfoga - Information gathering framework for phone numbers
40t/go-sniffer - 🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。
aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
xxjwxc/gowp - golang worker pool , Concurrency limiting goroutine pool
Qianlitp/crawlergo - A powerful browser crawler for web vulnerability scanners
dreamans/syncd - syncd是一款开源的代码部署工具，它具有简单、高效、易用等特点，可以提高团队的工作效率.
insidersec/insider - Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im
bnkamalesh/verifier - A minimal, customizable Go package for Email & Mobile number verification
ahhh/nmap-to-netscan - A helper utility for turning nmap xml files into target lists for go-netscan
openkruise/kruise - Automated management of large-scale applications on Kubernetes (project under CNCF)
guonaihong/gout - gout to become the Swiss Army Knife of the http client @^^@---> gout 是http client领域的瑞士军刀，小巧，强大，犀利。具体用法可看文档，如使用迷惑或者API用得不爽都可提issues
wxbool/video-srt-windows - 这是一个可以识别视频语音自动生成字幕SRT文件的开源 Windows-GUI 软件工具。
aau-network-security/haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education
crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台，支持任何语言和框架
yakumioto/alkaid - Alkaid is a BaaS(Blockchan as a Service) service based on Hyperledger Fabric.
TNK-Studio/gortal - 🚪A super lightweight jumpserver service developed using the Go language. 一个使用 Go 语言开发的，超级轻量的跳板机服务。
kerbyj/goLazagne - Go library for credentials recovery
squat/kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
filebrowser/filebrowser - 📂 Web File Browser
derailed/k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!
flipped-aurora/gin-vue-admin - 基于vite+vue3+gin搭建的开发基础平台（支持TS,JS混用），集成jwt鉴权，权限管理，动态路由，显隐可控组件，分页封装，多点登录拦截，资源权限，上传下载，代码生成器，表单生成器,chatGPT自动查表等开发必备功能。
aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
cbeuw/Cloak - A censorship circumvention tool to evade detection by authoritarian state adversaries
gin-gonic/gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
kataras/iris - The fastest HTTP/2 Go Web Framework. New, modern and easy to learn. Fast development with Code you control. Unbeatable cost-performance ratio :rocket:
github/gh-ost - GitHub's Online Schema-migration Tool for MySQL
mehrdadrad/radvpn - Decentralized VPN
LyricTian/gin-admin - RBAC scaffolding based on Gin + Gorm 2.0 + Casbin + Wire DI.
TruthHun/BookStack - BookStack，基于MinDoc，使用Beego开发的在线文档管理系统，功能类似Gitbook和看云。
thinkeridea/go-extend - go语言扩展包，收集一些常用的操作函数，辅助更快的完成开发工作，并减少重复代码
zhshch2002/goribot - [Crawler/Scraper for Golang]🕷A lightweight distributed friendly Golang crawler framework.一个轻量的分布式友好的 Golang 爬虫框架。
xinliangnote/go-gin-api - 基于 Gin 进行模块化设计的 API 框架，封装了常用功能，使用简单，致力于进行快速的业务研发。比如，支持 cors 跨域、jwt 签名验证、zap 日志收集、panic 异常捕获、trace 链路追踪、prometheus 监控指标、swagger 文档生成、viper 配置文件解析、gorm 数据库组件、gormgen 代码生成工具、graphql 查询语言、errno 统一定义错误码、gR
eolinker/goku_lite - A Powerful HTTP API Gateway in pure golang！Goku API Gateway （中文名：悟空 API 网关）是一个基于 Golang开发的微服务网关，能够实现高性能 HTTP API 转发、服务编排、多租户管理、API 访问权限控制等目的，拥有强大的自定义插件系统可以自行扩展，并且提供友好的图形化配置界面，能够快速帮助企业进行 API 服务治理、提高 AP
yangwenmai/learning-golang - Go 学习之路：Go 开发者博客、Go 微信公众号、Go 学习资料（文档、书籍、视频）
defenxor/dsiem - Security event correlation engine for ELK stack
TeaWeb/build - TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777
gourouting/singo - Gin+Gorm开发Golang API快速开发脚手架
nntaoli-project/goex - Cryptocurrency Exchange Rest API For Golang Wrapper Support okx,huobi,binance
sqshq/sampler - Tool for shell commands execution, visualization and alerting. Configured with a simple YAML file.
mdsecactivebreach/o365-attack-toolkit - A toolkit to attack Office365
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
netevert/delator - Golang-based subdomain miner leveraging certificate transparency logs
tomnomnom/assetfinder - Find domains and subdomains related to a given domain
astaxie/build-web-application-with-golang - A golang ebook intro how to build a web with golang
myrual/mixin-network-snapshot-golang - crypto currency gateway plugin for web store
aceld/zinx - Based on Golang Lightweight TCP Concurrent server framework(基于Golang轻量级TCP并发服务器框架).
hanxi/lemonade - Lemonade is a remote utility tool. (copy, paste and open browser) over TCP.
txthinking/zoro - zoro can help you expose local server to external network. Support both TCP/UDP, of course support HTTP. Zero-Configuration. zoro 帮助你将本地端口暴露在外网.支持TCP/UDP, 当然也支持HTTP. 内网穿透.
az0ne/Finder - 一款Go语言实现的端口扫描器.
lakevilladom/goSkylar - 基于Golang开发的企业级外网端口资产扫描
Virus-V/arpZebra - ARP+DNS欺骗工具，网络安全第三次实验，课堂演示用，严禁非法用途。ARPSpoof，wifi hijack，dns spoof
rancher/k3os - Purpose-built OS for Kubernetes, fully managed by Kubernetes.
gcla/termshark - A terminal UI for tshark, inspired by Wireshark
RickGray/vscan-go - golang version for nmap service and application version detection (without nmap installation)
ffuf/ffuf - Fast web fuzzer written in Go
lis912/CapOS - 等级保护测评windows工具源码
netxfly/x-crack - x-crack - Weak password scanner, Support: FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
ice-ice/dnstunnel - dns tunnel backdoor DNS隧道后门
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
milo2012/pathbrute - Pathbrute
l3m0n/whatweb - 更快速的进行Web应用指纹识别
boy-hack/goWhatweb - [学习GO] go语言写的web指纹识别 - Identify websites by go language
gwuhaolin/livego - live video streaming server in golang
ffhelicopter/Go42 - 《Go语言四十二章经》详细讲述Go语言规范与语法细节及开发中常见的误区，通过研读标准库等经典代码设计模式，启发读者深刻理解Go语言的核心思维，进入Go语言开发的更高阶段。
meshbird/meshbird - Distributed private networking
Q2h1Cg/dnsbrute - a fast domain brute tool
marco-lancini/goscan - Interactive Network Scanner
alibaba/RedisShake - redis-shake is a tool for Redis data migration and data filtering. redis-shake 是一个用于 Redis 数据迁移与过滤的工具。
knownsec/gsm - 使用树莓派配合硬件来进行短信转发
WangYihang/Platypus - :hammer: A modern multiple reverse shell sessions manager written in go
jmpews/goscan - golang的扫描框架, 支持协程池和自动调节协程个数.
coyim/coyim - coyim - a safe and secure chat client
golang-china/awesome-go-zh - :books: Go资源精选中文版(含中文图书大全)
securego/gosec - Golang security checker
ehang-io/nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server,
opensec-cn/kunpeng - kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。
j3ssie/osmedeus - A Workflow Engine for Offensive Security
rockagen/cmus-lyric - cmus lyric viewer
maxmcd/webtty - Share a terminal session over WebRTC
0xDkd/auxpi - 🍭 集合多家 API 的新一代图床
root-gg/plik - Plik is a temporary file upload system (Wetransfer like) in Go.
sensepost/godoh - 🕳 godoh - A DNS-over-HTTPS C2
mkchoi212/fac - Easy-to-use CUI for fixing git conflicts
gogs/gogs - Gogs is a painless self-hosted Git service
iwannay/jiacrontab - 简单可信赖的任务管理工具
Releasel0ck/Blind-SQL-Injector - 手工盲注辅助注入工具
netxfly/docker_ssh_honeypot - 安全开发教学 - 用Docker制作一个高交互ssh蜜罐
jesseduffield/lazygit - simple terminal UI for git commands
go-gitea/gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, includes Git hosting, code review, team collaboration, package registry and CI/CD
sipt/shuttle - A web proxy in Golang with amazing features.
lixiangzhong/dnsutil - dns dig for golang
TruthHun/DocHub - 参考百度文库，使用Beego（Golang）开发的开源文库系统
TimothyYe/godns - A dynamic DNS client tool supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS & DreamHost, etc, written in Go.
cloverstd/tcping - ping over a tcp connection
google/subcommands - Go subcommand library.
fanpei91/torsniff - torsniff - a sniffer that sniffs torrents from BitTorrent network
anshumanbh/merge-nmap-masscan - Merge results from NMAP and Masscan into one CSV file
anoshop/BAT_Check_DomainName -
helloxz/zdir - Golang + Vue3开发的目录列表程序。
jimeh/tmux-themepack - A pack of various Tmux themes.
xo/usql - Universal command-line interface for SQL databases
miniflux/v2 - Minimalist and opinionated feed reader
AmyangXYZ/DNSSniffer - DNSQuery Sniffer in Golang
OpenBazaar/go-onion-transport - Tor onion transport for IPFS
snail007/goproxy - 🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port
shawn1m/overture - A customized DNS relay server
tianon/gosu - Simple Go-based setuid+setgid+setgroups+exec
projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
baidu-security/app-env-docker - 基于 Docker 的真实应用测试环境
claudiodangelis/qrcp - :zap: Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.
dsopas/rfd-checker - RFD Checker - security CLI tool to test Reflected File Download issues
gilbertchen/duplicacy - A new generation cloud backup tool
tiagorlampert/CHAOS - :fire: CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
cointop-sh/cointop - A fast and lightweight interactive terminal based UI application for tracking cryptocurrencies 🚀
lyyyuna/godht -
shadowsocks/shadowsocks-go - go port of shadowsocks (Deprecated)
mritd/idgen - 一个使用 golang 编写的大陆身份证生成器
cbeuw/GoQuiet - A Shadowsocks obfuscation plugin utilising domain fronting to evade deep packet inspection
haccer/subjack - Subdomain Takeover tool written in Go
gwuhaolin/lightsocks - ⚡️一个轻巧的网络混淆代理🌏
qax-os/ElasticHD - Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索，Index template快捷替换修改，索引列表信息查看， SQL converts to DSL等
gitleaks/gitleaks - Protect and discover secrets using Gitleaks 🔑
cloudreve/Cloudreve - 🌩支持多家云存储的云盘系统 (Self-hosted file management and sharing system, supports multiple storage providers)
Ice3man543/SubOver - A Powerful Subdomain Takeover Tool
MiSecurity/x-patrol - github泄露扫描系统
ginuerzh/gost - GO Simple Tunnel - a simple tunnel written in golang
avast/apkverifier - APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.
dzonerzy/goWAPT - Go Web Application Penetration Test
rgburke/grv - GRV is a terminal interface for viewing git repositories
jiajunhuang/guard - NOT MAINTAINED! A generic high performance circuit breaker & proxy server written in Go
GameXG/ProxyClient - golang 代理库，和net一致的API。支持 socks4、socks4a、socks5、http、https 等代理协议。
random-robbie/AWS-Scanner - Scans a list of websites for Cloudfront or S3 Buckets
DNSCrypt/dnscrypt-proxy - dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
malfunkt/hyperfox - HTTP/HTTPS MITM proxy and recorder.
LubyRuffy/tcptunnel - 将本地内网服务器映射到公网。
ghostunnel/ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services.
mmatczuk/go-http-tunnel - Fast and secure tunnels over HTTP/2
mattn/ft - File Transferer
ethereum/go-ethereum - Official Go implementation of the Ethereum protocol
cookieY/Yearning - 🐳 A most popular sql audit platform for mysql
crabkun/switcher - 一个多功能的端口转发/端口复用工具，支持转发本地或远程地址的端口，支持正则表达式转发（实现端口复用）。
fardog/secureoperator - A DNS-protocol proxy for DNS-over-HTTPS providers, such as Google and Cloudflare
drish/ben - Your benchmark assistant, written in Go.
Nhoya/gOSINT - OSINT Swiss Army Knife
cw1997/NATBypass - 一款lcx在golang下的实现, 可用于内网穿透, 建立TCP反弹隧道用以绕过防火墙入站限制等, A tool for establish reverse tunnel for NAT network environment and proxy, support all functions of lcx.exe
netxfly/xsec-proxy-scanner - xsec-proxy-scanner是一款速度超快、小巧的代理扫描器
go-ignite/ignite - A SS(R) panel for managing multiple users, powered by Go & Docker.
yinqiwen/gsnova - Private proxy solution & network troubleshooting tool.
timest/goscan - goscan is a simple and efficient IPv4 network scanner that discovers all active devices on local subnet.
tam7t/hpkp - golang hpkp client library
twitchyliquid64/subnet - Simple, auditable & elegant VPN, built with TLS mutual authentication and TUN.
dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
rclone/rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files
moul/assh - :computer: make your ssh client smarter
yangxuan8282/docker-image -
averagesecurityguy/searchscan - Search Nmap and Metasploit scanning scripts.
netxfly/xsec-ip-database - xsec-ip-database为一个恶意IP和域名库（Malicious ip database）
bynil/sov2ex - A site search for V2EX
coyove/goflyway - An encrypted HTTP server
junegunn/fzf - :cherry_blossom: A command-line fuzzy finder
flynaj/kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing
inconshreveable/slt - A TLS reverse proxy with SNI multiplexing in Go
diamondyuan-achieve/frp -
inconshreveable/ngrok - Introspected tunnels to localhost
moby/moby - Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
gohugoio/hugo - The world’s fastest framework for building websites.
jpillora/cloud-torrent - ☁️ Cloud Torrent: a self-hosted remote torrent client
yeasy/docker_practice - Learn and understand Docker&Container technologies, with real DevOps practice!
shyiko/kubesec - Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
netxfly/xsec-dns-proxy - DNS代理服务器，可以记录log到数据库中
shiyanhui/dht - BitTorrent DHT Protocol && DHT Spider.
btcsuite/btcd - An alternative full node bitcoin implementation written in Go (golang)
ARwMq9b6/dnsproxy - 防 DNS 缓存污染，兼顾查询质量与速度
yinghuocho/firefly-proxy - A proxy software to help circumventing the Great Firewall.
Kisesy/gscan_quic - Google Quic 扫描工具
IDrinkMoreWater/fetchserver - phuslu删掉了fetchserver，我重新传一个
nadoo/glider - glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
huacnlee/flora-kit - 💐 基于 shadowsocks-go 做的完善实现，自动网络分流，完全兼容 Surge 的配置文件。
apex/gh-polls - Polls for user feedback in GitHub issues
rabbitstack/fibratus - A modern tool for Windows kernel exploration and tracing with a focus on security
crazy-max/WindowsSpyBlocker - Block spying and tracking on Windows
evilsocket/dnssearch - A subdomain enumeration tool.
zmap/zgrab - DEPRECATED This project has been replaced by https://github.com/zmap/zgrab2
evilsocket/brutemachine - A Go library which main purpose is giving an interface to loop over a dictionary and use those words/lines as input for some custom logic such as HTTP file bruteforcing, DNS bruteforcing, etc.
rqlite/rqlite - The lightweight, distributed relational database built on SQLite
michenriksen/aquatone - A Tool for Domain Flyovers
anshumanbh/git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
quay/clair - Vulnerability Static Analysis for Containers
InsZVA/tap0901 - Go语言虚拟网卡库，可用于制作对战平台、加速器、防火墙、VPN等
techjacker/repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
netxfly/crack_ssh - go写的协程版的ssh\redis\mongodb弱口令破解工具
shunfei/cronsun - A Distributed, Fault-Tolerant Cron-Style Job System.
kashav/fsql - Search for files using a fun query language
yeasy/blockchain_guide - Introduce blockchain related technologies, from theory to practice with bitcoin, ethereum and hyperledger.
mysteriumnetwork/node - Mysterium Network Node - official implementation of distributed VPN network (dVPN) protocol
early-return/ebreader - 一个让你可以在浏览器中阅读Epub电子书的CLI程序，使用Golang编写
FeatureBaseDB/featurebase - A crazy fast analytical database, built on bitmaps. Perfect for ML applications. Learn more at: http://docs.featurebase.com/. Start a Docker instance: https://hub.docker.com/r/featurebasedb/featurebas
kryptco/kr - A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
c0nrad/go-mbf - MongoDB Login Brute Forcer
coreybutler/nvm-windows - A node.js version management utility for Windows. Ironically written in Go.
Shopify/toxiproxy - :alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
trufflesecurity/trufflehog - Find credentials all over the place
duolatech/xapimanager - XAPI MANAGER -专业实用的开源接口管理平台，为程序开发者提供一个灵活，方便，快捷的API管理工具，让API管理变的更加清晰、明朗。如果你觉得xApi对你有用的话，别忘了给我们点个赞哦^_^ ！
fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
cilium/cilium - eBPF-based Networking, Security, and Observability
linuxkit/linuxkit - A toolkit for building secure, portable and lean operating systems for containers
portainer/portainer - Making Docker and Kubernetes management easy.
weaveworks/scope - Monitoring, visualisation & management for Docker & Kubernetes
prasmussen/gdrive - Google Drive CLI Client
StackExchange/dnscontrol - Synchronize your DNS to multiple providers from a simple DSL
sensepost/ruler - A tool to abuse Exchange services
0x4D31/honeybits - A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
qiniu/qshell - Shell Tools for Qiniu Cloud
gonet2/geoip - query geo-locations of ips
michenriksen/gitrob - Reconnaissance tool for GitHub organizations
huichen/wukong - 高度可定制的全文搜索引擎
beego/beego - beego is an open-source, high-performance web framework for the Go programming language.
xtaci/kcptun - A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。N:M 多重化と FEC を備えた KCP に基づく安定した安全なトンネル。 N:M 다중화 및 FEC를 사용하는 KCP 기반의 안정적이고 안전한 터널입니다. Un tunn
unknwon/the-way-to-go_ZH_CN - 《The Way to Go》中文译本，中文正式名《Go 入门指南》
urfave/negroni - Idiomatic HTTP Middleware for Golang
ajermakovics/jvm-mon - Console-based JVM monitoring tool
flike/kingshard - A high-performance MySQL proxy

Groovy

ankushs92/geolocation-useragent-parser-rest-api - A very fast geolocation and user-agent analysis REST API. Written in Groovy on top of Vert.x platform.

HCL

bridgecrewio/terragoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production
HuskyHacks/PMAT-labs - Labs for Practical Malware Analysis & Triage
christophetd/Adaz - :wrench: Deploy customizable Active Directory labs in Azure - automatically.
nozaq/terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
ralphte/devops_4_hackers - DevOps for Hackers with Hands-On Labs w/ Ralph May (4-Hour Workshop)
cfalta/activedirectory-lab - Terraform config to spin up a domain controller and some member servers in azure
easttimor/aws-incident-response -
stackrox/Kubernetes_Security_Specialist_Study_Guide -
anshumanbh/terraform-burp-collaborator - Terraform configuration to build a Burp Private Collaborator Server
cisagov/ansible-role-cobalt-strike - An Ansible role for installing Cobalt Strike.
BlueTeamLabs/sentinel-attack - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

HTML

Potato-py/ExportReport - 本项目用于自动化生成报告。可根据项目需求，通过简单的提取变量来自定义报告模板。内附常见扫描器API/原报告(awvs、xray、goby)数据提取模块，可直接生成全新的自定义报告。对有复杂的功能需求时，适用于有Python基础的人使用。本项目内附二次开发所用的资料文档，欢迎各位提Pull Request
f/awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better.
dark-kingA/superSearchPlus - 谷歌插件版本- superSearchPlus是聚合型信息收集插件，支持综合查询，资产测绘查询，信息收集 js敏感信息提取注释资源扫描目录扫描整合了目前常见的资产测绘平台同时支持数据导出
karthi-the-hacker/Gh0stR3c0n - All in one web Recon app
code-scan/LoginFish - 通用登录页面安全控件钓鱼
Phuong39/PoC-CVE-2021-30632 - PoC CVE-2021-30632 - Out of bounds write in V8
Threekiii/Awesome-Redteam - 一个红队知识仓库
Wrong-pixel/inforgation -
trickest/cve - Gather and update all available and newest CVEs with their PoC.
theori-io/CVE-2022-26717-Safari-WebGL-Exploit -
mahp/jQuery-with-XSS - jQuery with XSS, Testing and Secure Version
alufers/mitmproxy2swagger - Automagically reverse-engineer REST APIs via capturing traffic
KhronosGroup/glTF - glTF – Runtime 3D Asset Delivery
Threekiii/Vulnerability-Wiki - 一个综合漏洞知识库，集成了Vulhub、Peiqi、Edge、0sec、Wooyun等开源漏洞库
shengshengli/SecExample - java漏洞靶场
satan1a/TheRoadOfSO - 学习安全运营的记录 | The knowledge base of security operation
lovechoudoufu/baselinecheck_cdf - Security check of system baseline.服务器基线检查工具。基于python3造的对linux、windows服务器做基线核查的轮子。
Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
kagancapar/CVE-2022-29072 - 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
ultrasecurity/Storm-Breaker - Social engineering tool [Access Webcam & Microphone & Location Finder] With Python
lijiejie/eyes.sh - Optimized DNS/HTTP Log Tool for pentesters, faster and easy to use.
jatinkalwar/fisher - New phishing tool with 30+ templates updated tool
yearnwang/wifipineaplle_dwall_log - wifipineapple dwall增加log功能
JDArmy/RTASS - 红蓝对抗量化评估系统（Red Team Assessment Scoring System）
reconmap/pentest-reports - Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
redteamwiki/redteamwiki -
etlownoise/xolo - Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises.
Rvn0xsy/SMTP-NC - SMTP Netcat , test SMTP protocol
jgamblin/CPEData - NVD CPE Data
orleven/Celestion - Celestion 是一个无回显漏洞测试辅助平台，平台使用flask编写，提供DNSLOG，HTTPLOG等功能。 (界面懒得弄，后续有需要再说)。
terryvogelsang/PentestFTW - Penetration Testing tips & tricks
roottusk/vapi - vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
tb0hdan/domains - World’s single largest Internet domains dataset
xsscx/Commodity-Injection-Signatures - Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Ed1s0nZ/cool - Golang-Gin 框架写的免杀平台，内置分离、捆绑等多种BypassAV方式。
ybdt/post-hub - 内网横向
chroblert/Flash-Pop2 - Flash-Pop升级版
EdOverflow/bugbountyguide - Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
tombstoneghost/TIWAP - Totally Insecure Web Application Project (TIWAP)
mpast/mobileAudit - Django application that performs SAST and Malware Analysis for Android APKs
klezVirus/CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
OWASP/Top10 - Official OWASP Top 10 Document Repository
lockedbyte/CVE-2021-40444 - CVE-2021-40444 PoC
ybdt/misc-hub - 杂七杂八
HangZhouCat/ReaverAPKTools - 逆向APK工具
cckuailong/vulbase - 各大漏洞文库合集
techchipnet/CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
Accruent/owasp-zap-historic - Store ZAP reports historically and compare current ZAP results against the most recent for changes in alerts.
OtherDevOpsGene/zap-sonar-plugin - Integrates OWASP Zed Attack Proxy reports into SonarQube
IQTLabs/AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool for Visualizing Python Package Registry Security Audit Data
r00tk1ts/binary-security-tutorial - Resource assembly of 'Binary Security Tutorial' online course of mine. Video link：https://pan.baidu.com/s/1ltcHIehhLFVFMvru6tGQ8A Passwd：axje
OWASP/NodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
InfosecHouse/InfosecHouse - Infosec resource center for offensive and defensive security operations.
tangxiaofeng7/SecExample - JAVA 漏洞靶场 (Vulnerability Environment For Java)
iknowjason/BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
coinbase/salus - Security scanner coordinator
The-Login/DNS-Reset-Checker - Tools to assess the DNS security of web applications
rpetrich/deciduous - App that makes building attack decision trees from the Security Chaos Engineering report easy
M4tir/M-Scan - Optical Chain Scanner 光链安全扫描器
chainflag/ctfd-neon-theme -
ctf-wiki/ctf-challenges -
Cl0udG0d/pppXray - Xray批量化自动扫描
woj-ciech/Shomap - Create visualization from Shodan query
TomAPU/schemeflood - schemeflood demo
satan1a/awesome-cybersecurity-blueteam-cn - 网络安全 · 攻防对抗 · 蓝队清单，中文版
HacktivistRO/Bug-Bounty-Wordlists -
s7ckTeam/sWebScanner - 作为一个网络安全从业人员，在测试网站目录时，常用的就是御剑，7kb等几款，使用下来始终觉得缺少了什么东西，于是重复造了一个轮子，此版本支持自定义字典，返回大小，代理IP模式，爆破模式
ripienaar/free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Puliczek/CVE-2021-21123-PoC-Google-Chrome - 🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
ustayready/CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
M-Kings/BypassAv-web - nim一键免杀
collabnix/kubetools - Kubetools - Curated List of Kubernetes Tools
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
zwc456baby/file-proxy - 文件代下载服务，github文件加速下载，支持任意文件格式。支持命令行代下，支持子节点权重负载均衡。
alivx/CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
WADComs/WADComs.github.io - WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
xsleaks/wiki - XS-Leaks Wiki
ethicalhackingplayground/SubNuke - Subdomain Takeover tool with web UI
RCStep/CSSG - Cobalt Strike Shellcode Generator
ybdt/pentest-hub - Web打点
Ap0k4L1p5/Ap0k4L1p5.github.io - Portfolio website.
madhuakula/security-automation-with-ansible-2 - Ansible Playbooks for Security Automation with Ansible2 book
gh0stkey/Web-Fuzzing-Box - Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例：https://gh0st.cn/archives/2019-11-11/1
ybdt/poc-hub - 漏洞复现
Cl0udG0d/HXnineTails - python3实现的集成了github上多个扫描工具的命令行WEB扫描工具
facert/beijing_house_knowledge - 北京买房攻略
jas502n/Security_Article - scrapy website Article and link ...
Wileysec/adobe-flash-phishing-page - Adobe Flash Phishing Page(Adobe Flash钓鱼页面)
ericchiang/pup - Parsing HTML at the command line
ffffffff0x/AboutSecurity - Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
doocop/Flash_Xss - Flash最新钓鱼源码对接官方API实现跟随官方升级而升级
fwonggh/Bthub - Bthub最新地址发布页
sense-of-security/ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
BaizeSec/bylibrary - 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
hunzaboy/CodedMailsFree - Ready to use 50+ responsive HTML email templates - Codedmails Free
DefectDojo/django-DefectDojo - DefectDojo is a DevSecOps and vulnerability management tool.
MS-WEB-BN/c41n - Automated rogue access point setup tool.
wgpsec/VulnRange - 漏洞靶场-快速搭建Web安全漏洞和第三方组件漏洞环境，用于漏洞复现和研究
zgjx6/SocialEngineeringDictionaryGenerator - 社会工程学密码生成器，是一个利用个人信息生成密码的工具
sbousseaden/EVTX-ATTACK-SAMPLES - Windows Events Attack Samples
r00tSe7en/Flash-Pop - Flash钓鱼弹窗优化版
EtherDream/js-port-knocking - Web 端口敲门的奇思妙想
SummerSec/JavaLearnVulnerability - Java漏洞学习笔记 Deserialization Vulnerability
Humoud/apksneeze-lab - Analyze Android APK files from a browser.
OWASP/www-project-integration-standards - OWASP Foundation Web Respository
DasSecurity-HatLab/HatLab_IOT_Wiki - 海特实验室物联网安全知识库
KnightSec-Official/Phlexish - Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
M-Kings/WEB-shiro_rememberMe_encode_decode - shiro rememberMe 在线加解密工具
math1as/Windows-GDI-fuzzer - Windows Graphics Device Interface (GDI+) fuzzer
sayaanalam/CORS-EXPLOIT -
ninoseki/mihari - A tool for OSINT based threat hunting
mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript
dongfangyuxiao/BurpExtend - 基于Burp插件开发打造渗透测试自动化
FeeiCN/Security-PPT - Security-related Slide Presentation & Security Research Report（大安全各领域各公司各会议分享的PPT以及各类安全研究报告）
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
Arryboom/Language - Some dirty tricks to learn different programming language.
humblelad/Needle - Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
UnkL4b/BabyShark - Basic C2 Server
Cl0udG0d/SZhe_Scan - 碎遮SZhe_Scan Web漏洞扫描器，基于python Flask框架，对输入的域名/IP进行全面的信息搜集，漏洞扫描，可自主添加POC
guhe120/Windows-EoP - Windows EoP Bugs
subspacecommunity/subspace - A fork of the simple WireGuard VPN server GUI community maintained
mubix/post-exploitation-wiki - Post Exploitation Wiki
nccgroup/autochrome - This tool downloads, installs, and configures a shiny new copy of Chromium.
knassar702/hacking-lab - Small Vulnerable Web App
hackxc/xss_flash - Xss之Flash钓鱼
proabiral/inception - A highly configurable Framework for easy automated web scanning
vavkamil/bugbountytip.com - Flask powered website to display tweets with a hashtag #bugbountytip
bb1nfosec/Information-Security-Tasks - This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on pr
si9int/Subra - A Web-UI for subdomain enumeration (subfinder)
clong/DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
nu11secur1ty/Windows10Exploits - Microsoft » Windows 10 : Security Vulnerabilities
myvyang/chromium_for_spider - dynamic crawler for web vulnerability scanner
mewcoder/SharedCourses - 大学课程共享计划整理
Coq-zh/SF-zh - 《软件基础》中译版 Software Foundations Chinese Translation
forecho/hugo-theme-echo - A super concise theme for Hugo
nshalabi/ATTACK-Tools - Utilities for MITRE™ ATT&CK
HiddenStrawberry/Crawler_Illegal_Cases_In_China - Collection of China illegal cases about web crawler 本项目用来整理所有中国大陆爬虫开发者涉诉与违规相关的新闻、资料与法律法规。致力于帮助在中国大陆工作的爬虫行业从业者了解我国相关法律，避免触碰数据合规红线。 [AD]中文知识图谱门户
shubhamshubhankar/DumpTheGit - DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.
xfirefly/Airplay-SDK - Airplay Receiver SDK supports Airplay Mirroring and AirPlay Casting to a receiver device.
wangweianger/APubPlat - Devops自动化部署、堡垒机开源项目、Web Terminal
ColorlibHQ/gentelella - Free Bootstrap 4 Admin Dashboard Template
decal/werdlists - :keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
r00t-3xp10it/morpheus - Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)
maaaaz/androwarn - Yet another static code analyzer for malicious Android applications
cch123/golang-notes - Go source code analysis(zh-cn)
xazlsec/APT_Sample-Weapoon - Pull some collected APT group related samples, ransomware, remote control and other malicious programs for security researchers to use.
rigtorp/awesome-modern-cpp - A collection of resources on modern C++
yzhu798/CodingInterviewsNotes - 涵盖C++ Primer 5th、 effective C++ 、 STL api和demos C++ 基础知识与理论、智能指针、C++11、 Git教程 Linux命令 Unix操作系统（进程、线程、内存管理、信号）计算机网络、数据结构（排序、查找）、数据库、、C++对象模型、设计模式、算法（《剑指offer》、leetcode、lintcode、hihocoder、《王道程序员求职宝典》
Ebryx/Nessus_Map - Parse .nessus file(s) and shows output in interactive UI
yaseng/iot-security-wiki - IOT security wiki
LangziFun/LangNetworkTopologys - 端口扫描，指纹识别，网站探测，结果整理
gh0stkey/RGPerson - RGPerson - Randomly generate identity information
cncf/tag-security - 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
RomanEmelyanov/CobaltStrikeForensic - Toolset for research malware and Cobalt Strike beacons
biggerwing/nsfocus-rsas-knowledge-base - 绿盟科技漏洞扫描器(RSAS)漏洞库
helloxz/ccaa - Linux一键安装Aria2 + AriaNg + FileBrowse实现离线下载、文件管理。
ningbonb/HTML5 - HTML5学习、总结、实践
mxk/win10-secure-baseline-gpo - Windows 10 and Server 2016 Secure Baseline Group Policy
go101/go101 - An up-to-date (unofficial) knowledge base for Go programming self learning
JeffXue/web-log-parser - An open source analysis web log tool
honze-net/nmap-bootstrap-xsl - A Nmap XSL implementation with Bootstrap.
sisoc-tokyo/Real-timeDetectionAD_ver2 -
tanjiti/sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
chg122345/mall - ssm小商城
zaiyunduan123/springboot-manage - 基于SpringBoot + Mybatis + Thymeleaf + Redis + MongoDB + MySQL开发的商品管理系统
hookmaster/frida-all-in-one - 《FRIDA操作手册》by @hluwa @r0ysue
buyingfei/live - 完整搭建直播平台实例
QSCTech/zju-icicles - 浙江大学课程攻略共享计划
cainiaocome/xssgun - xss payloads generator
Ridter/cs_custom_404 - Cobalt strike custom 404 page
M4cs/BabySploit - :baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:
ym2011/SecurityMind - share experience towards for information management, brainstorming and so on.
Raul1718/sec_profile - 安全行业信息趋势分析
gdufeZLYL/springboot-penguin - :penguin:Online Examination System 基于SpringBoot+Mybatis+Thymeleaf+SemanticUI+Bootstrap的在线考试系统(低仿牛客网)
micyo202/yan-demo - 本项目是基于 SpringMVC+Spring+MyBatis （SSM）架构的高效率便捷开发框架
C4o/ChineseDarkWebCrawler - 中文暗网爬虫
abbey2023/flask_multi_uploader - flask+webuploader实现多文件上传
posclegom/programthink - for 热心读者
Igglybuff/awesome-piracy - A curated list of awesome warez and piracy links
TgeaUs/Weak-password - 字典大全 dictionary
zfaka-plus/zfaka - 免费、安全、稳定、高效的发卡系统，值得拥有!
nsacyber/Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
fate0/proxylist - proxylist, generate by fate0/getproxy project in every 15 minute
salesforce/vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
anquanquantao/pentraining - 一个网络安全基础知识的教程。内容比较杂，好在都是实验视频和工具提供，可以自行动手完成实验。
NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods
davideuler/architecture.of.internet-product - 互联网公司技术架构，微信/淘宝/微博/腾讯/阿里/美团点评/百度/Google/Facebook/Amazon/eBay的架构，欢迎PR补充
iwannarun/JavaWiki - 不定期收集与JAVA有关书籍或文章
listen1/listen1_chrome_extension - one for all free music in china (chrome extension, also works for firefox)
zhangkaitao/shiro-example - 跟我学Shiro（我的公众号：kaitao-1234567，我的新书：《亿级流量网站架构核心技术》）
tennc/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
skulltech/wordpress-vulscan - WordPress vulnerability scanner
intezer/linux-explorer - Easy-to-use live forensics toolbox for Linux endpoints
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Wscats/CV - :see_no_evil:Front End Engineer Curriculum Vitae - 前端面试宝典和简历生成器
securitytxt/security-txt - A proposed standard that allows websites to define security policies.
Xyntax/Campus-FakeAP - 针对校园网的wifi钓鱼工具
Ph0en1x-XMU/Awesome-CTF-Book - Study CTF, study security
CHYbeta/WAF-Bypass - WAF Bypass Cheatsheet
leizongmin/js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
pingfangx/TranslatorX - JetBrains 系列软件汉化包关键字: Android Studio 3.5 汉化包 CLion 2019.3 汉化包 DataGrip 2019.3 汉化包 GoLand 2019.3 汉化包 IntelliJ IDEA 2019.3 汉化包 PhpStorm 2019.3 汉化包 PyCharm 2019.3 汉化包 Rider 2019.3 汉化包 RubyMine 2019.3 汉化
ewen0930/PyCharm-Chinese - PyCharm Chinese Language Pack（中文语言包）
rootclay/Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
vanhoefm/krackattacks -
Magicalex/seedbox-manager - [UNMAINTAINED] Web app for manage your seedbox
vl0ms/docker-armhf-torrentbox - Docker image with nginx + php5-fpm + rtorrent + rutorrent(web ui) started with supervisord
xuechiyaobai/CVE-2017-7092-PoC - This is the Pwn2Own 2017 Safari backup vul's exploit.
SuxLab/dorm-system - Dorm System
CHYbeta/Software-Security-Learning - Software-Security-Learning
CHYbeta/Web-Security-Learning - Web-Security-Learning
me115/linuxtools_rst - Linux工具快速教程
pointbiz/bitaddress.org - JavaScript Client-Side Bitcoin Wallet Generator
HACK-BLOSSOM/DIY-Cybersecurity-For-Domestic-Violence - Abuse adapts to technology. You deserve privacy and compassion.
twngo/privacytools-zh - privacytool.io -Traditional Chinese version
privacytools/privacytools.io - 🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
l3m0n/wooyun-wiki - wiki.wooyun.org的部分快照网页
odin1314/skills - Linux、WAF、正则、web安全等一些知识点的总结
rdkmaster/jigsaw - Jigsaw七巧板 provides a set of web components based on Angular5/8/9+. The main purpose of Jigsaw is to help the application developers to construct complex & intensive interacting & user friendly web pag
burpsuite/Manual -
sukeesh/Music-Downloader - Download any music from web
chrisallenlane/drek - A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development an
ihebski/angryFuzzer - Tools for information gathering
wisec/domxsswiki - Automatically exported from code.google.com/p/domxsswiki
SecWiki/ipot - Honeypot Research Blog 蜜罐技术研究小组
keithjjones/visualize_logs - A Python library and command line tools to provide interactive log visualization.
ITI/ICS-Security-Tools - Tools, tips, tricks, and more for exploring ICS Security.
bitdust/WamaCry - a fake WannaCry
cure53/HTTPLeaks - HTTPLeaks - All possible ways, a website can leak HTTP requests
SamJoan/droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
SuperKieran/WooyunDrops - Wooyun知识库，乌云知识库，https://wooyun.kieran.top
FluxionNetwork/fluxion - Fluxion is a remake of linset by vk496 with enhanced functionality.
ZJU-NewMirrors/OldMirrorsFrontend - mirrors.zju.edu.cn
beckyricha/Broadlink-RM-SmartThings-Alexa - Control RF and Ir devices using SmartThings and Alexa.
sbehrens/sleepy-puppy - Deprecated please use https://github.com/Netflix/sleepy-puppy
phodal/fe - 《我的职业是前端工程师》 - Ebook：I'm a FrontEnd Developer
n0tr00t/Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
Xyntax/1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
chromium/badssl.com - :lock: Memorable site for testing clients against bad SSL configs.
solid/solid - Solid - Re-decentralizing the web (project directory)
cloudtracer/ThreatPinchLookup - Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
SebastianElvis/ElvisProjs -
exploitprotocol/material-blog -
ubuntu/ubuntu-make - Easy setup of common tools for developers on Ubuntu.
elasticsearch-cn/elasticsearch-definitive-guide - 欢迎加QQ群：109764489，贡献力量！
iros/d3-v4-whats-new -
yiminghe/learning-react - materials about learning react
HT524/500LineorLess_CN - 500 line or less 中文翻译计划。
suhanyujie/php_webDataMining - php_webDataMining，PHP网络数据挖掘，第一个应用是爬取并分析和（草）谐（榴）论坛的一个版块数据并作可视化分析
yoghurtjia/Zhihu_bigdata - 使用scrapy和pandas完成对知乎300w用户的数据分析。首先使用scrapy爬取知乎网的300w，用户资料，最后使用pandas对数据进行过滤，找出想要的知乎大牛，并用图表的形式可视化。

Hack

justid/InlineAMP - InlineAMP is an AMP ready WordPress theme.

Haskell

dapphub/dapptools - Dapp, Seth, Hevm, and more
jekor/gressgraph - visualize your iptables firewall
github/semantic - Parsing, analyzing, and comparing source code across many languages
digitallyinduced/ihp - 🔥 The fastest way to build type safe web apps. IHP is a new batteries-included web framework optimized for longterm productivity and programmer happiness
iostreamer-X/FuncShell - Improve your shell by making it functional through Haskell! (An update to Awkward)
huangz1990/real-world-haskell-cn - 《Real World Haskell》中文翻译项目

Inno Setup

mentebinaria/retoolkit - Reverse Engineer's Toolkit

Java

passer-W/FinalShell-Decoder - FinallShell 密码解密GUI工具
codewatchorg/Burp-UserAgent - Automatically modify the User-Agent header in all Burp requests
0x727/BypassPro - 对权限绕过自动化bypass的burpsuite插件
aress31/burpgpt - A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
Roboterh/JNDI-injector -
d3mondev/burp-vps-proxy - This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.
dqzg12300/MikRom - ROM逆向工具
nu1r/JNDIExploit -
LaurieWired/JADXecute - JADX-gui scripting plugin for dynamic decompiler manipulation
1150037361/SpringScan - 一个扫描Spring的常见敏感目录的burp suite插件
base64linqi/COPXposed - 基于Xposed的Android App隐私合规检测辅助工具
webraybtl/ysoserialbtl - 基于ysoserial扩展命令执行结果回显，生成冰蝎内存马
asmjmp0/AndroidRunnableJadx - run java method of Android in Jadx without Android device.
sityck/RedosScanTool - Redos漏洞代码扫描器（基于RegexStaticAnalysis）
NicolaasWeideman/RegexStaticAnalysis - A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.
davinci1012/pinduoduo_backdoor_unpacker - Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo
WithSecureLabs/drozer-agent - The Android Agent for the Mercury Security Assessment Framework.
Yogehi/drozer-agent_ken - Slightly modified version of the Drozer Agent application.
KrystianLi/ExchangeOWA - 一款OutLook信息收集工具
ffffffff0x/burp_nu_te_gen - nuclei模版生成插件
MaskCyberSecurityTeam/BurpHttpHelper - BurpHttpHelper是一款Burpsuite插件，主要用于简化和解决Burpsuite对Http的一些操作.
White-hua/Apt_t00ls - 高危漏洞利用工具
itwanger/toBeBetterJavaer - 一份通俗易懂、风趣幽默的Java学习指南，内容涵盖Java基础、Java并发编程、Java虚拟机、Java企业级开发、Java面试等核心知识点。学Java，就认准二哥的Java进阶之路😄
f0ng/captcha-killer-modified - captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite
Yuuu99/FridaRpcTool - BurpSuite Rpc 算法转发插件
M1k0er/SSRF-SCAN - 一款被动扫描ssrf的burpsuite插件
4ra1n/code-inspector - JavaWeb漏洞审计工具，构建方法调用链并模拟栈帧进行分析
LinWin-Cloud/Setool-Main - (入门不当可能导致入狱) 基于linux的企业级别社会工程学渗透测试、轻量级别Web渗透辅助。内置的钓鱼网站可以获取主要的个人信息账户；网站克隆模块可以把白宫网站给克隆下来；内置的各种Web终端完全可以群体性的攻击和对社会工程学的测试；破坏性脚本和半自动编写勒索信完美辅助了社工等等。使用Java开发，参考了大大小小的企业级别社会工程学案例，定制出的一款适用于企业级别的社工测试和攻击的高级命令行工具
thelostworldFree/Ruoyi-All - 若依后台定时任务一键利用
4ra1n/jar-analyzer - 一个用于分析Jar包的GUI工具，可以用多种方式搜索你想要的信息，自动构建方法调用关系，支持分析Spring框架（A Java GUI Tool for Analyzing Jar）
4ra1n/super-xray - Web漏洞扫描工具XRAY的GUI启动器 (Web Vulnerability Scanner GUI Starter)
loveinsky100/goanno - Auto generate comment for golang/golang自动生成函数注释插件
HHa1ey/TKHunter - 一个基于JavaFX写的一个Hunter资产测绘平台的图形化工具
f0ng/autoDecoder - Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。
corener/JavaPassDump - JavaPassDump
z2p/sweetPotato - 基于burpsuite的资产分析工具
ax1sX/SpringSecurity - A list for Spring Security
safe6Sec/ShiroAndFastJson - shiro加fastjson环境
whwlsfb/SpringSpider - Spring Actuator端点的BurpSuite被动扫描插件。
NewBeginning6/Subdir-vul-find -
WhiteHSBG/JNDIExploit - 对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
0xrumble/BytecodeScreen -
safe6Sec/MemoryShell - 内存马学习
Zhuoyuan1/navicat_password_decrypt - 忘记navicat密码时,此工具可以帮您查看密码
pandening/Java-debug-tool - Java dynamic debug tool
cckuailong/JNDI-Injection-Exploit-Plus - 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
burpheart/CVE-2022-39197-patch - CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.
Lonely-night/fastjsonVul - fastjson 80 远程代码执行漏洞复现
kyxiaxiang/CrackSleeve4.7 -
smxiazi/xia_Liao - xia Liao（瞎料）burp插件用于Windows在线进程/杀软识别与 web渗透注册时，快速生成需要的资料用来填写，资料包含：姓名、手机号、身份证、统一社会信用代码、组织机构代码、银行卡，以及各类web语言的hello world输出和生成弱口令字典等。
R17a-17/JavaVulnSummary - Java漏洞分析汇合
xyy-ws/NoAgent-memshell-scanner -
veo/wsMemShell - WebSocket 内存马/Webshell，一种新型内存马/WebShell技术
kezibei/yongyou_nc_poc -
keven1z/DHook - DHook是一个支持动态debug，动态修改java程序的web应用.
safe6Sec/proxyServer - 本项目其实就是个简单的代理服务器，把代理池集成进来来了。
F6JO/RouteVulScan - Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
achuna33/MYExploit - OAExploit一款基于产品的一键扫描工具。
su18/ysoserial - ysoserial for su18
BeichenDream/PostConfluence - 哥斯拉Confluence后渗透插件 MakeToken SearchPage ListAllUser AddAdminUser ListAllPage ........
RASSec/BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL -
Weik1/Artillery - JAVA 插件化漏洞扫描器，Gui基于javafx。POC 目前集成 Weblogic、Tomcat、Shiro、Spring等。
javahongxi/whatsmars - Java生态研究(Spring Boot + Redis + Dubbo + RocketMQ + Elasticsearch)🔥🔥🔥🔥🔥
kezibei/fastjson_payload -
tauh33dkhan/fastjson-1.2.80-test-lab -
fade03/EZ-JNDI - 一键启动JNDI测试/利用环境。
HenryFBP/JNDI-Exploit-Server - JNDI Exploit Server
winnpixie/log4noshell - Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."
topicusonderwijs/naming-kubernetes - Java naming context (JNDI) for WildFly using Kubernetes as backend.
0xJDow/rogue-rmi-server - Rogue RMI Registry PoC for https://www.veracode.com/blog/research/exploiting-jndi-injections-java. All credit to artsploit.
Bl0omZ/JNDIEXP - JDNI在java高版本的利用工具,FUZZ利用链
Like0x/0xagent - CobaltStrike 4.0 - 4.5 Patch
elkokc/reflector - Burp plugin able to find reflected XSS on page in real-time while browsing on site
jweny/shiro-cve-2020-17523 - shiro-cve-2020-17523 漏洞的两种绕过姿势分析以及配套的漏洞环境
ce-automne/TomcatMemShell - 拿来即用的Tomcat7/8/9/10版本Listener/Filter/Servlet内存马，支持注入CMD内存马和冰蝎内存马
ballcat-projects/ballcat - 😸一个快速开发脚手架，快速搭建企业级后台管理系统，并提供多种便捷starter进行功能扩展。主要功能包括前后台用户分离，菜单权限，数据权限，定时任务，访问日志，操作日志，异常日志，统一异常处理，XSS过滤，SQL防注入，国际化等多种功能
metaStor/SpringScan - SpringScan 漏洞检测 Burp插件
pnpninja/nsetools - A Java Implementation of nse-tools package in Python
wh1t3p1g/tabby-path-finder - A neo4j procedure for tabby
ca3tie1/CrackSleeve - 破解CS4.0
KeenSecurityLab/BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
doocs/jvm - 🤗 JVM 底层原理最全知识总结
alibaba/DataX - DataX是阿里云DataWorks数据集成的开源版本。
ChrisM09/KNX-Bus-Dump - A tool to listen on a KNX bus via TPUART and the Calimero Project suite and to dump the data from the packets into a Wireshark-Compatible file hex dump.
billyJoePiano/TenaPull - TenaPull is a configurable Java application which fetches and processes the data from one or more Nessus APIs, and converts it into JSON ouputs that are usable by Splunk
Y4er/ysoserial - ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。
Adrninistrator/java-all-call-graph - Generate all call graph for Java Code.
jorgectf/spring-cloud-function-spel -
lz520520/tabby - A CAT called tabby ( Code Analysis Tool )
smxiazi/xia_sql - xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。
RASSec/BurpFastJsonScan - 一款基于BurpSuite的被动式FastJson检测插件
33time/captcha-killer-5h6m - 原插件在新版本burpsuite无法使用，对插件jdk版本进行升级，引用jdk8、base64包
projectdiscovery/nuclei-burp-plugin - Nuclei plugin for BurpSuite
tangxiaofeng7/Spring-Cloud-Function-Spel - Spring Cloud Function Spel命令执行漏洞
xxDark/JavaShellcodeInjector - Java utility that allows to inject shell code and execute it
czz1233/GBByPass - 冰蝎哥斯拉 WebShell bypass
Endava/cats - CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing
lovechoudoufu/GoogleCSAgent_cdf - CSAgent 与 GoogleAuth 的缝合体，cobalt strike4.4版本的破解+otp动态口令的agent
SummerSec/AgentInjectTool - 改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能
nsacyber/GRASSMARLIN - Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber
BeichenDream/InjectJDBC - 注入JVM进程动态获取目标进程连接的数据库
Y4tacker/JavaSec - a rep for documenting my study, may be from 0 to 0.1
ultimate-pa/ultimate - The Ultimate program analysis framework.
whwlsfb/JDumpSpider - HeapDump敏感信息提取工具
Retsamer/java_vuln_code - 基于SpringBoot编写的常见Web漏洞安全开发学习平台
alibaba/cobar - a proxy for sharding databases and tables
SummerSec/SPATool - 静态程序分析工具主要生成方法的CFG和.java文件的AST
pen4uin/awesome-java-security - Java Security ☞ Vulnerability Research
rajasoun/log4j-zero-day-exploit - Log4j Zero-Day Exploit
bitterzzZZ/CVE-2021-43297-POC - CVE-2021-43297 POC，Apache Dubbo<= 2.7.13时可以实现RCE
theonedev/onedev - Self-hosted Git Server with CI/CD and Kanban
mtxiaowangzi/CAFJE - 又一个Java Web代码审计工具
nottyjay/Ruoyi-Vue-Mybatis-plus -
woodpecker-appstore/springboot-vuldb -
f0ng/poc2jar - Java编写，Python作为辅助依赖的漏洞验证、利用工具，添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块，加快测试效率
Peithon/JustC2file - Burp插件，Malleable C2 Profiles生成器；可以通过Burp代理选中请求，生成Cobalt Strike的profile文件(CSprofile)
kezibei/Urldns -
sunilpaulmathew/NFSManager - The source code of NFS Manager: An application to control NFS Injector
jboss-javassist/javassist - Java bytecode engineering toolkit
981011512/-- - 停车场系统源码，新能源充电桩系统，停车场小程序，智能停车，Parking system，【功能介绍】：①兼容市面上主流的多家相机，理论上兼容所有硬件，可灵活扩展，②相机识别后数据自动上传到云端并记录，校验相机唯一id和硬件序列号，防止非法数据录入，③用户手机查询停车记录详情可自主缴费(支持微信，支付宝，银行接口支付，支持每个停车场指定不同的商户进行收款)，支付后出场在免费时间内会自动抬杆。④支持a
opengoofy/hippo4j - 📌 强大的动态线程池框架，附带监控报警功能。支持 JDK、Tomcat、Jetty、Undertow 线程池；Dubbo、Dubbox、Kafka、RabbitMQ、RocketMQ、Hystrix 消费线程池（更多框架线程池还在适配中）。内置两种使用模式：轻量级依赖配置中心以及无中间件依赖版本。
LeadroyaL/dex-finder - 快速寻找一个类所在 dex 的小工具
exp1orer/JNDI-Inject-Exploit - 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
evi1hack/LandrayExploit - 蓝凌OA漏洞利用工具/前台无条件RCE/文件写入
pmiaowu/RMITest - 就是一个练习RMI反序列化的最简单环境
Acmesec/Sylas - 新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool
bit4woo/Fiora - Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。
Jesse505/PrivacyMonitorAndroid - Android 隐私合规检测方案，基于ASM编译期插桩，将隐私api调用的堆栈信息保存到本地Excel文件中
simplepeng/HeGuiChecker - 🔥🔥🔥 基于Hook方案的合规化检测器
LGH1996/ADGO - TapClick，一款居于Android无障碍服务的自动化点击工具，可用于自动跳过广告，自定关闭弹窗，以及其他的一些自动点击操作，最新版下载地址：https://www.coolapk.com/apk/com.lgh.advertising.going
six2dez/wahh_extras - The Web Application Hacker's Handbook - Extra Content
whwlsfb/Log4j2Scan - Log4j2 RCE Passive Scanner plugin for BurpSuite
Ovi3/010Editor-Template - 010Editor Templates
Firebasky/Java - 关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
f0ng/log4j2burpscanner - CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
cryptomator/cryptomator - Multi-platform transparent client-side encryption of your files in the cloud
r00tSe7en/JNDIMonitor - 一个LDAP请求监听器，摆脱dnslog平台
twseptian/spring-boot-log4j-cve-2021-44228-docker-lab - Spring Boot Log4j - CVE-2021-44228 Docker Lab
Contrast-Security-OSS/safelog4j - Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
theque5t/Detect4j - Runnable jar that detects if a specific class(es) is in use within existing JVMs
lz2y/yaml-payload-for-ruoyi - A memory shell for ruoyi
madCdan/JndiLookup - Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
christophetd/log4shell-vulnerable-app - Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
back2root/log4shell-rex - PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
Cybereason/Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
nccgroup/log4j-jndi-be-gone - A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.
javaweb-sec/javaweb-sec -
woodpecker-appstore/log4j-payload-generator - Log4j jndi injects the Payload generator
CodeShield-Security/Log4JShell-Bytecode-Detector - Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
javasec/log4j-patch - log4j-patch 修改字节码实现补丁防御
qingtengyun/cve-2021-44228-qingteng-online-patch - Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
Puliczek/CVE-2021-44228-PoC-log4j-bypass-words - 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
welk1n/JNDI-Injection-Bypass - Some payloads of JNDI Injection in JDK 1.8.0_191+
numanturle/Log4jNuclei - Log4j for nuclei
code-scan/log4j-rce-demo - log4j rce测试项目
l4yn3/micro_service_seclab - Java漏洞靶场
bkfish/yaml-payload-for-Win - 用于windows反弹shell的yaml-payload
Barro/java-afl - Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.
xiaoliangli1128/SpringBootFinder - Springboot detection
ax/burp-logs - Logs is a Burp Suite extension to work with log files.
p0desta/AutoBypass403-BurpSuite - 一个自动化bypass 403/auth的Burpsuite插件
skylot/jadx - Dex to Java decompiler
dyc87112/SpringBoot-Learning - 《Spring Boot基础教程》，2.x版本持续连载中！点击下方链接直达教程目录！
OneSourceCat/YonyouNC-EXP - YonyouNC RCE
gzu-liyujiang/Android_CN_OAID - 安卓设备唯一标识解决方案，可替代移动安全联盟统一 SDK 闭源方案。包括国内手机厂商的开放匿名标识（OAID）、海外手机平台的安卓广告标识（AAID），另外也提供了 IMEI/MEID、AndroidID、WidevineID、PseudoID、GUID 等常见的设备标识的获取方法。
jas502n/FinalShellDecodePass - FinalShellDecodePass 加密解密
SummerSec/ShiroAttack2 - shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
puhaiyang/easyHttpProxy - support http/https proxy.类似于finddler,由java编写，代码简单便于理解。支持http/https代理！
w568w/XposedChecker - [Deprecated] Check whether your xposed has been enabled.
ElivenLZY/AndroidSafeCheck - APP过等保要用到的安全检测，支持调试检测/签名校验/Root检测/网络代理检测等，功能高度灵活可定制。
depycode/fastjson-local-echo - 基于dbcp的fastjson rce 回显
API-Security/APIKit - APIKit：Discovery, Scan and Audit APIs Toolkit All In One.
smxiazi/NEW_xp_CAPTCHA - xp_CAPTCHA(瞎跑白嫖版) burp 验证码识别 burp插件
ssssssss-team/spider-flow - 新一代爬虫平台，以图形化方式定义爬虫流程，不写代码即可完成爬虫。
potats0/CasExp - Apereo CAS exploit tool
ixrjog/opscloud4 - 云上运维
artsploit/yaml-payload - A tiny project for generating SnakeYAML deserialization payloads
hamibot/hamibot - 安卓平台自动化工具，无需 root。
OakChen/ApkShelling - 脱Apk使用360加固、梆梆加固、腾讯乐固、百度加固免费版加的壳
ftmtshuashua/AndroidMonitor - Android监控器（Activity异常destroy , 隐私政策合规）
yanerchuang/PrivacyPolicyComplianceCheck - Android 隐私政策合规检查方案
gh0stkey/CaA - CaA - BurpSuite Collector and Analyzer
fa1c0n1/rmi-attack-demo - 在学习Java反序列化漏洞的过程中，用来理解Java RMI程序的执行流程，演示如何攻击Java RMI程序的几个示例。
CodeShield-Security/SPDS - Efficient and Precise Pointer-Tracking Data-Flow Framework
BeichenDream/Chunk-Proxy -
tkmru/lazyCSRF - A more useful CSRF PoC generator on Burp Suite
0x727/SpringBootExploit - 项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
pmiaowu/HostCollision - 用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
yetingli/ReDoSHunter - ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
ChenJunsen/Hegui3.0 - 工信部合规检测Xposed模块源码
jas502n/spring-ENC - sprint encode (plan text) get enc password
Netflix/EVCache - A distributed in-memory data store for the cloud
NeoTheCapt/PowerScanner - 面向HW的红队半自动扫描器
weweibuy/weweibuy-framework - 基于Springboot 封装的基础组件, 包括: Http请求响应日志,日志脱敏,APM, 加解密,签名(AES,BCrypt,RSA,JWT),数据库脱敏,报文脱敏,下滑线风格URL传参,统一异常处理,feign mock,feign日志,feign报文风格转换,跨应用异常上抛,自动补偿组件,幂等组件,RocketMq客户端
shwenzhang/AndResGuard - proguard resource for Android by wechat team
lqs1848/AllatoriCrack - 破解 Java 混淆工具 Allatori
jmockit/jmockit1 - Advanced Java library for integration testing, mocking, faking, and code coverage
durkworf/spring-boot-webshell -
sec-it/BFAC-Burp-Extension - Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
ethushiroha/JavaAgentTools - 用Java agent实现内存马等功能
su18/JDBC-Attack - JDBC Connection URL Attack
gfbjngjibn/JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
yhy0/ExpDemo-JavaFX - 图形化漏洞利用Demo-JavaFX版
LeadroyaL/drozer-agent - The Android Agent for the Mercury Security Assessment Framework.
makeloveandroid/XpRoot - 描述
CTF-MissFeng/Ecloud - Ecloud是一款基于http/1.1协议传输TCP流量工具，适用于内网不出网时通过web代理脚本转发tcp流量
Static-Flow/RepeaterSearch - This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.
rbmonster/learning-note - Java开发及面试（个人面试、工作总结、资料收集站）
shrinkwrap/resolver - ShrinkWrap Resolvers
PortSwigger/php-object-injection-check - PHP Unserialize Check - Burp Scanner Extension
dipjyotimetia/HybridTestFramework - End to End testing of Web, API, Cloud, Events and Security
j3ers3/Hello-Java-Sec - ☕️ Java Security，安全编码和代码审计
hengyunabc/dumpclass - Dump classes from running JVM process.
karma9874/AndroRAT - A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
sqlancer/sqlancer - Automated testing to find logic bugs in database systems
jsnjfz/WebStack-Guns - 一个开源的网址导航网站项目，后台基于Guns和Springboot
songxiaomo1997/ScanStation - 一个可以自定规则的动扫描器,支持主动和被动扫描
StringCare/AndroidLibrary - Android library to reveal or obfuscate strings and assets at runtime
SasanLabs/owasp-zap-fileupload-addon - OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
jenkinsci/contrast-continuous-application-security-plugin - Jenkins Plugin from Contrast Security
gdgd009xcd/AutoMacroBuilderForZAP - A OWASP ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such
jenkinsci/fortify-plugin - Fortify Jenkins plugin
openraven/magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
pt-tools/rmi_bypass_jep290 -
trung/InMemoryJavaCompiler - Utility class to compile java source code in memory
rufherg/WebLogic_Basic_Poc - 用于WebLogic poc及exp测试的基础脚本，后续将集成各版本poc库
raphw/byte-buddy - Runtime code generation for the Java virtual machine.
cgddgc/secheguicheck - 工信部APP个人隐私信息安全合规检测
neykov/extract-tls-secrets - Decrypt HTTPS/TLS connections on the fly with Wireshark
grpc/grpc-java - The Java gRPC implementation. HTTP/2 based RPC
spotbugs/sonar-findbugs - SpotBugs plugin for SonarQube
woodpecker-appstore/xmldecoder-payload-generator - Java XMLDecoder payload generator
sepinf-inc/IPED - IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by p
cmu-sei/kaiju - CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- please file tickets, bug reports, or pull requests at the upstre
Mr-xn/RedTeam_BlueTeam_HW - 红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具
doocs/source-code-hunter - 😱 从源码层面，剖析挖掘互联网行业主流技术的底层实现原理，为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶，Mybatis、Netty、Dubbo 框架，及 Redis、Tomcat 中间件等
zifeihan/friday - java runtime decompiler (java实时反编译工具)
qtc-de/beanshooter - JMX enumeration and attacking tool.
chefyuan/algorithm-base - 一位酷爱做饭的程序员，立志用动画将算法说的通俗易懂。我的面试网站 www.chengxuchu.com
Lotus6/ThinkphpGUI - Thinkphp(GUI)漏洞利用工具，支持各版本TP漏洞检测，命令执行，getshell。
LSPosed/LSPosed - LSPosed Framework
ggg4566/BurpBountyPlus - BurpBounty 魔改版本
fit2cloud/riskscanner - RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。
Dor-Tumarkin/CVE-2021-25641-Proof-of-Concept - Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets
JunGe-Y/JustTrustMePP -
su18/MemoryShell - JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
22CB7139/openfire_shells - 后台插件getshell
dushitaoyuan/javaweb_security_handle - web常见漏洞处理,xss,sql注入,跨域,文件上传,接口暴力,限流实现
mprunet/burp-scripting -
duckstroms/xss-reflector - XSS reflector vulnerabilities exploitation extended.
5wimming/gadgetinspector - 利用链、漏洞检测工具
fynch3r/Gadgets - Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
didi/KnowStreaming - 一站式云原生实时流数据平台，通过0侵入、插件化构建企业级Kafka服务，极大降低操作、存储和管理实时流数据门槛
bitterzzZZ/MemoryShellLearn - 分享几个直接可用的内存马，记录一下学习过程中看过的文章
woodpecker-framework/ysoserial-for-woodpecker - 给woodpecker框架量身定制的ysoserial
wgpsec/fofa_viewer - A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
jweny/MemShellDemo - 内存马Demo合集 memshell demo for java / php / python
MobSF/mobsfscan - mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r
woodpecker-appstore/rmi-deserialization-vuldb - Java RMI反序列化漏洞插件
Hakky54/mutual-tls-ssl - 🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are
xxux11/http-methods-discloser -
durkworf/BCELconvert - bcel转码
synacktiv/HopLa - HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
wh1t3p1g/tabby - A CAT called tabby ( Code Analysis Tool )
Ramos-dev/graph4code - 超硬核！使用图数据技术发现软件漏洞
java-deobfuscator/deobfuscator-gui - An awesome GUI for an awesome deobfuscator
raise-isayan/FakeCert - Burp suite Certificate modification tool
bailsong/BurpDecoder - This is a Burpsuite Extension that will be able to Auto-Decode intercepted request message by PROXY TOOL before the message was shown in PROXY Panel ,and Auto-Encode request message after it forwarde
Ebryx/SRePlay - Burpsuite Plugin to bypass strict RePlay protection
LSPosed/AndroidHiddenApiBypass - LSPass: Bypass restrictions on non-SDK interfaces
ThexXTURBOXx/bytecode-viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Y4er/yaml-payload - Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg
LandGrey/spring-boot-upload-file-lead-to-rce-tricks - spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
1n7erface/sendMail - 批量发送钓鱼邮箱
bwcxljsm/Fofa-collect - Fofa采集工具
safeYYY/easyHook - 直接指定hook目标，无需重新编写hook代码
HXSecurity/DongTai-agent-java - Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
keven1z/weblogic_memshell - 适用于weblogic和Tomcat的无文件的内存马(memshell)
rebeyond/memShell - a webshell resides in the memory of java web server
threedr3am/ZhouYu - （周瑜）Java - SpringBoot 持久化 WebShell 学习demo（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
tlamb96/kgb_messenger - An Android CTF practice challenge
espduino/Hegui2.0 - 检测用户在同意授权前是否有获取隐私信息的Xposed插件
jas502n/Burp_AES_Plugin - Burpsuite Plugin For AES Crack
wfh45678/radar - 实时风控引擎(Risk Engine)，自定义规则引擎（Rule Script），完美支持中文，适用于反欺诈(Anti-fraud)应用场景，开箱即用！！！移动互联网时代的风险管理利器，你 Get 到了吗？
vran-dev/PrettyZoo - 😉 Pretty nice Zookeeper GUI, Support Win / Mac / Linux Platform
AntSwordProject/AwesomeScript - AntSword Shell 脚本分享/示例
xinyu2428/TDOA_RCE - 通达OA综合利用工具
doyensec/ajpfuzzer - A command-line fuzzer for the Apache JServ Protocol (ajp13)
OneSourceCat/BcelPayloadGenerator - A fastjson payload generator
GraxCode/JByteMod-Beta - Java bytecode editor
LandGrey/copagent - java memory web shell extracting tool
jas502n/BurpSuiteAutoCompletion - This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
sanfengAndroid/FakeXposed - Hide xposed, root, file redirection, etc.
bit4woo/domain_hunter_pro - domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等
dunwu/java-tutorial - :coffee: 老司机在 Java 技术领域的十年积累。
Meshall/flutter_fp -
CyberScions/Digitalbank - Android Digital Bank Vulnerable Mobile App
qtc-de/remote-method-guesser - Java RMI Vulnerability Scanner
elki-project/elki - ELKI Data Mining Toolkit
baidu-security/openrasp-testcases - OpenRASP 漏洞测试环境
mdsecresearch/BurpSuiteSharpener -
0Chencc/DaE - CTFCrackTools 's BurpSuite Plugin - Decode and Encode
ffffffff0x/BerylEnigma - ffffffff0x team toolset for penetration testing, cryptography research, CTF and daily use. | ffffffff0x 团队工具集，用来进行渗透测试，密码学研究，CTF和日常使用。
Josue87/BurpMetaFinder - Burp Suite extension for extracting metadata from files
gdgd009xcd/AutoMacroBuilder - A BurpSuite Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as s
jcasbin/shiro-casbin - Apache Shiro's authorization middleware based on Casbin
TheKingOfDuck/Loki - 一个轻量级Web蜜罐 - A Little Web Honeypot.🍯🍯🍯🐝🐝🐝
wizos/loread - RSS Android client，support Inoreader, Feedly, TinyTinyRSS, Fever。
SecureSkyTechnology/burpextender-proxyhistory-webui - Burp Extender : Proxy History viewer in Web UI
nscuro/bradamsa-ng - Burp Suite extension for Radamsa-powered fuzzing with Intruder
hvqzao/burp-wildcard - Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
BitTheByte/BitTraversal - Burpsuite Plugin to detect Directory Traversal vulnerabilities
raise-isayan/ViewStateDecoder - Burpsuite extension. Supports ASP.NET ViewStateDecoder
simioni87/auth_analyzer - Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
wagiro/BurpBounty - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through
Ppsoft1991/CodeReviewTools - 通过正则搜索、批量反编译特定Jar包中的class名称
aau-network-security/HosTaGe - Low Interaction Mobile Honeypot
TimelineSec/ATTCK-Tools-library - TimelineSec ATT&CK 工具库
SecUSo/privacy-friendly-pedometer - Privacy Friendly App that counts your steps on Android devices.
JackyTsuuuy/UnicodeDecoder4burp - burpsuite Unicode解码插件
superblaubeere27/obfuscator - A java obfuscator (GUI)
ethicalhackingplayground/ssrf-king - SSRF plugin for burp Automates SSRF Detection in all of the Request
CoreyD97/BurpCustomizer - Because just a dark theme wasn't enough!
bytebutcher/burp-send-to - Adds a customizable "Send to..."-context-menu to your BurpSuite.
SafeGroceryStore/MDUT - MDUT - Multiple Database Utilization Tools
hs-vae/java-load - 记录自己从零开始学习Java SE的道路
TheKingOfDuck/burpJsEncrypter - More Easier Burp Extension To Solve Javascript Front End Encryption,一款更易使用的解决前端加密问题的Burp插件。
t0thkr1s/allsafe - Intentionally vulnerable Android application.
zhutougg/LandrayDES - 蓝凌OA的前后台密码的加解密工具
winezer0/burp-wildcard-plus - burpsuite wildcard 插件维护分支
winezer0/passive-scan-client-plus - burpsuite passive-scan-client 插件维护分支
pmiaowu/BurpFastJsonScan - 一款基于BurpSuite的被动式FastJson检测插件
jas502n/OpenFire_Decrypt - OpenFire 管理后台账号密码解密
pimps/ysoserial-modified - That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
jas502n/CVE-2020-26259 - CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
lwierzbicki/RegexFinder - RegexFinder - Burp Suite extension to passively scan responses for occurrence of regular expression patterns.
aress31/swurg - Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
augustd/burp-suite-utils - Utilities for creating Burp Suite Extensions.
pimps/JNDI-Exploit-Kit - JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vuln
dschadow/JavaSecurity - Java web and command line applications demonstrating various security topics
w296488320/XposedAppium - 基于Xposed自动化框架
w296488320/XposedOkHttpCat -
WindySha/Xpatch - 免Root实现app加载Xposed插件工具。This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.
framgia/android-emulator-detector - Easy to detect android emulator
jas502n/publiccms_decrypt - publiccms_decrypt
lenve/javaboy-code-samples - 公众号【江南一点雨】文章案例汇总，技术文章请戳这里----->
yongyecc/dexshellerInMemory - android APK一键DEX加固脚本(内存加载DEX)
xkzhangsan/xk-time - xk-time 是时间转换，时间计算，时间格式化，时间解析，日历，时间cron表达式和时间NLP等的工具，使用Java8（JSR-310），线程安全，简单易用，多达70几种常用日期格式化模板，支持Java8时间类和Date，轻量级，无第三方依赖。
PortSwigger/freddy-deserialization-bug-finder -
Leoid/Burp2Slack - Push notifications to Slack channel or to custom server based on BurpSuite response conditions.
theLSA/burp-info-extractor - burpsuite extension for extract information from data
SasanLabs/VulnerableApp - OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
yangchong211/YCAndroidTool - 用于项目测试，崩溃重启操作，崩溃记录日志【可以查看，分享】和重启【多种重启app方式】；网路拦截查看的工具小助手，拦截请求和响应数据，统计接口请求次数，流量消耗，以及统计网络链接/dns解析/request请求/respond响应等时间。提高开发效率……
pkilller/super-jadx - Add new features for reverse engineering, such as: renaming of classes, fields, methods, variables, reference graphs and more.
AutohomeCorp/frostmourne - Frostmourne（霜之哀伤监控平台）是基于Elasticsearch, Prometheus, SkyWalking, InfluxDB，Mysql/TiDB，ClickHouse, SqlServer, IoTDB数据的分布式监控报警系统. Monitor & alert & alarm for Elasticsearch，Prometheus data。主要使用springboot2 +
gdelmas/IntelliJDashPlugin - A smart and simple plugin that provides keyboard shortcut access for Dash, Velocity or Zeal in IntelliJ IDEA, RubyMine, WebStorm, PhpStorm, PyCharm and Android Studio.
rewanthtammana/Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
jeremylong/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Freakboy/jgraphx - jgraphx 4.0.4 build for cs project
monkeyWie/proxyee - HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
geekxh/hello-algorithm - 🌍 针对小白的算法训练 | 包括四部分：①.大厂面经 ②.力扣图解 ③.千本开源电子书 ④.百张技术思维导图（项目花了上百小时，希望可以点 star 支持，🌹感谢~）点击下方网站，马上开始刷题！
xiaoxiaoleo/BurpSuite-Exclude-From-Scope -
L-JINBIN/ApkSignatureKiller - 一键破解APK签名校验
OneSourceCat/XxlJob-Hessian-RCE - XxlJob<=2.1.2配置不当情况下反序列化RCE
it-gorillaz/lnk2pwn - Malicious Shortcut(.lnk) Generator
Nicky213Zhang/WeChatAssist - 一款基于Android AccessibilityService（辅助服务）的自动操作微信的app，实现的功能有，附近的人自动打招呼，通讯录自动发消息，自动加好友，自动点赞评论，自定发漂流瓶，自动加群好友，自动推广公众号等等，同时，使用hook模块进行了微信的模拟定位，附近的人位置随意切换。
xiaoxiaoleo/Burp-Auto-Do-Intercept - Burp Suite Extender can auto intercept response for specify URL.
EXALAB/AnLinux-App - AnLinux allow you to run Linux on Android without root access.
doyensec/burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
luoyesiqiu/DexRepair - Android dex文件修复程序
bit4woo/burp-api-drops - burp插件开发指南
rohanpadhye/JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
hakistan/Lokiboard-Mod - Just Mod Version of lokiboard with remote reporting via Gmail
moloch--/burp-multiplayer - Burp with Friends
c0ny1/java-memshell-scanner - 通过jsp脚本扫描java web Filter/Servlet型内存马
DependencyTrack/dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
motikan2010/CVE-2020-5398 - CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
momosecurity/momo-code-sec-inspector-java - IDEA静态代码安全审计及漏洞一键修复插件
Ramos-dev/OSSTunnel - 基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具
noidsirius/SootTutorial - A step-by-step tutorial for Soot (a Java static analysis framework)
f1tz/BCELCodeman - BCEL encode/decode manager for fastjson payloads
redtimmy/Richsploit - Exploitation toolkit for RichFaces
J0hnWalker/MysqlMonitor - Mysql 语句执行记录监控
0x10f2c/Mini-Android-Challenges - A small Android CTF challenge
MountCloud/BehinderClientSource - ❄️冰蝎客户端源码-V4.0.6🔞
Y4er/CVE-2020-2551 - Weblogic IIOP CVE-2020-2551
waderwu/attackRmi - attackRmi
ydnzol/memshell - Tomcat 冰蝎内存马。
woodpecker-appstore/BCELConverter - BCEL class转换插件
Daybr4ak/ShiroScan - burp插件 ShiroScan 主要用于框架、无dnslog key检测
Conanjun/passive-scan-client-and-sendto - burp被动扫描自动转发和手动重发插件
LuD1161/HackingSimplified - This is where I share code/material shown in my videos
veracode-research/spring-view-manipulation - When MVC magic turns black
z1Ro0/tomcat_nofile_webshell - Tomcat基于动态注册Filter的无文件Webshell
Maskhe/FastjsonScan - 一个简单的Fastjson反序列化检测burp插件
zhisheng17/flink-learning - flink learning blog. http://www.54tianzhisheng.cn/ 含 Flink 入门、概念、原理、实战、性能调优、源码解析等内容。涉及 Flink Connector、Metrics、Library、DataStream API、Table API & SQL 等内容的学习案例，还有 Flink 落地应用的大型项目案例（PVUV、日志存储、百亿数据实时去重、
Y4er/fastjson-bypass-autotype-1.2.68 - fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
nutzam/nutz - Nutz -- Web Framework(Mvc/Ioc/Aop/Dao/Json) for ALL Java developer
ozzi-/JWT4B - JWT Support for Burp
LuckyC4t/shiro-urldns - shiro反序列化检测(只是个玩具23333)
0x141/ShiroRce-Burp -
wultra/powerauth-push-server - PowerAuth Push Server repository
xhycccc/Struts2-Vuln-Demo - Struts2漏洞实例源码
Y4er/WebLogic-Shiro-shell - WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
leibnitz27/cfr - This is the public repository for the CFR Java decompiler
alibaba/jvm-sandbox - Real - time non-invasive AOP framework container based on JVM
5up3rc/weblogic_cmd - weblogic t3 deserialization rce
longofo/rmi-jndi-ldap-jrmp-jmx-jms - rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
Afant1/RemoteObjectInvocationHandler - bypass JEP290 RaspHook code
Y4er/CVE-2020-2555 - Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
cdaller/security_taint_propagation - Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.
javaparser/javaparser - Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13
JackOfMostTrades/gadgetinspector - A byte code analyzer for finding deserialization gadget chains in Java applications
0Kee-Team/JavaProbe - A Java runtime information-gathering tool which uses the Java Attach API for information acquisition
soot-oss/soot - Soot - A Java optimization framework
GraxCode/cafecompare - Java code comparison tool (jar / class)
threedr3am/fastjson-blacklist - 打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
Ramos-dev/R9000 -
threedr3am/log-agent - 利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
feihong-cs/Java-Rce-Echo - Java RCE 回显测试代码
topjohnwu/libsu - A complete solution for apps using root permissions
fluency03/leetcode-java - 🎓🎓🎓 Leetcode solution in Java - 536/921 Solved. https://leetcode.com/problemset/all/
0nise/burp-fofa - 基于BurpSuite的一款FOFA Pro 插件
potats0/cve_2020_14644 -
oversecured/ovaa - Oversecured Vulnerable Android App
L-codes/Neo-reGeorg - Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
metersphere/metersphere - MeterSphere 是一站式开源持续测试平台，覆盖测试管理、接口测试、UI 测试和性能测试等。搞测试，就选 MeterSphere！
pyn3rd/Apache-Tomcat-Redis-Remote-Code-Execution - Apache-Tomcat-Redis-Remote-Code-Execution
Wh0ale/CAS_Execution_decode - Apereo CAS payload AES解密
iqiyi/Lens - 功能简介：一种开发帮助产品研发的效率工具。主要提供了：页面分析、任务分析、网络分析、DataDump、自定义hook 、Data Explorer 等功能。以帮助开发、测试、UI 等同学更便捷的排查和定位问题，提升开发效率。
pmiaowu/BurpShiroPassiveScan - 一款基于BurpSuite的被动式shiro检测插件
momosecurity/oxpecker - oxpecker是一款用于从IDE提取开发项目仓库地址、当前分支、三方组件等信息用于安全分析的JetBrains家族IDE插件。
momosecurity/mosec-maven-plugin - 用于检测maven项目的第三方依赖组件是否存在安全漏洞。
momosecurity/mosec-gradle-plugin - 用于检测gradle项目的第三方依赖组件是否存在安全漏洞。
snyk/snyk-maven-plugin - Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
thatcherclough/BetterBackdoor - A backdoor with a multitude of features.
ThisIsLibra/AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers
pwntester/StaticInitializerPayload -
shuzijun/leetcode-editor - Do Leetcode exercises in IDE, support leetcode.com and leetcode-cn.com, to meet the basic needs of doing exercises.Support theoretically: IntelliJ IDEA PhpStorm WebStorm PyCharm RubyMine AppCode CLion
stevespringett/threatmodel-sdk - A Java library for parsing and programmatically using threat models
potats0/shiroPoc -
fupinglee/ShiroScan - Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)
tangxiaofeng7/Fofa-collect - Fofa平台采集工具
wh1t3p1g/ysoserial - forked from frohoff/ysoserial and added my own payloads.
huanzi-qch/base-admin - Base Admin一套简单通用的后台管理系统，主要功能有：权限管理、菜单管理、用户管理，系统设置、实时日志，实时监控，API加密，以及登录用户修改密码、配置个性菜单等
NickstaDB/SerializationDumper - A tool to dump Java serialization streams in a more human readable form.
Y4er/CVE-2020-14645 - Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
lalajun/RMIDeserialize - RMI 反序列化环境一步步
phith0n/JavaThings - Share Things Related to Java - Java安全漫谈笔记相关内容
langligelang/CAS_EXP - CAS 硬编码远程代码执行漏洞
ztosec/secscan-authcheck - 越权检测工具
NetSPI/JavaSerialKiller - Burp extension to perform Java Deserialization Attacks
fairyming/CVE-2020-9547 - CVE-2020-9547：FasterXML/jackson-databind 远程代码执行漏洞
canyie/pine - Dynamic java method hook framework on ART. Allowing you to change almost all java methods' behavior dynamically.
google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
SycloverSecurity/SCTF2020 - SCTF2020
keycloak/keycloak - Open Source Identity and Access Management For Modern Applications and Services
mogwailabs/rmi-deserialization - Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
Ch1ngg/WebLogicPasswordDecryptorUi - 解密weblogic AES或DES加密方法
jas502n/CVE-2020-5902 - CVE-2020-5902 BIG-IP
Ch0pin/AndroidWebDoor - A minimalistic android backdoor
core-lib/xjar - Spring Boot JAR 安全加密运行工具，支持的原生JAR。
victordiaz/PHONK - PHONK is a coding playground for new and old Android devices
spoofzu/jvmxray - Make Java security events of interest visible for analysis
bage2014/study - 全栈工程师学习笔记；Spring登录、shiro登录、CAS单点登录和Spring boot oauth2单点登录；Spring data cache 缓存，支持Redis和EHcahce; web安全，常见web安全漏洞以及解决思路；常规组件，比如redis、mq等；quartz定时任务，支持持久化数据库，动态维护启动暂停关闭；docker基本用法，常用image镜像使用，Docker-MySQ
TimeAndSpaceIO/CronScheduler - An alternative to ScheduledThreadPoolExecutor proof against the clock drift problem
wh1t3p1g/ysomap - A helpful Java Deserialization exploit framework.
cdk8s/tkey - 以材料最全、示例最多为目标的单点登录系统（SSO）
Ruil1n/after-deserialization-attack - Java After-Deserialization Attack
iamyours/ApkCrack - A tool that make your apk debuggable for Charles/Fiddler in Android 7.0
feix760/WebViewDebugHook - Use Xposed force all webView to debug on android 4.4+
ba0zi/Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
bigsizeme/shiro-check - Shiro反序列化回显利用、内存shell、检查 Burp插件
dineshshetty/FridaLoader - A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices
jpiechowka/burp-security-headers-checker - Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses
salesforce/VulnreportForBurp - Burp Suite extension to enable reporting findings directly to VulnReport
celsogbezerra/Copy-as-JavaScript-Request - Copy as JavaScript Request plugin for Burp Suite
confuciussayuhm/Burp-TCP-and-DNS-Proxy - TCP and DNS Proxy for Burp Suite.
raise-isayan/YaguraExtender - Burpsuite extension. Supports CJK (Chinese, Japanese, Korean) encoding.
bit4woo/burp-api-common - common methods that used by my burp extension projects
ldionmarcil/burp-samesite-reporter - Burp extension that passively reports various SameSite flags
augustd/burp-suite-swaggy - Burp Suite extension for parsing Swagger web service definition files
raise-isayan/BigIPDiscover - It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
madneal/r-forwarder-burp - The burp extension to forward the request
wrvenkat/burp-multistep-csrf-poc - Burp extension to generate multi-step CSRF POC.
augustd/burp-suite-jsonpath - JSONPath extension for BurpSuite
righettod/log-requests-to-sqlite - BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
usdAG/cstc - CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
humblelad/TeaBreak - A productivity burp extension which reminds to take break while you are at work!
cxxsheng/profiler - A tool to trace java method dynamically for android application.
pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution - Apache Tomcat + MongoDB Remote Code Execution
asLody/SandVXposed - Xposed environment without root (OS 5.0 - 10.0)
feihong-cs/JspMaster-Deprecated - 一款基于webshell命令执行功能实现的GUI webshell管理工具，支持流量加密
zsdlove/fortify-license-crack - fortify-license-crack
la0s/JustTrustMe-master - 在JustTrustMe的基础上修改了log日志打印位置，便于追踪hook函数
virjar/DVMUnpacker -
iSafeBlue/fastjson-autotype-bypass-demo - fastjson 1.2.68 版本 autotype bypass
LeadroyaL/fastjson-blacklist -
mpgn/Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
nccgroup/freddy - Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
langgithub/RxAppEncryptionProtocol - frida反特征检测 app协议破解 Frida破解协议 sslping抓包通用逆向破解打印native动态注册函数
0ffffffffh/dragondance - Binary code coverage visualizer plugin for Ghidra
zjkhiyori/hack-root - Android APP get root-level permissions without rooted system
bihe0832/Android-GetAPKInfo - 获取Android应用基本信息的工具集
Wfzsec/FastJson1.2.62-RCE - 来源于jackson-CVE-2020-8840，需要开autotype
veracode-research/rogue-jndi - A malicious LDAP server for JNDI injection attacks
whwlsfb/BurpCrypto - BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
BishopFox/rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
anatolikalysch/roots_a11y - PoC files for the publication 'How Android's UI Security is Undermined by Accessibility'.
threedr3am/JSP-WebShells - Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
langgithub/JustTrustMePlus -
LandGrey/SpringBootVulExploit - SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
threedr3am/tomcat-cluster-session-sync-exp - tomcat使用了自带session同步功能时，不安全的配置（没有使用EncryptInterceptor）导致存在的反序列化漏洞，通过精心构造的数据包，可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484，9484是session持久化的洞，这个是session集群同步的洞！
yudaocode/SpringBoot-Labs - 一个涵盖六个专栏：Spring Boot 2.X、Spring Cloud、Spring Cloud Alibaba、Dubbo、分布式消息队列、分布式事务的仓库。希望胖友小手一抖，右上角来个 Star，感恩 1024
Skactor/behinder_source - Behinder3.0 Beta4 源码（Decompile and Fixed）
Y4er/CVE-2020-2883 - Weblogic coherence.jar RCE
LinShunKang/MyPerf4J - High performance Java APM. Powered by ASM. Try it. Test it. If you feel its better, use it.
GraxCode/threadtear - Multifunctional java deobfuscation tool suite
ElderDrivers/EdXposedManager - Companion Android application for EdXposed
PortSwigger/param-miner -
feihong-cs/ShiroExploit-Deprecated - Shiro550/Shiro721 一键化利用工具，支持多种回显方式
yzddmr6/JspForAntSword - 中国蚁剑JSP一句话Payload
NetsOSS/headless-burp - Automate security tests using Burp Suite.
nccgroup/CollaboratorPlusPlus -
xkcoding/spring-boot-demo - 🚀一个用来深入学习并实战 Spring Boot 的项目。
nccgroup/LoggerPlusPlus - Advanced Burp Suite Logging Extension
google/firing-range -
su18/JNDI - JNDI 注入利用工具
SPuerBRead/Bridge - 无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
rsrdesarrollo/generator-burp-extension - Everything you need about Burp Extension Generation
mr-m0nst3r/Burpy - A plugin that allows you execute python and get return to BurpSuite.
c0ny1/java-object-searcher - java内存对象搜索辅助工具
SonarSource/sonarqube - Continuous Inspection
find-sec-bugs/find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
ffffffff0x/CryptionTool - 一个CTF+渗透测试工具框架,集成常见加解密，密码、编码转换，端口扫描，字符处理等功能
somowhere/albedo - Albedo 是一个Java企业应用开源框架，使用经典技术组合（SpringBoot2.x、MyBatis、Vue），包括核心模块如：组织机构、角色用户、权限授权、数据权限、代码生成、定时任务等。
wuyr/PathLayoutManager - RecyclerView的LayoutManager，轻松实现各种炫酷、特殊效果，再也不怕产品经理为难！
Byron4j/CookBook - 🎉🎉🎉JAVA高级架构师技术栈==任何技能通过 “刻意练习” 都可以达到融会贯通的境界，就像烹饪一样，这里有一份JAVA开发技术手册，只需要增加自己练习的次数。🏃🏃🏃
work-helper/class-decompile-intellij - decompile .class file
AnyListen/tools-ocr - 树洞 OCR 文字识别（一款跨平台的 OCR 小工具）
Zo3i/frpMgr - Frp快速配置面板
threedr3am/gadgetinspector - 一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
threedr3am/FindClassInJars - 个人用于在自动化挖掘gadget时，方便查找gadget chains中class所在jar包，以助于便捷审计测试gadget有效性的那么一个小工具。
jas502n/jackson-CVE-2020-8840 - FasterXML/jackson-databind 远程代码执行漏洞
BishopFox/GadgetProbe - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
threedr3am/learnjavabug - Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
charles2gan/GDA-android-reversing-Tool - the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leakin
TideSec/Decrypt_Weblogic_Password - 搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。
alipay/SoloPi - SoloPi 自动化测试工具
dkhadoop/dk-fitting - Fitting是一个面向大数据的统一的开发框架，由大快搜索主导并完全开源，克服了大数据技术开发涉及技术面广,各组件间缺乏统一规范等问题，能有效降低大数据的学习难度，并提高大数据项目的开发效率并可与开源项目混用。 Fitting遵循Apache2.0开源协议，采用类黑箱框架模式，将大数据生态圈内各组件底层API根据应用组合封装为Fitting API服务。用户编程时直接引用Fitting框架，即可使
Genymobile/gnirehtet - Gnirehtet provides reverse tethering for Android
oracle/opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java
mock-server/mockserver - MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied tra
DayorNight/BLCS - 一款集合多个Android开源库的使用工具，可以展示各个开源库的特性。并简单了解其使用方法。包含[★1.1仿微信功能-字体大小★1.2仿微信功能-存储空间★1.3仿微信功能-多语言★1.4仿微信功能-地区选择★2.BottomNavigationView★3.RecyclerView4.DialogFragment★5.toolbar★6.RxToast★7.转盘小游戏★8.跑马灯/水波纹/标签★
Guardsquare/proguard - ProGuard, Java optimizer and obfuscator
welk1n/JNDI-Injection-Exploit - JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
bastillion-io/Bastillion - Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
wrlu/SecMobile - 移动安全检测平台，支持Android和iOS应用辅助分析。
wrlu/FridaHooker - Android Frida GUI Manager // An advanced version by @icespite :https://github.com/icespite/FridaHooker
tchiotludo/akhq - Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
fntneves/falcon - Falcon: A practical log-based analysis tool for distributed systems
ricardojba/poi-slinger - Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan
iamaldi/rapid - Rapid is a Burp extension that enables you to save HTTP Request & Response data to a single file a lot easier and faster in one go.
c0ny1/burp-cookie-porter - 一个可快速“搬运”cookie的Burp Suite插件
lilifengcode/Burpsuite-Plugins-Usage - Burpsuite-Plugins-Usage
c0ny1/sqlmap4burp-plus-plus - sqlmap4burp++是一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件
c0ny1/passive-scan-client - Burp被动扫描流量转发插件
c0ny1/captcha-killer - burp验证码识别接口调用插件
nelenkov/android-backup-extractor - Android backup extractor
woozoo73/adonistrack - Simple Java profiling tool
wultra/powerauth-cmd-tool - Command-line utility for PowerAuth Reference Client
itemic/rotacsufbo - did u know the name of the repo is obfuscator backwards?
wultra/powerauth-mobile-sdk - PowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).
HTBridge/pivaa - Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
1ultimat3/BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
appsecco/VyAPI - VyAPI - A cloud based vulnerable hybrid Android App
gpengDemo/Estore - Java 语言实现的苹果网上商城，前端模仿苹果爱否商城的页面，后端运用纯 Servlet + JSP +c3p0 数据库连接池以及web 相关技术，实现的基础功能包括前后台、实现展示首页、管理商品页面、商品分类、添加购物车、购买、提交订单、联系客服等，欢迎 star，谢谢！！！
tianshiyeben/wgcloud - Linux运维监控工具，支持系统硬件信息，内存，cpu，温度，磁盘空间及IO，硬盘smart，系统负载，网络流量等监控，服务接口，大屏展示，拓扑图，进程监控，端口监控，docker监控，文件防篡改，日志监控，数据可视化，web ssh，堡垒机，指令下发批量执行，Linux面板(探针)，SNMP，故障告警
boy-hack/wooyun-payload - 从wooyun中提取的payload，以及burp插件
imperva/automatic-api-attack-tool - Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
OWASP/MASTG-Hacking-Playground -
payatu/diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
0nise/shell-plus - 💻Shell Plus 是基于 RMI 的一款服务器管工具，由服务端、注册中心、客户端进行组成。该工具主要用于服务器管理、攻防后门安全测试以及技术研究，禁止用于非法犯罪。
facebook/stetho - Stetho is a debug bridge for Android applications, enabling the powerful Chrome Developer Tools and much more.
android-notes/SwissArmyKnife - android ui调试工具
ernw/AndroTickler - Penetration testing and auditing toolkit for Android apps.
patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
android-hacker/VirtualXposed - A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
google/android-classyshark - Android and Java bytecode viewer
heibaiying/BigData-Notes - 大数据入门指南 :star:
LeadroyaL/java_xxe_2019 - 总结了一下2019年在JVM环境中使用XXE攻击的知识
federicodotta/Brida - The new bridge between Burp Suite and Frida!
guanchao/apk_auto_enforce - APK一键自动化加固脚本
oneWayOut/atlassian-agent - Atlassian's productions crack.
bes2008/sqlhelper - SQL Tools ( Dialect, Pagination, DDL dump, UrlParser, SqlStatementParser, WallFilter, BatchExecutor for Test) based Java. it is easy to integration into any ORM frameworks
c0ny1/FastjsonExploit - Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
louislivi/fastdep - Fast integration dependencies in spring boot.是一个快速集成依赖的框架，集成了一些常用公共的依赖。例：多数据源，Redis，JWT...
201206030/novel - novel 是一套基于时下最新 Java 技术栈 Spring Boot 3 + Vue 3 开发的前后端分离学习型小说项目，配备保姆级教程手把手教你从零开始开发上线一套生产级别的 Java 系统，由小说门户系统、作家后台管理系统、平台后台管理系统等多个子系统构成。包括小说推荐、作品检索、小说排行榜、小说阅读、小说评论、会员中心、作家专区、充值订阅、新闻发布等功能。
gulihua10010/eshop - 基于Spring Boot +Dubbo微服务商城系统
LiuKay/mmall-java - A simple project to learn different architecture (Monolithic on SpringBoot, Microservices on SpringCloud, K8S etc.). 一个简单的学习项目(Mall 商城)，用来学习单体架构，微服务架构，K8S等
GrowingGit/GitHub-Chinese-Top-Charts - :cn: GitHub中文排行榜，各语言分设「软件 | 资料」榜单，精准定位中文好项目。各取所需，高效学习。
ylw-github/pingyougou - 使用IDEA版本开发品优购商城项目
justauth/JustAuth - 🏆Gitee 最有价值开源项目 🚀:100: 小而全而美的第三方登录开源组件。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐、Gitlab、美团、饿了么、
jeequan/jeepay - Jeepay是一套适合互联网企业使用的开源支付系统，支持多渠道服务商和普通商户模式。已对接微信支付，支付宝，云闪付官方接口，支持聚合码支付。
elunez/eladmin - 项目基于 Spring Boot 2.1.0 、 Jpa、 Spring Security、redis、Vue的前后端分离的后台管理系统，项目采用分模块开发方式，权限控制采用 RBAC，支持数据字典与数据权限管理，支持一键生成前后端代码，支持动态路由
tanling8334/Matplot3D-for-Java - Matplot3D for java. It is a library for drawing 3D plot
zhegexiaohuozi/SeimiCrawler - 一个简单、敏捷、分布式的支持SpringBoot的Java爬虫框架;An agile, distributed crawler framework.
hope-for/hope-cloud - :whale: Hope-Cloud 微服务框架
sun0x00/redtorch - Kotlin(Java)开源量化交易开发框架
loliiiiipop886/quant4j - 火币量化交易指标组合策略简单的数值策略这个项目只是提供一个思路。
2bcoin/zheshiyigeniubidexiangmu - 数字货币量化交易系统，支持多家交易所
java-aodeng/hope-boot - 🌱 一款现代化的脚手架项目
guangzhengli/spring-framework - 对 Spring 源码的解读分析
WBGlIl/CobaltStrike-file -
ScaleSec/vulnado - Purposely vulnerable Java application to help lead secure coding workshops
macrozheng/mall-learning - mall学习教程，架构、业务、技术要点全方位解析。mall项目（50k+star）是一套电商系统，使用现阶段主流技术实现。涵盖了SpringBoot 2.3.0、MyBatis 3.4.6、Elasticsearch 7.6.2、RabbitMQ 3.7.15、Redis 5.0、MongoDB 4.2.5、Mysql5.7等技术，采用Docker容器化部署。
apache/dolphinscheduler - Apache DolphinScheduler is the modern data workflow orchestration platform with powerful user interface, dedicated to solving complex task dependencies in the data pipeline and providing various types
forezp/SpringCloudLearning - 《史上最简单的Spring Cloud教程源码》
PortSwigger/authz -
ZHENFENG13/concurrent-programming - :cactus:《实战java高并发程序设计》源码整理
hustcc/JS-Sorting-Algorithm - 一本关于排序算法的 GitBook 在线书籍《十大经典排序算法》，多语言实现。
chenhaoxiang/Java - Java的学习之路，学习JavaEE以及框架时候的一些项目，结合博客和源码，让你受益匪浅，适合Java初学者和刚入门开始学框架者
JeffLi1993/java-core-learning-example - 关于Java核心技术学习积累的例子，是初学者及核心技术巩固的最佳实践。
TheKingOfDuck/burpFakeIP - 服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件
GHBlade/Msgs - 短信群发，支持单卡/双卡，发送短信，Excel导入
jeecgboot/jeecg-boot - 🔥「企业级低代码平台」前后端分离架构SpringBoot 2.x，SpringCloud，Ant Design&Vue，Mybatis，Shiro，JWT。强大的代码生成器让前后端代码一键生成，无需写任何代码! 引领新的开发模式OnlineCoding->代码生成->手工MERGE，帮助Java项目解决70%重复工作，让开发更关注业务，既能快速提高效率，帮助公司节省成本，同时又不失灵活
Carson-Ho/RxJavaLearningMaterial - 这是一份详细的RxJava学习攻略 & 指南
zhuzhiqiang18/Second-hand-mall - 模仿咸鱼的二手交易商城
zhaojun1998/Shiro-Action - 基于 Shiro 的权限管理系统，支持 restful url 授权，体验地址 :
michaelliao/itranswarp - Full-featured CMS including blog, wiki, discussion, etc. Cloud native application that powered by SpringBoot.
JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
eclipse/steady - Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclip
momosecurity/rhizobia_J - JAVA安全SDK及编码规范
hansonwang99/Spring-Boot-In-Action - Spring Boot 系列实战合集
c0ny1/jsEncrypter - 一个用于前端加密Fuzz的Burp Suite插件
malizhigithub/answerWeb - 基于SSM在线答题系统
bit4woo/Java_deserialize_vuln_lab - Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
wuyouzhuguli/SpringAll - 循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc
lorateam/Gotrip - 民宿旅游管理系统，SSM框架实现
hsingyin/EStore - 一个基于JavaWeb的网上电子购物城项目，实现展示商品、购买商品、提交订单、持久化保存到数据库等基本功能
veekxt/hfuu_shop - 原生Jsp和Servlet实现的简单二手物品交易网站
Liweimin0512/MMall_JAVA - 基于SSM框架的前后端分离设计完整仿天猫网站服务器端源码。项目特点：前后端分离，数据库接口设计，架构设计，功能开发，上线运维
jhyscode/SSM-personnel-management-system - 基于SSM的人事管理系统，适合初学者第一个实战项目
wonderyuan/LEMarket - 基于Java SSM框架和layui构建的手机商城系统（包含前后台）
xenv/S-mall-servlet - 小小商城系统，JavaWEB项目，基于原生Servlet，仿天猫页面，功能齐全
StevenWash/xxshop - (B2C) 基于Java 的SSM的B2C电商网站
jsphLim/Psychological-counseling-system - 简易心理咨询预约系统Based On SSM
KINGSABRI/godofwar - GodOfWar - Malicious Java WAR builder with built-in payloads
coderzc/biubiu - A website like bilibili
JackyFuu/SSM-Maven-Heima - 基于SSM(Spring+Springmvc+Mybatis)框架的电商小项目，使用Maven构建项目，MySQL为数据库系统，Redis的缓存服务器（并不是用的很多）。商城分为后台人员管理界面和前台处理服务器两个方面。实现了登录，邮件注册，redis缓存机制，cookie的历史记录浏览，分页浏览商品，加入购物车，提交订单等等功能。最精彩的是，如果你刚刚学完基础的SSM框架，那么你就可以跟着视频一
ysrc/Liudao - “六道”实时业务风控系统
CrazyBunQnQ/multimarkdown - 破解 IntelliJ IDEA 的 Markdown Navigator 插件，觉着不错的话可以 Start 一下哟！
Swati4star/Images-to-PDF - An app to convert images to PDF file!
pyn3rd/CVE-2018-3252 - CVE-2018-3252-PoC
yunxu1/jboss-_CVE-2017-12149 - CVE-2017-12149 jboss反序列化可回显
dunwu/javacore - :coffee: JavaCore 是对 Java 核心技术的经验总结。
29DCH/OnlineMall - :arrow_up: 基于springboot+thymeleaf+spring data jpa+druid+bootstrap+layui等技术的JavaWeb电商项目(项目包含前后台,分为前台商城系统及后台管理系统。前台商城系统包含首页门户、商品推荐、商品分类、商品搜索、商品展示、商品详情、购物车、订单流程、用户中心、评论(有些bug,当时做得不够好,下一个项目的评论模块比这个好)、模拟支付
mikemelon/java-exam - Java实现的包含题库编辑、抽题组卷、试题分析、在线考试等模块的Web考试系统。
d3vilbug/HackBar - HackBar plugin for Burpsuite
traccar/traccar - Traccar GPS Tracking System
Conanjun/XSSBlindInjector - burp插件，实现自动化xss盲打以及xss log
TheKingOfDuck/MySQLMonitor - MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)
qiao-zhi/springboot-ssm - springboot整合mybatis(SSM项目整合)
onblog/ProjectTree - 新人熟悉项目必备工具！基于AOP开发的一款方法调用链分析框架，简单到只需要一个注解，异步非阻塞，完美嵌入Spring Cloud、Dubbo项目！再也不用担心搞不懂项目！（欢迎Star，🚫禁止Fork）
c0ny1/chunked-coding-converter - Burp suite 分块传输辅助插件
Bypass007/Nessus_to_report - Nessus中文报告自动化脚本
lynnlovemin/SpringCloudLesson - SpringCloud从入门到精通系列课程
Dreamroute/locker - mybatis乐观锁插件,MyBatis Optimistic Locker Plugin
b2stry/mytwitter - 一个模仿Twitter的Java Web项目（基于原生的Servlet）
Tencent/APIJSON - 🏆 零代码、全功能、强安全 ORM 库 🚀 后端接口和文档零代码，前端(客户端) 定制返回 JSON 的数据和结构。 🏆 A JSON Transmission Protocol and an ORM Library 🚀 provides APIs and Docs without writing any code.
NationalSecurityAgency/ghidra - Ghidra is a software reverse engineering (SRE) framework
hollischuang/toBeTopJavaer - To Be Top Javaer - Java工程师成神之路
wistbean/manong-ssm - 基于SSM框架的Java电商项目
doublechaintech/scm-biz-suite - 供应链中台系统基础版，集成零售管理, 电子商务, 供应链管理, 财务管理, 车队管理, 仓库管理, 人员管理, 产品管理, 订单管理, 会员管理, 连锁店管理, 加盟管理, 前端React/Ant Design, 后端Java Spring+自有开源框架，全面支持MySQL, PostgreSQL, 全面支持国产数据库南大通用GBase 8s,通过REST接口调用，前后端完全分离。
xenv/S-mall-ssm - 小小商城系统，JavaWEB项目，基于SSM，仿天猫页面，功能齐全，实现了自动处理关联查询的通用Mapper、抽象 BaseService 类、注解鉴权、参数注解校验等
xuxueli/xxl-sso - A distributed single-sign-on framework.（分布式单点登录框架XXL-SSO）
lenve/vhr - 微人事是一个前后端分离的人力资源管理系统，项目采用SpringBoot+Vue开发。
ityouknow/spring-boot-examples - about learning Spring Boot via examples. Spring Boot 教程、技术栈示例代码，快速简单上手教程。
mustfun/mybatis-lite - Mybatis - Plugin Free版
sunnyandgood/JavaEE - 🔥⭐️👍框架(SSM/SSH)学习笔记
tywo45/t-io - 网络编程很苦，用t-io后会很甜
TheAlgorithms/Java - All Algorithms implemented in Java
macrozheng/mall - mall项目是一套电商系统，包括前台商城系统及后台管理系统，基于SpringBoot+MyBatis实现，采用Docker容器化部署。前台商城系统包含首页门户、商品推荐、商品搜索、商品展示、购物车、订单流程、会员中心、客户服务、帮助中心等模块。后台管理系统包含商品管理、订单管理、会员管理、促销管理、运营管理、内容管理、统计报表、财务管理、权限管理、设置等模块。
qiurunze123/miaosha - ⭐⭐⭐⭐秒杀系统设计与实现.互联网工程师进阶与分析🙋🐓
Maweiming/weixin-bot - 使用微信Api实现微信客户端功能（使用Java开发）可用于监控微信消息、特别关心钉钉提醒功能
doocs/advanced-java - 😮 Core Interview Questions & Answers For Experienced Java(Backend) Developers | 互联网 Java 工程师进阶知识完全扫盲：涵盖高并发、分布式、高可用、微服务、海量数据处理等领域知识
PataPon-coder/JrebelBrainsLicenseServerforJava -
dschadow/Java-Web-Security - Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
MisterBooo/LeetCodeAnimation - Demonstrate all the questions on LeetCode in the form of animation.（用动画的形式呈现解LeetCode题目的思路）
quentinhardy/jndiat - JNDI Attacking Tool
iSafeBlue/TrackRay - 溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）
Ebryx/AES-Killer - Burp Plugin to decrypt AES encrypted traffic on the fly
h2pl/MyTech - Java的基础总结和学习笔记，包括Java核心技术点和常见知识点。同时提供了Java基础原理的代码实现，供大家实践时参考。已补充JVM和JUC的相关内容，欢迎交流。
brianway/java-learning - 旨在打造在线最佳的 Java 学习笔记，含博客讲解和源码实例，包括 Java SE 和 Java Web
Snailclimb/JavaGuide - 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试，首选 JavaGuide！
oldmanpushcart/greys-anatomy - Java诊断工具
mercyblitz/segmentfault-lessons - Segment Fault 在线讲堂代码工程
frank-lam/fullstack-tutorial - 🚀 fullstack tutorial 2022，后台技术栈/架构师之路/全栈开发社区，春招/秋招/校招/面试
c0ny1/HTTPHeadModifer - 一款快速修改HTTP数据包头的Burp Suite插件
ngbdf/redis-manager - Redis 一站式管理平台，支持集群的监控、安装、管理、告警以及基本的数据操作
crossoverJie/JCSprout - 👨‍🎓 Java Core Sprout : basic, concurrent, algorithm
nccgroup/BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
bit4woo/domain_hunter - A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
bit4woo/knife - A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
ninetysec/Cknife - Cknife
irsdl/IIS-ShortName-Scanner - latest version of scanners for IIS short filename (8.3) disclosure vulnerability
CaledoniaProject/CVE-2018-1270 - Spring messaging STOMP protocol RCE
waylau/mongodb-file-server - MongoDB File Server is a file server system based on MongoDB. 基于 MongoDB 的文件服务器。
zengxs/gdns - A Secure DNS Server (forwarder) based on Google DNS over HTTPS Service
zouzg/mybatis-generator-gui - mybatis-generator界面工具，让你生成代码更简单更快捷
microsoft/mssql-jdbc - The Microsoft JDBC Driver for SQL Server is a Type 4 JDBC driver that provides database connectivity with SQL Server through the standard JDBC application program interfaces (APIs).
An0nymous0/MybatisPlugin-Crack-Javassist - Javassist实现的破解IDEA MybatisPlugin修改字节码工具，仅供学习用途。
mplushnikov/lombok-intellij-plugin - Lombok Plugin for IntelliJ IDEA
zjlywjh001/PhrackCTF-Platform-Team - CTF platfrom(Team Version) developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
tranleduy2000/javaide - Code editor, java auto complete, java compiler, aapt, dx, zipsigner for Android
tls-attacker/TLS-Scanner - The TLS-Scanner Module from TLS-Attacker
Col-E/Recaf - The modern Java bytecode editor
proxyee-down-org/proxyee-down - http下载工具，基于http代理，支持多连接分块下载
xuningjack/ANRManager - ANR collector which can collect ANR information（收集ANR相关信息的工具类）
naozibuhao/SecQuanCknife - SecQuanCknife
zjlywjh001/PhrackCTF-Platform-Personal - CTF platfrom developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
littleRich/VirtualLocation - 利用Hook技术对APP进行虚拟定位，可修改微信、QQ、以及一些打卡APP等软件，随意切换手机所处位置！
amitshekhariitbhu/from-java-to-kotlin - From Java To Kotlin - Your Cheat Sheet For Java To Kotlin
cundong/MemoryMonitor - Memory clean, pss monitor tool, for developer
godlikewangjun/dexknife-wj - apk加固插件带签名校验、dex加密、资源混淆
guardianproject/haven - Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors
94fzb/zrlog - ZrLog是使用 Java 开发的博客/CMS程序，具有简约，易用，组件化，内存占用低等特点。自带 Markdown 编辑器，让更多的精力放在写作上，而不是花费大量时间在学习程序的使用上。
shengqi158/S2-055-PoC - S2-055的环境，基于rest-show-case改造
SecureSkyTechnology/study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095 - Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告
ooni/probe-android - OONI Probe Android
ffay/lanproxy - lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 736294209
OpenRefine/OpenRefine - OpenRefine is a free, open source power tool for working with messy data and improving it
yandex/burp-molly-scanner - Turn your Burp suite into headless active web application vulnerability scanner
tiagorlampert/sAINT - :eye: (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
sevck/CVE-2017-12149 - CVE-2017-12149 JBOSS as 6.X反序列化(反弹shell版)
ZjieHU/Tomcat_weak_password_scan - Tomcat弱口令扫描器
confluentinc/ksql - The database purpose-built for stream processing applications.
NickstaDB/BaRMIe - Java RMI enumeration and attack tool.
ibey0nd/NSTProxy - 一款存储HTTP请求入库的burpsuite插件
dragonite-network/dragonite-java - [DEPRECATED, please check https://github.com/tobyxdd/hysteria]
vulnersCom/burp-vulners-scanner - Vulnerability scanner based on vulners.com search API
chengdedeng/waf - :vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
daniel-cues/NMapGUI - Advanced Graphical User Interface for NMap
quhw/xtunnel - An useful TCP/SSL tunnel utility.
zhisheng17/blog - SpringBoot + Mybatis + thymeleaf 搭建的个人博客 http://www.54tianzhisheng.cn/
ZHENFENG13/spring-boot-projects - :fire: 该仓库中主要是 Spring Boot 的入门学习教程以及一些常用的 Spring Boot 实战项目教程，包括 Spring Boot 使用的各种示例代码，同时也包括一些实战项目的项目源码和效果展示，实战项目包括基本的 web 开发以及目前大家普遍使用的线上博客项目/企业大型商城系统/前后端分离实践项目等，摆脱各种 hello world 入门案例的束缚，真正的掌握 Spring
6iovan/ActivityHijacker - DEPRECATED
jearyorg/jsp -
codewatchorg/bypasswaf - Add headers to all Burp requests to bypass some WAF products
difcareer/sqlmap4burp - sqlmap embed in burpsuite
JGillam/burp-paramalyzer - Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
DirectDefense-zz/SuperSerial-Active - SuperSerial-Active - Java Deserialization Vulnerability Active Identification Burp Extender
securifybv/PHPUnserializeCheck - PHP Unserialize Check - Burp Scanner Extension
vah13/BurpCRLFPlugin - Another plugin for CRLF vulnerability detection
rover12421/ShakaApktool - ShakaApktool
floyd-fuh/JKS-private-key-cracker-hashcat - Nail in the JKS coffin - Cracking passwords of private key entries in a JKS file
ilmila/J2EEScan - J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
PanagiotisDrakatos/JavaRansomware - Simple Ransomware Tool in Pure Java
GoSecure/csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
NetSPI/xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
ewilded/psychoPATH - psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, si
mbechler/marshalsec -
mystech7/Burp-Hunter - XSS Hunter Burp Plugin
RIPE-NCC/whois - RIPE Database whois code repository
1135/EquationExploit - Eternalblue Doublepulsar exploit
NetSPI/WebLogicPasswordDecryptor - PowerShell script and Java code to decrypt WebLogic passwords
olacabs/jackhammer - Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
zackszhu/hack_sjtu_2017 -
NetSPI/Wsdler - WSDL Parser extension for Burp
federicodotta/Java-Deserialization-Scanner - All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
lygttpod/RxHttpUtils - Rxjava+Retrofit封装，便捷使用
zencodex/hack-android - Collection tools for hack android, java
frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
shengqi158/fastjson-remote-code-execute-poc - fastjson remote code execute poc 直接用intellij IDEA打开即可首先编译得到Test.class，然后运行Poc.java
yaphone/itchat4j - itchat4j -- 用Java扩展个人微信号的能力
s4n7h0/Halcyon-IDE - First IDE for Nmap Script (NSE) Development.
linchaolong/ApkToolPlus - ApkToolPlus 是一个 apk 逆向分析工具（a apk analysis tools）。
ikkisoft/SerialKiller - Look-Ahead Java Deserialization Library
google/binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
AndroidVTS/android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app t
gozo-mt/burplist -
PortSwigger/backslash-powered-scanner - Finds unknown classes of injection vulnerabilities
ReactivePlatform/netty-in-action-cn - Netty In Action 中文版
nisrulz/android-tips-tricks - :ballot_box_with_check: [Cheatsheet] Tips and tricks for Android Development
amikey/zhihuWebSpider - https://github.com/QiuMing/zhihuWebSpider.git
0Chencc/CTFCrackTools - China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
zaproxy/zaproxy - The OWASP ZAP core project
ewilded/shelling - SHELLING - a comprehensive OS command injection payload generator
knightliao/disconf - Distributed Configuration Management Platform(分布式配置管理平台)
dreamhead/moco - Easy Setup Stub Server
bilibili/DanmakuFlameMaster - Android开源弹幕引擎·烈焰弹幕使～
Blankj/AndroidUtilCode - :fire: Android developers should collect the following utils(updating).
TellH/GitClub - An elegent Android Client for Github. 不仅仅是Github客户端，而且是一个发现优秀Github开源项目的app
apache/rocketmq - Apache RocketMQ is a cloud native messaging and streaming platform, making it simple to build event-driven applications.
51bigdata/StockData2Hbase - 股票交易数据处理的整个业务流程数据源--->数据采集--->数据归类--->数据储存--->数据分析--->数据可视化
1973Blunt/VisualSocialNetwork - 用图状数据结构表达社交网络中实体、边的关系，以 web 应用形式可视化展示。
realxujiang/bigtable-sql - 分布式大数据SQL查询可视化界面！
summitt/Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

JavaScript

barretlee/cloudflare-proxy - Cloudflare Worker 代理请求 ChatGPT API，支持 Stream 流式输出
justjavac/chatgpt - ChatGPT 从入门到精通
tess-ss/recon-ninja - Recon-Ninja
yetone/bob-plugin-openai-translator - 基于 ChatGPT API 的文本翻译、文本润色、语法纠错 Bob 插件，让我们一起迎接不需要巴别塔的新时代！
system-cpu/wxappUnpacker - 基于node反编译小程序已经配置完成
ooowennn/toolbox - 企业微信 ChatGPT 机器人
laozhou-in-germany/Chens_LMS_Public - The LMS (Life Management System) is a free tool for personal knowledge management and goal management based on Obsidian.md.
obsidian-canzi/Enhanced-editing - 旨在增强Obsidian编辑功能的插件
Ghr07h/Heimdallr - 一款完全被动监听的谷歌插件，用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗
Cryptogenic/PS5-IPV6-Kernel-Exploit - An experimental webkit-based kernel exploit (Arb. R/W) for the PS5 on <= 4.51FW
lijiejie/EasyPen - EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation
wuba/Antenna - Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。
hjmmc/reverse-sourcemap-image - 还原souremap资源图片
0x727/Space_view - Space_view 是一款Hunter(鹰图平台)或者FOFA平台资产展示的浏览器油猴插件
evenchan86/Auto_BaseSecurity - 基线漏洞修复
emredavut/Chrome-Android-and-Windows-0day-RCE-SBX - Chrome Android and Windows 0day RCE+SBX.. DPRK
bp2008/DahuaLoginBypass - Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
sepehrdaddev/zap-scripts - Zed Attack Proxy Scripts for finding CVEs and Secrets.
micro-joan/Zphisher-GUI-Back_office - A Zphisher GUI Back-Office Plugin
S2eTo/FlawPlatform - 基于 Docker 开发的：在线漏洞靶场。
netease-im/electron-fulltext-search-demo - electron 全文搜索方案的一个 demo
0xdea/frida-scripts - A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.
mrd0x/BITB - Browser In The Browser (BITB) Templates
fkling/astexplorer - A web tool to explore the ASTs generated by various parsers.
lgh06/web-page-monitor - Web Site Page Changes Monitor. 网站网页页面更新变更监控提醒。
arcaneiceman/kraken - Kraken: A multi-platform distributed brute-force password cracking system
ElSicarius/findalllinks - A tool to extract all the urls and paths found in the content of a page (js sources included)
VitthalS/ivna - Intentionally Vulnerable Nodejs Application & APIs
lasting-yang/frida_bypass_ssl_example - frida 辅助抓包的一些技巧
ttttmr/spoof-wappalyzer - 欺骗wappalyzer插件指纹识别&XSS
What-The-Commit/nft-marketplaces-offer-bot - Automated mass bidding on opensea nft collections, with optional filtering by traits
rogerinn/codex - Endpoint enumeration
jayus0821/Armor - Armor 浏览器反蜜罐插件 honeypot
apachecn/re4e-zh -
lxraa/v8_exp -
Abbbbbi/Frida-Seccomp - 一个Android通用svc跟踪以及hook方案——Frida-Seccomp
bojue/BaseMap - IDC管理2.5D底图绘制工具(Vue)
admin360bug/upload-labs - 原始靶场环境：https://github.com/c0ny1/upload-labs 此项目原始靶场环境的开普勒安全团队修改版，重新使用PHP7编写，并且保留了原版的风味！
seemoo-lab/apple-continuity-tools - Reverse engineering toolkit for Apple's wireless ecosystem
hanbinglengyue/FridaManager - Frida持久化解决方案
d0gkiller87/Frida-libcurlUnpinning - A Frida script to bypass libcurl (NDK) SSL-Pinning protection in Android apps.
noobpk/frida-ios-intercept-api - A tool to help you intercept encrypted APIs in iOS apps
paazmaya/shuji - Reverse engineering JavaScript and CSS sources from sourcemaps
pownjs/git - Assorted tools for security-related task for git repositories
DragonJAR/Scripts - Una serie de scripts útiles en un proceso de pentesting.
SiJiDo/H - H是一款强大的资产收集管理平台
SummerSec/BlogPapers - <img src="https://readme-typing-svg.demolab.com?font=Fira+Code&size=24&pause=1000&color=FDFDFD&background=13797800&center=true&vCenter=true&width=435&lines=%F0%9F%91%8B%EF
1in9e/gosint - Gosint is a distributed asset information collection and vulnerability scanning platform
mucoze/Umay - IoT Malware Similarity Analysis Platform
spamscanner/spamscanner - Spam Scanner is a Node.js anti-spam, email filtering, and phishing prevention tool and service. Built for @ladjs, @forwardemail, @cabinjs, @breejs, and @lassjs.
wetools/wept - 微信小程序多端实时运行工具
cjxe/dex-crawler - 🕷️ Monitor prices of tokens in different DEXs.
malwareinfosec/FiddleZAP -
Ch0pin/log4JFrida -
evildecay/etcdkeeper - web ui client for etcd
leafac/kill-the-newsletter - Convert email newsletters into Atom feeds
Reamd7/notion-zh_CN - notion 中文化
zenozeng/Free-Chinese-Fonts - 免费中文字体
I2rys/subenujs - Website Subdomains enumeration writen in NodeJS.
louislam/uptime-kuma - A fancy self-hosted monitoring tool
tintinweb/solidity-shell - An interactive Solidity Shell
tophat-cloud/cumulus - Cumulus is web application weakness monitoring, it would be working by add just 3 codelines
zhengjim/camille - 基于Frida的Android App隐私合规检测辅助工具
Mustard404/Savior - 渗透测试报告自动生成工具！
Raz0r/ens-xss -
1modm/petereport - PeTeReport is an open-source application vulnerability reporting tool.
Studio-42/elFinder - 📁 Open-source file manager for web, written in JavaScript using jQuery and jQuery UI
caoyu48/vue-g6-editor - vue+g6 3.0实现的editor 由于g6-editor不开源自己撸了一个
jonathandata1/ios_15_rce - Remote Code Execution V1 For iOS 15 sent through airdrop after the device was connected to a trusted host
NotSoSecure/SerializedPayloadGenerator -
JSREI/ast-hook-for-js-RE - 浏览器内存漫游解决方案（探索中...）
HeiSir2014/M3U8-Downloader - M3U8-Downloader 支持多线程、断点续传、加密视频下载缓存。
AsaiKen/dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities
TIGMINT/TIGMINT - TIGMINT: OSINT (Open Source Intelligence) GUI software framework
zzzteph/weakpass - Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.
louischatriot/nedb - The JavaScript Database, for Node.js, nw.js, electron and the browser
knqyf263/CVE-2021-40346 - CVE-2021-40346 PoC (HAProxy HTTP Smuggling)
hql7/wl-explorer - 用于vue框架的文件管理器插件，云盘、网盘。File manager plug-in for vue framework, cloud disk.
c-f/lel - Visualization layer and helper for relevant IT related documentation and operation
pwnedshell/Bugs-feed - Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
SKVNDR/FastDork - ⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...
dushixiang/next-terminal - Next Terminal是一个简单好用安全的开源交互审计系统，支持RDP、SSH、VNC、Telnet、Kubernetes协议。
phwd/fb-ios-pinning-2021 -
nickdeis/eslint-plugin-no-secrets - An eslint plugin to find strings that might be secrets/credentials
veniware/OpenProtest - A management base for System Admins and IT professionals. Provides tools for documentation and troubleshooting.
ConsenSys/aragraph - Visualize your Aragon DAO Templates
NodeSecure/js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Vulnogram/Vulnogram - Vulnogram is a tool for creating and editing CVE information in CVE JSON format
noraj/rawsec-cybersecurity-inventory - An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
secureCodeBox/secureCodeBox - secureCodeBox (SCB) - continuous secure delivery out of the box
c6fc/warcannon - High speed/Low cost CommonCrawl RegExp in Node.js
justakazh/FreeDa - just show app list and run frida with js
nancheung/notion-zh_CN - 对notion.so的汉化油猴脚本
HaboobLab/CVE-2019-13764 -
reconmap/reconmap - Vulnerability assessment and penetration testing automation and reporting platform for teams.
nklayman/vue-cli-plugin-electron-builder - Easily Build Your Vue.js App For Desktop With Electron
yuzutech/kroki - Creates diagrams from textual descriptions!
rafeca/prettyjson - Package for formatting JSON data in a coloured YAML-style, perfect for CLI output
Yeuoly/FxxkXSS - 将令你眼前一亮的XSS利用工具！
aquasecurity/cloudsploit - Cloud Security Posture Management (CSPM)
abhijithvijayan/web-extension-starter - 🖥🔋Web Extension starter to build "Write Once Run on Any Browser" extension
threatexpress/aggressor-scripts - Cobalt Strike Aggressor Scripts
Simp1er/AndroidSec - 记录一些我自己在学习Android逆向过程中的有意思的东西
r0ysue/r0tracer - 安卓Java层多功能追踪脚本
mandatoryprogrammer/xsshunter-express - An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
redpwn/rctf - redpwn's CTF platform
momosecurity/FindSomething - 基于chrome、firefox插件的被动式信息泄漏检测工具
willnewii/qiniuClient - 云存储管理客户端。支持七牛云、腾讯云、青云、阿里云、又拍云、亚马逊S3、京东云，仿文件夹管理、图片预览、拖拽上传、文件夹上传、同步、批量导出URL等功能
Tencent/wepy - 小程序组件化开发框架
lochv/shellbin - The source code of https://rshell.dev
r0zar/shellshock - Yet another bash-inside-node framework
resilience-jychp/cloudflare-bypass - Bypass Coudflare bot protection using Cloudflare Workers
jehy/shodan - Advanced error monitoring using kibana logs
RPwnage/pwn-my - iOS 14.5 WebKit/Safari based Jailbreak
mhmdiaa/acumen - A clean UI with a modular structure to enhance security researchers' ability to work with data
Medicean/AS_Out-of-Network - AntSword 出网探测插件
qingyeyun/icp-extensions - icp备案查询谷歌插件
motikan2010/CVE-2021-29447 - WordPress - Authenticated XXE (CVE-2021-29447)
darryk10/CVE-2021-25735 - Exploit CVE-2021-25735: Kubernetes Validating Admission Webhook Bypass
farisv/Moodle-CVE-2019-3810 - Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin)
singularseclab/Browser_Exploits - A collection of browser exploitation codes from Singular Security Lab.
ForbiddenProgrammer/CVE-2021-21315-PoC - CVE 2021-21315 PoC
dxcweb/watermark - canvas图片水印，用于身份证等个人信息添加仅用于XXX等字样保护个人信息
CapacitorSet/box-js - A tool for studying JavaScript malware.
eciavatta/caronte - A tool to analyze the network flow during attack/defence Capture the Flag competitions
evilsocket/pwnagotchi - (⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.
ElSicarius/UnCommenteR - A chrome extension to uncomment hidden stuff in the html
rayhan0x01/nodejs-websocket-sqli - A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection
CreditTone/hooker - 🔥🔥hooker是一个基于frida实现的逆向工具包。为逆向开发人员提供统一化的脚本包管理方式、通杀脚本、自动化生成hook脚本、内存漫游探测activity和service、firda版JustTrustMe、disable ssl pinning
WithSecureLabs/android-keystore-audit -
swoops/eval_villain - A Firefox Web Extension to improve the discovery of DOM XSS.
liath/CVE-2020-10977 - Gitlab v12.4.0-8.1 RCE
lijiejie/swagger-exp - A Swagger API Exploit
davtur19/DotGit - An extension for checking if .git is exposed in visited websites
okoala/egg-jwt - JWT authentication plugin for egg
bhattsameer/devtool-snippets-forhacks - Collection of snippets for devtools.
r3curs1v3-pr0xy/vajra - Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
lateautumn4lin/Review_Reverse - :wave:2019年末总结下今年做过的逆向，整理代码，复习思路。:pray:拼夕夕Web端anti_content参数逆向分析:japanese_goblin: WEB淘宝sign逆向分析；:smiley_cat:努比亚Cookie生成逆向分析；:raised_hands:百度指数data加密逆向分析 :footprints:今日头条WEB端_signature、as、cp参数逆向分析:note
benso-io/posta - 🐙 Cross-document messaging security research tool powered by https://enso.security
NorthwaveSecurity/fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
noobpk/frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
kylesmile1103/Learn-Frida - Modding Unity app with Frida tutorial.
fyr77/dns-mobileconfig - A simple website to create DoH and DoT config files for iOS
dolevf/Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
hzdu/setprograms - NodeJS、JDK、Python开发环境设置工具
notion-enhancer/notion-enhancer - an enhancer/customiser for the all-in-one productivity workspace notion.so
RenwaX23/XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically
avwo/whistle - HTTP, HTTP2, HTTPS, Websocket debugging proxy
mickael-kerjean/filestash - 🦄 A modern web client for SFTP, S3, FTP, WebDAV, Git, Minio, LDAP, CalDAV, CardDAV, Mysql, Backblaze, ...
dreamyguy/gitlogg - 💾 🧮 🤯 Parse the 'git log' of multiple repos to 'JSON'
thunderbarca/BlackStone - 一个基于docker，开箱即用的CTF竞赛平台
iot-onboarding/mud-visualizer - mud-visualizer is a tool to visualize MUD files
egoist/docute - 📚 Effortless documentation, done right.
neXenio/adb-util - Electron app for Android developers, providing a GUI for common ADB operations
s7ckTeam/LeakFinder - LeakFinder（觅露）为s7ck Team 红队云武器库F-Box里的一款信息泄露浏览搜集浏览器插件。
p3nt4/Nuages - A modular C2 framework
MariaGarber/XSS-Scanner - XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts
vercel/update-check - Minimalistic update notifications for command line interfaces
arachnys/cabot - Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty
qeeqbox/social-analyzer - API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
abhijithvijayan/stargazed - 📋 Creating your own Awesome List of GitHub stars!
enovella/fridroid-unpacker - Defeat Java packers via Frida instrumentation
jiangqizheng/BlueSea - BlueSea，一个有趣的英语学习扩展，支持划词翻译、单词高亮、单词弹幕、记忆曲线复习、词频统计...
m0bilesecurity/Frida-Mobile-Scripts - Collection of useful FRIDA Mobile Scripts
coffeehb/FridaHook - 记录学习Frida Hook时的知识点和小脚本
siyujie/OkHttpLogger-Frida - Frida 实现拦截okhttp的脚本
timwhitez/Doge-XSS-Phishing - xss钓鱼，cna插件配合php后端收杆
gh0stkey/avList - avList - 杀软进程对应杀软名称
yzddmr6/As-Exploits - 中国蚁剑后渗透框架
muraenateam/necrobrowser - necromantic session control
iamadamdev/bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
675354981/JR-scan - 利用python3写的综合扫描工具，可“一键”实现基本信息收集（端口、敏感目录、WAF、服务、操作系统、子域名），支持POC扫描（可自行添加POC，操作简单），支持利用AWVS探测（需使用API接口），未来争取实现xray联动。
advanced-rest-client/arc-electron - Advanced REST Client - Desktop application
Medicean/VSCodeXssEncode - Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.
SukkaW/nali-cli - :anchor: Parse geoinfo of IP Address without leaving your terminal
hizzgdev/jsmind - a mind mapping library built by javascript
SoftSec-KAIST/Fuzzing-Survey - The Art, Science, and Engineering of Fuzzing: A Survey
dmitriz/cpsfy - 🚀 Tiny goodies for Continuation-Passing-Style functions, fully tested
samyk/webscan - Browser-based network scanner & local-IP detection
jeverd/lecture-experience - :books: Liteboard.io - A lightweight browser-based lecturing platform using WebRTC :pencil2:
buffermet/bug-bounty-tools - Collection of HTTP scanners and fuzzers.
bonino97/LemonBooster-v2 - Reestructured LemonBooster.
anuraghazra/github-readme-stats - :zap: Dynamically generated stats for your github readmes
zadam/trilium - Build your personal knowledge base with Trilium Notes
pwndoc/pwndoc - Pentest Report Generator
msrkp/PPScan - Client Side Prototype Pollution Scanner
zmister2016/MrDoc - mrdoc,online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. 觅思文档，适合于个人和中小型团队的在线文档、知识库系统。
lanyulei/ferry - 本系统是集工单统计、任务钩子、权限管理、灵活配置流程与模版等等于一身的开源工单系统，当然也可以称之为工作流引擎。致力于减少跨部门之间的沟通，自动任务的执行，提升工作效率与工作质量，减少不必要的工作量与人为出错率。
bonino97/API-Monitoring - Monitoring Subdomains, improve your recon.
Ar3h/anti-honeypot - 一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api
dream-num/Luckysheet - Luckysheet is an online spreadsheet like excel that is powerful, simple to configure, and completely open source.
Tencent/cloudbase-framework - 腾讯云开发云原生一体化部署工具 🚀 CloudBase Framework：一键部署，不限框架语言，云端一体化开发，基于Serverless 架构。A front-end and back-end integrated deployment tool. One-click deploy to serverless architecture. https://docs.cloudbase.net/
Cherrison/CrackMinApp - (反编译微信小程序)一键获取微信小程序源码(傻瓜式操作), 使用了C#加nodejs制作
davisjam/safe-regex - Detect possibly catastrophic, exponential-time regular expressions
jzillmann/pdf-to-markdown - A PDF to Markdown converter
maple3142/cf-warp -
facundoolano/app-store-scraper - scrape data from the itunes app store
YMFE/yapi - YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台
RomaneeSean/xss-flash-fishing -
ajinabraham/njsscan - njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
mike-goodwin/owasp-threat-dragon - An open source, online threat modelling tool from OWASP
maltek/swift-frida - Frida library for interacting with Swift programs. Superseded by https://github.com/frida/frida-swift-bridge
jangxx/netflix-1080p - Chrome extension to play Netflix in 1080p and 5.1
punishell/bbtips - BugBountyTips
mark-zh/BugBountyTips - 记录一些国外漏洞赏金猎人的挖洞技巧和一些有意思的东西
hexploitable/r2con2020_r2frida - This repository houses the materials, slides and exercises from the r2con 2020 walkthrough sessions.
danny0838/content-farm-terminator - Content Farm Terminator browser extension/「終結內容農場」瀏覽器套件
mdnice/markdown-nice - 支持主题设计的 Markdown 编辑器，让排版变 Nice
notilus67/frider - Dump unpacked dex, trace/intercept Java/native function. Frida + adb + React +Django
timwhitez/about-anti-honeypot - 关于蜜罐的一些微小的统计工作
timqian/chinese-independent-blogs - 中文独立博客列表
KilledByAPixel/OS13k - A Tiny OS and Mini Game Engine
cnrstar/anti-honeypot - 一款可以检测WEB蜜罐并阻断请求的Chrome插件
D00MFist/PersistentJXA - Collection of macOS persistence methods and miscellaneous tools in JXA
PerimeterX/CVE-2020-6519 -
iiiusky/AntiHoneypot-Chrome-simple - Chrome 蜜罐检测插件
ossf/wg-best-practices-os-developers - The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
alanpeng/docker-training-psweb - docker-training-psweb
Koenkk/zigbee2mqtt - Zigbee 🐝 to MQTT bridge 🌉, get rid of your proprietary Zigbee bridges 🔨
node-red/node-red - Low-code programming for event-driven applications
eip-work/kuboard-press - Kuboard 是基于 Kubernetes 的微服务管理界面。同时提供 Kubernetes 免费中文教程，入门教程，最新版本的 Kubernetes v1.23.4 安装手册，(k8s install) 在线答疑，持续更新。
vernesong/OpenClash - A Clash Client For OpenWrt
kingbase/wechat_history_export - 从 PC 端 (Windows) 不那么狼狈的阅读或导出微信公众号的历史文章
donot-wong/sensinfor - A chrome extension use to find leak file and backup file.
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
nkzawa/ast-scope - A JavaScript AST scope analyzer
lirantal/cwe-sdk - A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
hyj1991/easy-monitor - 企业级 Node.js 应用性能监控与线上故障定位解决方案
nccgroup/singularity - A DNS rebinding attack framework.
kautukkundan/Awesome-Profile-README-templates - A collection of awesome readme templates to display on your profile
smiegles/extract-relative-url-heapsnapshot - Extract relative urls from a heap snapshot
stevenvachon/broken-link-checker - Find broken links, missing images, etc within your HTML.
monkeylord/XposedFridaBridge - A frida script implement XposedBridge & load xposed modules, without installing xposed framwork.
terjanq/Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
RhinoSecurityLabs/Swagger-EZ - A tool geared towards pentesting APIs using OpenAPI definitions.
mindedsecurity/behave - Behave! A monitoring browser extension for pages acting as "bad boi"
kgretzky/pwndrop - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
satazor/js-spark-md5 - Lightning fast normal and incremental md5 for javascript
onblog/BlogHelper - 帮助国内用户写作的托盘助手，一键发布本地文章到主流博客平台（知乎、简书、博客园、CSDN、SegmentFault、掘金、开源中国），剪贴板图片一键上传至图床（新浪、Github、图壳、腾讯云、阿里云、又拍云、七牛云）（欢迎Star，🚫禁止Fork）
TheKingOfDuck/logonTracer - Windows系统安全登录日志分析工具logonTracer汉化修正版
tdr130/assetnote - Push notifications for passive DNS data
auth0/repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets. :mag:
shadow1ng/vanscan -
Qihoo360/doraemon - Doraemon is a Prometheus based monitor system
TheMMMdev/simple-middleman - Simple NodeJS server meant to handle logged url information (like with chromer).
si9int/gDork - A Mozilla Firefox extension which allows quick access to your google-dorking result
makuga01/dnsFookup - DNS rebinding toolkit
KuroLabs/stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
yeswehack/PwnFox - PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
0x742/noia - [WIP] Simple mobile applications sandbox file browser tool. Powered with frida.re.
LeadroyaL/friposed - Write java hook with frida
apiaryio/dredd - Language-agnostic HTTP API Testing Tool
ehrishirajsharma/SwiftnessX - A cross-platform note-taking & target-tracking app for penetration testers.
DavidCatalan/fridacov - JS modules for Frida based tools to add code coverage to your instrumentation scripts.
ChiChou/bagbak - Yet another frida based iOS dumpdecrypted. Also decrypts app extensions. No SSH required
hakimel/reveal.js - The HTML Presentation Framework
monkeylord/XServer - A Xposed Module for Android Penetration Test, with NanoHttpd.
lasting-yang/frida_hook_libart - Frida hook some jni functions
lasting-yang/frida_dump - frida dump dex, frida dump so
gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
0xSobky/HackVault - A container repository for my public web hacks!
star7th/showdoc - ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API文档、技术文档工具
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
m0bilesecurity/RMS-Runtime-Mobile-Security - Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
samhaxr/XXRF-Shots - XXRF Shots - Useful for testing SSRF vulnerability
jobertabma/transformations -
Passer6y/CrawlerVuln - 一个NodeJS实现的漏扫动态爬虫
mandatoryprogrammer/CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
opnsec/postMessage-logger - Simple "postMessage logger" Chrome extension
fransr/postMessage-tracker - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
openspug/spug - 开源运维平台：面向中小型企业设计的轻量级无Agent的自动化运维平台，整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
ericalexanderorg/should-i-trust - OSINT tool to evaluate the trustworthiness of a company
atmoner/githubFind3r -
wuchangming/spy-debugger - 微信调试，各种WebView样式调试、手机浏览器的页面真机调试。便捷的远程调试手机页面、抓包工具，支持：HTTP/HTTPS，无需USB连接设备。
apsdehal/awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
0x0FB0/pulsar - Network footprint scanner platform. Discover domains and run your custom checks periodically.
Caratacus/Crown - Based on SpringBoot2, Crown builds a rapidly developed web application scaffolding.
tacesrever/frida-tsplugin - typescript autocomplete plugin for frida's java warpper
Werneror/pekja - SRC情报收集管理系统
wiwikuan/fast-srt-subtitle - Make SRT Caption Fast!!!!
rewanthtammana/vuln-headers-extension - Firefox extension which parses the headers of all the requests which are being flowing through your firefox browser to detect for vulnerabilities.
iteratec/multi-juicer - Run Capture the Flags and Security Trainings with OWASP Juice Shop
rohanrhu/gdb-frontend - ☕ GDBFrontend is an easy, flexible and extensible gui debugger. Try it on https://debugme.dev
mitre-attack/tram - Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
OpenCTI-Platform/opencti - Open Cyber Threat Intelligence Platform
cliclitv/ClicliPure - :snowman: CliCli Whrite. clicli 纯白
88250/baidu-netdisk-downloaderx - ⚡️ 一款图形界面的百度网盘不限速下载器，支持 Windows、Linux 和 Mac。已于 2020 年 4 月 15 日正式停用，源码仅用于程序员交流学习，细节请查看：关于停用 BND 的说明 https://ld246.com/article/1586956316578
546669204/fuck-debugger-extensions - javascript anti-anti debugging
lucky-sideburn/kubeinvaders - Gamified Chaos Engineering Tool for Kubernetes
hakluke/weaponised-XSS-payloads - XSS payloads designed to turn alert(1) into P1
fcavallarin/domdig - DOM XSS scanner for Single Page Applications
DockerSecurityPlayground/DSP - A Microservices-based framework for the study of Network Security and Penetration Test techniques
david3107/squatm3gator - Squatm3gator is a complete web solution based on the python tool squatm3, designed to enumerate available domains generated modifying the original domain name through different cybersquatting techniqu
fofapro/fofa_view - FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件，目前兼容 Chrome、Firefox、Opera。
logicalhacking/DVHMA - Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
goabstract/Awesome-Design-Tools - The best design tools and plugins for everything 👉
MichaelWayneLIU/InfoScraper - 一个基于Electron的自动化Web资产探测工具，用于渗透前期的信息搜集工作
andreafioraldi/frida-fuzzer - This experimetal fuzzer is meant to be used for API in-memory fuzzing.
wultra/powerauth-admin - This reporitory was moved to https://github.com/wultra/powerauth-server repository
feedhenry/mobile-security - FeedHenry Mobile Security
FrenchYeti/dexcalibur - [Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, s
iddoeldor/frida-snippets - Hand-crafted Frida examples
vincentcox/StaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
dpnishant/appmon - Documentation:
ant4g0nist/vegvisir - A browser based GUI for LLDB Debugger.
cloakware-ctf/idascripts - Some IDA Python scripts for auto-analysis and a Hive-plot visualizer.
haozi/xss-demo - 👮🏻‍♂️ XSS attack playground,there are answers in issues. XSS 攻防靶场，issues 有答案
JonComo/anim - Quick JS program for creating animations
horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
naptha/tesseract.js - Pure Javascript OCR for more than 100 Languages 📖🎉🖥
lazy-luo/smarGate - 内网穿透，c++实现，无需公网IP，小巧，易用，快速，安全，最好的多链路聚合（p2p+proxy）模式，不做之一...这才是你真正想要的内网穿透工具！
seccubus/seccubus - Easy automated vulnerability scanning, reporting and analysis
abhi-r3v0/Adhrit - Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
radenvodka/massc - Subdomain Scanner Tools with word-lists
SecurityPaper/SecurityPaper-web - Security Paper
smartdone/Frida-Scripts - 一些frida脚本
r00tSe7en/Fake-flash.cn - flash.cn钓鱼页（中文+英文）
laulzgoay/BTPanel-DIY-Template - BTPanel-DIY-Template
WooyunDota/DroidSSLUnpinning - Android certificate pinning disable tools
apachecn/howtodoinjava-zh - :book: [译] HowToDoInJava 中文系列教程
cn-panda/JavaCodeAudit - Getting started with java code auditing 代码审计入门的小项目
evil-huawei/evil-huawei - Evil Huawei - 华为作过的恶
AloneMonkey/frida-ios-dump - pull decrypted ipa from jailbreak device
aws-samples/aws-serverless-security-workshop - In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to imp
axipo/pdfTranslator - 一个具有划词翻译功能的跨平台pdf阅读器，用着挺好用开源一下造福众科研人员，欢迎star
viva-frida/Awesome-Frida-UI - this tool for beginner , and make easier to use this
tobilg/aws-fullstack-website - Deploy your fullstack websites without all the hassle on AWS with CloudFront, S3, ACM, Route53, API Gateway and Lambda via Serverless.
guyoung/CaptfEncoder - Captfencoder is a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools
unbug/codelf - A search tool helps dev to solve the naming things problem.
iptv-org/iptv - Collection of publicly available IPTV channels from all over the world
fengbindev/Quella - Quella是基于SSM+shiro+redis开发的后台脚手架，集成了一些后台通用功能，并集成了一些常用的第三方服务。
zhongshaofa/layuimini - 后台admin前端模板，基于 layui 编写的最简洁、易用的后台框架模板。只需提供一个接口就直接初始化整个框架，无需复杂操作。
xiandanin/magnetW - [已失效，不再维护]
geemo/huobi-robot - 火币合约自动交易机器人
ttop5/to-be-slack - ！！！【接口已停，没有数据】今日热榜，摸鱼神器。支持全平台：Web、PC、Mobile 及 Chrome 插件。
phith0n/xray-poc-generation - 🧬 辅助生成 XRay YAML POC
pownjs/duct - Essential tool for finding blind injection attacks.
apachecn/calc4b-zh - :book: [译] MIT 18.03 面向初学者的微积分
flutterchina/flutter-in-action - 《Flutter实战》书稿。第二版书稿已上传，请移步新Repo。
wappalyzer/wappalyzer - Identify technology on websites.
xtuJSer/CoCoMusic - a simple music player built by electron and vue
src-kun/solr-sgk - 大数据社工裤 demo
blinkfox/hexo-theme-matery - A beautiful hexo blog theme with material design and responsive design.一个基于材料设计和响应式设计而成的全面、美观的Hexo主题。国内访问：http://blinkfox.com
TyCoding/boot-chat - :bookmark: 基于SpringBoot + WebSocket的在线聊天系统，实现单窗口消息推送、群消息推送、上线提醒、Redis会话消息储存
wangai3176/webug4.0 - webug4.0
jeffjose/tget - tget is wget for torrents
makazeu/steam-key - Online activation tool for Steam.
Magicskys/Kiddy - 被动式扫描器
lyxhh/lxhToolHTTPDecrypt - Simple Android/iOS protocol analysis and utilization tool
AntSwordProject/ant - 实时上线的 XSS 盲打平台
showdownjs/showdown - A bidirectional Markdown to HTML to Markdown converter written in Javascript
Louiszhai/tool - 开发效率提升：Mac生产力工具链推荐
lyricat/wechat-format - 微信公众号排版编辑器，转换 Markdown 到微信特制的 HTML
virink/as_plugin_godofhacker - 黑客神器，谁用谁知道！
starrtc/starrtc-edu-demo - web版本在线教育与白板演示示例，更多示例请参见：
webxscan/linux_rat - LINUX集群控制(LINUX反弹式远控) LINUX反向链接运维 BY:QQ:879301117
zhaoolee/ChromeAppHeroes - 🌈谷粒-Chrome插件英雄榜, 为优秀的Chrome插件写一本中文说明书, 让Chrome插件英雄们造福人类~ ChromePluginHeroes, Write a Chinese manual for the excellent Chrome plugin, let the Chrome plugin heroes benefit the human~ 公众号「0加1」同步更新
lqs469/confluence-export - Export document from confluence with nice style
nondanee/UnblockNeteaseMusic - Revive unavailable songs for Netease Cloud Music
nondanee/vsc-netease-music - UNOFFICIAL Netease Music extension for Visual Studio Code
Tinywan/H5-dash-hls-rtmp-webrtc - :sunflower: 传统直播：HTML5播放器、M3U8直播/点播、RTMP直播、低延迟、推流/播流地址鉴权。:green_apple: 实时直播：WebRTC
jack-hoo/LiveRoomDemo_Client - 自己动手打造一个直播间（视频直播、聊天室、弹幕、多端适配）
jack-hoo/LiveRoomDemo_Server - 自己动手打造一个直播间（视频直播、聊天室、弹幕、多端适配）
gwuhaolin/reflv - react component wrap flv.js
archerysec/archerysec - Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
PrettyUp/Security-Baseline - Linux安全基线扫描、报告生成与自动修复程序
exodusintel/CVE-2019-5786 - FileReader Exploit
s0md3v/AwesomeXSS - Awesome XSS stuff
bilibili-helper/bilibili-helper-o - 哔哩哔哩 (bilibili.com) 辅助工具，可以替换播放器、推送通知并进行一些快捷操作
foru17/front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
phodal/new-project-checklist - 🥳🥳🥳🥳 a checklist & tool for new project setup for developer. 新项目检查清单及其工具。
agalwood/Motrix - A full-featured download manager.
CAT-Team-mmc/lysec - 一个基于docker的安全培训系统
0verSp4ce/PoCBox - PoCBox - Vulnerability Test Aid Platform
d2-projects/d2-admin - An elegant dashboard
EmpireProject/Empire-GUI - Empire client application
cbdyzj/cbdyzj.github.io - jianzhao.org
r00tSe7en/GoogleHackingTool - 在线Google Hacking 小工具
xiaohanyu/blog-html-to-pdf - [Fun] A sample program to convert blog website to merged pdf.
VKSRC/Github-Monitor - Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
TerryZ/v-region - 提供 5 种应用形式的 4 级行政区划选择器 A simple region cascade selector, provide 4 levels Chinese administrative division data
GitSquared/edex-ui - A cross-platform, customizable science fiction terminal emulator with advanced monitoring & touchscreen support.
sherylynn/pdf-sync - PDF Reader in JavaScript with Sync
iAJue/note - 萌音云笔记 - 一个高效的在线云笔记、专注技术文档在线创作、阅读、分享和托管
stephentian/33-js-concepts - :scroll: 每个 JavaScript 工程师都应懂的33个概念 @leonardomso
dongyuanxin/webpack-demos - 📦 Demos && Courses for Webpack 4
izuolan/zresume - 程序员简历生成器（可导出静态页面、支持密码验证访问）
HyperSimon/bookmarks-2-markdown - A Chrome extension for exporting bookmarks as markdown
MrSorrow/taotao - IDEA版本淘淘商城
TevinLi/amWiki - amWiki 是一款由 JS 开发、依赖 Atom 或 Nodejs-Npm 的 Markdown 轻量级前端化开源文库系统
mengkunsoft/MKOnlineMusicPlayer - ⛔【停止维护】一个在线音乐播放器（仅 UI，无功能）
monkeym4ster/find-subdomains - Abusing Certificate Transparency logs for getting HTTPS websites subdomains. （通过 HTTPS 证书透明日志，以 非字典爆破 的方式获取网站子域名。）
hacksalot/HackMyResume - Generate polished résumés and CVs in HTML, Markdown, LaTeX, MS Word, PDF, plain text, JSON, XML, YAML, smoke signal, and carrier pigeon.
OXOYO/bookmark2md - Convert chrome bookmarks to md files and push them to GitHub repository.
apachecn/apachecn-algo-zh - ApacheCN 数据结构与算法译文集
EthanLin-TWer/translation-spring-mvc-4-documentation - Spring MVC 4.2.4 RELEASE 中文文档完整翻译稿
codeskyblue/gosuv - Deprecated!!! Process managerment writtern by golang, inspired by python-supervisor
quincyyhuang/hexo-node-admin - A Hexo management tool with responsive UI designed to make it easier for you to compose.
Medicean/GenShell - AntSword Generate Shell Plugin
yincongcyincong/proxy-web - proxy-web是用go语言写的，基于snail007/goproxy完成的可视化网页应用
phpservermon/phpservermon - PHP Server Monitor
kern/filepizza - :pizza: Peer-to-peer file transfers in your browser
csbun/thal - 译文：Puppeteer 与 Chrome Headless —— 从入门到爬虫
Tsuk1ko/pxder - 🖼 Download illusts from pixiv.net P站插画批量下载器
aui/font-spider - Smart webfont compression and format conversion tool
J3-Tech/Office-Document-Converter - Office Document Convertor (ODC) is an online convertor for office document which runs as a web service. Its aim is to provide the facility of converting almost all office documents into image which ma
ning1022/SQLInjectionWiki - 一个专注于聚合和记录各种SQL注入方法的wiki
RASSec/A_Scan_Framework - Network Security Vulnerability Manage
RASSec/cve.wang - bug公开平台
WebGoat/WebGoat - WebGoat is a deliberately insecure application
geeeeeeeeek/electronic-wechat - :speech_balloon: A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.
cablej/FileChangeMonitor - Continuous monitoring for JavaScript files
Toninie/github-blog - blog base on Vue.js and Github API
78778443/permeate - 一个用于渗透透测试演练的WEB系统,用于提升寻找网站能力,也可以用于web安全教学
zmzhang8/Photon - A lightweight multi-threaded downloader based on aria2.
mriiiron/salvia - A minimum-building static blog framework.
ShawnZeng1996/Memory - A theme for wordpress.
bingohuang/docker-labs - Docker在线实验室
axt/cfg-explorer - CFG explorer for binaries
carlos-wong/cerebro-codelf - ⭐️ 给变量起名的事情上，为你生命省 3s (Save 3 seconds of your life when naming things.)
cerebroapp/cerebro - 🔵 Cerebro is an open-source launcher to improve your productivity and efficiency
Warflop/FireShodanMap - FireShodanMap is a Realtime map that integrates Firebase, Google Maps and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All dat
hustcc/aliyun-oss-deploy - 🙈 一个 nodejs 命令行工具，用于部署静态资源到 aliyun oss，支持代码方式和 CLI 方式！
noahziheng/sdeploy-cli - A light development tool using SCP,SFTP and RSync
axetroy/blog - :open_book:基于Github API 的动态博客
denghongcai/forsaken-mail - a self-hosted disposable mail service
malaohu/forsaken-mail - a self-hosted disposable mail service
DIYgod/RSSHub - 🍰 Everything is RSSible
runningcheese/RunningCheese-Firefox - A Graceful and Powerful Customized Firefox
jae-jae/Camtd - Chrome multi-threaded download manager extension,based on Aria2 and AriaNg. Chrome多线程下载扩展。
s9w/font_compare - Programming font comparison
be5invis/Sarasa-Gothic - Sarasa Gothic / 更纱黑体 / 更紗黑體 / 更紗ゴシック / 사라사 고딕
aliyun/oss-browser - OSS Browser 提供类似windows资源管理器功能。用户可以很方便的浏览文件，上传下载文件，支持断点续传等。
geekcompany/DeerResume - MarkDown在线简历工具，可在线预览、编辑和生成PDF。[此项目已不再维护，建议使用 cv.ftqq.com 替代 ]
marktext/marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
UbuntuBar/userguide - Ubuntu 吧用户指南
KafuuChinoQ/V2RayGeoKit -
open-source-translation/AWVS11.X-Chinese-Version - AWVS11.X汉化包|AWVS11.X-Chinese-Version
reruin/sharelist - 快速分享 GoogleDrive OneDrive
liyangready/multiple-host - 虚拟host解决方案，轻松实现两套host环境
listen1/listen1_desktop - one for all free music in china (Windows, Mac, Linux desktop)
KaTeX/KaTeX - Fast math typesetting for the web.
creditease-sec/insight - 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
IceEnd/Yosoro - :shaved_ice:Beautiful Markdown NoteBook. 🏖
jax777/scan_monitor - ip 域名端口扫描服务刺探单机版
VoidSec/WebRTC-Leak - Check if your VPN leaks your IP address via the WebRTC technology
1c7/Crash-Course-Computer-Science-Chinese - :computer: 计算机速成课 | Crash Course 字幕组 (全40集 2018-5-1 精校完成)
chinese-poetry/chinese-poetry - The most comprehensive database of Chinese poetry 🧶最全中华古诗词数据库, 唐宋两朝近一万四千古诗人, 接近5.5万首唐诗加26万宋诗. 两宋时期1564位词人，21050首词。
ALEXZZZ9/PS4-5.01-WebKit-Exploit-PoC - PS4 5.01 WebKit Exploit PoC
brookhong/Surfingkeys - Map your keys for web surfing, expand your browser with javascript and keyboard.
wspl/CIDR-in-Proxifier - :tea: A script for converting CIDRs list to configuration file segment of Proxifier.
carbon-app/carbon - :black_heart: Create and share beautiful images of your source code
lukechilds/reverse-shell - Reverse Shell as a Service
neargle/win-powerup-exp-index - 🚄 火车上写的，2015年的代码和数据了
chaozh/awesome-blockchain-cn - 收集所有区块链(BlockChain)技术开发相关资料，包括Fabric和Ethereum开发资料
0x0ade/rotonde-client - Rotonde Base Client
Rotonde/rotonde-client - Rotonde Base Client
zhuzhuyule/HexoEditor - this markdown Editor for hexo blog
zkat/cipm - standalone ci-oriented package installer for npm projects (moved)
amhoho/electron-cn-docs - Electron中文文档! 精心翻译,完美排版,实时同步更新!, 最后同步:2017-05-23(个人比较忙,本项目已经不再维护了)
yuzd/ClearScript.Manager - Use tern.js in .netcontext 重构原有代码,require dll js等功能
bradoyler/xmr-miner - Web-based Cryptocurrency miner, built with Vue.js
trazyn/ieaseMusic - 网易云音乐第三方
blinksocks/blinksocks - A framework for building composable proxy protocol stack.
zhangjikai/tools - Some useful tools
njwangchuan/schoidbot - schoidbot is a twitter bot with rss feeds. 二次元Twitter新闻机器人
lqzhgood/Rss2Weibo - 将 rss 流同步到微博. 如 twitter facebook 等
Unitech/pm2 - Node.js Production Process Manager with a built-in Load Balancer.
ssbc/patchwork - A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB).
sensepost/wsproxy - A websocket proxy
imsun/gh-feed - Generate RSS feed from GitHub Issues
mumuy/relationship - 中国亲戚关系计算器 - 家庭称谓/亲戚称呼/称呼计算/辈分计算/亲戚关系算法/親戚稱呼計算機_Chinese kinship system.
homerchen19/nba-go - 🏀 💻 The finest NBA CLI.
LandGrey/dnstricker - A simple dns resolver of dns-record and web-record log server for pentesting
machengwei1024/Hexo-Theme-Life - Hexo Theme
Rotonde/beaker - Rotonde client with user account combined(deprecated)
reruin/ServerStockCheck - 库存检查工具
dannyti/seedbox-from-scratch - Creating a seedbox on a Linux server
mengskysama/rain - http://rain.mengsky.net
justjavac/Flarum - Flarum - 优雅自由的 PHP 轻社区
mikeal/webtorrent-element - WebTorrent HTML element.
Notos/seedbox-from-scratch - Creating a seedbox on a Linux server
QuickBox/QB - QuickBox is much more than a ‘seedbox installer script’, it is a simplistic approach to achieving easy seedbox and services management from a beautifully designed dashboard. Allowing users the ability
xavier84/RatXaBox - Auto installation de ruTorrent avec rTorrent. Version "Seedbox-Manager Workflow"
Meshiest/mrseedbox - [unmaintained] A Containerized Seedbox with Embedded Media Player
Kerwood/Rtorrent-LXC - A Docker container with Rtorrent + Rutorrent.
xcatliu/cqc - Code Quality Checker - Check your code quality by running one command.
marknote/TeleShellBot - A simple Telegram Bot to run shell commands remotely
ElaWorkshop/awesome-cn-cafe - A curated list of awesome coffee places for work in China.
ksco/reblog - A blog system using GitHub Issues, powered by React + Redux.
malaohu/Dply-Autobuild-Server - Dply.co自动创建服务器
denysdovhan/wtfjs - 🤪 A list of funny and tricky JavaScript examples
rozbo/blog - A super blog lite -- just one page. use vue with github api !
ipfs/js-ipfs - IPFS implementation in JavaScript
OhYee/hexo-theme-indigo - 这个只是我修改的别人的，大家fork去原项目啊
fei-ke/WeiboImageReverse - Chrome 插件，反查微博图片po主
knownsec/KCon - KCon is a famous Hacker Con powered by Knownsec Team.
otale/tale - 🦄 Best beautiful java blog, worth a try
jasonsheh/SiteScan - A tool help get the basic information of one site
suoyuesmile/suo-blog - :fox_face:技术博客文章、笔记、实战、技术探讨、资源收集等等
novnc/noVNC - VNC client web application
coderzh/hugo-rapid-theme - A hugo theme as
CatTail/rssify - Convert anything to rss feed
xiongwilee/iblog - 基于Gracejs及github issues的全功能博客方案，参考：
gitalk/gitalk - Gitalk is a modern comment component based on Github Issue and Preact.
aksakalli/gtop - System monitoring dashboard for terminal
securing/gattacker - A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks
ciscocsirt/GOSINT - The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
lqmeta/Cube-In-Electron - :octocat:A cross-platform web music player in Electron.
stkevintan/Cube - A cross-platform web music player in nw.js
htfy96/v2ray-config-gen - V2Ray Configuration generator
boy-hack/WebshellManager - w8ay 一句话WEB端管理工具
ciqulover/CMS-of-Blog - deprecated
overcache/VRouter - 一个基于 VirtualBox 和 openwrt 构建的项目, 旨在实现 macOS / Windows 平台的透明代理.
wpyok500/Google-IPs - :us: Google 全球 IP 地址库
Or3stis/apparatus - A graphical security analysis tool for IoT networks
dryabov/twister-webkit - webkit package for twister
xwiki-labs/cryptpad - Collaborative office suite, end-to-end encrypted and open-source.
twngo/cryptpad - Unity is Strength - Collaboration is Key - CryptPad is the zero knowledge realtime collaborative editor.
viatsko/awesome-vscode - 🎨 A curated list of delightful VS Code packages and resources.
medcl/elasticsearch-rtf - elasticsearch中文发行版，针对中文集成了相关插件，方便新手学习测试.
malaohu/squid-with-net-speeder - SQUID Proxy with net speed
VincentChanX/shadowsocks-over-websocket - 免费使用 Heroku 部署 shadowsocks
contiv/auth_proxy - A proxy + UI server for Contiv which handles authentication (local users/LDAP/AD) + authorization (RBAC)
squidproxy/squidproxy - squid 技術部署、客戶端(原創)提供
AnarchyLinux/installer - Anarchy Linux - A simple and intuitive Arch Linux installer. https://anarchyinstaller.org/
ha7ilm/openwebrx - Open source, multi-user SDR receiver software with a web interface
beakerbrowser/beaker - An experimental peer-to-peer Web browser
borgbackup/borgweb - Web UI for Borg Backup
hound-search/hound - Lightning fast code searching made easy
Tschaul/twister-react - proxy-based Twister client written with react-js
martinzhou2015/SRCMS - SRCMS企业应急响应与缺陷管理系统
alibaba/anyproxy - A fully configurable http/https proxy in NodeJS
AInoob/NooBoss - NooBoss is an extension that handles your extensions like a boss!
mapbox/link-hijacker - Hijack clicks on and within links, probably for client-side routing
veniversum/git-visualizer - 👁‍🗨:octocat:Visualizes directory structure of GitHub repos
evilcos/xssor2 - XSS'OR - Hack with JavaScript.
TuuuNya/GenPass - 用Vue.js给健忘的女票写的在线密码生成器。
bugbountyforum/XSS-Radar -
sakurity/securelogin - This version won't be maintained!
anttiviljami/browser-autofill-phishing - A simple demo of phishing by abusing the browser autofill feature
ChromeDevTools/debugger-protocol-viewer - DevTools Protocol API docs—its domains, methods, and events
egoist/eme - Elegant Markdown Editor.
bryanph/GeistMap - An experimental personal knowledge base with a focus on connections
nccgroup/wssip - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
xbotao/hexo-admin-qiniu - 根据[email protected]进行修改，添加粘贴图片上传至七牛
platformio/platformio-atom-ide - PlatformIO IDE for Atom: The next generation integrated development environment for IoT
n0mad01/node.bittrex.api - No longer maintained
sghaskell/Clustered-Single-Value-Map-Visualization - Splunk Custom Visualization
cure53/DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
IonicaBizau/git-unsaved - :mag_right: Scan your projects directory for dirty git repositories.
ryanhanwu/How-To-Ask-Questions-The-Smart-Way - 本文原文由知名 Hacker Eric S. Raymond 所撰寫，教你如何正確的提出技術問題並獲得你滿意的答案。
llh911001/mostly-adequate-guide-chinese - 函数式编程指北中文版
trim21-archive/sdu-mirror-website - 山大镜像站首页
zcgonvh/LinkedServerPwdDumper - SqlServer Linked Password Dumper.
jikeytang/front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
aweary/tinytime - ⏰ A straightforward date and time formatter in <1kb
le4f/pcap-analyzer - online pcap forensic
monkeym4ster/DomainFuzz - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Formstone/Formstone - Library of modular front end components.
MobSF/Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and
azu/codemirror-anywhere - [Greasemonkey] Use CodeMirror editor instead of textarea in anywhere
frida/frida-java-bridge - Java runtime interop from Frida
imsun/gitment - A comment system based on GitHub Issues.
xsank/xpath_tester - Demo
DIYgod/APlayer - :lollipop: Wow, such a beautiful HTML5 music player
FrankFang/wheels - 笨办法造轮子
iagox86/h2gb-ui -
firesunCN/My_CTF_Challenges - :fire::sunny:
leanote/leanote - Not Just A Notepad! (golang + mongodb) http://leanote.org
lockfale/OSINT-Framework - OSINT Framework
acgpiano/wooyun-node - wooyun.org
kevana/ui-for-docker - A web interface for Docker, formerly known as DockerUI. This repo is not maintained
fwon/electron-anyproxy - 📢 A http/https proxy client, using to analyze and mock.
jaywcjlove/awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
MicrosoftEdge/magic-mirror-demo - A :zap:Magic Mirror:zap: powered by a UWP Hosted Web App :rocket:
ziahamza/webui-aria2 - The aim for this project is to create the worlds best and hottest interface to interact with aria2. Very simple to use, just download and open index.html in any web browser.
martinsbalodis/web-scraper-chrome-extension - Web data extraction tool implemented as chrome extension
derhuerst/tcp-over-websockets - Tunnel TCP through WebSockets.
e2email-org/e2email - E2EMail is a simple Chrome application - a Gmail client that exchanges OpenPGP mail.
aimer1124/JianshuSpider - Use Node.js,HighChart,BootStrap,Mongo,Cucumber with Gulp to scrapy information from Jianshu.
cnwhy/lib-qqwry - 用NodeJS解析纯真IP库(QQwry.dat) 支持IP段查询
keeweb/keeweb - Free cross-platform password manager compatible with KeePass
wzyy2/PiBox - PiBox is a web control Interface written to control Embedded Board(Raspberry Pi).
52cik/github-hans - [废弃] {官方中文马上就来了} GitHub 汉化插件，GitHub 中文化界面。 (GitHub Translation To Chinese)
TingGe/calibration-box - 图片标定：一个 Fabric 的小插件，可用于标定图片中车辆、人、交通灯标识、区域等。
gavinkwoe/weapp-ide-crack - 【应用号】IDE + 破解 + Demo
eteplus/vue-sui-demo - 用vue 和 SUI-Mobile 写了一个移动端demo，用来反馈学习vue的成果（禁用了SUI自带的路由，使用vue-router, vue-resource, webpack）[a web app written by vue & sui-mobile]
google/WebFundamentals - Former git repo for WebFundamentals on developers.google.com
FredWe/How-To-Ask-Questions-The-Smart-Way - Any update requests plz redirect to original --->
Tencent/WeFlow - A web developer workflow tool by WeChat team based on tmt-workflow, with cross-platform supported and environment ready.
jakubfiala/atrament.js - A small JS library for beautiful drawing and handwriting on the HTML Canvas.
vuejs/vue-hackernews-2.0 - HackerNews clone built with Vue 2.0, vue-router & vuex, with server-side rendering
shimohq/chinese-programmer-wrong-pronunciation - 中国程序员容易发音错误的单词
aosabook/500lines - 500 Lines or Less
Lmnoppy/Scrippy - Scrippy is a browser extension that holds sql statements (think clip board) to aid devlopers in the testing of websites for basic code injections.
mandatoryprogrammer/xsshunter - The XSS Hunter service - a portable version of XSSHunter.com
dragthor/xss-scanner - Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.
lixiangwei/xsser - xss监控（xss monitor）
jiang890910bo/back_manager - Paladin是啥？它是一个以JFinal为底层的java基础后台框架。结合了以下第三方组件： Beetl、Druid、Shiro、Ehcache（JFinal自带有工具类）。界面使用的拼图的后台模板，自己做了些优化和更改。最初目的：为了学习jfinal，通过一点点的摸索，把它建立起来了。最终理想：形成一个工作中比较通用的基础后台框架。适用人群刚入门JFinal的同学，
jichengyue/SailsAdmin - 利用nodejs sails框架搭建的权限管理系统和数据可视化界面的B/S
ycosine/DataVistual - 数字校园项目-大数据可视化平台
doumengyu/The-FlowingData-Guide - 自己整理的《鲜活的数据——数据可视化指南》一书的笔记，还有自己根据书中的讲解，整理出的各章代码。
RodgerLai/nodejs-nedb-excel - 基于nodejs+webpack,以nosql轻量级嵌入式数据库nedb作为存储，页面渲染采用react+redux,样式框架为ant design,实现了excel表格上传导出以及可视化
jinjianhua727/log-date-view - 日志数据可视化
tutuxxx/csv2dv - 将csv数据转换成可视化所需的数据格式
SunshowerC/lagou-spider-data-handle - 拉勾数据处理，echarts数据可视化
walkdoer/Life-Time-Tracker - 个人时间跟踪，可视化个人活动数据，管理个人生活，利用过去来指导未来，基于柳比歇夫的统计方法
yexiaochai/medlog - 数据可视化系统，持续迭代，包括前端采集+数据设计+大数据存储+可视化展示几个大块
TingGe/data-visualization - 数据可视化
Easonzero/Compiler - 哈工大编译原理实验，使用node语言，实现了基于状态转换机制的词法分析器,以及自顶而下分析的语法分析器，gui基于electron&angular制作，数据可视化使用的是d3.js。
khrome/ascii-art - A Node.js library for ansi codes, figlet fonts, ascii art and other ASCII graphics

Jinja

Dido1960/random_c2_profile - Cobalt Strike random C2 Profile 修改版（适配腾讯云函数，亚马逊云函数和CrossC2自定义protocol）
99cloud/lab-openstack - lab for OpenStack
op7ic/BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.
EspressoCake/Cobalt_Strike_Ansible - A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.
geerlingguy/internet-pi - Raspberry Pi config for all things Internet.
warhorse/ansible-role-cobaltstrike-docker - Ansible Cobalt Strike (Docker)
ralphte/build_a_phish - Ansible playbook to deploy a phishing engagement in the cloud.
ironicbadger/infra - 99.9% less leaked credentials
easzlab/kubeasz - 使用Ansible脚本安装K8S集群，介绍组件交互原理，方便直接，不受国内网络环境影响
splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
trailofbits/algo - Set up a personal VPN in the cloud
BlitzKraft/saythanks.io - Spreading Thankfulness in Open Source.

Jupyter Notebook

shriyanss/UtilityTools - Web hacking utility tools in one .ipynb
batfish/pybatfish - Python client for Batfish: https://github.com/batfish/batfish
naity/DeepUFC2 - Now with data scraping and implementation in PyTorch
gyoisamurai/Adversarial-Threat-Detector -
jgamblin/cveprophet - CVE Prophet
obheda12/JupyterPen - A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks
lyhue1991/eat_pytorch_in_20_days - Pytorch🍊🍉 is delicious, just eat it! 😋😋
Anon-Exploiter/subdomainsEnumerator - A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
The-Art-of-Hacking/h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFI
hackingguy/Bug-Hunting-Colab - A Colab For Bug Hunting!
WithSecureLabs/leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
someshkar/colabcat - :smiley_cat: Running Hashcat on Google Colab with session backup and restore.
dempfi/ayu - 🎨🖌 Modern Sublime Text theme
OTRF/detection-hackathon-apt29 - Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
malrev/ABD - Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
czy36mengfei/tensorflow2_tutorials_chinese - tensorflow2中文教程，持续更新(当前版本:tensorflow2.0)，tag: tensorflow 2.0 tutorials
Alfred1984/interesting-python - 有趣的Python爬虫和Python数据分析小项目(Some interesting Python crawlers and data analysis projects)
leandromoreira/digital_video_introduction - A hands-on introduction to video technology: image, video, codec (av1, vp9, h265) and more (ffmpeg encoding). Translations: 🇺🇸 🇨🇳 🇯🇵 🇮🇹 🇰🇷 🇷🇺
404notf0und/AI-for-Security-Testing-Database - 复现过的AI安全检测的项目集合
selfteaching/the-craft-of-selfteaching - One has no future if one couldn't teach themself.
advboxes/AdvBox - Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models.
MLEveryday/100-Days-Of-ML-Code - 100-Days-Of-ML-Code中文版
Cyb3rWard0g/HELK - The Hunting ELK
BrambleXu/pydata-notebook - 利用Python进行数据分析第二版 (2017) 中文翻译笔记
SuperCowPowers/data_hacking - Data Hacking Project
yidao620c/python3-cookbook - 《Python Cookbook》 3rd Edition Translation
coells/100days - 100 days of algorithms
cycleuser/Duke-STA-663-CN - A Chinese Translation of the Resources for Duke University STA 663 杜克大学计算机统计学（Python）全部内容的中文翻译
cs231n/cs231n.github.io - Public facing notes page
justmarkham/pandas-videos - Jupyter notebook and datasets from the pandas Q&A video series
yaoso/pandas-doc-zh - pandas 0.19.2 文档中文版
jvns/pandas-cookbook - Recipes for using Python's pandas library
brandon-rhodes/pycon-pandas-tutorial - PyCon 2015 Pandas tutorial materials
hanxlinsist/jupyter_hub - 机器学习算法、可视化、数据分析的Python代码

KiCad Layout

xorrbit/growdammit - Garden thing

Kotlin

wuzuchang/PrivacyCompliancePlugin - 隐私合规代码扫描Gradle插件
bytedance/appshark - Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
ssseasonnn/PermissionX - Android permission with coroutine
square/leakcanary - A memory leak detection library for Android.
allenymt/PrivacySentry - 工信部-Android隐私合规整改检测工具，注解+Asm修改字节码的检测方案
0xDexter0us/Scavenger - Burp extension to create target specific and tailored wordlist from burp history.
0xDexter0us/Log4J-Scanner - Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
silentsignal/burp-log4shell - Log4Shell scanner for Burp Suite
linuxct/PhoneAccountDetector - #PAAD: PhoneAccount Abuse Detector for Android 6.0+ devices
Leon406/ToolsFx - 基于kotlin+tornadoFx的跨平台密码学工具箱.包含编解码,编码转换,加解密, 哈希,MAC,签名,大数运算,压缩,二维码功能,ctf等实用功能,支持插件
Guardsquare/appsweep-gradle - This Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process
plutolib/pluto - Pluto is a on-device debugging framework for Android applications, which helps in inspection of HTTP requests/responses, capture Crashes and ANRs and manipulating application data on-the-go.
optiv/InsecureShop - An Intentionally designed Vulnerable Android Application built in Kotlin.
SagerNet/SagerNet - The universal proxy toolchain for Android
pppscn/SmsForwarder - 短信转发器——监控Android手机短信、来电、APP通知，并根据指定规则转发到其他手机：钉钉群自定义机器人、钉钉企业内机器人、企业微信群机器人、飞书机器人、企业微信应用消息、邮箱、bark、webhook、Telegram机器人、Server酱、PushPlus、手机短信等。包括主动控制服务端与客户端，让你轻松远程发短信、查短信、查通话、查话簿、查电量等。（V3.0 新增）PS.这个APK主要是
LibChecker/LibChecker - An app to view libraries used in apps in your device.
TeamVanced/VancedManager - Vanced Installer
securityfirst/Umbrella_android - Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in ove
NitishGadangi/Privacy-Indicator-App - 🔔 Get the famous "Recording Indicators" feature of iOS14 to android. Get notified every time a third-party app or a service uses camera or microphone.
Leifzhang/AndroidAutoTrack - Android Asm 插桩教学
kongxiaoan/Network-Demo - Retrofit + OkHttp3 + coroutines + LiveData打造一款网络请求框架
PaulWoitaschek/DaemonHunter - Freeing up memory used by old Kotlin and Gradle Daemons
fabricezhang/lcg - 吾爱破解第三方安卓应用
androidx/androidx - Development environment for Android Jetpack extension libraries under the androidx namespace. Synchronized with Android Jetpack's primary development branch on AOSP.
leavesCZY/DataBindingSamples - 包含了 DataBinding 的大部分知识点
corona-warn-app/cwa-app-android - Native Android app using the Apple/Google exposure notification API. The CWA development ends on May 31, 2023. You still can warn other users until April 30, 2023. More information:
koxudaxi/poetry-pycharm-plugin - A PyCharm plugin for poetry
approov/shipfast-api-protection - Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.
GoSecure/dtd-finder - List DTDs and generate XXE payloads using those local DTDs.
CarGuo/GSYGithubAppKotlin - 超完整的Android Kotlin 项目，功能丰富，适合学习和日常使用。GSYGithubApp系列的优势：目前已经拥有Flutter、Weex、ReactNative、Kotlin四个版本。功能齐全，项目框架内技术涉及面广，完成度高。开源Github客户端App，更好的体验，更丰富的功能，旨在更好的日常管理和维护个人Github，提供更好更方便的驾车体验Σ(￣。￣ﾉ)ﾉ。同款Weex版本：
cak/Bookmarks - A Burp Suite Extension to take back your repeater tabs
B3nac/InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
WrBug/DeveloperHelper - 📌易开发是一款帮助开发人员快速开发的工具，功能包括界面分析，页面信息，加固脱壳，支持Android9.0
Mygod/VPNHotspot - Share your VPN connection over hotspot or repeater! (root required)
k0kubun/gitstar-ranking - GitHub star ranking for users, organizations and repositories
KotlinBy/awesome-kotlin - A curated list of awesome Kotlin related stuff Inspired by awesome-java.
alibaba/p3c - Alibaba Java Coding Guidelines pmd implements and IDE plugin
Kotlin-lang-CN/Kotlin-CN - 【已下线】https://discuss.kotliner.cn 的第一个实验版本，尝试使用Kotlin编写构建的 Kotlin China 论坛，etcd+自研tpc协议RPC
ingbyr/vdm - GUI for command-line video downloader (youtube-dl annie)
bannedbook/fanqiang - 翻墙-科学上网
enzet/symbolic-execution - History of symbolic execution (as well as SAT/SMT solving, fuzzing, and taint data tracking)
Kotlin/kotlin-koans - Kotlin workshop

LLVM

Evian-Zhang/llvm-ir-tutorial - LLVM IR入门指南

Logos

creantan/LookinLoader - Lookin - iOS UI Debugging Tweak LookinLoader,Compatible with iOS 8~15
XLsn0w/Cydia - 🔥🔥🔥微信公众号: XLsnow🔥🔥🔥=> Cydia插件 Logos语言开发Tweak.xm Cydia Substrate 注入dylib iOS逆向工程开发越狱Jailbreak deb插件 - fishhook / Frida / iOSOpenDev / Cycript / MachOView / IDA / Hopper Disassembler / MonkeyDev /
limneos/UIDaemon - An iOS daemon that can show UI /over/ SpringBoard

Lua

foggyspace/NsePocsuite-lua - 网络摄像头漏洞检测脚本.Nmap (Nse Nmap script engine)
riverscn/rime-forge - 文正坊 - 中州韵 Rime 输入法私房菜
vela-security/openresty-ssl-ja3 - openresty ssl tls 指纹识别
CronUp/Vulnerabilidades -
GuayoyoCyber/CVE-2021-21972 - Nmap script to check vulnerability CVE-2021-21972
jiansiting/NMAP-NSE-SCADA - NMAP Script for SCADA protocol
icarot/NSE_scripts - NSE script to use with nmap tool.
n3tSh4d3/Nmap_Script_Collection - Collection of NSE Script
VicariusInc/vicarius-nmap - nmap scripts (nse files) to identify vulnerabilities
hackertarget/nmap-nse-scripts - Nmap NSE scripts that have been customised or created
mmpx12/nse-country-scan - nmap nse script for scan a whole country
alt3kx/CVE-2022-22965 - Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
nccgroup/nmap-nse-vulnerability-scripts - NMAP Vulnerability Scanning Scripts
rjbhide/wireshark-forensics-plugin -
righel/gitlab-version-nse - Nmap script to guess* a GitLab version.
automayt/ICS-pcap - A collection of ICS/SCADA PCAPs
casbin-lua/luasql-adapter - LuaSQL adapter for Lua-Casbin
GitHub4Eddy/solaredge_monitor - This QuickApp monitors your SolarEdge managed Solar Panels. The QuickApp has (child) devices for current Power, solar Power, lastday, lastmonth, lastyear and lifetime energy.
nccgroup/nlist - An nmap script to produce target lists for use with various tools.
pwntester/nautilus.nvim - A nice and cobaltish neovim theme
PlatyPew/PwnBox2 - 🐳 VMs are bloat. Dockerise your CTF environment.
whickey-r7/grab_beacon_config -
tomer8007/chromium-ipc-sniffer - A tool to capture communication between Chromium processes on Windows
ym2011/nmap-scripts -
hi-KK/ICS-Protocol-identify - Using nmap NSE scripts for identifying common ICS protocols[使用nmap的nse脚本对常见工控协议进行识别，附对应nse脚本，并记录pcap流量]
scipag/vulscan - Advanced vulnerability scanning with Nmap NSE
hack0z/luject - 🍹A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)
jerryting/ngxlua - nginx/openresty lua access limit 限流防爬
WazeHell/remote-adb-scan - pure python remote adb scanner + nmap scan module
xmake-io/xmake - 🔥 A cross-platform build utility based on Lua
threathunterX/nebula - "星云"业务风控系统，主工程
w3h/icsmaster - ICS/SCADA Security Resource（整合工控安全相关资源）
Rvn0xsy/nse_vuln - Nmap扫描、漏洞利用脚本
pentesteracademy/patoolkit - PA Toolkit is a collection of traffic analysis plugins focused on security
OCSAF/freevulnsearch - Free and open NMAP NSE script to query vulnerabilities via the cve-search.org API.
Tinywan/lua-nginx-redis - :hibiscus: Redis、Lua、Nginx、OpenResty 笔记和资料
jx-sec/jxwaf - JXWAF(锦衣盾)是一款开源web应用防火墙
loveshell/ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
vulnersCom/nmap-vulners - NSE script based on Vulners.com API
TuuuNya/nmap_scripts - nmap默认的scripts和自己收集的一些scripts
alexazhou/VeryNginx - A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards.
rwx------/nginx_waf - 使用nginx和lua构建的waf
christophetd/nmap-nse-info - Browse and search through nmap's NSE scripts.
ChaitanyaHaritash/nmapii - Automated script for NMAP Scanner with some custom .nse scripts :) for lazy geeks :V
Waffles-2/SambaCry - CVE-2017-7494 - Detection Scripts
cldrn/nmap-nse-scripts - My collection of nmap NSE scripts
DNS-OARC/drool - DNS Replay Tool

MATLAB

Ryuk17/AudioProcessing-toolbox - extract the time domain or frequent domain features from wav format audio

Makefile

zhengmin1989/TheSevenWeapons - 安卓动态调试七种武器
DrizzleRisk/drizzleDumper - drizzleDumper是一款基于内存搜索的Android脱壳工具。
crifan/industrial_control_security_overview - 工控安全概览
hueristiq/web-hacking-toolkit - A web hacking toolkit (docker image).
spdx/license-list-XML - This is the repository for the master files that comprise the SPDX License List
IntelLabs/kAFL - A fuzzer for full VM kernel/driver targets
yuk7/ArchWSL - ArchLinux based WSL Distribution. Supports multiple install.
awesome-foss/awesome-sysadmin - A curated list of amazingly awesome open source sysadmin resources.
awesome-selfhosted/awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
seebi/dircolors-solarized - This is a repository of themes for GNU ls (configured via GNU dircolors) that support Ethan Schoonover’s Solarized color scheme.
icing/h2fuzz - everyone can fuzz h2
veficos/reverse-engineering-for-beginners - translate project of Drops
jobbole/awesome-python-cn - Python资源大全中文版，包括：Web框架、网络爬虫、模板引擎、数据库、数据可视化、图片处理等，由「开源前哨」和「Python开发者」微信公号团队维护更新。

Markdown

labuladong/fucking-algorithm - 刷算法全靠套路，认准 labuladong 就够了！English version supported! Crack LeetCode, not only how, but also why.
KaiserY/rust-book-chinese - rust 程序设计语言中文版

Mask

lcatro/Fuzzing-ImageMagick - OpenSource My ImageMagick Fuzzer ..

Max

anoff/microllaborators - microllaborators 👩‍👦‍👦🔮🔬👩‍🏫 - the revolution in teaching

Mercury

DanTheMan827/ios-app-signer - This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.

Mustache

aquasecurity/aqua-helm - Helm Charts For Installing Aqua Security Components
kajov/wazuh-kubernetes-helmchart - Wazuh - Wazuh Kubernetes Helm chart. This repo is not maintained by Wazuh team. This is community project.

Nginx

vSense/docker-rtorrent - rTorrent is a BitTorrent client and ruTorrent is a front-end for the popular Bittorrent client rtorrent.

Nim

sh3d0ww01f/nim_shellloader - nim,免杀,红队,shellcode,bypass,apt,bypass-av.
d4rckh/grc2 - grim reaper c2
chvancooten/NimPackt-v1 - Nim-based assembly packer and shellcode loader for opsec & profit
icyguider/Nimcrypt2 - .NET, PE, & Raw Shellcode Packer/Loader Written in Nim
whydee86/PlayWithDefender - An easy tool to disable and enable windows defender protections
thisago/fsmonitor - Files changes monitor and logger
HuskyHacks/ShadowSteal - Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
ThomasTJdev/nim_awsS3 - Amazon Simple Storage Service (AWS S3) basic API support
d4rckh/vaf - Vaf is a cross-platform very advanced and fast web fuzzer written in nim
byt3bl33d3r/OffensiveNim - My experiments in weaponizing Nim (https://nim-lang.org/)
inspiringz/nim-dnp - Nim 版 domainNamePredictor：一个简单的现代化公司域名使用规律预测及生成工具
khchen/wAuto - Windows automation module
cheatfate/nimcrypto - Nim cryptographic library
status-im/nim-json-rpc - Nim library for implementing JSON-RPC clients and servers
ringabout/awesome-nim - A curated list of awesome Nim frameworks, libraries, software and resources.
khchen/winim - Nim's Windows API and COM Library
Yardanico/nim-strenc - A tiny library to automatically encrypt string literals in Nim code
xmonader/nimassets - bundle your assets into single nim file inspired by go-bindata
ba0f3/subhook.nim - subhook wrapper for Nim https://github.com/Zeex/subhook
elddy/Nim-SMBExec - SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique
elddy/NimScan - 🚀 Fast Port Scanner 🚀
arnetheduck/nlvm - LLVM-based compiler for the Nim language
treeform/quickjwt - JWT implementation for nim-lang

Nix

nix-community/home-manager - Manage a user environment using Nix [maintainer=@rycee]

Nunjucks

typlog/china-indie-podcasts - 发现与推荐高质量的中文独立播客

OCaml

returntocorp/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Objective-C

pilotmoon/Scroll-Reverser - Per-device scrolling prefs on macOS.
pallotron/yubiswitch - OSX status bar application to enable/disable Yubikey Nano
asaurusrex/Forblaze - Forblaze - A Python Mac Steganography Payload Generator
ios-control/ios-deploy - Install and debug iPhone apps from the command line, without using Xcode
HexFiend/HexFiend - A fast and clever hex editor for macOS
paradiseduo/IPAPatch - Patch iOS Apps, The Easy Way, Without Jailbreak.
Naituw/IPAPatch - Patch iOS Apps, The Easy Way, Without Jailbreak.
QMUI/LookinServer - Free macOS app for iOS view debugging.
ichitaso/KernBypass-Unofficial - chroot based kernel level jailbreak detection bypass.
evilpenguin/NetworkSniffer - Log iOS network traffic without a proxy
objective-see/BlockBlock - BlockBlock provides continual protection by monitoring persistence locations.
orklann/PEP - PEP - Free & Open Source PDF Editor for Mac
riusksk/SecConArchive - Security Conference Archive
JourneyYoung/iOSMixProject - To mix your project if you want it won't be like others
chenxiancai/STCObfuscator - iOS全局自动化代码混淆工具！支持cocoapod组件代码一并混淆，完美避开hardcode方法、静态库方法和系统库方法！
google/santa - A binary authorization system for macOS
xorrior/macOSTools - macOS Offensive Tools
sweetloser/DecryptApp -
agatti/hopper-plugins - Plugins for the Hopper disassembler
akusio/KernBypass-Public - chroot based kernel level jailbreak detection bypass.
tihmstar/ios-app-signer - This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
ptoomey3/Keychain-Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
neil-wu/FridaNSLogger - Logging tool that send Frida log to Mac NSLoggerViewer
iodefog/VipVideo - 各大网站vip视频、世界杯直播（CCTV5）免费观看 - Mac版。付费电影，VIP会员剧等，去广告播放。自用视频或者电影URL，音乐破解URL，CCTV等电视播放URL，爱奇艺、腾讯视频、芒果视频、bilibili、美剧、韩剧、日剧、音乐破解
SmileZXLee/ZXHookDetection - 【iOS应用安全、安全攻防】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议Demo)；【数据传输安全】浅谈http、https与数据加密
ealeksandrov/ProvisionQL - Quick Look plugin for apps and provisioning profile files
MustangYM/WeChatExtension-ForMac - Mac微信功能拓展/微信插件/微信小助手(A plugin for Mac WeChat)
TalkingData/YourView - YourView is a desktop App in MacOS based on Apple SceneKit. You may use it to view iOS App's view hierarchy 3D.
SatanWoo/JSDebugger - JavaScript-Based Debugger For Inspecting Running State Of Your Application
AloneMonkey/MonkeyDev - CaptainHook Tweak、Logos Tweak and Command-line Tool、Patch iOS Apps, Without Jailbreak.
rockqj/networkfixer - Enable network access for Chinese iPhone with checkra1n
axclogo/AxcDrawPath_Tool - AxcAEKit系列拆分出来的一个贝塞尔曲线绘制工具，以科技风为主，动画为辅
jiangboLee/ChangeLocation - 改变自己的定位地址(免越狱打卡)
ChenYilong/iOSBlog - 微博@iOS程序犭袁的blog
lucasjacks0n/EggShell - iOS/macOS/Linux Remote Administration Tool
wzqcongcong/macSubstrate - Substrate for macOS
MxABC/DevDataTool - 编码转换、摘要(hash)、加解密（MD5、SHA1、SHA256、SHA3、SM3、HMAC、DES、3DES、AES、SM4）
macmade/KeychainCracker - macOS keychain cracking tool
sequelpro/sequelpro - MySQL/MariaDB database management for macOS

Objective-C++

evilpenguin/MachoDecrypt - Decrypt iOS binaries at runtime
evilpenguin/SSLBypass - iOS SSL Pinning Bypass (iOS 8 - 14)
hexploitable/MEMSCAN - A memory scanning tool which uses mach_vm* to either dump memory or look for a specific sequence of bytes.
fjh658/IDA7.0_SP - IDA7.0_SP is ida's bugfix
BishopFox/bfinject - Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks
dongyuwei/hallelujahIM - hallelujahIM(哈利路亚英文输入法) is an intelligent English input method with auto-suggestions and spell check features, Mac only.

Open Policy Agent

Checkmarx/kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
madhuakula/docker-security-checker - Dockerfile Security Checker using OPA Rego policies with Conftest
raspbernetes/k8s-security-policies - This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kuberne
gbrindisi/dockerfile-security - A collection of OPA rules to statically analyze Dockerfiles to improve security
sysdiglabs/opa-image-scanner - Kubernetes Admission Controller for Image Scanning using OPA

Others

CnHack3r/Goby_PoC_RedTeam - 致力于收集Goby PoC，请勿用于非法操作，后果自负。
Awrrays/FrameVul -
smallfox233/ExpToPocsuite3 - goby exp批量转换为pocsuite3 exp脚本
Kamigami55/awesome-chatgpt - Curated list of ChatGPT related resource, tools, prompts, apps / ChatGPT 相關優質資源、工具、應用的精選清單。
n0kovo/n0kovo_subdomains - An extremely effective subdomain wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
tdragon6/Supershell - Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell
tongcheng-security-team/AppScan - 安全隐私卫士（AppScan）一款免费的企业级自动化隐私检测工具。
darktohka/clean-flash-builds - Repository of clean Flash Player builds.
fssecur3/fuzzlists - A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
trickest/wordlists - Real-world infosec wordlists, updated regularly
zzzteph/probable_subdomains - Subdomains analysis and generation tool. Reveal the hidden!
xx025/carrot - Free ChatGPT Site List 这儿为你准备了众多免费好用的ChatGPT镜像站点，当前100+站点
H4ckBu7eer-EX/h4tools - 一个安卓渗透工具盒子
Dghpi9/NacosDefaultToken - Alibaba Nacos存在默认token.secret.key，导致远程攻击者可以绕过密钥认证接管Nacos
taielab/awesome-hacking-lists - 平常看到好的渗透hacking工具和多领域效率工具的集合
AabyssZG/WebShell-Bypass-Guide - 从零学习Webshell免杀手册
cseroad/Exp-Tools - 一款集成各种exp的实用性工具
jatrost/awesome-detection-rules - This is a collection of threat detection rules / rules engines that I have come across.
TakSec/chatgpt-prompts-bug-bounty - ChatGPT Prompts for Bug Bounty & Pentesting
topscoder/lurk-sonar - Download source code of all projects in a SonarQube instance. #bugbounty #opsec #infosec #sonarqube
MFMokbel/Crawlector - Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
dark-kingA/arsenalTools - 桌面版本-superSearchPlus是聚合型信息收集插件，支持综合查询，资产测绘查询，信息收集 js敏感信息提取注释资源扫描目录扫描整合了目前常见的资产测绘平台同时支持数据导出
burpheart/koko-moni - 一个网络空间搜索引擎监控平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗
Safe3/tianji - 天机数据安全网关（简称：TJDSG）是有安科技推出的一款全方位办公网数据安全防护产品。
elliot-bia/nessus - nessus crack for docker
Rupeesh-Patil/Android-Pentesting - Android Pentesting Zone
darkarmorlab/video-api-check - check hikvision/ys7 api
OffcierCia/On-Chain-Investigations-Tools-List - Here we discuss how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals! PRs are welcome! If any tool is missing - please open PR!
apachecn/crack-tool-disk - :books: 磁盘取证工具集
RowTeam/SharpExchangeKing - Exchange 服务器安全性的辅助测试工具
cseroad/Webshell_Generate - 用于生成各类免杀webshell
ExpLangcn/NucleiTP - 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC！
duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC - CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator
bestspear/SharkOne - Cobalt Strike 二开项目
PlexPt/awesome-chatgpt-prompts-zh - ChatGPT 中文调教指南。各种场景使用指南。学习怎么让它听你的话。
yichensec/Yichen-GUI - 渗透测试工具箱框架，基于FreeGui二开，该工具箱，自由度较高，样式外观等皆可优化自己处理，同时具备保存笔记的优秀功能。
reewardius/bbFuzzing.txt -
A-poc/BlueTeam-Tools - Tools and Techniques for Blue Team / Incident Response
rebeyond/JNDInjector - 一个高度可定制化的JNDI和Java反序列化利用工具
bobby-lin/study-bug-bounty - Beginner Guide to Bug Hunting
TryGOTry/CobaltStrike_Cat_4.5 - 猫猫Cs:基于Cobalt Strike[4.5]二开 (原dogcs二开移植)
NHPT/Xray_Cracked - Update Xray1.9.4 Cracked for Windows,Linux and Mac OS.
FridaZhbk/UrlRedirectScan -
komomon/CVE-2022-44877-RCE - CVE-2022-44877 Centos Web Panel 7 Unauthenticated Remote Code Execution
numanturle/CVE-2022-44877 -
A-poc/RedTeam-Tools - Tools and Techniques for Red Team / Penetration Testing
injectexpert/API-KEY-CHECKER - AIO API-KEY CHECKER|AWS|Twilio|Mailgun
SaiSathvik1/Linux-Privilege-Escalation-Notes - My Linux Privilege Escalation notes which is part of my OSCP Preperation
CyberSecurityUP/Cloud-Security-Attacks - Azure and AWS Attacks
AbelChe/macos-all - macos all, 关于macos的实用内容不仅是macos...还有各种常用的渗透、命令行技巧
Betsy0/CMSVulSource - CMS（内容管理系统）漏洞源码
aliesbelik/load-testing-toolkit - Collection of open-source tools for debugging, benchmarking, load and stress testing your code or services.
Bywalks/K8s-Mind-Map - K8S安全攻防思维导图 | Docker安全攻防思维导图
xNaughty/BugBountyTips - BugBountyTips en Español
bin-maker/EasyFish - 参考Gophish框架，重构的轻量级钓鱼追踪工具
HackingCost/CyberSpace-Security-Learning - 网络安全学习wiki，包括Web安全、内网安全、云安全、免杀绕过等（持续更新）
k88hudson/git-flight-rules - Flight rules for git
itodaro/WhiteSharkSystem_cve -
HackingCost/AD_Pentest - 红队|域渗透重要漏洞汇总(持续更新)
StarCrossPortal/scalpel - scalpel是一款命令行漏洞扫描工具，支持深度参数注入，拥有一个强大的数据解析和变异算法，可以将常见的数据格式（json, xml, form等）解析为树结构，然后根据poc中的规则，对树进行变异，包括对叶子节点和树结构的变异。变异完成之后，将树结构还原为原始的数据格式。原理：https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
wjl110/MacGosh-Pro - 将你的Mac打造成最强渗透测试装备--自用Mac渗透测试软件:App,框架,脚本,shell,编辑器等
sulab999/AppMessenger - 一款适用于以APP病毒分析、APP漏洞挖掘、APP开发、HW行动/红队/渗透测试团队为场景的移动端(Android、iOS)辅助分析工具
Pik-sec/Payer - 子域名爆破神器
RuanLang0777/CreateUser - 绕过360，火绒添加用户
liangyimingcom/AWS-Security-Hub-usage-tutorial-and-effect-display - AWS Security Hub usage tutorial and effect display /AWS Security Hub安全合规中心使用教程和效果展示
Proviesec/directory-files-payload-lists - Directory scans
su18/hack-fastjson-1.2.80 -
Mr-xn/BLACKHAT_USA2022 - BLACKHAT USA2022 PDF Public
ExpLangcn/HvvInfo - 一款在红蓝对抗中快速对目标单位进行资产探测和基本扫描的工具
VulnTotal-Team/IDA-Pro-tips - IDA Pro每周小技巧
Kento-Sec/AsamF - AsamF是集成Fofa、Quake、Hunter、Shodan、Zoomeye、Chinaz、0.zone及爱企查的一站式企业信息资产收集、网络资产测绘工具。
Junehck/SQL-injection-bypass - 记录实战中的各种sql注入绕过姿势
mitre/cti - Cyber Threat Intelligence Repository expressed in STIX 2.0
subhajit0x/Node-JS-Security-Tips - All the resources for code review ;)
EnnioX/IPWarden - IPWarden（守望者）是一个IP资产风险巡查工具。持续发现系统、Web两个维度的资产和安全风险。所有扫描结果可通过API访问json数据，方便二次开发或数据整理。适合甲方安全人员用于监控管理公网/内网IP资产风险暴露面。
CrackerCat/strongR-frida-android - An anti detection version frida-server for android.
h33tlit/secret-regex-list - List of regex for scraping secret API keys and juicy information.
zeroc00I/DNS-exfiltration-using-blind-xss- - These payloads will help u in your blind xss dumping cookies through dns exfiltration using subdomain dns queries
trickest/resolvers - The most exhaustive list of reliable DNS resolvers.
eryajf/Thanks-Mirror - 整理记录各个包管理器，系统镜像，以及常用软件的好用镜像，Thanks Mirror。走过路过，如觉不错，麻烦点个赞👆🌟
Ormicron/chatViewTool - 基于Java实现的图形化微信聊天记录解密查看器
saeidshirazi/Awesome-Smart-Contract-Security - A curated list of Smart Contract Security materials and resources For Researchers
Firebasky/ScanShiro - 一个批量扫描shiro漏洞的工具,支持AES/CMG
TryGOTry/DogCs4.4 - cs4.4修改去特征狗狗版(美化ui,去除特征,自带bypass核晶截图等..)
PeiQi0/PeiQi-WIKI-Book - 面向网络安全从业者的知识文库🍃
httpwaf/httpwaf2.0 - httpwaf是一款永久免费的web应用防火墙，是最好用的waf。
HackingLZ/ExtractedDefender -
samet-g/bugradar - Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.
d3ckx1/OLa -
coffeehb/nginx_swagger - 这个项目主要用于辅助测试Swagger的XSS漏洞
ExpLangcn/InfoSearchAll - 为了方便安全从业人员在使用网络测绘平台进行信息搜集时的效率，本程序集合了多个网络测绘平台，可以快速在多个网络测绘平台搜索信息并且合并展示及导出。
Y000o/Confluence-CVE-2022-26134 -
achuna33/Memoryshell-JavaALL - 收集内存马打入方式
sssqp/bypass-script - cobaltstrike免杀插件
HackJava/JNDI - 《JNDI-深入理解Java万恶之源》
birdhan/SecurityTools - 渗透测试工具包 | 开源安全测试工具 | 网络安全工具
nomi-sec/CVE-Easy-List - 👀CVE Simple List
Liqunkit/webfinder-next - 对小米范webfinder http://www.cnblogs.com/SEC-fsq/p/5610981.html 进行了小修改
DavidProbinsky/RedTeam-Physical-Tools - Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry.
ASTTeam/PassiveScan - PassiveScan-被动扫描之巅
sp4zcmd/WeblogicExploit-GUI - Weblogic漏洞利用图形化工具支持注入内存马、一键上传webshell、命令执行
komomon/POC_Collect - (持续更新)本项目为存储团队Bot小K每日监测到的最新POC，EXP，以及自己平时总结的POC，为了方便渗透测试过程中，漏洞查询，脱网环境的渗透测试。
wangfly-me/Apache_Penetration_Tool - CVE-2021-41773&CVE-2021-42013图形化漏洞检测利用工具
yuyan-sec/Doraemon - 渗透辅助 BurpSuite 小插件
guchangan1/All-Defense-Tool - 本项目集成了全网优秀的攻防武器工具项目，包含自动化利用，子域名、目录扫描、端口扫描等信息收集工具，各大中间件、cms漏洞利用工具，爆破工具、内网横向及免杀、社工钓鱼以及应急响应等资料。
ExpLangcn/FuYao-Go - 自动化进行目标资产探测和安全漏洞扫描｜适用于赏金活动、SRC活动、大规模使用、大范围使用|通过使用被动在线资源来发现网站的有效子域｜通过强大且灵活的模板，模拟各种安全漏洞检查！Automate target asset detection and security vulnerability scanning | Suitable for bounty campaigns, SRC campaig
q601333824/xray_crack - xray高级版本破解通用启动器
cipher387/Dorks-collections-list - List of Github repositories and articles with list of dorks for different search engines
litangbo/Android_Study - 《第一行代码 Android 第2版》学习笔记
nascentxyz/simple-security-toolkit - A collection of practical security-focused guides and checklists for smart contract development
mdecrevoisier/Microsoft-eventlog-mindmap - Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
hktalent/spring-spel-0day-poc - spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963
j5s/GetDomainAdmin - 获取域控权限方法枚举
facert/awesome-spider - 爬虫集合
Wechat-ggGitHub/Awesome-GitHub-Repo - 收集整理 GitHub 上高质量、有趣的开源项目。
sottlmarek/DevSecOps - Ultimate DevSecOps library
alt3kx/CVE-2022-1388_PoC - F5 BIG-IP RCE exploitation (CVE-2022-1388)
shifa123/shodandorks -
llvm/llvm-project - The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. Note: the repository does not accept github pull requests at this moment. Please submit your patches at ht
ThestaRY7/supplier - 主流供应商的一些攻击性漏洞汇总
Cobalt-Strike/beacon_health_check - This aggressor script uses a beacon's note field to indicate the health status of a beacon.
JDArmy/DCSec - 域控安全one for all
Ryze-T/Sylas - 数据库综合利用工具
daffainfo/match-replace-burp - Useful "Match and Replace" burpsuite rules
Bo0oM/fuzz.txt - Potentially dangerous files
luckyfuture0177/VULOnceMore - 记录个人的漏洞复现过程
Whitebird0/Vulnerability_Analysis - 恶意代码与漏洞
reidmu/sec-note - 记录安全方面的笔记/工具/漏洞合集
Threekiii/Awesome-POC - 一个各类漏洞POC知识库
Threekiii/Vulhub-Reproduce - 一个Vulhub漏洞复现知识库
shengshengli/vulntarget - vulntarget靶场其中涵盖Web漏洞、主机漏洞、域漏洞、工控漏洞等等。
For3stCo1d/myvulpoc - 漏洞复现，xraypoc编写
69337a398c/Zer0DayLab-SCAMMERS - Zer0Day Lab Are SCAMMERS
malienist/lupo - Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation
ayadim/Nuclei-bug-hunter - i will upload more templates here to share with the comunity.
Getshell/CobaltStrike - CobaltStrike资源大全
f0ng/JavaFileDict - Java应用的一些配置文件字典，来源于公开的字典与平时收集
zapstiko/Hacking-PDF - Here Are Some Popular Hacking PDF
casbin/Summer2022 - 开源软件供应链点亮计划-暑期2022 for Casbin 【学生报名请加QQ群：540163681】
slowmist/Cryptocurrency-Security-Audit-Guide -
phith0n/collision-webshell - A webshell and a normal file that have the same MD5
zangcc/Aazhen-RexHa - 自研JavaFX图形化漏洞扫描工具，支持扫描的漏洞分别是： ThinkPHP-2.x-RCE， ThinkPHP-5.0.23-RCE， ThinkPHP5.0.x-5.0.23通杀RCE， ThinkPHP5-SQL注入&敏感信息泄露， ThinkPHP 3.x 日志泄露NO.1， ThinkPHP 3.x 日志泄露NO.2， ThinkPHP 5.x 数据库信息泄露的漏洞检测，以及批量检测的功
wwl012345/Vuln-List - (持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行整理，主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等，并且会持续更新。
shirouQwQ/CVE-2022-2333 - SXF VPN RCE
j2ekim/Security_Service_Interviews - 安服面经☞渗透测试/代码审计/安全研究
biggerduck/RedTeamNotes - 红队笔记
allanlw/svg-cheatsheet - A cheatsheet for exploiting server-side SVG processors.
safe6Sec/command - 红队常用命令速查
Dongdongshe/K-Scheduler - A universal seed scheduler for fuzzers (LibFuzzer and AFL havoc mode) and concolic execution engine (qsym).
ra66itmachine/GetInfo - Windows Emergency Response （应急响应信息采集）
RistBS/Awesome-RedTeam-Cheatsheet - Red Team Cheatsheet in constant expansion.
nirajkharel/AD-Pentesting-Notes -
geekan/HowToLiveLonger - 程序员延寿指南 | A programmer's guide to live longer
teamssix/awesome-cloud-security - awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员
slowmist/Blockchain-dark-forest-selfguard-handbook - Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.
chaosec2021/fscan-POC - 强化fscan的漏扫POC库
prettyrecon/OSINT_Intel_Tracker - OSINT Intelligence for different areas ( useful for different type of investigations and learning etc)
trickest/insiders - Archive of Potential Insider Threats
cryptofinlabs/audit-checklist - A Solidity smart contract auditing checklist
M1k0er/pentest-notes - 记录自己在内网渗透学习中的一些心得和技巧，不定期记录中:)
sherlocksecurity/VMware-CVE-2022-22954 - POC for VMWARE CVE-2022-22954
BlueTeamSteve/CVE-2021-41773 - Vulnerable docker images for CVE-2021-41773
coffeehb/Spring4Shell - 一个Spring4Shell 被动式检测的Burp插件
HuskyHacks/CobaltNotion - A spin-off research project. Cobalt Strike x Notion collab 2022
d3ckx1/Fvuln - F-vuln（全称：Find-Vulnerability）是为了自己工作方便专门编写的一款自动化工具，主要适用于日常安全服务、渗透测试人员和RedTeam红队人员，它集合的功能包括：存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。
makoto56/penetration-suite-toolkit - 本项目制作的初衷是帮助渗透新手快速搭建工作环境，工欲善其事，必先利其器。
lu2ker/pentest-treasure - 打造一个渗透测试藏宝阁！
kh4sh3i/Gitlab-CVE - a Curated list of gitlab vulnerability
1n7erface/RequestTemplate - 双语双端内网扫描以及验证工具
luckyfuture0177/ReZeroBypassAV - 从零开始学免杀
Firebasky/CodeqlLearn - 记录学习codeql的过程
mstxq17/SecurityArticleLogger - 分类和整理自己看过的所有文章，方便知识体系的建立和查漏补缺
kensh1ro/flutter-ssl-bypass - Flutter SSL pinning bypass using IP forwarding
delikely/Automotive-Security-Timeline - 汽车信息安全事件时间轴
o1mate/AppLocker-Bypass - Bypassing AppLocker with C#
CyberSecurityUP/Awesome-Cloud-PenTest -
MartinsAwojide/Process-System-Engineering-Catalogue - Catalogue of Articles, Projects, Papers and Resources relating to PSE
admin360bug/Compendium-of-Materia-Medica - 本草纲目V1.4版本
cyprosecurity/API-SecurityEmpire - API Security Project aims to present unique attack & defense methods in API Security field
nhthongDfVn/File-Converter-Exploit - A small collection of File converter vulnerability
gmh5225/awesome-llvm-security - awesome llvm security [Welcome to PR]
safe6Sec/PentestDB - 各种数据库的利用姿势
xmhwws/strongR-frida -
Y4er/dotnet-deserialization - dotnet 反序列化学习笔记
ASTTeam/CodeQL - 《深入理解CodeQL》Finding vulnerabilities with CodeQL.
AJMartel/MeGa-RAT-Pack - Remote Administration Tools & Remote access trojans in MEGA RAT PACK by B®AGA
caesar0301/awesome-pcaptools - A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
cider-security-research/top-10-cicd-security-risks -
Tas9er/ByPassBehinder4J - 冰蝎Java WebShell自动化免杀生成
tangxiaofeng7/Security_Q-A - 一直在更新的安全面试题
twosmi1e/Static-Analysis-and-Automated-Code-Audit - 静态分析及代码审计自动化相关资料收集
ics-iot-bootcamp/ICS_Awesome_List - Eclectic ICS (Industrial Control Systems) Resources & References
mehgrmlhmpf/AttackGraphGeneratorMasterThesis - This work shows the viability of automatically generated attack graphs that are used for adversary behavior execution in industrial control system environments. This viability is evaluated and confirm
kh4sh3i/ICS-Pentesting-Tools - A curated list of tools related to Industrial Control System (ICS) security and Penetration Testing
paulveillard/cybersecurity-industrial-control-systems-security - A collection of awesome software, libraries, documents, books, resources and cool stuff about industrial control systems in cybersecurity.
neutrinoguy/awesome-ics-writeups - Collection of writeups on ICS/SCADA security.
J0o1ey/BountyHunterInChina - 重生之我是赏金猎人系列，分享自己和团队在SRC、项目实战漏洞测试过程中的有趣案例
lohitakshnandan/Bug-Bounty-Dorks - Bug Bounty Dorks
krol3/container-security-checklist - Checklist for container security - devsecops practices
CreditTone/studycrawler - 爬虫从入门到入土心得体会
evilbuffer/malware-and-exploitdev-resources -
vvmdx/Sec-Interview-4-2023 - 一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
kenwoodjw/python_interview_question - 关于python的面试题
CVEProject/cvelist - Pilot program for CVE submission through GitHub
jixing-lab/lbb - lbb是一个企业信息查询工具，可以帮助企业查询自身对外公开的应用、新媒体，网站等。
lcvvvv/backway - backway是一款跨平台远程控制工具，在启动之后，会新建一个http服务，可通过该服务进行远程控制。
ycdxsb/WindowsPrivilegeEscalation - Collection of Windows Privilege Escalation (Analyse/PoC/Exp...)
allen1881996/WeChat-Data-Analysis - 微信聊天记录导出、数据库破解、数据分析 (iPhone & MacBook)
Qihoo360/safe-rules - 详细的C/C++编程规范指南，由360质量工程部编著，适用于桌面、服务端及嵌入式软件系统。
binganao/vulns-2022 - 本项目用于搜集 2022 年的漏洞，注意：本项目并不刻意搜集 POC 或 EXP，主要以CVE-2021、CVE-2022 为关键词，包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
yavolo/eventlistener-xss-recon -
NineRiverSec/Mac_Tools - 为了方便Mac用户参与渗透工作而创建的项目
snyk/zip-slip-vulnerability - Zip Slip Vulnerability (Arbitrary file write through archive extraction)
0range-x/Domain-penetration_one-stop - 域渗透一条龙
Goqi/Banli - Banli-高危资产识别和高危漏洞扫描
hluwa/Patchs - strongR-frida
NyDubh3/Pentesting-Active-Directory-CN - 域渗透脑图中文翻译版
Puliczek/awesome-list-of-secrets-in-environment-variables - 🦄🔒 Awesome list of secrets in environment variables 🖥️
packing-box/awesome-executable-packing - A curated list of awesome resources related to executable packing
jsecurity101/MSRPC-to-ATTACK - A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
Wker666/wJa - java decompile audit tools
Yihsiwei/GetOut360 - 强制关闭360 需要管理员权限
0xAwali/Blind-SSRF - Nuclei Templates to reproduce Cracking the lens's Research
ahmetgurel/Pentest-Hints - Tips for Penetration Testing
xen0vas/Pentest-Tips-and-Tricks - Tools and tricks gathered
samirettali/bounty-notes - My bug bounty notes
aetkrad/goby_poc - goby poc or exp,分享goby最新网络安全漏洞检测或利用代码
arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
SpiralBL0CK/Browser-Pwning- - A proper well structured documentation for getting started with chrome pwning & v8 pwning
crisprss/goHashDumper - 用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现
haby0/sec-note - 记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。
HackJava/Log4j2 - 《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!
aquasecurity/cloud-security-remediation-guides - Security Remediation Guides
XTeam-Wing/Awesome-Jetbrains-Plugin - A series of useful idea plugins
ak1t4/log4j-wordlists - headers
atnetws/fail2ban-log4j - fail2ban filter that catches attacks againts log4j CVE-2021-44228
google/clusterfuzzlite - ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
imfht/log4shell_payload_extract -
fastfire/deepdarkCTI - Collection of Cyber Threat Intelligence sources from the deep and dark web
yanbo92/sonarqube-cn-docker - 基于代码扫描工具sonarqube社区版docker镜像集成一些常用插件以及PostgreSQL数据库的docker-compose项目
ksoclabs/awesome-kubernetes-security - A curated list of awesome Kubernetes security resources
LoRexxar/log_dependency_checklist - Dependencies with Log4j2 Checklist
MohamedTarekq/log4j_Signature -
jas502n/woodpecker-plugins - woodpecker-plugins
authomize/log4j-log4shell-affected - Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulne
RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs -
fengxuangit/log4j_vuln - log4j漏洞靶场docker-compose
jas502n/Log4j2-CVE-2021-44228 - Remote Code Injection In Log4j
YfryTchsGD/Log4jAttackSurface -
RabbyHub/Web3AppStoreProtocol - the first solution for the security and accessibility of Web3 Apps!
A-D-Team/grafanaExp - A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.
star-sg/Presentations -
burpheart/PHPAuditGuideBook - 《PHP代码审计入门指南》这本指南包含了我在学习PHP代码审计过程中整理出的一些技巧和对漏洞的一些理解
sidxparab/Subdomain-Enumeration-Guide - This is a comprehensive subdomain enumeration Guide
kleiton0x00/Advanced-SQL-Injection-Cheatsheet - A cheat sheet that contains advanced queries for SQL Injection of all types.
ColdFusionX/CVE-2021-26086 - Atlassian Jira Server/Data Center 8.4.0 - Arbitrary File read (CVE-2021-26086)
CodingDocs/awesome-java - Collection of awesome Java project on Github(非常棒的 Java 开源项目集合).
HTFTIMEONE/edusrcurl - 全国edu将近50万个域名
Cyber-Guy1/theCyberGuy_Recon_V1.0 -
A-D-Team/attackRmi -
l0ggg/VMware_vCenter - VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
waterrr/BlackIP - 扫描CobaltStrike的恶意IP
center-for-threat-informed-defense/attack_to_cve - A methodology for mapping MITRE ATT&CK techniques to vulnerability records to describe the impact of a vulnerability.
RoqueNight/Linux-Privilege-Escalation-Basics - Simple and accurate guide for linux privilege escalation tactics
Karanxa/Bug-Bounty-Wordlists - A repository that includes all the important wordlists used while bug hunting.
fangzesheng/free-api - 收集免费的接口服务,做一个api的搬运工
flydoos/DingTalkRevokeMsgPatcher - 钉钉消息防撤回补丁PC版（原名：钉钉电脑版防撤回插件，也叫：钉钉防撤回补丁、钉钉消息防撤回补丁）由“吾乐吧软件站”开发制作，本程序用于钉钉电脑版6.0以上版本，主要功能如下：1、支持文字消息防撤回 2、支持图片消息防撤回，支持查看高清原图 3、支持文件识别、URL识别、卡片回复消息识别等 4、支持富文本消息防撤回 5、支持个人消息防撤回，以及群主或管理员消息防撤回 6、支持自己发送的消息
crow821/vulntarget - vulntarget靶场系列
xinxin999/My-Summarizing - 我自己的一些总结
spring2go/cs_study_plan - 一份硬核(hardcore)计算机科学CS自学计划，偏向软件工程和系统架构方向
sdslabs/recommends - A collection of resources and reading material that we recommend
geeksonsecurity/vuln-web-apps - A curated list of vulnerable web applications.
XRSec/AWVS-Update - Awvs Scanner、fahai
Relkci/Zabbix_Nessus-Professional_Monitoring - Zabbix Nessus Professional Monitor (API)
Liqunkit/LiqunKit_ - 下架
diegolnasc/kubernetes-best-practices - A cookbook with the best practices to working with kubernetes.
knownsec/Ethereum-Smart-Contracts-Security-CheckList - Ethereum Smart Contracts Security CheckList From Knownsec 404 Team
i11us0ry/gofun - 一些内网渗透中可能用到的东拼西凑做出来的小工具
ninoseki/phishing_kits_2021 - A dataset of phishing kits in the wild
iceyhexman/flask_memory_shell - Flask 内存马
HackJava/HackJava - 《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
fengupupup/RocB - 鹏 RocB - Java代码审计IDEA插件 SAST
r0eXpeR/supplier - 主流供应商的一些攻击性漏洞汇总
AndrewRathbun/DFIRMindMaps - A repository of DFIR-related Mind Maps geared towards the visual learners!
bigsizeme/fastjson-check - fastjson 被动扫描、不出网payload生成
daffainfo/all-about-apikey - Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)
aufzayed/bugbounty - Bugbounty Resources
Bo0oM/WAF-bypass-Cheat-Sheet - Another way to bypass WAF Cheat Sheet (draft)
mobile-roadmap/android-developer-roadmap - Android Developer Roadmap 2020
Y4er/CVE-2021-35215 - SolarWinds Orion Platform ActionPluginBaseView 反序列化RCE
weartist/computer-book-list - 一个综合了豆瓣，goodreads综合评分的计算机书籍书单
safe6Sec/PentestNote - 一些渗透姿势记录
Vinum-Security/kubernetes-security-checklist - Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
yangyiRunning/Beijing-House - 面向北京码农同胞的从0开始的买房踩盘实录，目标只有一个: 每一分钱都花的明白(持续补充和完善ing…)
httptoolkit/httptoolkit - HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac :tada: Open an issue here to give feedback or ask for help.
daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates - Investigation about ACL abusing for Active Directory Certificate Services (AD CS)
Astartgo/easy-for-webscan - 根据WebBatchRequest图形化二次开发：增加了指纹识别模块，可识别大概上千条指纹，增加了IP段处理，支持C段和B段处理，增加了301处理,增加了去重空节点的功能，可节省内存消耗,推荐勾选此选项
antonio-morales/Fuzzing101 - An step by step fuzzing tutorial. A GitHub Security Lab initiative
lehui99/articles -
kingz40o/Aggressor_dingding - cobaltstrike 上线提醒
clarkvoss/AEM-List -
Ignitetechnologies/Command-Control - This cheasheet is aimed at the Red Teamers to help them find diffent tools and methods to create a Commmand and Control Server and exploit remote session.
hetmehtaa/bug-bounty-noob -
lintstar/About-Attack - 一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集，降低红队技术门槛的手册【持续更新】
he1m4n6a/Go_Security_Study - golang安全学习总结
Ignitetechnologies/Nmap-For-Pentester - This cheatsheet was created to assist Red Teamers and Penetration Testers in hunting down vulnerabilities using "Nmap."
JoshuaProvoste/URL-Encode-Injection - URL Encode Injection List
Zeyad-Azima/Offensive-Resources - A Huge Learning Resources with Labs For Offensive Security Players
hmaverickadams/TCM-Security-Sample-Pentest-Report - Sample pentest report provided by TCM Security
mstxq17/CVE-2021-1675_RDL_LPE - PrintNightMare LPE提权漏洞的CS 反射加载插件。开箱即用、通过内存加载、混淆加载的驱动名称来ByPass Defender/EDR。
zhangxiangliang/civil-service-exam - 考试攻略 | 公务员 | 事业单位
sigp/solidity-security-blog - Comprehensive list of known attack vectors and common anti-patterns
NitinYadav00/My-Nuclei-Templates - Nuclei Templates - Here you will find the templates I use while hunting
iamsarvagyaa/AndroidSecNotes - An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.
thelikes/fuzzmost - all manner of wordlists
vavkamil/awesome-vulnerable-apps - Awesome Vulnerable Applications
Bhagavan-Bollina/BugBounty-Dorks - Highly recommended dorks for bug bounty
0xmaximus/Galaxy-Bugbounty-Checklist - Tips and Tutorials for Bug Bounty and also Penetration Tests.
RiskySignal/Devil-Whisper-Attack - Devil-Whisper-Attack
stratosphereips/awesome-ml-privacy-attacks - An awesome list of papers on privacy attacks against machine learning
bkrem/awesome-solidity - ⟠ A curated list of awesome Solidity resources, libraries, tools and more
ShutdownRepo/The-Hacker-Recipes - This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, intelligence gathering, physical intrusion, phishing, mobile app
pdelteil/BugBountyReportTemplates - List of reporting templates I have used since I started doing BBH.
dorkerdevil/Azorult-hunter - Azorult C&C hunter with bash onliner and nuclei yaml rule
Lz1y/SyncDog - Make bloodhound sync with cobaltstrike.
vestjoe/cobaltstrike_services - AutoStart teamserver and listeners with services
threatexpress/cobaltstrike_payload_generator - Quickly generate every payload type for each listener and optionally host via HTTP.
rarecoil/pantagrule - large hashcat rulesets generated from real-world compromised passwords
MountCloud/FireKylin - 🔥火麒麟-网络安全应急响应工具(系统痕迹采集)Cybersecurity emergency response tool.👍👍👍
optiv/OSINT_Encyclopedia - Your go-to resource for all things OSINT
the-xentropy/samlists - Free, libre, effective, and data-driven wordlists for all!
flothrone/smm -
tianmusec/SickleOfSkyCurtain - zoomeyeGUI
subat0mik/whoamsi - An effort to track security vendors' use of Microsoft's Antimalware Scan Interface
eastlakeside/awesome-productivity-cn - 绝妙的个人生产力（Awesome Productivity - Chinese version）
IT-Weekly/APP -
zwjjustdoit/Xstream-1.4.17 - XSTREAM<=1.4.17漏洞复现（CVE-2021-39141、CVE-2021-39144、CVE-2021-39150）
galdeleon/Conferences -
optiv/Registry-Recon - Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
baiduxlab/sgxray -
0x727/FingerprintHub - 侦查守卫(ObserverWard)的指纹库
r0eXpeR/Online_Tools - 一些在线的工具,情报资源
Mel0day/RedTeam-BCS - BCS（北京网络安全大会）2019 红队行动会议重点内容
EdgeSecurityTeam/Eeyes - Eeyes(棱眼)-快速筛选真实IP并整理为C段
Cobalt-Strike/teamserver-prop - TeamServer.prop is an optional properties file used by the Cobalt Strike teamserver to customize the settings used to validate screenshot and keylog callback data, which allows you to tweak the fix fo
joswha/Secure-Coding-Handbook - Web Application Secure Coding Handbook resource.
CnTransGroup/EffectiveModernCppChinese - 《Effective Modern C++》- 完成翻译
BigGan/Windows-Hack-Programming - 《WINDOWS黑客编程技术详解》，作者甘迪文，2018年12月由人民邮电出版社出版，是一本面向黑客编程初学者的书，较为全面的地总结黑客编程技术。其内容重在实践，着重剖析技术实现原理，向读者讲解黑客编程技术的实现方法。
cloudcommunity/Free-Certifications - A curated list of free courses & certifications.
bakke92/awesome-gdpr - Protection of natural persons with regard to the processing of personal data and on the free movement of such data.
PhishyAlice/awesome-phishing - Collection of resources related to phishing
nevillegrech/MadMax - Ethereum Static Vulnerability Detector for Gas-Focussed Vulnerabilities
JerryLinLinLin/Huorong-HIPS-Rule-Schema - The project includes two json schemas of Huorong Host-based Intrusion Prevention System (HIPS) custom rule files (json). They can be used to validate Huorong HIPS rules and speed up editing.
decalage2/awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources
taterbrown/cisco-secure-config - Security hardening for Cisco devices
sametsazak/sysmon - Sysmon and wazuh integration with Sigma sysmon rules [updated]
limiteci/sql-injection-payloads - simple markdown-list to operate SQL injections
jamestiotio/NoMoreRansom - All-in-One Ransomware Decryption Tools (Unofficial Mirror)
s4dhul4bs/vimana-framework - Vimana is an experimental security tool that aims to provide resources for auditing Python web applications.
talsec/Free-RASP-Community - SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
spaze/hashes - Magic hashes – PHP hash "collisions"
xxycfhb/pku_exploit_files -
safe6Sec/Fastjson - Fastjson姿势技巧集合
404notf0und/AI-for-Security-Landing - 企业级安全智能化实践
XTeam-Wing/SharpMimikatz - Csharp 反射加载dll
phonchi/awesome-side-channel-attack - A curated list of awesome side-channel attack resources
x1ah/gena-template - 一键生成导航网站(GitHub Template of generating personal start page)
arialdomartini/Back-End-Developer-Interview-Questions - A list of back-end related questions you can be inspired from to interview potential candidates, test yourself or completely ignore
TimelifeCzy/Windows-emergency-servicetools - Windows一键检测应急响应服务工具/r3数据采集
wyzxxz/heapdump_tool - heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等
magoo/ato-checklist - A checklist of practices for organizations dealing with account takeover (ATO)
FDlucifer/DroidJack-cracked-version- - DroidJack (安卓远控神器破解版)
ch33r10/EnterprisePurpleTeaming - Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
winezer0/burp-random-header-plus - Realize the dynamic modification of the request header，用于实现请求头的动态修改burp插件。
jaiswalakshansh/Facebook-BugBounty-Writeups - Collection of Facebook Bug Bounty Writeups
S3cur3Th1sSh1t/LDAP-Signing-Scanner - A little scanner to check the LDAP Signing state
payloadbox/xxe-injection-payload-list - 🎯 XML External Entity (XXE) Injection Payload List
emadshanab/facebook-bug-bounty-writeups - Facebook Bug Bounties
bilalmerokhel/bugbounty -
wangtielei/Slides - slides for conference talks
WBGlIl/Beacon_re -
bohops/UltimateWDACBypassList - A centralized resource for previously documented WDAC bypass techniques
cfalta/MicrosoftWontFixList - A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021
cpkkcb/fuzzDicts - 渗透测试路径字典，爆破字典。内容来自互联网和实战积累。
disclose/bug-bounty-platforms - A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet.
glitchedgitz/cook-ingredients - The largest collection of wordlists in yaml for bug bounty tools
shramos/Awesome-Cybersecurity-Datasets - A curated list of amazingly awesome Cybersecurity datasets
kot-behemoth/awesome-joplin - 📒 A curated list of awesome Joplin themes and tools.
tjnull/TJ-JPT - This repo contains my pentesting template that I have used in PWK and for current assessments. The template has been formatted to be used in Joplin
daikerSec/windows_protocol -
OffcierCia/DeFi-Developer-Road-Map - DeFi Developer roadmap is a curated Developer handbook which includes a list of the best tools for DApps development, resources and references!
murataydemir/CVE-2020-3452 - [CVE-2020-3452] Cisco Adaptive Security Appliance (ASA) & Cisco Firepower Threat Defense (FTD) Web Service Read-Only Directory Traversal
MistSpark/DNS-Wordlists - part of my wordlist to bruteforce DNS to find subdoamains.
emadshanab/Nuclei-Templates-Collection - Nuclei Templates Collection
sectool/redteam-hardware-toolkit - 🔺 Red Team Hardware Toolkit 🔺
nccgroup/exploit_mitigations - Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.
vavkamil/awesome-bugbounty-tools - A curated list of various bug bounty tools
emadshanab/Scan-Apple-ASN-for-vulnerabilities-and-leave-no-port -
sapegin/jest-cheat-sheet - Jest cheat sheet
bkerler/Loaders - EDL Loaders
XTeam-Wing/Active-Directory-Security-101 - Active-Directory-Security-101
NagliNagli/Shockwave-OSS -
bin-maker/apkshell - 实用的针对安卓应用加壳类型判断的小工具，涵盖各大商业、企业壳，长期保持更新
We5ter/Flerken - A Solution For Cross-Platform Obfuscated Commands Detection presented on CIS2019 China. 动静态Bash/CMD/PowerShell命令混淆检测框架 - CIS 2019大会
RavikumarRamesh/hpAndro1337 - Repository for download all version of @hpAndro1337 (Android AppSec) application. All application listed on play store. https://play.google.com/store/apps/details?id=hpandro.android.security
BlackFan/content-type-research - Content-Type Research
eastmountyxz/Sui-AIResearch - 该资源将应用人工智能技术研究水族文化、文字和古籍。为更好的抢救和保护濒危水族文字和非物质文化遗产，作者申请并开源了该项目，主要通过人工智能技术识别水书，构建与汉字的自动翻译系统，实现水族本体和文献知识图谱构建，挖掘新词并溯源民族变迁历史。作者回到家乡贵州教书以来，对利用AI抢救民族文物研究产生浓厚兴趣并后半生都将致力于该研究中，包括侗族大歌、苗族飞歌语音识别研究，王阳明文化研究，少数民族古籍文字保
othneildrew/Best-README-Template - An awesome README template to jumpstart your projects!
Avileox/BB-SH-B -
forced-request/xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
wyzxxz/aksk_tool - AK资源管理工具，阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/七牛云存储 AccessKey AccessKeySecret，利用AK获取资源信息和操作资源，ECS/CVM/E2/UHOST/ECI执行命令，OSS/COS/S3管理，RDS/DB管理，域名管理，添加RAM/CAM/IAM账号等
awslabs/aws-security-analytics-bootstrap - AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena analysis environment that's quick to deploy, ready to use, and e
purabparihar/Web-Application-Pentest-Checklist -
0voice/campus_recruitmen_questions - 2021年最新整理，5000道秋招/提前批/春招/常用面试题（含答案），包括leetcode，校招笔试题，面试题，算法题，语法题。
binance/binance-spot-api-docs - Official Documentation for the Binance Spot APIs and Streams
TROUBLE-1/Cloud-Pentesting - This repository is in progress, it will keep updating as I come across to new learning materials. Feel free to contribute.
gh0stkey/Binary-Learning - 二进制安全相关的学习笔记，感谢滴水逆向的所有老师辛苦教学。
FalconForceTeam/FalconFriday - Hunting queries and detections
Ondrik8/byPass_AV -
PDWR/3vilMacro - This is a easy tool for gen VBA code, and bypass most antivirus
wsummerhill/CobaltStrike_RedTeam_CheatSheet - Useful Cobalt Strike techniques learned from engagements
Green-m/msfvenom-zsh-completion - zsh completion for msfvenom in Metasploit
boy-hack/go-strip - 清除Go编译时自带的信息
mzlogin/awesome-adb - ADB Usage Complete / ADB 用法大全
hhxy/e-message_exp - e-mesaage <=4.15 后台jar包上传exp
adi0x90/attifyos - Attify OS - Distro for pentesting IoT devices
TomBener/stay-away-from-wechat - 人生苦短，远离微信
benjamin-schultz/wow-such-miner - A FPGA Dogecoin Miner
ydycjz6j/VICIdial - Concept:
emadshanab/admin-login -
SCUBSRGroup/Automatic-Exploit-Generation - Something about AEG
emadshanab/Subdomains-brutforce-wordlists-collection -
emadshanab/Burp-Bounty-free-Profiles-Collection -
emadshanab/VOIP-Pentesting-checklist-Cheatsheet-Tools -
yuyan-sec/druid_sessions - 获取 alibaba druid 一些 sessions , sql , urls
salmonx/dictionaries - Fuzzing dictionaries for afl-fuzz/LibFuzzer
Ignitetechnologies/Credential-Dumping - This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples. There are multiple ways to perform the sa
Ph4l4nx/CTF-s-Tools - Repository to index useful tools for CTF's
MountCloud/JavaDecompileTool-GUI - Java Decompile Tool GUI-JAVA反编译工具（界面版）
SofianeHamlaoui/Pentest-Bookmarkz - A collection of useful links for Pentesters
MustafaSky/Guide-to-SSRF - Guide to SSRF
naozibuhao/fofatools -
obreinx/nuceli-templates - My Custom made Nuceli-Templates
optiv/mobile-nuclei-templates -
geeknik/the-nuclei-templates - Nuclei templates written by us.
woodpecker-framework/woodpecker-framework-release - 高危漏洞精准检测与深度利用框架
Tencent/secguide - 面向开发人员梳理的代码安全指南
dievus/printspoofer -
eastmountyxz/APT_Digital_Weapon - Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
outflanknl/HelpColor - Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
stackblitz/webcontainer-core - Dev environments. In your web app.
samwcyo/CVE-2021-27651-PoC - RCE for Pega Infinity >= 8.2.1, Pega Infinity <= 8.5.2
digitalarche/OnlineToolsForBlueTeam - By Categories all online tools for blueteam
Securityinbits/cheatsheet - These are some of the commands which I use frequently during Malware Analysis and DFIR.
scythe-io/purple-team-exercise-framework - Purple Team Exercise Framework
12306Bro/Hunting-guide - Personal basics collection library
Ershu1/2021_Hvv - 2021 hw
dr0op/shiro-550-with-NoCC - Shiro-550 不依赖CC链利用工具
twseptian/oneliner-bugbounty - oneliner commands for bug bounties
MinoTauro2020/AndroidBugBounty - Find interesting things in APK
XTeam-Wing/X-AV - X系列安全工具-AV免杀框架-BypassAV
hmaverickadams/External-Pentest-Checklist -
halencarjunior/BugBuntu - BugBuntu Linux
BushidoUK/CTI-Lexicon - Dictionary of CTI-related acronyms, terms, and jargon
haidragon/study_Android_Mchange - android 系统定制(魔改)
nnjun/BlackBox - 黑盒BlackBox，是一款虚拟引擎，支持5.0～12.0，可以在Android上克隆、运行虚拟应用，拥有免安装运行能力，已集成Xposed框架。黑盒可以掌控被运行的虚拟应用，做任何想做的事情。
JeremyBlackthorne/Ghidra-Keybindings -
XTeam-Wing/Hunting-Active-Directory - 个人整理的一些域渗透Tricks，可能有一些错误。
GetRektBoy724/MeterPwrShell - Automated Tool That Generates The Perfect Meterpreter Powershell Payload
BBerastegui/fresh-dns-servers - Fresh DNS servers
Kevin-Robertson/InveighZero - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
MoisesTapia/TWAPT - Deploy your own lab of web application penetration testing with docker and docker-compose, webgoat, dvwap, bwapp and Juice Shop
ehsaanqazi/Bug-Bounty - Resources and Guides for Web Application Vulnerabilities
cujanovic/Markdown-XSS-Payloads - XSS payloads for exploiting Markdown syntax
r0eXpeR/pentest - 内网渗透中的一些工具及项目资料
hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
Richard-Tang/x1DecoderPlus - AntSword(蚁剑)全参数流量XOR和Base64加伪装WebShell
EXHades/CyberSpaceSearchEngine-Research - 网络空间测绘/搜索引擎相关的资料
maxandersen/internet-monitoring - Monitor your network and internet speed with Docker & Prometheus
timwhitez/Doge-Defense-Evasion-Ref - Defense Evasion & Bypass AntiVirus reference
Airboi/bypass-av-note - 免杀技术大杂烩---乱拳也打不死老师傅
ftpmorph/ftprivacy - A collection of ad block lists for Pi Hole, AdGuard Home, pfBlockerNG, uBlock Origin, and more... - https://ftprivacy.cloud
dsopas/MindAPI - Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
aahmad097/ZoomPersistence - Zoom Persistence Aggressor and Handler
HolyBugx/HolyTips - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Lotlab/Lot60-BLE-Keyboard - A 60% bluetooth keyboard (Hardware)
onceupon/Bash-Oneliner - A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
preludeorg/operator-support - Operator: an autonomous red team command-and-control platform to make security testing more accessible.
dustyfresh/PHP-vulnerability-audit-cheatsheet - This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
eastmountyxz/CSDNBlog-Security-Based - 为了更好地管理博客文章，分享更好的知识，该系列资源为作者CSDN博客的备份文件。本资源为网络安全自学篇，包括作者安全工具利用、Web渗透、系统安全、CVE漏洞复现、安全论文及会议等知识，希望对您有所帮助！一起加油。
harsh-bothra/Security-Talks-Slides - This repository contains all the Talk slides that I have given at various security conferences, events & meetups.
YinWC/Security_Learning - Security Learning For All~
ruanbekker/ansible-docker-swarm - Initialize Docker Swarm with Ansible
lokles/Web-Development-Interview-With-Java - Java 开发相关技术栈（大中厂）高频面试问题收录。
w2n1ck/vulwiki - 常见漏洞知识库文档
shifa123/bugbountyDorks - This repo contains all the Bug Bounty Dorks sourced from different awesome sources and compiled at one place
kuchin/awesome-cto - A curated and opinionated list of resources for Chief Technology Officers, with the emphasis on startups
FuzzySecurity/AzureWireGuard - Automated WireGuard Deployment on Azure
taojintianxia/github-bookmark - 收集了Github上的优秀工具,框架,知识合集
broken5/bscan -
WilliamL71Oi/FOFA_PRO_GUI - 用python做的十分好用且强大的FOFA的GUI版本，原创版本，点个star，谢谢支持
TheCrysp/Gitty -
xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes -
waylau/git-for-win - Git for Windows. 国内直接从官网下载比较困难，需要翻墙。这里提供一个国内的下载站，方便网友下载
git-for-windows/git-sdk-64 - A Git repository mirroring the current 64-bit Git for Windows SDK
blockthreat/blocksec-ctfs - A curated list of blockchain security Capture the Flag (CTF) competitions
PalindromeLabs/Java-Deserialization-CVEs - Compiled dataset of Java deserialization CVEs
biws-byte/pdf - 上传资料文档
evets007/OSCP-Prep-cheatsheet -
sourceincite/CVE-2021-26121 -
KathanP19/OpenBB-Scope - OpenBugBounty - https://www.openbugbounty.org/ programs list
TeraSecTeam/ary - Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。
boh/RedCsharp - Collection of C# projects. Useful for pentesting and redteaming.
bin-maker/2021CDN -
zhengmin1989/POP_AND_PUSH - A collection of POP exploits.
ethicalhackingplayground/recon_db_scripts - Creating a Database for Mass Recon
k8gege/KaliLadon - Ladon for Linux (Kali), Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password
harsh-bothra/learn365 - This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
e11i0t4lders0n/SAML-SSO -
Ignitetechnologies/bugbounty -
TheBinitGhimire/GitHub-Recon - GitHub Recon — and what you can achieve with it!
novanazizr/10-Reset-Password-Flaws - 10 Reset Password Flaws Based on Web Application Security
crisxuan/bestJavaer - 这是一个成为更好的Java程序员的系列教程
marcosValle/awesome-windows-red-team - A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
Jewel591/Vulnerability-Summary - 常见漏洞描述、漏洞影响及修复建议，为规范的渗透测试报告提供参考 | Common vulnerability descriptions, vulnerability impacts and remediation recommendations for standardized penetration testing reports
MyKings/security-study-tutorial - Summary of online learning materials
lutfumertceylan/top25-parameter - For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Al1ex/CVE-2020-13937 - Apache Kylin API Unauthorized Access
Tas9er/RedisSSHKey - Code By:Tas9er / Redis未授权SSH协议公钥写入漏洞验证
WillOram/cyber-incident-management - Notes on managing and coordinating the response to major cyber incidents
aws-samples/aws-incident-response-playbooks -
tamimhasan404/Nmap-Cheat-Sheet - Here I am trying to show you some cheat-sheet of nmap. Which may help you on penetration testing and bug hunting.
SnollyG0st3r/android-security-awesome - A collection of android security related resources
SnollyG0st3r/android_app_security_checklist - Android App Security Checklist
997509/pentest-mobile-cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
kyawthiha7/Mobile-App-Pentest -
w0lfzhang/some_nday_bugs -
TheMRLL/WinXray - 支持Xray / V2Ray（vmess / vless），Shadowsocks，SSR，Trojan，NaïveProxy，Trojan-go通用客户端（Windows）！默认基于xray核心！本程序采用aardio设计与开发！
Qftm/Information_Collection_Handbook - Handbook of information collection for penetration testing and src
iamthefrogy/Web-Application-Pentest-Checklist - This is one of the largest checklist available so far on the Internet.
chriskaliX/AD-Pentest-Notes - 用于记录内网渗透(域渗透)学习 :-)
bg6cq/ITTS - Campus IT Technical Specifications
mr-r3b00t/CVE-2021-3156 -
novanazizr/BugBountyHunting - Some Tutorials and Things to Help Bug Hunter
ClownQq/YDArk - X64内核小工具
k-lazarev/joplin-ctf-template - Joplin template for CTF events / OSCP labs & exam
WinkoErades/Joplin-note-taking-templates - Joplin note taking templates
tess-ss/writeups -
dubey-amit/Web-Cheatsheet - Vulnerability Cheatsheet
ffffffff0x/Pentest101 - 一些关于渗透测试的Tips
Power7089/PenetrationTest-Tips - 渗透测试，渗透测试小技巧，渗透测试Tips，师傅们跟我一起维护更新吧~
dloss/python-pentest-tools - Python tools for penetration testers
mrtouch93/awesome-security-feed - A semi-curated list of Security Feeds
security-cheatsheet/metasploit-cheat-sheet - Metasploit Cheat Sheet 💣
cqsd/daily-commonspeak2 - commonspeak2 subdomains wordlist generated daily DEPRECATED The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists
GrapheneOS/platform_manifest - Repo manifest for the GrapheneOS mobile privacy and security hardening project.
Malayke/nofingerprint - remove common pentest tools fingerprint
ayoubfathi/leaky-paths - A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoi
httpvoid/writeups -
sbousseaden/macOS-ATTACK-DATASET - JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
assetnote/blind-ssrf-chains - An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
coder2gwy/coder2gwy - 互联网首份程序员考公指南，由3位已经进入体制内的前大厂程序员联合献上。
Al1ex/CVE-2020-36179 - CVE-2020-36179~82 Jackson-databind SSRF&RCE
418sec/huntr - Public Roadmap | huntr.dev
Adminisme/SharpRDPLog - Windows rdp相关的登录记录导出工具，可用于后渗透中Windows服务器的信息收集阶段。输出内容包括：本地rdp端口、mstsc缓存、cmdkey缓存、登录成功、失败日志事件。
R0X4R/D4rkXSS - A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF
ch1nghz/CVE-2020-11851 - Remote Code Execution vulnerability on ArcSight Logger
aceld/golang - 《Golang修养之路》本书针对Golang专题性热门技术深入理解，修养在Golang领域深入话题，脱胎换骨。
sjsdfg/effective-java-3rd-chinese -
uzzzval/CVE-2020-17530 -
BrodieInfoSec/Gift -
thunderbarca/Caesar - 一个全新的敏感文件发现工具
Quikko/Recon-Methodology - Recon Methodology
TeraSecTeam/poc-collection - poc-collection 是对 github 上公开的 PoC 进行收集的一个项目。
MichaelKoczwara/Awesome-CobaltStrike-Defence - Defences against Cobalt Strike
cpuu/awesome-fuzzing - A curated list of awesome Fuzzing(or Fuzz Testing) for software security
FunnyWolf/Viper - Redteam operation platform with webui 图形化红队行动辅助平台
Al1ex/CVE-2020-35728 - CVE-2020-35728 & Jackson-databind RCE
xiaolai/spreadsheets-for-investors - 投资人必会知识 —— 电子表格简明进阶教程
afatcoder/LeetcodeTop - 汇总各大互联网公司容易考察的高频leetcode题🔥 推荐刷题网站：https://www.lintcode.com/?utm_source=tf-github-codetop
attacker-codeninja/100DaysToLearnandImprove - My notes of Day1 Day2 will be posted here as journey
RangerNJU/Static-Program-Analysis-Book - Getting started with static program analysis. 静态程序分析入门教程。
chenjj/Awesome-HTTPRequestSmuggling - A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
stnv/pentest-playbook - Pentest Playbook - In other words, this is my hacking notebook where I write down all notes from my journey in cybersecurity.
birdbee44/Resources -
Proteas/apple-cve - apple cve list
jas502n/CVE-2020-17008 - CVE-2020-17008 splWOW64 Elevation of Privilege
attacker-codeninja/AllThingsBugHunting -
xfiftyone/xTools - xTools，一个辅助小工具
gobysec/GobyExtension - Goby extension doc.
tigerszk/aws_sec_traning -
Sab0tag3d/MITM-cheatsheet - All MITM attacks in one place.
IQTLabs/software-supply-chain-compromises - A dataset of software supply chain compromises. Please help us maintain it!
cedowens/C2-JARM - A list of JARM hashes for different ssl implementations used by some C2/red team tools.
RASSec/burpsuite-plugins-notes -
RedDrip7/APT_Digital_Weapon - Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
doubleee/WebFuzzing - 自用字典，收集实战中遇到的奇特目录名、后门文件名等。不定期更新！
qigpig/bypass-beacon-config-scan - Bypass cobaltstrike beacon config scan
cypher3107/GF-Patterns -
Matir/gf-patterns -
r00tkie/grep-pattern - collection of various grep patterns collected from tomnomnom/gf and other places
bp0lr/myGF_patterns -
bfuzzy/auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
oskarsve/ms-teams-rce -
r0eXpeR/redteam_vul - 红队作战中比较常遇到的一些重点系统漏洞整理。
doyensec/awesome-electronjs-hacking - A curated list of awesome resources about Electron.js (in)security
Nanguage/Rainbow-Fart-MBG - 程序员要讲码德，耗子尾汁，好好反思！
Ignitetechnologies/Web-Application-Cheatsheet - This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples.
devsecops/awesome-devsecops - An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
ghsec/webHunt - Web App bug hunting
secoba/SomePubRegex - Some useful regexes
anderseknert/awesome-opa - A curated list of OPA related tools, frameworks and articles
amrandazz/attack-guardduty-navigator - A MITRE ATT&CK Navigator export for AWS GuardDuty Findings
ptswarm/ptswarm-twitter -
Y000o/Sql_injection_medium-advanced.md -
mark0smith/Kunlun-M-GUI - Kunlun-M 的GUI程序
kallydev/privacy - 个人隐私泄露检测工具。
ChandlerBang/awesome-graph-attack-papers - Adversarial attacks and defenses on Graph Neural Networks.
disclose/diodata - Tools, data, and contact lists relevant to The disclose.io Project.
msaponja/Manual - The project is based on Ben Clark's book: Red Team Field Manual.
0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
pingfangx/jetbrains-in-chinese - JetBrains 系列软件汉化包关键字: Android Studio 3.5 汉化包 CLion 2019.3 汉化包 DataGrip 2019.3 汉化包 GoLand 2019.3 汉化包 IntelliJ IDEA 2019.3 汉化包 PhpStorm 2019.3 汉化包 PyCharm 2019.3 汉化包 Rider 2019.3 汉化包 RubyMine 2019.3 汉化
SeikoSrp/Pentest-Notes - 《内网安全攻防-渗透测试实战指南》一些技术点概括
mitre/advmlthreatmatrix - Adversarial Threat Landscape for AI Systems
joker2a/OSCP - OSCP cheatsheet
push0ebp/sig-database - IDA FLIRT Signature Database
ziadoz/awesome-php - A curated list of amazingly awesome PHP libraries, resources and shiny things.
driverCzn/Glibc-source-browser - Multi-version glibc source browser based on code.woboq.org 's product.
0voice/expert_readed_books - 2021年最新总结，推荐工程师合适读本，计算机科学，软件技术，创业，思想类，数学类，人物传记书籍
zer0yu/RedTeam_CheetSheets - RedTeam参考，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
hausec/Bloodhound-Custom-Queries - Custom Query list for the Bloodhound GUI based off my cheatsheet
cyber-research/APTMalware - APT Malware Dataset Containing over 3,500 State-Sponsored Malware Samples
whitespots/fast-security-scanners - Security checks for your researches
CTF-MissFeng/nmaps - 采用Golang编写的新一代端口及指纹扫描器
dgryski/awesome-go-style - A collection of Go style guides
kdeldycke/awesome-iam - 👤 Identity and Access Management knowledge for cloud platforms
OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Ignitetechnologies/BurpSuite-For-Pentester - This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".
c0rdis/security-champions-playbook - Security Champions Playbook v 2.1
ReconInfoSec/rhq - Recon Hunt Queries
VillanCh/palm-kit-desktop - 发布 palm-kit 桌面版
blanboom/awesome-home-networking-cn - 家庭网络知识整理
lbcz-tian/Windows-Terminal-beautify - Windows Terminal美化教程
PolarisLab/AESGFIC - 互联网企业安全高级指南读书笔记脑图 - http://www.mottoin.com/95816.html & http://www.mottoin.com/95828.html Author：hblf@MottoIN Team
irsl/apache-openoffice-rce-via-uno-links -
saeidshirazi/awesome-android-security - A curated list of Android Security materials and resources For Pentesters and Bug Hunters
JnuSimba/AndroidSecNotes - some learning notes about Android Security
uknowsec/TailorScan - 自用缝合怪内网扫描器，支持端口扫描，识别服务，获取title，扫描多网卡，ms17010扫描，icmp存活探测。
jas502n/jasypt - jasypt Decrypt Encrypt
jas502n/oracleShell - oracle 数据库命令执行
anhkgg/anhkgg-tools - Anhkgg's Tools
WinMin/Protocol-Vul - Some Vulnerability in the some protocol are collected.
Virdoexhunter/OneLinerBashrcCommands -
j1anFen/shiro_attack - shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）
zodiacon/AllTools - All reasonably stable tools
HackerYunen/CTFWPS - All the writeups of www.ctfwp.com
resumejob/interview-questions - Interview Questions for Google, Amazon, Apple, etc. 根据超过 2000 篇真实面经整理的腾讯，阿里，字节跳动，Shopee，美团，滴滴高频面试题
kongsec/Wordpress-BruteForce-List - WordPress Bruteforce List, Default paths and endpoints
hellodword/wechat-feeds - [已停止服务] 给微信公众号生成 RSS 订阅源
xiaokanghub/Android - Android 加固应用Hook方式-Frida
Purp1eW0lf/HackTheBoxWriteups - Writeups for the machines on ethical hacking site Hack the Box
Neo23x0/vti-dorks - Awesome VirusTotal Intelligence Search Queries
KingFalse/ojdk - 最新的JDK国内下载地址
wcventure/FuzzingPaper - Recent Fuzzing Paper
mahavivo/english-wordlists - 常用英语词汇表
six2dez/pentest-book -
nil0x42/awesome-hacker-note-taking - Awesome note-taking apps for hackers & pentesters !
k8gege/PasswordDic - 2011-2019年Top100弱口令密码字典 Top1000密码字典服务器SSH/VPS密码字典后台管理密码字典数据库密码字典子域名字典
gtworek/Priv2Admin - Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
taielab/Taie-Bugbounty-killer - 挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。
mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
aleenzz/php_bug_wiki - 代码审计相关的一些知识
Y000o/Payloads_xss_sql_bypass -
0neb1n/CVE-2020-16947 - PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility)
TaptuIT/awesome-devsecops - Curating the best DevSecOps resources and tooling.
Imanfeng/Apache-Solr-RCE - Apache Solr Exploits 🌟
foryujian/yujianportscan - 一个基于VB.NET + IOCP模型开发的高效端口扫描工具，支持IP区间合并，端口区间合并，端口指纹深度探测
pyn3rd/my-presentation-slide -
RabiAPI/RabiAPI-Support - RabiAPI是一个开箱即用的Java接口文档生成工具，界面美观易用，支持多种框架注解。
Fawadkhanfk/Hunting-Tips - Tips For Bug Bounty Hunters
cvebase/cvebase.com - cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs
decoder-it/whoami-priv-Hackinparis2019 - Slides from my talk in "Hackinparis" 2019 edition
jas502n/Flink_RCE - Apache Flink Web Dashboard 未授权访问，上传恶意jar导致远程代码命令执行
dr0op/CrossC2 - generate CobaltStrike's cross-platform payload
jas502n/BurpSuite-icns - 制作BurpSuite icns 在Mac OS上
droberson/rtfm - Cheat sheet and notes inspired by the book RTFM - Red Team Field Manual
L1ves/windows-pentesting-resources -
chennylmf/OWASP-Web-App-Pentesting-checklists -
cranelab/webapp-tech -
ahmetumitbayram/kortto-admin-panel-finder-bypasser -
jas502n/Jboss_JMXInvokerServlet_Deserialization_RCE - Jboss_JMXInvokerServlet_Deserialization_RCE
jas502n/JWT_Brute - JWT_Brute
Ascotbe/HackerMind - 渗透步骤，web安全，CTF，业务安全，人工智能，区块链安全，数据安全，安全开发，无线安全，社会工程学，二进制安全，移动安全，红蓝对抗，运维安全，风控安全，linux安全
Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
jcesarstef/ghhdb-Github-Hacking-Database - Github Hacking Database - My personal collection of Github Dorks to search for Confidential Information (Yes, it's a Github version of Google Dorks)
oracle/oraclejet - Oracle JET is a modular JavaScript Extension Toolkit for developers working on client-side applications.
oskarkrawczyk/honukai-iterm-zsh - Honukai theme and colors for Oh My ZSH and iTerm
funkyoummp/BurpSuiteCn - Burp Suite 汉化中文
LGBT-CN/LGBTQIA-In-China - 🏳️‍🌈 中国的性少数群体一直渴望着自由平等
RASSec/Subdomain-Enumaration -
foryujian/yjdirscan - 御剑目录扫描专业版，简单实用的命令行网站目录扫描工具，支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫描控速等功能。
sillydadddy/huge-list-probed-BB-subdomains - List of nearly 7 lakhs subdomains in scope probed using httpx to feed to nuclei
random-robbie/rb-recon -
paulmillr/encrypted-dns - DNS over HTTPS config profiles for iOS & macOS
xairy/vmware-exploitation - A collection of links related to VMware escape exploits
facyber/awesome-networking - A collection of awesome networking courses, books, tutorials and other resources
tprynn/web-methodology - Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
dark-warlord14/crt.sh-one-liner - Updated crt.sh one liner to get subdomains
fupinglee/JavaTools - 一些Java编写的小工具。
JavierOlmedo/UltimateCMSWordlists - 📚 An ultimate collection wordlists of the best-known CMS
Swordfish-Security/awesome-devsecops-russia - Awesome DevSecOps на русском языке
mxm0z/awesome-sec-s3 - A collection of awesome AWS S3 tools that collects and enumerates exposed S3 buckets
ghsec/ghsec-jaeles-signatures - Signatures for jaeles scanner by @j3ssie
RogueSMG/PrivEscCon-Slides - Slide Deck I presented at PrivEscCon Webinar
gitrobtest/Java-Security - Java Security Documents
S3cur3Th1sSh1t/Amsi-Bypass-Powershell - This repo contains some Amsi Bypass methods i found on different Blog Posts.
1c3z/fileleak - 又一款敏感文件泄漏检测工具
Sajibekanti/Bug_Bounty_List - Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
cwkiller/Pentest_Dic - 自己收集整理自用的字典
0xtz/Enum_For_All -
balgan/binaryedge-cheatsheet - A list of queries and actions that I repeat over and over again
7hang/--Java - 代码审计知识点整理-Java
7azabet/light-map - A light-map tool is used to hack any website affected by sql and XSS exploit,light-map has many websites there are affected by sql and XSS exploit, and it have a sqlmap tool,you can download and insta
correlatedsecurity/Awesome-SOAR - A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.
hudunkey/Red-Team-links - 2019年红队资源链接，资源不是本人整理出来，来自互联网，因为流传的少，特意在此做个备份，做个分享。
geffner/CVE-2020-8289 - CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze
0x4D31/awesome-oscp - A curated list of awesome OSCP resources
xx-zh/xx-zh-roadmap - 中文翻译 Road Map
al0ne/suricata-rules - Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
daffainfo/AllAboutBugBounty - All about bug bounty (bypasses, payloads, and etc)
hackerscrolls/SecurityTips -
radareorg/awesome-radare2 - A curated list of awesome projects, articles and the other materials powered by Radare2
Neelakandan-A/BugBounty_CheatSheet - BugBounty_CheatSheet
lz520520/railgun -
kleiton0x00/CRLF-one-liner - A simple Bash one liner with aim to automate CRLF vulnerability scanning.
tennc/tips - 顾名思义，收集国内外各大佬的奇淫技巧
pwicherski/TestowanieOprogramowania - Testowanie oprogramowania - Książka dla początkujących testerów
Litch1-v/behinder-clone - 魔改的冰蝎，仅供测试连接内存webshell使用
zhyee/Mysql8.0_Reference_Manual_Translation - MySQL8.0官方文档中文翻译
pikvm/pikvm - Open and inexpensive DIY IP-KVM based on Raspberry Pi
d1nfinite/sec-interview - 信息安全面试题汇总
s0md3v/be-a-hacker - roadmap for a self-taught hacker
irsdl/top10webseclist - Top Ten Web Hacking Techniques List
Virdoexhunter/HowToHunt - Some Tutorials and Things to Do while Hunting That Vulnerability.
lazaars/SAP-Pentest -
uknowsec/SharpToolsAggressor - 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
tanprathan/OWASP-Testing-Checklist - OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
imran-parray/Mind-Maps - Mind-Maps of Several Things
Fawadkhanfk/Check-List - Check List
bighuang624/AI-research-tools - :hammer:AI 方向好用的科研工具
KathanP19/HowToHunt - Collection of methodology and test case for various web vulnerabilities.
ctfwiki/ctf_game_history - CTF题目缓存（题目信息及附件），用于题目复现和学习
0xthirteen/StayKit - Cobalt Strike kit for Persistence
riusksk/BDOpener - 开启APK调试与备份选项的Xposed模块
jfmaes/Red-Route53-Interactive -
jfmaes/Red-EC2 - Spin up RedTeam infrastructure on AWS via Ansible
cpandya2909/CVE-2020-15778 -
BeichenDream/Godzilla-Plugin-Store -
zhutougg/book_notes -
knownsec/404StarLink-Project - Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.(项目收录逐步迁移至 https://github.com/knownsec/404StarLink)
shack2/skyscorpion - 新版将不再对外公开发布。天蝎权限管理工具采用Java平台的JavaFX技术开发的桌面客户端，支持跨平台运行，目前基于JDK1.8开发，运行必须安装JDK或JRE 1.8，注意不能是open jdk，只能是oracle的jdk。天蝎权限管理工具基于冰蝎加密流量进行WebShell通信管理的原理，目前实现了jsp、aspx、php、asp端的常用操作功能，在原基础上，优化了大文件上传下载、Socke
uknowsec/Fofa-gui - Fofa采集工具-自修改版本
kobs0N/Hacking-Cheatsheet - List of commands and techniques to while conducting any kind of hacking :)
security-cheatsheet/wireshark-cheatsheet - Wireshark Cheat Sheet
AllsafeCyberSecurity/awesome-ghidra - A curated list of awesome Ghidra materials
morph3/Windows-Red-Team-Cheat-Sheet - Windows for Red Teamers
random-robbie/wpa-cracking - Command List for Hashcat and default keyspaces.
DasSecurity-HatLab/BlueRepli-Plus - BlueRepli-Plus
HenJigg/CHINA.NET- - 提供各类.NET、C#学习资料、免费图书社区
IoT-PTv/IoT-PT - A Virtual environment for Pentesting IoT Devices
BeichenDream/Godzilla - 哥斯拉
hasherezade/pe-bear-releases - PE-bear (builds only)
dwisiswant0/awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
Ka0sKl0wN/ICS-Security-Study-Resources - A curated list of resources that I recommend when asked about how to learn about Industrial Control Systems Cyber Security.
T43cr0wl3r/OSINT-RECON - Open source intelligence tools and resources
zer0yu/Awesome-CobaltStrike - CobaltStrike的相关资源汇总 / List of Awesome CobaltStrike Resources
TideSec/TideWave - 潮涌web漏洞自动化挖掘平台——自动化扫描全网或特定范围web资产，之后获取指纹信息、爬取页面url并提炼，最后进行特定payload测试。
Virdoexhunter/CheckLists -
mcxiaoke/RxDocs - Rx和RxJava文档中文翻译项目
warp682/SubdomainEnumeration - All about subdomain enumeration
antonytuff/Red-Team-Notes - OSCP guide and Red Team assessment Guide
chaitin/rad -
welk1n/FastjsonPocs - 一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。
pyn3rd/Spring-Boot-Vulnerability -
NagliNagli/OneLiners - Simple bash Oneliners to make life easier
microsoft/MSRC-Security-Research - Security Research from the Microsoft Security Response Center (MSRC)
jas502n/DBconfigReader - 泛微ecology OA系统接口存在数据库配置信息泄露漏洞
ossf/wg-vulnerability-disclosures - The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting
ossf/wg-identifying-security-threats - The purpose of the Identifying Security Threats working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and com
ossf/wg-security-tooling - OpenSSF Security Tooling Working Group
Bypass007/Learn-security-from-0 - 从0开始学安全，注重实战+技巧的运用，分享各种安全攻防干货，包括但不限于：Web安全、代码审计、内网渗透、企业安全等。
Accept008/ubuntu-system-local-use-k8s-minikube - ubuntu系统上本地搭建单机版的Kubernetes集群minikube(笔记)
xiaojiaqi/k8seasy_release_page - 一键安装kubernets(k8s)系统，已支持云环境的发布，可以在阿里云 azure 等云环境自主部署k8s系统，golang 编写无需任何插件，无需翻墙下载任何内容，证书10年有效期，支持单机集群生产环境的高可用完全离线安装等标准。自带dashboard 监控，镜像仓库等内容，一键可用。
privacycg/storage-partitioning - Client-Side Storage Partitioning
stylersnico/nginx-secure-config - Nginx configuration file for optimized security and performance
bugcrowd/bugcrowd_university - Open source education content for the researcher community
piaolin/fofa2Xray - User fofa api get hosts and xray to webscan.
Youlor/Youpk - 又一款基于ART的主动调用的脱壳机
1d8/Android-Analysis - Getting Genymotion & Burpsuite setup for Android Mobile App Analysis
SwiftOnSecurity/sysmon-config - Sysmon configuration file template with default high-quality event tracing
LappleApple/awesome-leading-and-managing - Awesome List of resources on leading people and being a manager. Geared toward tech, but potentially useful to anyone.
ArpitKubadia/RVDP-Programs - List of domains having RVDP programmes
ring04h/iproxy - HTTP/HTTPS proxy server by golang [high performance version]
qiyeboy/kill_webshell_detect - 总结了免杀webshell的方法论
ezlkc/androidantivirus -
ezlkc/androidtrojan -
waylau/java-trusted-code-refactoring-exam -
ibr2/pwk-cheatsheet -
loecho-sec/CobaltStrike_Script_Wechat_Push - CobatStrike-Script, Beacon上线,微信实时推送!
Mochazz/Struts2-Vuln - 关于Struts2框架的历史漏洞个人分析文章
sbousseaden/PCAP-ATTACK - PCAP Samples for Different Post Exploitation Techniques
gerryguy311/Free_CyberSecurity_Professional_Development_Resources - An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free. Originally built during COVID-19 for cybersecurity professionals with downtime can take advanta
bit4woo/CVE-2020-13925 -
fuzhengwei/CodeGuide - :books: 本代码库是作者小傅哥多年从事一线互联网 Java 开发的学习历程技术汇总，旨在为大家提供一个清晰详细的学习教程，侧重点更倾向编写Java核心内容。如果本仓库能为您提供帮助，请给予支持(关注、点赞、分享)！
1ndianl33t/Bugbounty-Resources - A list of resources for those interested in getting started in bug bounties inspired from https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
overnote/over-golang - Golang相关：[审稿进度80%]Go语法、Go并发思想、Go与web开发、Go微服务设施等
1ndianl33t/Bug-Bounty-Roadmaps - Bug Bounty Roadmaps
xuedingmiaojun/mp-unpack -
aqiongbei/buy_pig_plan - 电话攻击(电话轰炸、可代替短信轰炸)、留言攻击工具 | 已删库
ckxpress/blockchain-sociology - 區塊鏈社會學
redhuntlabs/Awesome-Asset-Discovery - List of Awesome Asset Discovery Resources
jiedeidei/Safety-baseline - 安全基线检查
blackrosezy/gui-inspect-tool - Gui Inspect tool for Windows
EvilAnne/Violation_Pnetest - 渗透红线Checklist
0xricksanchez/paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Airboi/Citrix-ADC-RCE-CVE-2020-8193 - Citrix ADC从权限绕过到RCE
ajdumanhug/oscp-practice - A random set of 5 machines for OSCP
alphaSeclab/awesome-webshell - Awesome webshell collection. Including 150 Github repo, and 200+ blog posts.
alphaSeclab/fuzzing-stuff - Resources About Fuzzing, For Multiple Platforms And All Popular Fuzzers. 500+ Open Source Tools Sorted By Star Count, 800+ Blog Posts Sorted By Publish Time.
alphaSeclab/DBI-Stuff - Resources About Dynamic Binary Instrumentation and Dynamic Binary Analysis
alphaSeclab/shellcode-resources - Resources About Shellcode
alphaSeclab/android-security - Android Security Resources.
alphaSeclab/anti-av - Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts
alphaSeclab/obfuscation-stuff - Source Code Obfuscation And Binary Obfuscation, Multiple Languages And Multiple Platforms. Including 250+ Tools and 600+ Posts
alphaSeclab/injection-stuff - PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts
inferjay/AndroidDevTools - 收集整理Android开发所需的Android SDK、开发中用到的工具、Android开发教程、Android设计规范，免费的设计素材等。
Pa55w0rd/Enterprise_-Security_tools - 企业安全建设中用到的开源or“免费”的工具
MHaggis/sysmon-dfir - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
rootclay/windows_protocol -
hack2fun/BypassAV - Cobalt Strike插件，用于快速生成免杀的可执行文件
WebBreacher/osinttools - A collection of random OSINT scripts
juguangtool/iOSConfusion - iOS混淆 iOS代码混淆 iOS过审工具 iOS上架 iOS代码混淆工具 iOS工具 iOS马甲包 iOS马甲包工具 iOS混淆 iOS过4.3 iOS过审 iOS confuse iOS code confuse iOS2.3.1解决 iOS账号调查解决办法 iOS账号调查解决 iOS账号调查过审 OC代码混淆 IOS源码混淆 OC混淆 OC代码混淆 OC过审工具 OC代码混淆工具 OC工具
funkyoummp/FunkProxy - 流量转发工具
StabilityMan/StabilityGuide - 【稳定大于一切】打造国内稳定性领域知识库，让无法解决的问题少一点点，让世界的确定性多一点点。
uknowsec/loginlog_windows - 读取登录过本机的登录失败或登录成功的所有计算机信息，在内网渗透中快速定位运维管理人员。
gomex/docker-para-desenvolvedores - Código fonte do livro Docker para desenvolvedores
jhaddix/tbhm - The Bug Hunters Methodology
Maskhe/javasec - 自己学习java安全的一些总结，主要是安全审计相关
xiaoy-sec/Pentest_Note - 渗透测试常规操作记录
threatexpress/malleable-c2 - Cobalt Strike Malleable C2 Design and Reference Guide
iGio90/DUCKWARRIORS_Frida_Wars_1 - challenge built for first frida wars
CaledoniaProject/awesome-opensource-security - A list of interesting open-source tools
AboutRSS/ALL-about-RSS - A list of RSS related stuff: tools, services, communities and tutorials, etc.
ignis-sec/Pwdb-Public - A collection of all the data i could extract from 1 billion leaked credentials from internet.
FULLSHADE/WindowsExploitationResources - Resources for Windows exploit development
starnightcyber/subDomains - 互联网公司子域名收集
rsmudge/Malleable-C2-Profiles - Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt
cloudflare/sslconfig - Cloudflare's Internet facing SSL configuration
platomav/CPUMicrocodes - Intel, AMD, VIA & Freescale CPU Microcode Repositories
wh-Cyberspace/WH-Encryptor - WH-Encryptor Android + Windows with Extra tools and Features | antivirus Bypass 99% | wh-Cyberspace
SkyBlueEternal/thinkphp-RCE-POC-Collection - thinkphp v5.x 远程代码执行漏洞-POC集合
angelwhu/jvm-rasp - 基于JVM-Sandbox实现RASP安全监控防护
ryan412/ADLabsReview - Active Directory Labs/exams Review
osamahamad/CVE-2020-5410-POC - CVE-2020-5410 Spring Cloud Config directory traversal vulnerability
Lissy93/personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2022
dafthack/CloudPentestCheatsheets - This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
1ndianl33t/All-in-one_BugBounty_PDF_bundles -
Paper-Pen/GatherInfo - 信息收集 OR 信息搜集
mrnitesh/apikey -
mirfansulaiman/Command-Mobile-Penetration-Testing-Cheatsheet - Mobile penetration testing android & iOS command cheatsheet
alphaSeclab/hooking - Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.
taielab/Taie-RedTeam-OS - 泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统
SEC-GO/Red-vs-Blue - 红蓝对抗交流心得
kleiton0x00/CORS-one-liner - A one liner Bash command which finds CORS in every possible endpoint.
veeral-patel/how-to-secure-anything - How to systematically secure anything: a repository about security engineering
r00tuser111/ActuatorExploitTools - 一款用于攻击spring boot actuator的集成环境，目前集成三种攻击方式，支持1.x、2.x
zhengjim/Chinese-Security-RSS - 网络安全资讯的RSS订阅，网络安全博客的RSS订阅，网络安全公众号的RSS订阅
gpakosz/.tmux - 🇫🇷 Oh my tmux! My self-contained, pretty & versatile tmux configuration made with ❤️
alphaSeclab/persistence - Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
12306Bro/Security-operation-book - 一些常见的安全检测规则及事件
alphaSeclab/cobalt-strike - Resources About Cobalt Strike. 100+ Tools And 200+ Posts.
vulnerablecodes/vuln_uris -
dark-warlord14/ffufalias - Alias for storing ffuf results
cephurs/wildcarded-citrix-2020 - Wildcard certificates which were on vulnerable Citrix servers in 2020
emadshanab/subs_all - Subdomain Enumeration Wordlist. 8956437 unique words. Updated.
prakharathreya/Struts2-RCE - A Burp Extender for checking for struts 2 RCE vulnerabilities.
jas502n/SpringBoot_Actuator_RCE - SpringBoot_Actuator_RCE
netbiosX/Checklists - Red Teaming & Pentesting checklists for various engagements
h0nus/MyPayloads - Just a useless set of payload created by me. Saved here for remembrance.
ngoclesydney/Cyber-Security-for-Mobile-Platforms - The subject provides an in-depth technical overview of mobile security architectures, new security risks and threats of modern mobile platforms and operating systems. Lab tutorials provide students wi
satan1a/awesome-ios-security-cn - iOS安全资料整理（中文）
random-robbie/bruteforce-lists - Some files for bruteforcing certain things.
AndyFul/ConfigureDefender - Utility for configuring Windows 10 built-in Defender antivirus settings.
Dormidera/WordList-Compendium - Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.
al0ne/Nmap_Bypass_IDS - Nmap&Zmap特征识别，绕过IDS探测
Echocipher/Resource-list - “网址”传输助手，记载一下平时用到好的在线网址。
vegabird/xvna - Extreme Vulnerable Node Application
lyshark/Windows-exploits - Windows 平台提权漏洞大合集，长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long
delikely/OSINT-JUMP - 开源情报收集导航及快速跳转的油候脚本
ctfhub-team/ctfhub_base_image - Index of CTFHub Base Images
Mad-robot/wordpress-exploits - All known and unknown public POC's for wordpress themes and plugins
emadshanab/LFI-Payload-List - LFI Payloads List coolected from github repos
RenwaX23/XSS-Payloads - List of XSS Vectors/Payloads
1ndianl33t/Gf-Patterns - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
JHUAPL/Beat-the-Machine - Reverse engineering basics in puzzle form
vuepress/awesome-vuepress - 🎉 A curated list of awesome things related to VuePress
dyweb/papers-notebook - :page_facing_up: :cn: :page_with_curl: 论文阅读笔记（分布式系统、虚拟化、机器学习）Papers Notebook (Distributed System, Virtualization, Machine Learning)
BullsEye0/google_dork_list - Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff
iGotRootSRC/Dorkers - Dorks for Google, Shodan and BinaryEdge
sbilly/awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
tunz/js-vuln-db - A collection of JavaScript engine CVEs with PoCs
latestalexey/awesome-web-hacking - A list of web application security
wyzxxz/shiro_rce_tool - shiro 反序列命令执行辅助检测工具
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
jdonsec/AllThingsAndroid - A Collection of Android Pentest Learning Materials
sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
TrojanAZhen/BurpSuitePro-2.1 - 什么? 你想用免费的BurpSuitePro版本!!!
master3values/Attack-Cloud - Att&ck Cloud相关
argowang/cyber-security-roadmap - A roadmap for learning cyber-security
euphrat1ca/CVE-2020-0618 - SQL Server Reporting Services(CVE-2020-0618)中的RCE
riramar/Web-Attack-Cheat-Sheet - Web Attack Cheat Sheet
u-u-z/information-security-for-everyone - 写给大家看的信息安全手册
mingcheng/deploy-k8s-within-aliyun-mirror - 使用阿里云镜像快速部署 Kubernetes 集群
xuedingmiaojun/wxappUnpacker -
plenumlab/GQL-Helper - This is a small extension to make graphql readable
maddiestone/AndroidAppRE - Android App Reverse Engineering Workshop
yangchong211/YCBlogs - 技术博客笔记大汇总，包括Java基础，线程，并发，数据结构；Android技术博客等等；常用设计模式；常见的算法；网络协议知识点；部分flutter笔记；还包括平时开发中遇到的bug汇总，当然也在工作之余收集了大量的面试题，长期更新维护并且修正，持续完善……开源的文件是markdown格式的！转载请注明出处，谢谢！
aquasecurity/vuln-list - NVD, RedHat, Debian, Ubuntu, Alpine
we1h0/awesome-java-security-checklist - awesome-java-security-checklist(关于Java安全方面,Java基础/审计/修复/设计/规范)
projectdiscovery/nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
qxl1231/2019-k8s-centos - 2019最新k8s集群搭建教程(centos/ubuntu)
jdonsec/AllThingsSSRF - This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
dsopas/assessment-mindset - Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
six2dez/OSCP-Human-Guide - My own OSCP guide
streaak/keyhacks - Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Brucetg/App_Security -
Snowming04/CobaltStrike4.0_related - 破解的cs4.0、cs4.0官方手册翻译和一些笔记
sushiwushi/bug-bounty-dorks - List of Google Dorks for sites that have responsible disclosure program / bug bounty program
1-2-3/hhkb_ydkb - HHKB 键盘 + YDKB 主控 = 完美键盘
YasserGersy/cazador_unr - Hacking tools
WooyunDota/DroidDrops - 梳理下自己之前写过的文章
hereappdev/Here-Plugins - Plugins for Here App 🚀
tianshanghong/awesome-anki - A curated list of awesome Anki add-ons, decks and resources
nomi-sec/PoC-in-GitHub - 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
inonshk/31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips.
theLSA/CS-checklist - PC客户端（C-S架构）渗透测试checklist / Client side(C-S) penetration checklist
wooyunwang/Fortify - 源代码漏洞の审计
renzu0/nw-tips - win内网_域控安全
proudwind/javasec_study - java代码审计学习笔记
randorisec/MobileHackingCheatSheet - Basics on commands/tools/info on how to assess the security of mobile applications
vaib25vicky/awesome-mobile-security - An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
randomuserid/Adama - Searches For Threat Hunting and Security Analytics
rShetty/awesome-podcasts - Collection of awesome podcasts
alphaSeclab/windows-security - Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
alphaSeclab/all-my-collection-repos - All Security Resource Collections Repos That I Published.
alphaSeclab/awesome-security-collection - 1000+ Github Security Resource Collection Repos.
sv3nbeast/CVE-2019-1388 - guest→system（UAC手动提权）
bh1xuw/mca-administrative - 中华人民共和国民政部全国行政区划信息。topojson/geojson格式，至县一级。
sehno/Bug-bounty - Ressources for bug bounty hunting
xiaolai/zuoxiangqicheng - 坐享其成——最简单的大脑锻炼方式
zjdx1998/seucourseshare - 东南大学课程共享计划
S3cur3Th1sSh1t/Pentest-Tools -
xinali/articles - Personal Blog/主记录漏洞挖掘相关研究(文章位于issues)
nobleXu/jenkins - jenkins payload
uknowsec/SharpDecryptPwd - 对密码已保存在 Windwos 系统上的部分程序进行解析,包括：Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品（Xshell,Xftp)。源码：https://github.com/RowTeam/SharpDecryptPwd
we1h0/redteam-tips - 关于红队方面的学习资料
OWASP/API-Security - OWASP API Security Project
hackergrrl/art-of-readme - :love_letter: Things I've learned about writing good READMEs.
Mochazz/ThinkPHP-Vuln - 关于ThinkPHP框架的历史漏洞分析集合
robertdebock/ansible-role-dsvpn - Install and configure dsvpn on your system.
dosec-cn/harbor-scanner - 一个免费的镜像漏洞扫描工具, 可以扫描镜像中已安装软件包的漏洞，支持中文漏洞库，可与 Harbor 无缝集成。
slowmist/Ontology-Triones-Service-Node-security-checklist - Ontology Triones Service Node security checklist（本体北斗共识集群安全执行指南）
slowmist/vechain-core-nodes-security-checklist - VeChain core nodes security checklist（唯链核心节点安全执行指南）
slowmist/eos-bp-nodes-security-checklist - EOS bp nodes security checklist（EOS超级节点安全执行指南）
7kbstorm/smb_version_threadpool - 于几年前二次开发自 http://www.zcgonvh.com/post/CSharp_smb_version_Detection.html
wisdom-projects/holer - Holer exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
sk3ptre/AndroidMalware_2019 - Popular Android threats in 2019
alphaSeclab/awesome-burp-suite - Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.
aozhimin/iOS-Debug-Hacks - :dart: Advanced debugging skills used in the iOS project development process, involves the dynamic debugging, static analysis and decompile of third-party libraries. iOS 项目开发过程中用到的高级调试技巧，涉及三方库动态调试、静态分
dackh/blog - ...
jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
alphaSeclab/awesome-honeypot - Awesome Honeypot Resource Collection. Including 250+ Honeypot tools, and 350+ posts about Honeypot.
shadow-horse/CVE-2019-17571 - Apache Log4j 1.2.X存在反序列化远程代码执行漏洞
SecurityRiskAdvisors/VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
ReDTunnel/redtunnel -
harismuneer/Ultimate-Facebook-Scraper - 🤖 A Software that automates your social media interactions to collect posts, photos, videos, interests, friends, followers, and much more on Facebook.
alphaSeclab/awesome-forensics - Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.
alphaSeclab/awesome-rat - RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
dgryski/go-perfbook - Thoughts on Go performance optimization
ripperhe/Bob - Bob 是一款 macOS 平台的翻译和 OCR 软件。
l3m0n/WebFuzzAttack - web模糊测试 - 将漏洞可能性放大
alphaSeclab/awesome-cyber-security - [Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count,
twelvesec/BearerAuthToken - This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
8enet/Charles-Crack - Removed according to DMCA.
rizinorg/cutter-plugins - A curated list of Community Plugins and Scripts written for Cutter
felixgr/secure-ios-app-dev - Collection of the most common vulnerabilities found in iOS applications
0xmachos/iOS-Security-Guides - Every iOS security guide
indrarahul/d4rkc0de-Android-CTF - d4rkc0de Android CTF
B3nac/Android-Reports-and-Resources - A big list of Android Hackerone disclosed reports and other resources.
Ruturaj4/Mobile-Security-Paper_summaries - Papers summaries of some of the most important Mobile Security Papers 📃
DataMaster-2501/DataMaster-Android-AdBlock-Hosts - Android AdBlock Hosts file for /etc/hosts
XecLabs/Mobile - The repo hold all our (mobile security) & applications reports.
enciphers-team/Mobexler -
psychsecurity/iOS-Pentesting - Wiki for Pentesting iOS apps
ansjdnakjdnajkd/iOS - Most usable tools for iOS penetration testing
xsleaks/xsleaks - A collection of browser-based side channel attack vectors.
timip/OSWE - OSWE Preparation
M507/AWAE-Preparation - This repository will contain all trainings and tutorials I have done/read to prepare for OSWE / AWAE.
alphaSeclab/awesome-network-stuff - Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.
stars-one/ASCToolJar - Android Signature Crack Tool Jar 破解APK签名验证的jar包
chicharitomu14/Android-Security-Notes-personal - 个人整理的Android安全学习笔记
iwannabetop/Awesome-Android-Learning-Guide - 一份系统、全面的安卓进阶学习指南（更新中）
pwstrick/daily - 一份搜集的前端面试题目清单、面试相关以及各类学习的资料（不局限于前端）
alphaSeclab/sec-tool-list - More than 21K security related open source tools, sorted by star count. Both in markdown and json format.
RASSec/ssrf-video-ffmpeg -
seecode-audit/seecode-audit - Distributed white box code scanning tool
blaCCkHatHacEEkr/PENTESTING-BIBLE - articles
fffaraz/awesome-cpp - A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.
andrews1022/web-development-course-list - A list of Udemy courses from Brad Traversy's Web Development 2021 video
alphaSeclab/awesome-reverse-engineering - Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)
tangsilian/My-Github-Stars - My Github Stars
fr0gger/awesome-ida-x64-olly-plugin - A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
XIU2/TrackersListCollection - 🎈 Updated daily! A list of popular BitTorrent Trackers! / 每天更新！全网热门 BT Tracker 列表！
basketwill/Z0BPcTools - 一个windows反汇编工具，界面风格防OllyDbg 利用业余开发了一款类似仿OLlyDbg界面的 IDA静态反编译工具，目前是1.0版本，功能不是很强大但是基本功能有了
fabacab/awesome-cybersecurity-blueteam - :computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
jobbole/awesome-go-cn - Go 资源大全中文版，内容包括：Web框架、模板引擎、表单、身份认证、数据库、ORM框架、图片处理、文本处理、自然语言处理、机器学习、日志、代码分析、教程和（电子）书等。由「开源前哨」和「Go开发大全」微信团队维护。
wyzxxz/jndi_tool - JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
ivRodriguezCA/RE-iOS-Apps - A completely free, open source and online course about Reverse Engineering iOS Applications.
slowmist/Knowledge-Base - Knowledge Base 慢雾安全团队知识库
npubird/KnowledgeGraphCourse - 东南大学《知识图谱》研究生课程
pandazheng/IosHackStudy - IOS安全学习资料汇总
gozelus/iOSReview - 常见iOS面试中考察的知识点整理
payloadbox/sql-injection-payload-list - 🎯 SQL Injection Payload List
CTFTraining/CTFTraining - CTF Training 经典赛题复现环境
niezhiyang/open_source_team - 国内顶尖团队的开源地址
jaegeral/security-apis - A collective list of public APIs for use in security. Contributions welcome
dweinstein/awesome-frida - Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
veracode-research/solr-injection - Apache Solr Injection Research
ffffffff0x/Digital-Privacy - Information Protection & OSINT resources | 一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗
yifeikong/reverse-interview-zh - 技术面试最后反问面试官的话
uknowsec/Active-Directory-Pentest-Notes - 个人域渗透学习笔记
serhii-londar/open-source-mac-os-apps - 🚀 Awesome list of open source applications for macOS. https://t.me/s/opensourcemacosapps
jobbole/awesome-sysadmin-cn - 系统管理员资源大全中文版，备份/克隆软件、云计算/云存储、协作软件、配置管理、日志管理、监控、项目管理等
hacklcx/HFish - 安全、可靠、简单、免费的企业级蜜罐
Leezj9671/offensiveinterview - 翻译国外的@WebBreacher的安全/渗透测试/红队面试题，有部分参考作用
olafhartong/ThreatHunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
qingshuisiyuan/electron-ssr-backup - electron-ssr原作者删除了这个伟大的项目，故备份了下来，不继续开发,且用且珍惜
freedom-is-life/crypto-exchange - 24mex，24MEX，24Mex，h5、网站app前后端源码下载。最火的差价合约交易所系统|指数型差价合约交易所系统、ICFD指数型差价合约交易所、BTC比特币杠杠交易、领先数字货币杠杆交易所（高达100倍杠杆），数字货币比特币 BTC 微盘交易系统开发、数字货币比特币 BTC 微交易系统，数字货币比特币 BTC 合约系统;
the-champions-of-capua/pen-tool - 渗透工具使用教程，结合 vulhub, dvwa, metasploitable3 等靶场使用，涵盖工具有菜刀，msf, sqlmap 等等。
Raikia/Recon-NG-API-Key-Creation - One of the biggest annoyances of using Recon-ng is getting everything set up to use it. So here I’ll outline the different API keys it can use and where to get them yourself.
qianguyihao/Mac-list - Mac软件清单、Mac使用技巧整理，正在不断完善中。努力做到最全。
ffffffff0x/Dork-Admin - 盘点近年来的数据泄露、供应链污染事件
joshuah345/linux-dotfiles - I configure lots of things, sorting them out here
Bypass007/Safety-Project-Collection - 收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。
chenzhao2013/Translation-For-IoT-Penetration-Testing-Cookbook - 学习物联网渗透测试技术时，在Google上查到的一本英文书。看国内还未有该领域的书籍，因此将其翻译提供更多的同学学习。若有侵权，请联系删除。
piglei/one-python-craftsman - 来自一位 Pythonista 的编程经验分享，内容涵盖编码技巧、最佳实践与思维模式等方面。
AxtMueller/Windows-Kernel-Explorer - A free but powerful Windows kernel research tool.
Puuoi/SS-R-4in1 - 由于秋水逸冰网站国内无法访问，所以为有需要的朋友复制发布到github
Quorafind/golang-developer-roadmap-cn - 在 2019 成为一名 Go 开发者的路线图。为学习 Go 的人而准备。
hblvsjtu/StockTradingSignalSystem - 著名的投资大师巴菲特说"我始终知道我会富有"，一开始我也想成为像巴同学那样的价值投资者，后来我发现价值投资在中国A股里面是走不通的，趋势投资才是王道。刚学投资的小白，想站在前人的基础上，开发基金股票买卖信号体系，在不浪费太多精力的同时获取超额收益，我知道我也终将富有^_ ^
jiansiting/Decryption-Tools - Decryption-Tools
xdd666t/MyData - 相关资料存放，noval为阅读书源，pic为Github图床
Bypass007/Emergency-Response-Notes - 应急响应实战笔记，一个安全工程师的自我修养。
3had0w/Fuzzing-Dicts - Web Security Dictionary
tiaotiaolong/sec_interview_know_list - 信息安全方面面试清单
Smi1eSEC/Web-Security-Note - Record some common Web security sites
Jack-Liang/kalitools - Kali Linux工具清单
yzddmr6/webshell-venom - 免杀webshell无限生成工具
DrXie/OSFCC - 一个收集可用于中文字体排印的开源字体集合。
l0ss/Grouper2 - Find vulnerabilities in AD Group Policy
nusr/hacker-laws-zh - 💻📖对开发人员有用的定律、理论、原则和模式。(Laws, Theories, Principles and Patterns that developers will find useful.)
qdlaoyao/js-book - 《JavaScript 迷你书》，全面夯实基础
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
aleenzz/MSSQL_SQL_BYPASS_WIKI - MSSQL注入提权,bypass的一些总结
xiangbab/web-hack - 一份网络安全入门的资料。
nusr/awesome-macos-command-line-zh - 用你的 macOS 终端搞事情。(Use your macOS terminal shell to do awesome things. )
yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References - List of Awesome Advanced Windows Exploitation References
zhangyongcun/OpenCore-EFI -
aleenzz/MYSQL_SQL_BYPASS_WIKI - mysql注入,bypass的一些心得
Lucifer1993/cmsprint - CMS和中间件指纹库
wsgzao/autoinstall - Autoinst索引
ConnerLambdaAccount/T430-EFI - Hackintosh Install Tutorial for Lenovo Thinkpad T430
starrtc/starrtc-android-demo - 🚀starRTC，即时通讯(IM)系统，免费IM系统（含单聊，群聊，聊天室，文件传输），免费一对一视频聊天，VOIP，语音对讲（回音消除），直播连麦，视频直播，RTSP拉流，RTMP推流，webRTC服务端，在线教育，白板，小班课，在线会议，视频会议，视频监控，局域网直连（无需服务器），兼容webRTC, 支持webRTC加速，P2P高清传输，安卓、iOS、web互通，支持门禁对讲，可视对讲，电视
lis912/Information-security-reinforcement-scheme - 等级保护安全加固方案
jeansgit/RedTeam - RedTeam资料收集整理
coralfox/Confluence-Plugin-CN - 这是Confluence 插件Questions For Confluence的简体中文汉化文件
aleenzz/Cobalt_Strike_wiki - Cobalt Strike系列
euphrat1ca/Security-List - If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中，如果有什么好的意见或建议，请在Issues反馈，感谢您的参与。
Escapingbug/awesome-browser-exploit - awesome list of browser exploitation tutorials
chryzsh/DarthSidious - Building an Active Directory domain and hacking it
we1h0/web-sec-interview - Information Security (Web Security/Penetration Testing Direction) Interview Questions/Solutions 信息安全(Web安全/渗透测试方向)面试题/解题思路
visualbasic6/chatter - internet monitoring osint telegram bot for windows
FeeiCN/SecurityInterviewGuide - 网络信息安全从业者面试指南
Voorivex/pentest-guide - Penetration tests guide based on OWASP including test cases, resources and examples.
ruanyf/document-style-guide - 中文技术文档的写作规范
thanksdanny/tester-resource - 测试技术资源
Stardustsky/SaiDict - 弱口令,敏感目录,敏感文件等渗透测试常用攻击字典
xiaolai/everyone-can-use-english - 人人都能用英语
findneo/Newbie-Security-List - 网络安全学习资料，欢迎补充
iBreaker/bjguahao - 北京市预约挂号统一平台挂号小助手
hq450/fancyss_history_package - 科学上网插件的离线安装包储存在这里
SkyBlueEternal/CVE-2018-1335-EXP-GUI - GUI版 EXP
milabs/awesome-linux-rootkits - awesome-linux-rootkits
yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
ngalongc/bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
infosecn1nja/AD-Attack-Defense - Attack and defend active directory using modern post exploitation adversary tradecraft activity
yurii-yu/chitchat-on-translation - 翻译漫谈——我的翻译经验总结
FunnyKun/NessusReportInChinese - 半自动化将 Nessus 英文报告（csv格式）生成中文 excel ，中文漏洞库已有700多条常见漏洞，后续再进一步加上新漏洞自动翻译，实现全自动化
WebBreacher/orcs - OSINT Resource Classification System
yangliang1415/awesome-risk-control - 风控知识总结
553899811/Java-Programmer-Advancement-Program - 📚 Java 技术体系进阶指南，总结职场经验及感悟，积累技术面试
security-cheatsheet/reverse-shell-cheatsheet - 🙃 Reverse Shell Cheat Sheet 🙃
xuanhun/HackingResource - “玄魂工作室--安全圈” 知识星球内资源汇总
Harmoc/CTFTools - Personal CTF Toolkit
LingCoder/OnJava8 - 《On Java 8》中文版
enkomio/Taipan - Web application vulnerability scanner
1135/1135-CobaltStrike-ToolKit - about CobaltStrike
wtsxDev/Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things
clxering/Effective-Java-3rd-edition-Chinese-English-bilingual - Effective Java（第3版）各章节的中英文学习参考（已完成）
exitmsconfig/engineering-Box - engineering Box (简称 - engineering) 是一个集合github平台上的安全行业从业者自研开源扫描器的仓库，包括子域名枚举、数据库漏洞扫描、弱口令或信息泄漏扫描、端口扫描、指纹识别以及其他大型扫描器或模块化扫描器，同时该仓库只收录各位安全行业从业者自己编写的一般性开源扫描器，类似awvs、nmap、w3af等知名扫描工具不收录，收集全球各位同仁爱好者维护项目
Aptive/penetration-testing-tools - Penetration Testing tools - one repo to clone them all... containing latest pen testing tools
Snowming04/The-Hacker-Playbook-3-Translation - 对 The Hacker Playbook 3 的翻译。
thedaviddias/Front-End-Checklist - 🗂 The perfect Front-End Checklist for modern websites and meticulous developers
hannoch/scaner - 扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。
byt3bl33d3r/AnsiblePlaybooks - A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
payloadbox/xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
trimstray/the-practical-linux-hardening-guide - This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
hongriSec/AI-Machine-Learning-Security - 一个关于人工智能渗透测试分析系列
guardrailsio/awesome-python-security - Awesome Python Security resources 🕶🐍🔐
sdnds-tw/awesome-sdn - A awesome list about Software Defined Network (SDN)
pe3zx/my-infosec-awesome - My curated list of awesome links, resources and tools on infosec related topics
ityouknow/awesome-spring-boot - Spring Boot Resources
leng-yue/Lengyue-Vcode - Project Stopped
naototty/awesome-el-yum-repository-additional - awesome EL(centos,redhat) additional yum repository
izombielandgit/CentOS7-Server-Configuration - CentOS7服务器的一些配置
guardrailsio/awesome-golang-security - Awesome Golang Security resources 🕶🔐
Ivan1ee/NET-Deserialize - 总结了十篇.Net反序列化文章，持续更新
tigercandy/go-read-recommend - :fire: 让阅读变成一件有意义的事。Golang好文推荐；收录平时阅读到的一些Go相关写的比较好、质量较高的干货文章.
liuchengxu/git-commit-emoji-cn - 😁 git commit message emoji 使用指南
lyz8jj0/mapSource - java基础思维导图(还有mybatis,spring)
Leezj9671/Pentest_Interview - 个人准备渗透测试和安全面试的经验之谈，和去部分厂商的面试题，干货真的满满~
0xMJ/AI-Security-Learning - 自身学习的安全数据科学和算法的学习资料
Binject/awesome-go-security - A dedicated place for cool golang security projects
upan/cheat-sheet - 常用工具和开源项目链接收藏
snoopysecurity/awesome-burp-extensions - A curated list of amazingly awesome Burp Extensions
imthenachoman/How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
Micropoor/Micro8 - Gitbook
prakhar1989/awesome-courses - :books: List of awesome university courses for learning Computer Science!
TideSec/Tide - 目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感字检测、DNS监测、网站可用性监测、漏洞库管理、安全预警等等~
AnyeDuke/Enterprise-Security-Skill - 用于记录企业安全规划，建设，运营，攻防的相关资源
Ridter/Intranet_Penetration_Tips - 2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~
NewBee119/threat-intelligence - 收集的一些国外能提供提供威胁情报的公司，涵盖网络安全、工控安全、终端安全、移动安全等领域
mezod/awesome-indie - Resources for independent developers to make money
WalterInSH/risk-management-note - 🧯风险控制笔记，适用于互联网企业
yujiangshui/A-Programmers-Guide-to-English - 专为程序员编写的英语学习指南 v1.2。在线版本请点 ->
haiyusun/Interview-Notes - 秋招面试总结
GitHubDaily/GitHubDaily - 坚持分享 GitHub 上高质量、有趣实用的开源技术教程、开发者工具、编程网站、技术资讯。A list cool, interesting projects of GitHub.
cvkki/src - 日常src平台域名收集
AV1080p/Hacking-With-Golang - Golang安全资源合集
crazywa1ker/DarthSidious-Chinese - DarthSidious 中文版
FEGuideTeam/FEGuide - 【前端面试题+前端学习+面试指南】一份涵盖大部分前端工程师所需要掌握的核心知识。这个项目就是为了帮助那些找工作的前端开发工程师去回顾前端的基础知识，如果你不想找工作，也可以通过查看这些面试问题去巩固你的前端技能。
Fndroid/clash_for_windows_pkg - A Windows/macOS GUI based on Clash
T3st0r-Git/hack_postgres - 便捷地使用PostgreSQL自定义函数来执行系统命令，适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。
bloodzer0/ossa - Open-Source Security Architecture | 开源安全架构
nailperry-zd/The-Economist - The Economist 经济学人，持续更新
guobinhit/intellij-idea-tutorial - 🌻 This is a tutorial of IntelliJ IDEA, you can know how to use IntelliJ IDEA better and better.
rebeyond/Behinder - “冰蝎”动态二进制加密网站管理客户端
SFLAQiu/web-develop - :seedling:《大话WEB开发》WEB开发相关经验总结分享
enochtangg/quick-SQL-cheatsheet - A quick reminder of all SQL queries and examples on how to use them.
xiaohuilam/laravel - Laravel 深入详解 —— 源代码解析，新手进阶指南
Boreas813/Burp-Suite-2.0-chinese-document - 中文版burp2.0官方文档
sjsdfg/CS-Notes-PDF - https://github.com/CyC2018/CS-Notes PDF版本离线阅读
vuejs/awesome-vue - 🎉 A curated list of awesome things related to Vue.js
opendigg/awesome-github-vue - Vue相关开源项目库汇总
EZLippi/practical-programming-books - 这里收录比较实用的计算机相关技术书籍，可以在短期之内入门的简单实用教程、一些技术网站以及一些写的比较好的博文，欢迎Fork，你也可以通过Pull Request参与编辑。
233boy/chinaip - 中国大陆 IP 列表(已优化)
PansonPanson/Java-Notes - :books: 计算机科学基础知识、Java开发、后端/服务端、面试相关 :books: computer-science/Java-development/backend/interview
technicaldada/BEST-HACKING-TOOLS - BEST HACKING TOOLS..For more tools visit our blog for Hackers
leelikar/DeepWeb - 暗网网址大全TOR
EarsEyesMouth/computerese-cross-references - 计算机专业术语中英文对照。
danTaler/detectionString - list of sql-injection and XSS strings
slowmistio/2018-BlackHat-Tools-List - 2018 BlackHat Tools List
luong-komorebi/Begin-Latex-in-minutes - 📜 Brief Intro to LaTeX for beginners that helps you use LaTeX with ease.
songtianyi/landscape-of-programming - This repo aim to show you what to learn on the way to excellence.
trimstray/iptables-essentials - Iptables Essentials: Common Firewall Rules and Commands.
trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
aichinateam/chinese-ai-developer - 👩🏿‍💻👨🏾‍💻👩🏼‍💻👨🏽‍💻👩🏻‍💻中国 AI 开发者项目列表 -- 分享大家都在做什么
spoock1024/web-security - Web安全中比较好的文章
mdrights/antiG - Yet another live OS to resist Surveillance/Censorship and to protect digital privacy.
SuJunming/mac-awesomeTools - mac常用软件等等，有你需要的！
im-bug/BlockChain-Security-List -
NtrQQ/download -
resumejob/awesome-resume - Resume，Resume Templates，程序员简历例句，简历模版，
LandGrey/upload-labs-writeup - upload-labs writeup
JoyChou93/sks - Security Knowledge Structure(安全知识汇总)
telegramlist/telegramlist - Telegram中文群索引列表（言论自由版）
laylalaisy/GRE_laylalaisy - Toefl的姊妹篇lol GRE的一些资料~ 祝小可爱和大佬们早日和GRE巨型怪兽分手(o゜▽゜)o☆
laylalaisy/TOEFL_laylalaisy - 备考托福的一丢丢经验+资料~祝小可爱和大佬们都早日和托福大魔王分手(o゜▽゜)o☆
wangbjun/ubuntu-unity-setup - Ubuntu unity桌面的一些优化设置以及常用软件，完全使用Ubuntu作为日常生活工作系统攻略。
V33RU/IoTSecurity101 - A Curated list of IoT Security Resources
smgorelik/Windows-RCE-exploits - The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS, the samples are uploaded for education purposes for red and blue teams.
dily3825002/awesome-blockchain - 区块链白皮书、书籍、交易所、币种、自媒体等资源汇总 💯
cerebroapp/awesome-cerebro - Curated list of Cerebro plugins and resources
sie504/Struts-S2-xxx - 整理收集Struts2漏洞环境
Kutim/docker-security - docker 安全基线规范
xitu/gold-miner - 🥇掘金翻译计划，可能是世界最大最好的英译中技术社区，最懂读者和译者的翻译平台：
iCHAIT/awesome-macOS -  A curated list of awesome applications, softwares, tools and shiny things for macOS.
jobbole/awesome-javascript-cn - JavaScript 资源大全中文版，内容包括：包管理器、加载器、测试框架、运行器、QA、MVC框架和库、模板引擎等。由「开源前哨」和「前端大全」微信公号团队维护更新。
renkun-ken/MacType.Decency - A MacType profile that provides decent solution to font rendering and font substitutions for Windows operating systems.
xingshaocheng/architect-awesome - 后端架构师技术图谱
NoorQureshi/kali-linux-cheatsheet - Kali Linux Cheat Sheet for Penetration Testers
ihtml5/50weekly - 50weekly 发现高质量的前端资源
DictionaryHouse/The-Security-Handbook-Kali-Linux - A useful reference guide and a handbook of security basics for those starting out.
SwiftOldDriver/iOS-Weekly - 🇨🇳 老司机技术 iOS 周报
sp4rkw/Cyberspace_Security_Learning - 在学习CTF、网络安全路上整合自己博客和一些资料，持续更新~
zer0yu/CyberSecurityRSS - CyberSecurityRSS: 优秀的网络安全知识来源 / A collection of cybersecurity rss to make you better!
1c7/chinese-independent-developer - 👩🏿‍💻👨🏾‍💻👩🏼‍💻👨🏽‍💻👩🏻‍💻中国独立开发者项目列表 -- 分享大家都在做什么
dzharii/awesome-elasticsearch - A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!
l3m0n/linux_information - 自动化收集linux信息
ohmyarch/fontconfig-zh-cn -
pengshp/rpi3-package - RaspberryPi3 with Raspbian
upyun/upyun-resty - UPYUN's open source software for OpenResty development
redhuntlabs/RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
ccloli/developer-roadmap-zh-CN - 在 2020 年成为 Web 开发工程师之路线图 | Roadmap to becoming a web developer in 2020
goodjack/developer-roadmap-chinese - 2021 年成為 Web 開發人員的路線圖台灣正體中文版
CyC2018/CS-Notes - :books: 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计
Ridter/CS_Chinese_support - Cobalt strike 修改支持回显中文。
Roave/SecurityAdvisories - :closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
hylinux1024/awesome-blockchain-articles - A collection of awesome blockchain articles. Good learning resources about blockchain.
mafutian/software - 破解版工具/软件
tonghuaroot/Vulnerability-Env - 收集国内外开源CMS存在漏洞的各种版本
neoFelhz/various_domain_list - A various list of domain
soulteary/tenant-point - 租房要点，适用于北上广深杭，欢迎补充。
lmy375/awesome-vmp - 虚拟化保护（VMP壳）分析相关资料
r0ysue/OSG-TranslationTeam - 看雪iOS安全小组的翻译团队作品集合，如有勘误，欢迎斧正！
riusksk/secbook - 信息安全从业者书单推荐
Dukewill/DaiseaX - 戴西之海 - 先进数字集群：技术作者自留地
monklof/Back-End-Developer-Interview-Questions - 后端开发面试题，翻译自 https://github.com/arialdomartini/Back-End-Developer-Interview-Questions
nanqinlang-mogic/v2ray - template with websocket+tls+nginx of v2ray
swim2sun/spring-reference-docset - Spring Reference Documentation docset for Dash
myndtt/CTF-Site - 介绍一些CTF训练的站点
521xueweihan/git-tips - :trollface:Git的奇技淫巧
alebcay/awesome-shell - A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
vysecurity/DomainFrontingLists - A list of Domain Frontable Domains by CDN
evilsocket/bleah - This repository is DEPRECATED, please use bettercap as this tool has been ported to its BLE modules.
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
Schm1tz1/awesome-rtl-sdr - Software (meta-)package for RTL-SDR with some additional scripts and installers
guanchao/AndroidChecklist - Android应用审计checklist整理
kbandla/APTnotes - Various public documents, whitepapers and articles about APT campaigns
bit4woo/python_sec - python安全和代码审计相关资料收集 resource collection of python security and code review
DropsOfZut/awesome-security-weixin-official-accounts - 网络安全类公众号推荐，欢迎大家推荐
johnnyDEP/cobaltstrike - cobalt strike stuff I have gathered from around github
postlight/awesome-cms - 📚 A collection of open and closed source Content Management Systems (CMS) for your perusal.
Gracker/Rss-IT - 这个项目记录了个人订阅的一些科技人的Blog地址,欢迎大家推荐,一起来完善! 欢迎自荐......
HD421/Monitoring-Systems-Cheat-Sheet - A cheat sheet for pentesters and researchers about vulnerabilities in well-known monitoring systems.
kai5263499/osx-security-awesome - A collection of OSX and iOS security resources
tanprathan/MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
FabioBaroni/awesome-chinese-infosec-websites - A curated list of Chinese websites and personal blogs about ethical hacking and pentesting
jobbole/awesome-php-cn - PHP资源大全中文版，库、框架、模板、安全、代码分析、日志、第三方库、配置工具、Web 工具等
0x4D31/awesome-threat-detection - ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️
Tim9Liu9/TimLiu-iOS - iOS开发常用三方库、插件、知名博客等等
cryptoseb/CryptoPaper - Privacy, Security, and Anonymity For Every Internet User.
dat-ecosystem-archive/awesome-dat - Community curated resources for Dat Project [ DEPRECATED - More info on active projects and modules at https://dat-ecosystem.org/ ]
ethereum/pyethereum - Next generation cryptocurrency network
jiangsir404/Audit-Learning - 记录自己对《代码审计》的理解和总结，对危险函数的深入分析以及在p牛的博客和代码审计圈的收获
linonetwo/neo4j-tutorial-Chinese - 学图论数据库 Neo4j 的时候顺手翻译了它的在线课程
ColorfulCat/AndroidLibs - :fire:正在成为史上最全分类 Android 开源大全~~~~（长期更新 Star 一下吧）
Z4HD/coolq-telegram-bot-docker - 使用Docker容器化的QQ和Telegram的消息互转机器人。Source: jqqqqqqqqqq/coolq-telegram-bot
marcan/speculation-bugs - Docs and resources on CPU Speculative Execution bugs
l3m0n/pentest_study - 从零开始内网渗透学习
l3m0n/XSS-Filter-Evasion-Cheat-Sheet-CN - XSS_Filter_Evasion_Cheat_Sheet 中文版
3gstudent/Pentest-and-Development-Tips - A collection of pentest and development tips
hzlzh/Best-App - 收集&推荐优秀的 Apps/硬件/技巧/周边等
aceimnorstuvwxz/awesome-chatbot-list - 深度学习聊天机器人资源集合 Awesome chatbot resource list
KiriKira/vTemplate - v2ray的模板们
abdelhai/awesome-bots - Awesome Links about bots.
MiYogurt/network-security-mind-map - ☯️ 网络安全基础知识思维导图、大学笔记（Network security Mind Map）
nebgnahz/awesome-iot-hacks - A Collection of Hacks in IoT Space so that we can address them (hopefully).
madneal/articles-translator - :books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
arkadiyt/bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
vah13/OracleCVE - Vulnerabilities which found in Oracle products
SangKa/PWA-Book-CN - 第一本 PWA 中文书
IamHDT/Ecommerce-Website-Security-CheckList - List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the
tuteng/Best-websites-a-programmer-should-visit-zh - 程序员应该访问的最佳网站中文版
JnuSimba/LinuxSecNotes - some learning notes about Linux Security
tom0li/collection-document - Collection of quality safety articles. Awesome articles.
onlurking/awesome-infosec - A curated list of awesome infosec courses and training resources.
onethawt/reverseengineering-reading-list - A list of Reverse Engineering articles, books, and papers
tiimgreen/github-cheat-sheet - A list of cool features of Git and GitHub.
stamparm/ipsum - Daily feed of bad IPs (with blacklist hit scores)
zbetcheckin/Security_list - Great security list for fun and profit
jaredthecoder/awesome-vehicle-security - 🚗 A curated list of resources for learning about vehicle security and car hacking.
googlehosts/hosts - 镜像：https://scaffrey.coding.net/p/hosts/git / https://git.qvq.network/googlehosts/hosts
jhaddix/pentest-bookmarks - a collection of handy bookmarks
vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
Debian/raspi3-image-spec - contains the files to build the https://wiki.debian.org/RaspberryPi3 image
skywalker512/FlarumChina - Flarum 中文优化版
dataplane/serverhosting - Server hosting providers
hangyan/docker-resources - Docker resources collection. docker资源汇总
DieterReuter/workshop-raspberrypi-64bit-os - Workshop to build a 64bit Docker OS for the Raspberry Pi 3
Kivy-CN/GlumPy-CN - A Chinese Translation of GlumPy Documents 中文翻译GlumPy文档
tylerha97/awesome-reversing - A curated list of awesome reversing resources
phith0n/Mind-Map - 各种安全相关思维导图整理收集
missdeer/avege - Yet Another Redsocks Golang Fork
HSIS007/Useful_Websites_For_Pentester - This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.
geekcompany/ResumeSample - Resume template for Chinese programmers . 程序员简历模板系列。包括PHP程序员简历模板、iOS程序员简历模板、Android程序员简历模板、Web前端程序员简历模板、Java程序员简历模板、C/C++程序员简历模板、NodeJS程序员简历模板、架构师简历模板以及通用程序员简历模板
Hack-with-Github/Awesome-Security-Gists - A collection of various GitHub gists for hackers, pentesters and security researchers
CHYbeta/Code-Audit-Challenges - Code-Audit-Challenges
LJ147/Awesome-WeChat - 技术型干货分享公众号集合，点击公众号链接即可扫描快速二维码。
nikitavoloboev/my-mac - List of applications and tools that make my macOS experience even more amazing
coderzh/alfred-workflows -
waylau/spring-cloud-tutorial - Spring Cloud Tutorial.《Spring Cloud 教程》
gongzisun/cnretroshare - RetroShare中文介绍、FAQ、教程
wahyd4/aria2-ariang-x-docker-compose - Docker compose files for Aria2+ AriaNg+ filerun/ Nextcloud/ h5ai + Plex. 图形化BT，磁力，离线下载，文件管理，播放，投屏
toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
jobbole/awesome-java-cn - Java资源大全中文版，包括开发库、开发工具、网站、博客、微信、微博等，由伯乐在线持续更新。
crownpku/Awesome-Chinese-NLP - A curated list of resources for Chinese NLP 中文自然语言处理相关资料
jmpews/pwn2exploit - all mine papers, pwn & exploit
GrrrDog/Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
onethawt/idaplugins-list - A list of IDA Plugins
codingWang/LoveImageMore - 各种技能树/图的收集整理
EdOverflow/bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
kahun/awesome-sysadmin - A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.
geeeeeeeeek/git-recipes - 🥡 Git recipes in Chinese by Zhongyi Tong. 高质量的Git中文教程.
xtiankisutsa/awesome-mobile-CTF - This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them are android based due to the popularity of the platform.
17mon/china_ip_list -
3gstudent/CVE-2017-8464-EXP - Support x86 and x64
ngosang/trackerslist - Updated list of public BitTorrent trackers
wizardforcel/web-hacking-101-zh - :book: [译] Web Hacking 101 中文版
sergey-pronin/Awesome-Vulnerability-Research - 🦄 A curated list of the awesome resources about the Vulnerability Research
yeahwu/Google-IP-Range - 一个超大的 Google 全球 IP 扫描范围库
sh4hin/Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
muellerberndt/android_app_security_checklist - Android App Security Checklist
hxy9243/whotofollow - Who to follow on Twitter/Telegram
drduh/Debian-Privacy-Server-Guide - Guide to using a remote Debian server for security and privacy services
scar45/conky_synthwave_neon - Synthwave-inspired Conky theme with weather support and a spiffy layout.
erguotou520/bye - bye to yesterday and do yourself
OneSecure/ShadowAgentNotes -
programthink/sites - 【编程随想】收藏的各色网站
PaulSec/awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows.
Awesome-Windows/Awesome - :computer: 🎉 An awesome & curated list of best applications and tools for Windows.
Alvin9999/new-pac - 翻墙-科学上网、免费翻墙、免费科学上网、VPN、一键翻墙浏览器，vps一键搭建翻墙服务器脚本/教程，免费shadowsocks/ss/ssr/v2ray/goflyway账号/节点，免费自由上网、fanqiang、翻墙梯子，电脑、手机、iOS、安卓、windows、Mac、Linux、路由器翻墙、科学上网
jxtsai/infographics - infographic
ipfs/ipfs - Peer-to-peer hypermedia protocol
chamuco/respin - Tool to backup and clone Ubuntu or Debian distros
game-turn-over-skill-group/sync_hosts - 解除Resilio Sync/BTSync限制china地区镜像：https://coding.net/u/renerli/p/sync_hosts/git
iMeiji/shadowsocks_install - Auto install shadowsocks server，thanks 秋水逸冰
mdrights/os-observe - 我的Linux / 隐私安全笔记
uhub/awesome-c - A curated list of awesome C frameworks, libraries and software.
sindresorhus/awesome-nodejs - :zap: Delightful Node.js packages and resources
mawenjian/china-cdn-domain-whitelist - 中国CDN服务提供商域名白名单（China CDN Service Providers' Domain Whitelist）
3xp10it/php_cve-2014-8142_cve-2015-0231 - php_cve-2014-8142_cve-2015-0231的漏洞环境docker
shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
m0l1ce/wooyunallbugs - wooyun_all_bugs
gfwlist/gfwlist - The one and only one gfwlist here
jinyu121/SurgeRule - Deprecate since 2016
lu4nx/Exploit-Exercises-Nebula - Exploit-Exercises Nebula全攻略——Linux平台下的漏洞分析入门
AonCyberLabs/Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker
joyceqi/vulnerability-analysis-report - here records some personal vulnerability analysis reports
Xel/Blockchain-stuff - Blockchain and Crytocurrency Resources
vysecurity/RedTips - Red Team Tips as posted by @vysecurity on Twitter
XeusHack/Awesome-Hacking-Practice - A curated list of websites and apps to help you practice hacking
mandatoryprogrammer/RussiaDNSLeak - Summary and archives of leaked Russian TLD DNS data
xiaolai/INB-Principles - Blockchain related ICO Investing Principles by INBlockchain
hobby-kube/guide - Kubernetes clusters for the hobbyist.
rshipp/awesome-malware-analysis - Defund the Police.
kailashahirwar/cheatsheets-ai - Essential Cheat Sheets for deep learning and machine learning researchers https://medium.com/@kailashahirwar/essential-cheat-sheets-for-machine-learning-and-deep-learning-researchers-efb6a8ebd2e5
alexpate/awesome-design-systems - 💅🏻 ⚒ A collection of awesome design systems
djadmin/awesome-bug-bounty - A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
sdmg15/Best-websites-a-programmer-should-visit - :link: Some useful websites for programmers.
mbasso/awesome-wasm - 😎 Curated list of awesome things regarding WebAssembly (wasm) ecosystem.
byoungd/English-level-up-tips - An advanced guide to learn English which might benefit you a lot 🎉 . 可能是让你受益匪浅的英语进阶指南。
chentsulin/awesome-graphql - Awesome list of GraphQL
FallibleInc/security-guide-for-developers - Security Guide for Developers (实用性开发人员安全须知)
ptresearch/AttackDetection - Attack Detection
NotSoSecure/password_cracking_rules - One rule to crack all passwords. or atleast we hope so.
Han0nly/SecurityRSS - 网络安全相关的RSS订阅列表
exakat/php-static-analysis-tools - A reviewed list of useful PHP static analysis tools
sublimino/awesome-funny-markov - A curated list of delightfully amusing and facetious Markov chain output.
mikesiko/PracticalMalwareAnalysis-Labs - Binaries for the book Practical Malware Analysis
akullpp/awesome-java - A curated list of awesome frameworks, libraries and software for the Java programming language.
Jermic/Android-Crack-Tool - 🐞Android crack tool For Mac
coreb1t/awesome-pentest-cheat-sheets - Collection of the cheat sheets useful for pentesting
ZonkSec/persistence-aggressor-script - initial commit
wainshine/Chinese-Names-Corpus - 中文人名语料库。人名生成器。中文姓名,姓氏,名字,称呼,日本人名,翻译人名,英文人名。可用于中文分词、人名实体识别。
virajkulkarni14/WebDeveloperSecurityChecklist - A checklist of important security issues you should consider when creating a web application.
Ettack/WebshellCCL - A python script help with webshell bypassing.
markets/awesome-ruby - :gem: A collection of awesome Ruby libraries, tools, frameworks and software
Security-Onion-Solutions/security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
carpedm20/awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
embedded-boston/awesome-embedded-systems - A curated list of delightful Embedded Systems libraries, RTOSes, modules, references and more!
jobbole/awesome-python-books - 如果有人让你推荐 Python 技术书，请让他看这个列表
aalhour/awesome-compilers - :sunglasses: Curated list of awesome resources on Compilers, Interpreters and Runtimes
sam-b/windows_kernel_resources - Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
SecWiki/sec-chart - 安全思维导图集合
PolarisLab/SecPaper - SecurityPaper For www.polaris-lab.com
d30sa1/RootKits-List-Download - This is the list of all rootkits found so far on github and other sites.
secfigo/Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Developme
michaelliao/awesome-python3-webapp - 小白的Python入门教程实战篇：网站+iOS App源码→ http://t.cn/R2PDyWN 赞助→ http://t.cn/R5bhVpf
IVMachiavelli/OSINT_Team_Links - Links for the OSINT Team
Naetw/CTF-pwn-tips - Here record some tips about pwn. Something is obsoleted and won't be updated. Sorry about that.
jivoi/awesome-ml-for-cybersecurity - :octocat: Machine Learning for Cyber Security
vasanthk/web-security-basics - Web security concepts
Hack-with-Github/Powerful-Plugins - Powerful plugins and add-ons for hackers
jynychen/pasc2at - 高级PHP应用程序漏洞审核技术 by 80vul
PyroTek3/PowerShell-AD-Recon - PowerShell Scripts I find useful
masatokinugawa/filterbypass - Browser's XSS Filter Bypass Cheat Sheet
ludiosarchive/unfixed-security-bugs - A list of publicly known but unfixed security bugs
futurice/android-best-practices - Do's and Don'ts for Android development, by Futurice developers
infoslack/awesome-web-hacking - A list of web application security
BMaChina/cnvd_database -
ranxian/xv6-chinese - 中文版的 MIT xv6 文档
jonbruner/twitter-analysis - The original dataset for my 2013 article on Twitter's network patterns
wsargent/docker-cheat-sheet - Docker Cheat Sheet
BastilleResearch/mousejack - MouseJack device discovery and research tools
pandazheng/Threat-Intelligence-Analyst - 威胁情报，恶意样本分析，开源Malware代码收集
mfornos/awesome-microservices - A curated list of Microservice Architecture related principles and technologies.
toolinbox/iPic - iPic could automatically upload images and save Markdown links.
orangetw/bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
SecYouth/sec-jobs - 信息安全实习和校招的面经、真题和资料减少安全选手找实习/工作的痛苦
Haixing-Hu/typesetting-standard - 中文排版所需遵循的标准和规范
sparanoid/chinese-copywriting-guidelines - Chinese copywriting guidelines for better written communication／中文文案排版指北
berzerk0/Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
endymecy/awesome-deeplearning-resources - Deep Learning and deep reinforcement learning research papers and some codes
jaybosamiya/security-notes - :notebook: Some security related notes
Cactus-proj/Reverse-Engineering-for-Beginners-CHS - Reverse Engineering for Beginners 这本书的翻译完善
AV1080p/Benchmarks - 常用服务器、数据库、中间件安全配置基线 - 基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器，安卓、IOS、云的安全配置 For benchmarks.cisecurity.org
recdnsfp/recdnsfp.github.io -
xNymia/Suricata-Signatures - Suricata rules for Emerging Threats and funkyness
qazbnm456/awesome-web-security - 🐶 A curated list of Web Security materials and resources.
Te-k/flexidie - Source code and binaries of FlexiSpy from the Flexidie dump
jivoi/awesome-osint - :scream: A curated list of amazingly awesome OSINT
qazbnm456/awesome-cve-poc - ✍️ A curated list of CVE PoCs.
veggiemonk/awesome-docker - :whale: A curated list of Docker resources and projects
meirwah/awesome-incident-response - A curated list of tools for incident response
bluscreenofjeff/Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
Idnan/bash-guide - A guide to learn bash
Cryptogenic/Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go
TuuuNya/fuzz_dict - 常用的一些fuzz及爆破字典，欢迎大神继续提供新的字典及分类。
We5ter/Scanners-Box - A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
angular-pakistan/ng-conf-2017 - Everything #ngConf2017 - talks - slides - resources
wwj718/awesome-raspberry-pi-zh - 树莓派(Raspberry Pi )资源大全中文版 , 包括工具、项目、镜像、资源等
michalmalik/osx-re-101 - A collection of resources for OSX/iOS reverse engineering.
megous/megatools - Open-source command line tools for accessing Mega.co.nz cloud storage.
caomulaodao/XSS-Filter-Evasion-Cheat-Sheet-CN - XSS_Filter_Evasion_Cheat_Sheet 中文版
cure53/XSSChallengeWiki - Welcome to the XSS Challenge Wiki!
shmilylty/awesome-hacking - awesome hacking chinese version
Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
Hack-with-Github/Free-Security-eBooks - Free Security and Hacking eBooks
cn0xroot/RFSec-ToolKit - RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集，可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith
pillarjs/understanding-csrf - What are CSRF tokens and how do they work?
automayt/FlowAnalysisDocker - A Dockerfile for creation of an Ubuntu Docker with SiLK/YAF/FlowBAT for testing.
herrbischoff/awesome-macos-command-line - Use your macOS terminal shell to do awesome things.
tiancode/learn-hacking - 开始学习Kali Linux 各种破解教程渗透测试逆向工程 HackThisSite挑战问题解答
justjavac/Google-IPs - :us: Google 全球 IP 地址库
exploitprotocol/IoT-Security-Wiki -
AntBranch/awesome-github - A curated list of awesome GitHub guides, articles, sites, tools, projects and resources. 收集这个列表，只是为了更好地使用GitHub,欢迎提交pr和issue。
1021683053/awesome-raspberry-pi-zh - 树莓派工具，镜像，教程，文章
inputsh/awesome-linux - :penguin: A list of awesome projects and resources that make Linux even more awesome. :penguin:
alim0x/Awesome-Linux-Software-zh_CN - 🐧 一个 Linux 上超赞的应用，软件，工具以及其它资源的集中地。
JaredCubilla/sublime - A collection of some of the best Sublime Text packages, themes, and goodies.
BruceDone/awesome-crawler - A collection of awesome web crawler,spider in different languages
dodola/Gitbook - 收录找到的不错的文档
PiPHP/Resources - A resource directory for PHP programming on a Raspberry Pi
youyudehexie/node123 - node.js中文资料导航
francistao/LearningNotes - Enjoy Learning.
staticfile/static - 开放静态文件 - 为开源库提供稳定、快速的免费 CDN 服务
jwasham/coding-interview-university - A complete computer science study plan to become a software engineer.
fex-team/styleguide - 文档与源码编写风格
ruanyf/jstraining - 全栈工程师培训材料
hackstoic/golang-open-source-projects - 为互联网IT人打造的中文版awesome-go
FrankFang/best-chinese-front-end-blogs - 收集优质的中文前端博客
ZuzooVn/machine-learning-for-software-engineers - A complete daily plan for studying to become a machine learning engineer.
qyuhen/book - 学习笔记
facert/python-data-structure-cn - problem-solving-with-algorithms-and-data-structure-using-python 中文版
shimohq/react-cookbook - 编写简洁漂亮，可维护的 React 应用
a8m/golang-cheat-sheet - An overview of Go syntax and features.
TonnyL/Awesome_APIs - :octocat: A collection of APIs
judasn/IntelliJ-IDEA-Tutorial - IntelliJ IDEA 简体中文专题教程
lxj616/docker-dvwa-wooyun - docker contained dvwa with wooyun plugin

PHP

StarCrossPortal/swallow - 代码审计自动化系统,底层架构为蜻蜓编排系统,墨菲SCA,fortify,SemGrep,hema
D4RK-R4BB1T/Dark-Web-Archives - Archives of the criminal side of the internet
LDZ-27/rabbit_list - 针对中国开发者，黑客的开源情报工具：名单，主要使用社交ID追踪，枚举，画像等手段，锁定潜在攻击者
0xs1riu5/vulawdhub - 该项目是利用docker技术创建的有漏洞的cms环境集合，可以进行练习
ine-labs/AWSGoat - AWSGoat : A Damn Vulnerable AWS Infrastructure
luolongfei/freenom - Freenom 域名自动续期。Freenom domain name renews automatically.
zidansec/CloudPeler - CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat
SNCKER/CVE-2021-3129 - Laravel debug rce
cckuailong/reapoc - OpenSource Poc && Vulnerable-Target Storage Box.
StarCrossPortal/QingTing - 蜻蜓安全一个安全工具编排平台,可以自由编排你的工具流,集成108款工具,包括xray、nmap、awvs等;你可以将喜欢的工具编排成一个场景，快速打造适合自己的安全工作台~
lu2ker/PHP-Code - 通过ThinkPHP框架学习PHP代码审计
scheatkode/presshell - 🚪 Quick & dirty Wordpress Command Execution Shell
UlyssesTakusen/vendor - 基于PHP-Parser生成AST抽象语法树
antlers12/CTFd_sqlilabs -
celaraze/chemex - ☕ 咖啡壶是一个免费、开源、高效且漂亮的运维资产管理平台。软硬件资产管理、归属/使用者追溯、盘点以及可靠的服务器状态管理面板。基于优雅的Laravel框架和DcatAdmin开发。
Xib3rR4dAr/WannaRace - WebApp intentionally made vulnerable to Race Condition for practicing Race Condition
yitd/ICP-API - ICP备案信息查询API接口
kuaifan/dootask - DooTask是一款开源在线项目任务管理工具，提供各类文档协作工具、在线思维导图、在线流程图、项目管理、任务分发、即时IM，文件管理等工具；同时消息功能使用非对称加密技术让你的沟通更安全。
refengs/noteb-labs - Noteb-B web漏洞靶场平台
kalcaddle/kodbox - kodbox is a file manager for web. It is a newly designed product based on kodexplorer. It is also a web code editor, which allows you to develop websites directly within the web browser.You can run ko
MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
ianxtianxt/74cms-upload - 新版74cms v4.2.126-任意文件读取漏洞
wdjisn/laravel-admin - LaravelAdmin是基于PHP开发的基础管理后台系统，做到开箱即用，为新项目开发省去了基础功能开发的步骤；此系统采用前后端分离模式，后端使用Laravel，前端使用vue；主要包含：登录、注销、可视化数据大屏、管理员、角色管理、菜单管理、权限管理、错误日志、登录日志、访问日志、获取服务器CPU使用率、内存使用率等功能。后端主要使用Artisan命令行、Jobs消息队列、 Rules验证规则、
swagkarna/Rafel-Rat - -------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims...Hack Android Devices
Nickguitar/YAPS - Yet Another PHP Shell - The most complete PHP reverse shell
m9rco/algorithm-php - 🍭🍭uniting the internal work in a way that is in PHP
HolyBugx/Demystifying-Cookies-and-Tokens-Security - Learn Cookies and Tokens Security in Practice.
oldkingcone/slopShell - the only php webshell you need.
infosecak/defenselessV1 - Just another vulnerable web application.
Rinkish/Sqli_Edited_Version - Edited SQLi Audi lab series so that it can work in kali linux with PhpVersion 7+
nicoSWD/asvs-checklist - OWASP Application Security Verification Standard 4.0 Checklist
Macr0phag3/webshell-bypassed-human - 过人 webshell 的生成工具
PrivateBin/PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
m0nkeyshell/WebSecLab-1 -
le31ei/ctf_challenges - 适用于一线安服的ctf培训题目，全docker环境一键启动
sqlsec/upload-labs-docker - 国光的文件上传靶场，基于 upload-labs 定制
sqlsec/ssrf-vuls - 国光的手把手带你用 SSRF 打穿内网靶场源码
adamtlangley/request_logger - Application for logging HTTP and DNS Requests
sh377c0d3/Payloads - Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Jiab77/nmap-webui - A simple web interface for Nmap with a XML to JSON reports converter
GemGeorge/SniperPhish - SniperPhish - The Web-Email Spear Phishing Toolkit
bewhale/thinkphp_gui_tools - ThinkPHP漏洞综合利用工具, 图形化界面, 命令执行, 一键getshell, 批量检测, 日志遍历, session包含,宝塔绕过
vimeo/php-mysql-engine - A MySQL engine written in pure PHP
securityRoad/HoneyPot - Typecho 蜜罐/日志审计安全插件
repoog/PassPwned - API for querying big data of broken personal data
TomAPU/ThinkPHP-Unserialize-Collection - ThinkPHP各版本反序列化利用代码
ZE3kr/Cloudflare-CNAME-Setup -
zigoo0/JSONBee - A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
A3h1nt/Grawler - Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
eastmountyxz/CyberSecurityBox - 该资源为网络安全和Web渗透各种类型题目的离线靶场，主要采用PHP语言实现，包括XSS攻击、文件上传漏洞、SQL注入等，基础性资源，希望对安全初学者有所帮助。加油~
abhinavprasad47/Awsome-shells - Collection of reverse shells
choirurrizal/paraminer -
mIcHyAmRaNe/wso-webshell - 🕹 wso php webshell
dr0op/k4l0ng_WAF - A broute detect WAF by PHP using to AWD
valbrux/WebSecArs - Web Security payloads & co.
MyIntervals/emogrifier - Converts CSS styles into inline style attributes in your HTML code.
1062497537/Awvs-Xray - Awvs 批量添加扫描/删除任务 + 可选式对接Xray 自动化挖洞
qkqpttgf/OneManager-php - An index & manager of Onedrive based on serverless. Can be deployed to Heroku/Glitch/Vercel/Replit/SCF/FG/FC/CFC/PHP web hosting/VPS.
adamfisk/LittleProxy - High performance HTTP proxy originally written by your friends at Lantern and now maintained by a stellar group of volunteer open source programmers.
zseano/InputScanner -
smaranchand/bucky - Bucky (An automatic S3 bucket discovery tool)
zerofox-oss/phishpond - Because phishtank was taken.. explore phishing kits in a contained environment!
J0o1ey/rips-Chinese - 本人三年前汉化的PHP代码审计工具rips
wofeiwo/webcgi-exploits - Multi-language web CGI interfaces exploits.
r00tSe7en/Mail-Probe - 邮箱探针后台管理系统
incredibleindishell/SSRF_Vulnerable_Lab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
V7hinc/wooyun_final - 根据hanc00l和m0l1ce提供的数据构建docker版的乌云漏洞库，包含8.8W漏洞信息
DasSecurity-HatLab/AoiAWD - AoiAWD-专为比赛设计，便携性好，低权限运行的EDR系统。
beched/php_disable_functions_bypass - procfs-based PHP sandbox bypass
PlutoaCharon/AWD-Attack-Defense - CTF-AWD攻防脚本工具合集
ethicalhackingplayground/fuzzdb-1 - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
ivan-sincek/penetration-testing-cheat-sheet - Work in progress...
lucasmartinelle/AnotherVulnerableWebApp -
reconmap/rest-api - REST API backend for Reconmap
phpstan/phpstan - PHP Static Analysis Tool - discover bugs in your code without running it!
lucideus-repo/UnSAFE_Bank - Vulnerable Banking Suite
momosecurity/mosec-composer-plugin - 用于检测composer项目的第三方依赖组件是否存在安全漏洞。
nikic/PHP-Parser - A PHP parser written in PHP
gyxuehu/EwoMail - EwoMail是基于Linux的企业邮箱服务器，集成了众多优秀稳定的组件，是一个快速部署、简单高效、多语言、安全稳定的邮件解决方案
lucasfrag/Kali-Linux-Tools-Interface - Graphical Web interface developed to facilitate the use of security information tools.
hightman/xunsearch - 免费开源的中文搜索引擎，采用 C/C++ 编写 (基于 xapian 和 scws)，提供 PHP 的开发接口和丰富文档
asphxg/findpass - 基于sphinx的社工库
DimopoulosElias/xhrStealer - XHR Posts cookie and body html. PHP receives the data and saves in md format with html highling.
mm0r1/exploits - Pwn stuff.
hisiphp/hisiphp - HisiPHP V2版是基于ThinkPHP5.1和Layui开发的后台框架，承诺永久免费开源，您可用于学习和商用，但须保留版权信息正常显示。如果HisiPHP对您有帮助，您可以点击右上角 "Star" 支持一下哦，谢谢！
joesmithjaffa/jenkins-shell - Automating Jenkins Hacking using Shodan API
shouldbee/reserved-usernames - 590+ usernames in this dictionary! A list of reserved usernames to prevent url collision with resource paths. This repository hosts the list in multiple formats like JSON, CSV, SQL and plain text. You
FloeDesignTechnologies/phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
4x99/code6 - 码小六 - GitHub 代码泄露监控系统
curtbraz/PhishAPI - Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
dotboris/vuejs-serverside-template-xss - Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
EnginDemirbilek/NorthStarC2 - Web Based Command Control Framework (C2) #C2 #PostExploitation #CommandControl #RedTeam #C2Framework #PHPC2 #.NETMalware #Malware #PHPMalware #CnC #infosec #offensivesecurity #Trojan
adamtlangley/gitscraper - A tool which scrapes public github repositories for common naming conventions in variables, folders and files
whirlwind110/tphack - Thinkphp3/5 Log文件泄漏利用工具
vavkamil/dvwp - Damn Vulnerable WordPress
TheKingOfDuck/XSS-Fishing2-CS - 鱼儿在cs上线后自动收杆|Automatically stop fishing in javascript after the fish is hooked
hack2012/xssblind - 使用docker-compose一键快速搭建ezXSS环境
mo-xiaoxi/CTF_Web_docker - dockers for CTF_Web.
SpiderMate/B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
webshellpub/awsome-webshell - webshell样本大合集。收集各种webshell用于webshell分析与发现。——www.shellpub.com
backdoorhub/shell-backdoor-list - 🎯 PHP / ASP - Shell Backdoor List 🎯
j4yd33/hacking-files - Arquivos para estudo sobre Bug Bounty.
lightswitch05/php-version-audit - Audit your PHP version for known CVEs and patches
BookStackApp/BookStack - A platform to create documentation/wiki content built with PHP & Laravel
orangetw/My-CTF-Web-Challenges - Collection of CTF Web challenges I made
eboda/35c3 - Challenges I created for 35c3
monicahq/monica - Personal CRM. Remember everything about your friends, family and business relationships.
slince/composer-registry-manager - :hammer_and_wrench: :hammer: Composer registry manager that help to easily switch to the composer repository you want.
r00tSe7en/get_AV - Windows杀软在线对比辅助
422926799/note - 记录自己写的工具和学习笔记
susers/Writeups - 国内各大CTF赛题及writeup整理
kasuganosoras/SyncMusic - 🎵 PHP Swoole 开发的在线同步点歌台，支持自由点歌，切歌，调整排序，删除指定音乐以及基础权限分级
fecshop/yii2_fecshop - yii2 ( PHP ) fecmall（fecshop） core code used for ecommerce shop 多语言多货币多入口的开源电商 B2C 商城，支持移动端vue, app, html5，微信小程序微店，微信小程序商城等
wolves-aman/AmanCTF -
Jsitech/JShielder - Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark
ssl/ezXSS - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
momosecurity/rhizobia_P - PHP安全SDK及编码规范
zzb1999/xss-platform - 一款基于ThinkPHP5.1的XSS管理平台。
weprovide/valet-plus - Blazing fast macOS PHP development environment
78778443/xssplatform - 一个经典的XSS渗透管理平台
Tai7sy/LotServer_KeyGen - A LotServer KeyGen
TennousuAthena/qc_classroom - 🕊青草课堂在线教育
Anankke/SSPanel-Uim - SSPanel V3 魔改再次修改版
LudySu/Synology-LrcPlugin - Lyrics plugin for Synology Audio Station/DS Audio
gz-hejiehui/WebStack-Laravel - 一个开源的网址导航网站项目，您可以拿来制作自己的网址导航。
mylxsw/wizard - Wizard是一款开源的文档管理工具，支持Markdown/Swagger/Table类型的文档。
fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
YesknStudio/vmoex-framework - 一个开源的二次元向的社区程序。
nico3333fr/CSP-useful - Collection of scripts, thoughts about CSP (Content Security Policy)
zhuifengshaonianhanlu/pikachu - 一个好玩的Web安全-漏洞测试平台
ym2011/SecurityTechnique - Security technique research and some funny work on it !
l3m0n/Bypass_Disable_functions_Shell - 一个各种方式突破Disable_functions达到命令执行的shell
icret/easyImages - 此版本不再维护，已出新版：速度更快，压缩更小：
TideSec/WDScanner - WDScanner平台目前实现了如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。
ksanchezcld/Hacking_Cheat_Sheet - All my Hacking|Pentesting Notes
AlanDecode/Typecho-Theme-RAW - “在互联网上寻找栖息之地”
0oVicero0/oneindex - OneDrive Directory Index
joannesource/docker-tt-rss-arm7 - Docker image for Tiny Tiny RSS feed reader for Raspberry Pi / arm7 / arm8.
WangNingkai/OLAINDEX - ✨ Another OneDrive Directory Index
ganlvtech/down_52pojie_cn - A single page file explorer that can be hosted on static website. 吾爱破解论坛爱盘 https://down.52pojie.cn/ 页面的源代码
Qsnh/meedu - 教培系统、线上培训、知识付费解决方案。
radenvodka/SVScanner - SVScanner - Scanner Vulnerability And MaSsive Exploit.
jxlwqq/id-validator - 中华人民共和国居民身份证、中华人民共和国港澳居民居住证以及中华人民共和国台湾居民居住证号码验证工具（PHP 版）
uouuou/Typecho-theme-Rinvay - Rinvay.H 主题预览
EasyEngine/easyengine - Command-line control panel for Nginx Server to manage WordPress sites running on Nginx, PHP, MySQL, and Let's Encrypt
joshdick/miniProxy - 🚨⚠️ UNMAINTAINED! ⚠️🚨 A simple PHP web proxy.
galnetwen/Random-Image - 随机图片服务
yoniu/yoniu - TYPECHO原创模板
helloxz/phpdns - 此项目不再维护，推荐使用AdGuard Home来替代。
bowu678/php_bugs - PHP代码审计分段讲解
yaofeifly/Vub_ENV - 跟踪真实漏洞相关靶场环境搭建
SecurityPaper/mail_fishing - 甲方安全工程师必备，内部钓鱼系统
s4n7h0/xvwa - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
M4DM0e/BadMod - CMS auto detect and exploit.
prasathmani/tinyfilemanager - Single-file PHP file manager, browser and manage your files efficiently and easily with tinyfilemanager
c0ny1/upload-labs - 一个想帮你总结所有类型的上传漏洞的靶场
LoeiFy/Diaspora - Diaspora - A WordPress theme
0verSp4ce/DoraBox - DoraBox - Basic Web Vulnerability Training
a0xnirudh/kurukshetra - Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
jozhn/Bigfa - ⚡Typecho简约精致的白色两栏主题。A Typecho Theme
wupco/weblogger - 针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具
littleplus/url-shorter - A modern, safe and simple url shorter
assimon/dujiaoka - 🦄独角数卡(自动售货系统)-开源站长自动化售货解决方案、高效、稳定、快速！🚀🚀🎉🎉
FriendsOfPHP/security-advisories - A database of PHP security advisories
xtr4nge/FruityWifi - FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry
Jamalc0m/wphunter - WPHunter A Wordpress Vulnerability Scanner
helloxz/IPinfo - 整合多接口的IP查询工具。
duoergun0729/1book - 《Web安全之机器学习入门》
mrgeneralgoo/typecho-update-assistant - A update plugin for Typecho.
bugku/BWVS - Web漏洞渗透测试靶场
klsf/kldns - 快乐二级域名分发系统
lietdai/doom - DOOM是在thorn上实现的分布式任务分发的ip端口漏洞扫描器
attackercan/regexp-security-cheatsheet -
NewbMiao/typecho2Hexo - typecho批量转Hexo
overtrue/easy-sms - :calling: 一款满足你的多种发送需求的短信发送组件
Tai7sy/card-system - 卡密商城系统，高效安全的在线卡密商城
aszone/avenger-sh - Project for finding vunerabilities in mass.
honraytech/VueThink - VueThink是一套基于Vue全家桶（Vue2.x + Vue-router2.x + Vuex）+ ThinkPHP5的前后端分离框架。
helloxz/imgurl - ImgURL是一个简单、纯粹的图床程序，让个人图床多一个选择。
drego85/DDoS-PHP-Script - Script to perform a DoS or DDoS UDP Flood by PHP
Bo0oM/CVE-2017-5124 - Chrome < 62 uxss exploit (CVE-2017-5124)
l3m0n/pentest_tools - 收集一些小型实用的工具
maysrp/webdir - 网站目录
maysrp/yunBT - Aria2 FFmpeg 的多用户下载视频转码
anoshop/online.net -
fengqi/docker-rtorrent - rTorrent 0.9.4 加 libTorrent 0.13.4 和 ruTottent，打了加 peer 的补丁
WhatCD/Gazelle -
flarum/flarum - Simple forum software for building great communities.
BlackFan/WEB-INF-dict - List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.
jockchou/gitblog - markdown blog base on CodeIgniter, writing blog with markdown！基于CI的markdown博客
jvoisin/php-malware-finder - Detect potentially malicious PHP files
Hood3dRob1n/SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
paragonie/awesome-appsec - A curated list of resources for learning about application security
maysrp/TALD - 使用Aria2作为后端通过视频来采集视频作为自己的视频网站:ThinkPHP Aria2 Libav Dplayer
swisskyrepo/Vulny-Code-Static-Analysis - Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Dhayalanb/windows-php-reverse-shell - Simple php reverse shell implemented using binary .
mddanish/Vulnerable-OTP-Application - Vulnerable OTP/2FA Application written in PHP using Google Authenticator
dotcppfile/DAws - Advanced Web Shell
hanc00l/wooyun_public - This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops
giaplv57/GuruWebScanner - An On-The-Cloud free "greybox" box scanner for various purposes.
Tuhinshubhra/RED_HAWK - All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
xl7dev/WebShell - Webshell && Backdoor Collection
SecWiki/CMS-Hunter - CMS漏洞测试用例集合
Chocobozzz/OpenVPN-Admin - Install and administrate OpenVPN with a web interface (logs visualisations, users managing...)
xiaoxiaoleo/xiao-webshell - a collection of webshell
nyufeng/tiebarobot - 贴吧自动删帖机器人
PingPlusPlus/pingpp-php -
phith0n/XssHtml - php富文本过滤类，XSS Filter
interference-security/empire-web - PowerShell Empire Web Interface
wkcaj/safecurl - SSRF Protection Library for PHP - http://safecurl.fin1te.net
weiboad/kafka-php - kafka php client
OneSourceCat/phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods
ricoa/copywriting-correct - 中英文文案排版纠正器
owner888/phpspider - 《我用爬虫一天时间“偷了”知乎一百万用户，只为证明PHP是世界上最好的语言》所使用的程序
tgalopin/simhashphp - SimHash similarities algorithm implementation for PHP
3xp10it/xwebshell - 免杀webshell
ZhuFaner/shadowsocks-manage-system - 科学上网管理系统
0x584A/fuzzXssPHP - PHP版本的反射型xss扫描，支持GET，POST
incredibleindishell/LDAP-credentials-collector-backdoor-generator - This script generate backdoor code which log username password of an user who have passed HTTP basic auth using LDAP credentials.
zhuzhichao/ip-location-zh - 获取 IP 地址的真实地理位置
atymic/twitter - Twitter API for Laravel 5.5+, 6.x, 7.x & 8.x
Daiyichen/Front-end-tutorial - :panda_face:最全的资源教程-前端涉及的所有知识体系
lxj616/DVWA-WooYun - It is a DVWA with some plugins based on real wooyun bug reports
BlackHole1/WebRtcXSS - 利用XSS入侵内网(Use XSS automation Invade intranet)
hayashier/dom-based-xss-detector - Detector of DOM based XSS

PLpgSQL

1eez/103976 - 103976个英语单词库（sql版，csv版，Excel版）包含英文单词，中文翻译，单词的词性及多种词义,执行SQL语句就可以生成表，支持SQL Server，MySQL等多种数据库

Pascal

claudiouzelac/rootkit.com - Mirror of users section of rootkit.com
diversenok/TokenUniverse - An advanced tool for working with access tokens and Windows security policy.
0xsp-SRD/mortar - evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
lawrenceamer/TChopper - conduct lateral movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine
lawrenceamer/dns-black-cat - Multi platform toolkit for an interactive DNS shell commands exfiltration, by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol
stascorp/rdpwrap - RDP Wrapper Library
ibv/LDAP-Admin - LDAP Admin for Linux
DarkCoderSc/win-brute-logon - Crack any Microsoft Windows users password without any privilege (Guest account included)
lawrenceamer/0xsp-Mongoose - a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and t
syhunt/sandcat - An open-source, pentest and developer-oriented web browser, using the power of Lua

Perl

ariary/DogWalk-rce-poc - 🐾Dogwalk PoC (using diagcab file to obtain RCE on windows)
Zimbra-Community/zimbra-tools - Various tools for Zimbra
truongkma/ctf-tools - tổng hợp tool ctf
samyk/slipstream - NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website
htrgouvea/nozaki - HTTP fuzzer engine security oriented
GuidoBartoli/sherloq - An open-source digital image forensic toolset
kost/dvcs-ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG...
ovh/the-bastion - Authentication, authorization, traceability and auditability for SSH accesses.
jfcoz/postgresqltuner - Simple script to analyse your PostgreSQL database configuration, and give tuning advice
leolovenet/qqwry2mmdb - 为 Wireshark 能使用纯真网络 IP 数据库(QQwry)而提供的格式转换工具
CiscoCXSecurity/enum4linux - enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
SparrowOchon/dnsenum2 - dnsenum is a perl script that enumerates DNS information. Officially mainlined in Kali Linux
timebug/lua-resty-redis-ratelimit - Limit the request processing rate between multiple NGINX instances backed by Redis
jetmore/swaks - Swaks - Swiss Army Knife for SMTP
sighook/pixload - Image Payload Creating/Injecting tools
nerodtm/ReconCobra---Complete-Automated-Pentest-Framework-For-Information-Gathering - ReconCobra Reconcobra is Foot printing software for Ultimate Information Gathering Kali, Parrot OS, Black Arch, Termux, Android Led TV Interface Software have 82 Options with full automation with pow
modzero/mod0BurpUploadScanner - HTTP file upload scanner for Burp Proxy
0x90/vpn-arsenal - VPN pentest tools and scripts
Moham3dRiahi/XAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
hexsum/Mojo-Webqq - 【重要通知：WebQQ将在2019年1月1日停止服务，此项目目前已停止维护，感谢大家四年来的一路陪伴】使用Perl语言（不会没关系）编写的smartqq/webqq客户端框架（非GUI），可通过插件提供基于HTTP协议的api接口供其他语言或系统调用
jondonas/linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
CNSRE/ABTestingGateway -
mfocuz/DNS_Hunter - DNS enumeration tool
rsnapshot/rsnapshot - a tool for backing up your data using rsync (if you want to get help, use https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss)
mrash/psad - psad: Intrusion Detection and Log Analysis with iptables
riusksk/StrutScan - Struts2 Vuls Scanner base perl script
p0pr0ck5/lua-resty-waf - High-performance WAF built on the OpenResty stack
sullo/nikto - Nikto web server scanner
davebarr/dnswalk - A DNS database debugger
AlisamTechnology/ATSCAN - Advanced dork Search & Mass Exploit Scanner

PostScript

liuchengxu/szuthesis - :pencil: SZU Undergraduate Thesis -- Recommender System

PowerShell

api0cradle/CVE-2023-23397-POC-Powershell -
enjoiz/Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation.
bluecapesecurity/PWF - Practical Windows Forensics Training
danielbohannon/Invoke-Obfuscation - PowerShell Obfuscator
NickYan7/EvilATA - 后渗透中利用 ATA Server 进行侦查活动，从而规避安全监测。（Abusing Advanced Threat Analytics PowerShell module to recon in post exploitation stage.）
cimnode/WindowsEVTX-ETL_2HEC -
AhmedKamal1432/Evilize - Triaging Windows event logs based on SANS Poster
sailay1996/SpoolTrigger - Weaponizing for privileged file writes bugs with PrintNotify Service
Yamato-Security/WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）
Cyb3r-Techie/CVE-Tracker - With the help of this automated script, you will never lose track of recently released CVEs.
Windos/BurntToast - Module for creating and displaying Toast Notifications on Microsoft Windows 10.
soteria-security/365Inspect - A PowerShell script that automates the security assessment of Microsoft Office 365 environments.
Mr-Un1k0d3r/RedTeamPowershellScripts - Various PowerShell scripts that may be useful during red team exercise
Johnng007/Live-Forensicator - Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response
CnHack3r/Awesome-hacking-tools - 黑客工具收集仓库，包含主流和非主流漏洞利用工具，subdomain、备案查询工具、CVE仓库、Hacking Tools、Exploits、免杀工具、weblogic漏洞利用工具、Red Team、Cobalt Strike、C免杀、bypassAV、内网渗透工具、漏洞利用、工具插件、burpsuite插件；
XiaoliChan/Invoke-sAMSpoofing - CVE-2021-42287/CVE-2021-42278 exploits in powershell
whoamins/SPN-Honeypot - Example of Kerberoasting Honeypot
0x6d69636b/windows_hardening - HardeningKitty and Windows Hardening settings and configurations
tihanyin/PSSW100AVB - A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
VirtualAlllocEx/Payload-Download-Cradles - This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
eastmountyxz/PowershellDetect - 该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容，希望对您有所帮助！
PwnDexter/Invoke-EDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the p
DarkCoderSc/PowerRemoteDesktop - Remote Desktop entirely coded in PowerShell.
ricardojba/Invoke-noPac - .Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Scanner & Exploit noPac
wolf0x/honeynet - Sentinel Guard - Use to build up Honeypot and Honeynet with ZERO cost easily and simply.
Kevin-Robertson/Powermad - PowerShell MachineAccountQuota and DNS exploit tools
DarkCoderSc/PowerBruteLogon - PowerBruteLogon (Ported version of WinBruteLogon in pure PowerShell)
JMousqueton/Badware - Ransomware for demonstration
422926799/csplugin - 自己开的cs插件
XTeam-Wing/WingKit - CobaltStrike Extentions
xbufu/ADLab - Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.
nyxgeek/o365recon - retrieve information via O365 and AzureAD with a valid cred
Cloud-Architekt/AzureAD-Attack-Defense - This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
MScholtes/PS2EXE - Module to compile powershell scripts to executables
darkquasar/AzureHunter - A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
fox-it/Invoke-ACLPwn -
dievus/PowerShellForPentesters - Course repository for PowerShell for Pentesters Course
yanghaoi/CobaltStrike_CNA - 使用多种WinAPI进行权限维持的CobaltStrike脚本，包含API设置系统服务，设置计划任务，管理用户等。
lintstar/LSTAR - LSTAR - CobaltStrike 综合后渗透插件
OTRF/Set-AuditRule - Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
Marshall-Hallenbeck/red_team_attack_lab - Red Team Attack Lab for TTP testing & research
xRET2pwn/PickleC2 - PickleC2 is a post-exploitation and lateral movements framework
GhostPack/PSPKIAudit - PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
gyaansastra/Print-Nightmare-LPE -
vletoux/MakeMeEnterpriseAdmin -
jfmaes/LazySign - Create fake certs for binaries using windows binaries and the power of bat files
ziesemer/ad-privileged-audit - Provides various Windows Server Active Directory (AD) security-focused reports.
jouleSoft/Test-Ports.ps1 - PowerShell TCP ports monitoring tool
crimsonlabs-io/Cache - An arms cache for security consultants, red teams and penetration testers. Sometimes for defenders too.
OsbornePro/BTPS-SecPack - This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. Th
kf5i/k3ai - K3ai is a lightweight, fully automated, AI infrastructure-in-a-box solution that allows anyone to experiment quickly with Kubeflow pipelines. K3ai is perfect for anything from Edge to laptops.
dwmetz/CyberPipe - An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
cfalta/PowerShellArmoury - A PowerShell armoury for security guys and girls
JonathanERC/PCNameByUser-SCCM - Powershell script to get all user devices registered in SCCM.
WazeHell/LightMe - HTTP Server serving obfuscated Powershell Scripts/Payloads
tokyoneon/CredPhish - CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
cseroad/bypassAV - 借助Win-PS2EXE项目编写cna脚本方便快速生成免杀可执行文件
Lucifer1993/PLtools - 整理一些内网常用渗透小工具
JoelGMSec/Invoke-DNSteal - Simple & Customizable DNS Data Exfiltrator
r00t-3xp10it/redpill - Assist reverse tcp shells in post-exploration tasks
rvrsh3ll/TokenTactics - Azure JWT Token Manipulation Toolset
3gstudent/Invoke-BuildAnonymousSMBServer - Use to build an anonymous SMB file server.
JohnHammond/CVE-2021-34527 -
LuemmelSec/Pentest-Tools-Collection -
calebstewart/CVE-2021-1675 - Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)
danielbohannon/Invoke-DOSfuscation - Cmd.exe Command Obfuscation Generator & Detection Test Harness
3gstudent/Hook-PasswordChangeNotify - Stealing passwords every time they change
ramiKahmed/Cloud-Penetration-Testing-and-Red-Teaming - Tools, Resources & Helpful Tips
danielbohannon/Revoke-Obfuscation - PowerShell Obfuscation Detection Framework
S3cur3Th1sSh1t/Invoke-SharpLoader -
scipag/HardeningKitty - HardeningKitty - Checks and hardens your Windows configuration
Roshi-Codes/BlueTeamBeast - Powershell Scripts for Blue Teams and Incident Responce
leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
cfalta/adsec - An introduction to Active Directory security
JoelGMSec/Invoke-Stealth - Simple & Powerful PowerShell Script Obfuscator
S3cur3Th1sSh1t/NamedPipePTH - Pass the Hash to a named pipe for token Impersonation
tide-emergency/yingji - 应急相关内容积累
StephanieSeyler/VPN-Reporting - VPN reporting using SonicWall SonicOS API
cert-lv/exchange_webshell_detection - Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
peewpw/Invoke-PSImage - Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
kfosaaen/Get-LAPSPasswords - Powershell function to pull the local admin passwords from LDAP, stored there by LAPS.
mdsecresearch/LyncSniper - LyncSniper: A tool for penetration testing Skype for Business and Lync deployments
PSSecTools/Krbtgt - Module to update the Krbtgt password
SentineLabs/SentinelLabs_RevCore_Tools - The Windows Malware Analysis Reversing Core Tools
russelltomkins/Active-Directory - Collection of scripts for Querying and Managing Active Directory and Domain Controllers
tmenochet/ADThief - Post-exploitation tool for attacking Active Directory domain controllers
gtworek/PSBits - Simple (relatively) things allowing you to dig a bit deeper than usual.
rsmudge/ElevateKit - The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
d0nkeys/redteam - Red Team Scripts by d0nkeys (ex SnadoTeam)
mburrough/pentestingazureapps - Script samples from the book Pentesting Azure Applications (2018, No Starch Press)
mandiant/ThreatPursuit-VM - Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well a
NetSPI/PowerShell - NetSPI PowerShell Scripts
proxb/PoshPrivilege - Manage user privileges on a local machine or view applied privileges on local or remote system
sdsecurity/pooltest - 网上收集的一些利用工具
nccgroup/redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
Al1ex/CSPlugins - Cobaltstrike Plugins
C-Cracks/OSCP-Automation - A collection of personal scripts used in hacking excercises.
3v4Si0N/HTTP-revshell - Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware
s4vitar/AD-AutomationLab - Herramienta en PowerShell ideal para desplegar tu propio entorno AD vulnerable de forma automatizada.
PSSecTools/WindowsEventForwarding - A module for working with Windows Event Collector service and maintain Windows Event Forwarding subscriptions.
darkoperator/powershell_scripts - Powershell Scripts
WazeHell/vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
cyberark/ACLight - A script for advanced discovery of Privileged Accounts - includes Shadow Admins
vysecurity/ANGRYPUPPY - Bloodhound Attack Path Automation in CobaltStrike
GoFetchAD/GoFetch - GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
powerexploit/Powerexploit - Post-Exploitation :sunglasses: module for Penetration Tester and Hackers.
math1as/CVE-2020-1337-exploit - CVE-2020-1337 Windows Print Spooler Privilege Escalation
besimorhino/powercat - netshell features all in version 2 powershell
r00t-3xp10it/meterpeter - C2 Powershell Command & Control Framework with BuiltIn Commands
danielwolfmann/Invoke-WordThief - This script runs multithreading module that connects to a remote TCP server, monitors active (opened) Microsoft Word documents (.doc,.docx,etc') and extracting their text using Word application's COM
InfosecMatter/Minimalistic-offensive-security-tools - A repository of tools for pentesting of restricted and isolated environments.
cyberdefenders/DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
pandasec888/taowu-cobalt-strike -
evi1ox/MSSQL_BackDoor -
davehull/Kansa - A Powershell incident response framework
phackt/Invoke-Recon - "Powershell script assisting with domain enumerating and in finding quick wins" - Basically written while doing the 'Advanced Red Team' lab from pentesteracademy.
josephkingstone/cobalt_strike_extension_kit - Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
the-xentropy/xencrypt - A PowerShell script anti-virus evasion tool
S3cur3Th1sSh1t/PowerSharpPack -
damienvanrobaeys/PS1-To-EXE-Generator - PS1 to EXE Generator: Create an EXE for your PS1 scripts
mitre-attack/attack-arsenal - A collection of red team and adversary emulation resources developed and released by MITRE.
Bearshanjun/Manual-defense - 红蓝对抗-手动防御
olafhartong/sysmon-modular - A repository of sysmon configuration modules
nccgroup/acCOMplice - Tools for discovery and abuse of COM hijacks
Integration-IT/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
S3cur3Th1sSh1t/Creds - Some usefull Scripts and Executables for Pentest & Forensics
JoelGMSec/AutoRDPwn - The Shadow Attack Framework
DeEpinGh0st/Erebus - CobaltStrike后渗透测试插件
tasooshi/pentesting-cookbook - A set of recipes useful in pentesting and red teaming scenarios
nettitude/PoshC2 - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
mgeeky/cobalt-arsenal - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
BC-SECURITY/Invoke-PrintDemon - This is a PowerShell Empire launcher PoC using PrintDemon and Faxhell.
ivan-sincek/powershell-reverse-tcp - PowerShell scripts for communicating with a remote host.
Sycnex/Windows10Debloater - Script to remove Windows 10 bloatware.
BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
dafthack/MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if t
NotMedic/NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
k8gege/PowerLadon - Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Arvanaghi/SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run
ZHacker13/ReverseTCPShell - PowerShell ReverseTCP Shell - Framework
p3nt4/Invoke-SocksProxy - Socks proxy, and reverse socks server using powershell.
dafthack/DomainPasswordSpray - DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFU
hausec/PowerZure - PowerShell framework to assess Azure security
davidprowe/BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. A
BankSecurity/Red_Team - Some scripts useful for red team activities
Mr-xn/Penetration_Testing_POC - 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm
cutaway-security/chaps - Configuration Hardening Assessment PowerShell Script (CHAPS)
mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
offsecginger/AES-PowerShellCode - Standalone version of my AES Powershell payload for Cobalt Strike.
redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
mandiant/flare-vm -
TheCjw/scoop-retools - Scoop bucket for reverse engineering tools
QAX-A-Team/EventLogMaster - Cobalt Strike插件 - RDP日志取证&清除
k8gege/Ladon - Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。10.10版本内置202个功能模块,外部模块18个,网络资产探测模块28个通过多种协议(ICMP\NBT\DNS\MAC\SM
threatexpress/red-team-scripts - A collection of Red Team focused tools, scripts, and notes
sans-blue-team/DeepBlueCLI -
samratashok/nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
hoochanlon/NeiJuan - 💾 内卷！ChatGPT、Google产品等各类镜像与SS/V2/Clash/QuanX网络链，行业研究报告的知识储备库
absolomb/WindowsEnum - A Powershell Privilege Escalation Enumeration Script.
chawyehsu/dorado - 🐟 Yet Another bucket for lovely Scoop
leeberg/BlueCommand - Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard
aaroneg/PS-CreateADLabs - Create a windows Active Directory lab
AutomatedLab/AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 20
Azure-Samples/active-directory-lab-hybrid-adfs - Create a full AD/CA/ADFS/WAP lab environment with Azure AD Connect installed
S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security
mandiant/commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
ecstatic-nobel/pOSINT - Gather Open-Source Intelligence using PowerShell.
mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
QAX-A-Team/CobaltStrike-Toolset - Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
kkkgo/CloudXNS-DDNS-with-PowerShell - The CloudXNS DDNS with PowerShell
scipag/PowerShellUtilities - PowerShellUtilities provides various utility commandlets.
homjxi0e/PowerAvails - PowerAvails is a unit of collection of Powershell modules that help you get done many things
Cybereason/Invoke-WMILM -
NetSPI/PowerUpSQL - PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
ScoopInstaller/Scoop - A command-line installer for Windows.
HarmJ0y/DAMP - The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
GeeLaw/PowerShellThingies - My PowerShell thingies.
phillips321/adaudit - Powershell script to do domain auditing automation
api0cradle/UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
Xyntax/BadUSB-code - 收集badusb的一些利用方式及代码
outflanknl/Invoke-ADLabDeployer - Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
ubeeri/Invoke-UserSimulator - Simulates common user behaviour on local and remote Windows hosts.
gdedrouas/Exchange-AD-Privesc - Exchange privilege escalations to Active Directory
kbdancer/TPLINKKEY - 根据TPLINK系列路由器存在的漏洞批量扫描获取wifi密码
attactics/Invoke-DCOMPowerPointPivot - Executes lateral movement through PowerPoint DCOM objects
rvrsh3ll/CrypoCurrencyPowerShell -
salu90/PSFPT - Scripts for powershell for pentesters exam
411Hall/JAWS - JAWS - Just Another Windows (Enum) Script
mattifestation/PSSysmonTools - Sysmon Tools for PowerShell
TkYu/PowerShellScripts - lollollol
swizzlez/Invoke-EnumSecurityTools -
gulzar1996/Fast-Git-Clone - Clone Git repository faster. Eliminates the repetitive typing of git clone and copy-pasting the url
e-sterling/Nmap-Scan.PS1 - PowerShell wrapper for nmap, allows easy scanning of many hosts and subnets
giMini/mimiDbg - PowerShell oneliner to retrieve wdigest passwords from the memory
Arno0x/PowerShellScripts - Collection of PowerShell scripts
3gstudent/Windows-User-Clone - Create a hidden account
BloodHoundAD/BloodHound - Six Degrees of Domain Admin
SadProcessor/EmpireDog - A collection of PowerShell Modules for BloodHound/Empire Orchestration
xorrior/RemoteRecon - Remote Recon and Collection
WindowsExploits/Exploits - Windows Exploits
A-mIn3/WINspect - Powershell-based Windows Security Auditing Toolbox
ankh2054/windows-pentest - Windows Pentest Scripts
vletoux/ms17-010-Scanner -
rvrsh3ll/Misc-Powershell-Scripts - Random Tools
merrillmatt011/GmailPersist - Gmail Knocker
Raikia/Get-ReconInfo - A powershell script that prints a lot of IP and connection info to the screen
pentest-academy/windows-privilege-escalation - Metasploit modules, powershell scripts and custom exploit to perform local privilege escalation on windows systems.
PowerShell/GPRegistryPolicy -
gobiasinfosec/Wireless_Query - Query Active Directory for Workstations and then pull their Wireless Network Passwords
PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
milo2012/portia - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as we
PowerShellEmpire/PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.
BinaryWasp/Sales_OSINT - OSINT for Sales Research
bkup/SlackShell - PowerShell to Slack C2
3gstudent/Code-Execution-and-Process-Injection - Powershell to CodeExecution and ProcessInjection
yarish/windows-update-selective-kb- - Update Windows Security patch update using PowerShell and Ansible
darkoperator/Posh-SecMod - PowerShell Module with Security cmdlets for security work
clymb3r/PowerShell - Useful PowerShell scripts
JavelinNetworks/IR-Tools - IR-Tools - PowerShell tools for IR
dafthack/MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can b
hlldz/Phant0m - Windows Event Log Killer
PivotAll/PivotAll - Comprehensive Pivoting Framework
danielbohannon/Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator
microsoft/WSL - Issues found on WSL
FortyNorthSecurity/WMImplant - This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote
EmpireProject/Empire - Empire is a PowerShell and Python post-exploitation agent.
3gstudent/Dump-Clear-Password-after-KB2871997-installed -
FuzzySecurity/HackSysTeam-PSKernelPwn -
Shellntel/scripts -
FuzzySecurity/PSKernel-Primitives - Exploit primitives for PowerShell
rasta-mouse/Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

Propeller Spin

grandideastudio/jtagulator - JTAGulator: Assisted discovery of on-chip debug interfaces

Pug

effortlessdevsec/ninjasworkout - Vulnerable NodeJS Web Application
prism-break/prism-break - Privacy/security-oriented software recommendations (mirrored from GitLab)

Python

mouday/domain-admin - 域名SSL证书监测平台
nu0l/CVE-2022-46463 - CVE-2022-46463(Harbor 未授权)
z-bool/QueryTools - IP/域名资产验证神器(补天|权重、CNVD|注册资金)-功能(IP反查域名、域名备案、ICP资产、公司注册资金、权重、IP定位)快速验证是否为需求资产
nomic-ai/gpt4all - gpt4all: an ecosystem of open-source chatbots trained on a massive collections of clean assistant data including code, stories and dialogue
H-Limbus/NoMoney - NoMoney 是一款集成了fofa，zoomeye(钟馗之眼)，censys，奇安信的鹰图平台，360quake，且完全免费的信息收集工具。fofa 和 zoomeye借助爬虫实现，其余平台利用各自的api进行信息收集。
ccongc/e-cology9-sql - 泛微e-cology9 SQL注入验证脚本
XiaoliChan/wmiexec-Pro - New generation of wmiexec.py
ZLimitless/CTFd-BerNet - 基于kubernetes容器编排的ctfd平台动态题目靶场插件,支持Web题目以及pwn题部署.
Moxin1044/CTFd-gocqhttp-bot - CTFd GOCQHTTP机器人插件
goddemondemongod/god_param - god_param
Abs1n7he/Struts2scan - Struts2 Scanning and Utilization 漏洞扫描+利用 s2_001 s2_005 s2_007 s2_008 s2_009 s2_013 s2_015 s2_032 s2_045 s2_046 s2_048 s2_052 s2_053 s2_057 s2_059 s2_061
AabyssZG/Web-SurvivalScan - 对Web渗透项目资产进行快速存活验证
karthik558/ddos-attack - This script is designed for educational purposes only and allows users to simulate a DDoS attack. Please note that hacking is illegal and this script should not be used for any malicious activities. I
DingyShark/nuclei-scan-sort - Simple Python script to sort nuclei scans by severity and URL
MattKeeley/Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
getredash/redash - Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.
Potato-py/csIntruder - 本项目包含CobaltStrike密码爆破、伪造上线以及DDos功能。其中伪造上线支持常见魔改版CS。This project includes CobaltStrike password blasting, fake online and DDos functions. Among them, fake online supports common secondary development v
langsasec/c2-shellcode-py - 免杀360，火绒的Python-shellcode加载器，可直接生成可执行文件exe
icyguider/NewPowerDNS - Updated version of PowerDNS by @domchell. Adds support for transfers over DNS A records and a few other useful features.
AabyssZG/SpringBoot-Scan - 针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具
A0WaQ4/HexDnsEchoT - 命令执行不回显但DNS协议出网的命令回显场景解决方案（修改为使用ceye接收请求，添加自定义DNS服务器）
CHINA-china/Unauthorized - 前端未授权访问检测工具，自动提取JS泄露的接口进行测试。
Axx8/HTTPServer - 红队内网环境中一个能快速开启HTTP文件浏览服务的小工具 ,可执行Webshell，可用于在内网不出网时文件的下载，启动时会根据网卡IPV4地址输出URL(本地回环除外)。
RoderickChan/pwncli - Do pwn by command line
depycode/burpsuite_hack - 一款代理扫描器
qianxiao996/R-Knife - R-Knife 综合渗透工具箱
D0gHead/masscan-tools - Format Masscan OutFile
D3Ext/DFShell - The Best Forwarded Shell
karfly/chatgpt_telegram_bot -
Elinpf/cmder - 可自定义扩展的渗透测试命令行生成工具
jorhelp/Ingram - 网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
MzHmO/psexec_noinstall - Repository contains psexec, which will help to exploit the forgotten pipe
its-arun/CVE-2022-39197 - CobaltStrike <= 4.7.1 RCE
AabyssZG/BinaryCutting-Tool - 二进制文件切割&合并工具
cold-try/Gank-RECON - Subdomains enumeration, various scans and testing of some vulnerabilities.
JoelGMSec/Thunderstorm - Modular framework to exploit UPS devices
nemesida-waf/waf-bypass - Check your WAF before an attacker does
RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
ravizhan/ICP-spider - 基于yolov5识别验证码的备案查询程序
secretsquirrel/SigThief - Stealing Signatures and Making One Invalid Signature at a Time
zhuima/daohang - 运维内部使用的导航地址, 运维导航系统，链接导航系统，网址导航系统，导航页面，导航网址
20142995/sectool -
lijiejie/GitHack - A .git folder disclosure exploit
fastnlp/fitlog - fitlog是一款在深度学习训练中用于辅助用户记录日志和管理代码的工具
RockChinQ/QChatGPT - 😎高稳定性、🐒低耦合、🧩支持插件、适配多种模型的 ChatGPT New Bing QQ 机器人🤖
XueMeijing/dingtalk-chatgpt-bot - 钉钉机器人回复web ChatGPT消息支持上下文
phplaber/yawf - Web 漏洞检测工具
xnl-h4ck3r/waymore - Find way more from the Wayback Machine!
y1nglamore/IDOR_detect_tool - 一款API水平越权漏洞检测工具
x364e3ab6/Dude - Dude (大佬) WEB渗透测试辅助工具
Hakumarachi/Bropper - An automatic Blind ROP exploitation tool
3a7/SQLi-Hunter-v2 - The second version of SQL Hunter. SQLi Hunter is a URL (Blind) SQL injection checker for multiple pages.
m8sec/CVE-2021-34527 - PrintNightmare (CVE-2021-34527) PoC Exploit
nettitude/ShellcodeMutator -
ggg4566/PointSearch - 备份文件快速扫描工具
Cr4ckC4t/cve-2022-41352-zimbra-rce - Zimbra <9.0.0.p27 RCE
IncludeSecurity/RTSPhuzz - RTSPhuzz - An RTSP Fuzzer written using the Boofuzz framework
Muhammd/BurpSuite_Payloads -
bsysop/IpLogger -
1in9e/icp-domains - 输入一个域名，输出ICP备案所有关联域名
SCAMagic/SCAMagicScan -
20142995/pocsuite3 -
cramppet/regulator - Automated learning of regexes for DNS discovery
testanull/ProxyNotShell-PoC -
Hyperclaw79/HULK-v3 - Asynchronous HTTP Botnet for Distributed Denial of Service (DDoS)
joxeankoret/diaphora - Diaphora, the most advanced Free and Open Source program diffing tool.
t3l3machus/wwwtree - A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.
onekey-sec/unblob - Extract files from any kind of container formats
Ridter/PySQLTools - Mssql利用工具
WindXaa/Android-Vulnerability-Mining - Android APP漏洞之战系列，主要讲述如何快速挖掘APP漏洞
ghtwf01/excavator - Passive DAST Scanner（被动式黑盒漏洞扫描器）
VulnTotal-Team/firmeye - IoT固件漏洞挖掘工具
SikretaLabs/BlueMap - A Azure Exploitation Toolkit for Red Team & Pentesters
rev1si0n/lamda - ⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化辅助框架，你的工作从未如此简单快捷。
G3et/Search_Viewer - 集Fofa、Hunter鹰图、Shodan、360 quake、Zoomeye 钟馗之眼为一体的gui图形界面化工具
MatrixTM/MHDDoS - Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods
mandiant/ADFSpoof -
mantoushen/icp-fofa - 批量备案信息查询
Anof-cyber/APTRS - Automated Penetration Testing Reporting System
Eilonh/s3crets_scanner -
0x14dli/cve2022-26134exp - cve2022-26134
anil-yelken/Nessus-Automation - Nessus Automation
a1most/disu - 包含crt.sh、fullhunt、fofa、360quake、fofa、hunter、virustotal、zoomeye、rapiddns、certspotter、chaziyu、dnsscan、threatminer的一款收集子域名的集成工具。
anil-yelken/Vulnerable-Flask-App - Erlik 2 - Vulnerable-Flask-App
ZororoZ/fscanOutput - 一个用于处理fsacn输出结果的小脚本（尤其面对大量资产的fscan扫描结果做输出优化，让你打点快人一步！！！）
kljunowsky/CVE-2022-42889-text4shell - Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.
LittleBear4/OA-EXPTOOL - OA综合利用工具，集合将近20款OA漏洞批量扫描
komomon/Komo - 🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。
wgpsec/Hawkeye - Hawkeye鹰眼web监测｜[重保小助手]｜网站违规检测｜暗链检测｜重要页面持续监控
kljunowsky/CVE-2022-41040-POC - CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
xz-zone/Webpackfind - Webpack自动化信息收集
r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
skelsec/msldap - LDAP library for auditing MS AD
OpenEthan/SMSBoom - 短信轰炸/短信测压/ | 一个健壮免费的python短信轰炸程序，专门炸坏蛋蛋，百万接口，多线程全自动添加有效接口，支持异步协程百万并发，全免费的短信轰炸工具！！hongkonger开发全网首发！！
Sma11New/PocList - 漏洞POC、EXP合集，持续更新。Apache Druid-任意文件读取（CVE-2021-36749）、ConfluenceRCE（CVE-2021-26084）、ZeroShell防火墙RCE（CVE-2019-12725）、ApacheSolr任意文件读取、蓝凌OA任意文件读取、phpStudyRCE、ShowDoc任意文件上传、原创先锋后台未授权、Kyan账号密码泄露、TerraMaste
d3ckx1/checkurlopen - 用于网站（HTTP）自动化判断开放和网页快照拍摄
G00Dway/BlestSploit - BlestSploit Framework, exploitation framework for Ethical Hackers and CyberSecurity Experts & Pentesters
RoomaSec/RmEye - 戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Bywalks/TrackAttacker - TrackAttacker | 追踪攻击者工具 | HW蓝队 | 溯源必备
xnl-h4ck3r/urless - De-clutter a list of URLs
mhaskar/ExchangeFinder - Find Microsoft Exchange instance for a given domain and identify the exact version
ox-eye/Ox4Shell - Deobfuscate Log4Shell payloads with ease.
xiaowu-001/SearchCVEandNVD - 用于爬取CVE,NVD,CNVD,CNNVD漏洞数据
Conan924/wooyun-dic - 根据乌云提取的漏洞路径字典
iamultra/ssrfsocks - Creates a SOCK proxy server that transmits data over an SSRF vulnerability
lijiejie/chromePass - Decrypt all saved Chrome passwords
chris-anley/cq - CQ, a code security scanner
p0dalirius/ApacheTomcatScanner - A python script to scan for Apache Tomcat server vulnerabilities.
amanszpapaya/MacPer - MacOSX Privilege Escalation Research
faisalfs10x/Webmin-CVE-2022-0824-revshell - Webmin <=1.984, CVE-2022-0824 Post-Auth Reverse Shell PoC
r0eXpeR/CVE-2021-22205 - CVE-2021-22205 Unauthorized RCE
sry309/PwdBUD - 一款SRC密码生成工具，尝试top字典无果后，可以根据域名、公司名等因素来生成特定的字典
sv3nbeast/DnslogCmdEcho - 命令执行不回显但DNS协议出网的命令回显场景解决方案
gsmith257-cyber/GraphCrawler - GraphQL automated security testing toolkit
In3tinct/See-SURF - Python based scanner to find potential SSRF parameters
CyberCommands/exploit-sudoedit -
R1card0-tutu/MailDOG -
alexbieber/Bug_Bounty_writeups - BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔
righettod/toolbox-pentest-web - Docker toolbox for pentest of web based application.
GONZOsint/geowifi - Search WiFi geolocation data by BSSID and SSID on different public databases.
hac425xxx/trapfuzzer -
Gifts/Rogue-MySql-Server - Rogue MySql Server
weishen250/Read_Path - js / html /josn 中获取泄露的接口 / URL / 未授权路径获取之后尝试访问
Kira-Pgr/Github-CVE-Listener - 无需服务器的GitHub实时漏洞利用工具监听器，目前支持微信/TG推送，中文版(https://github.com/Kira-Pgr/Github-CVE-Listener/blob/main/README_ZH.md)
Wh04m1001/DFSCoerce -
CasperGN/ActiveDirectoryEnumeration - Enumerate AD through LDAP with a collection of helpfull scripts being bundled
DeEpinGh0st/CVE-2022-28346 - Django QuerySet.annotate(), aggregate(), extra() SQL 注入
NafisiAslH/KnowledgeSharing -
GitGuardian/ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
xnl-h4ck3r/xnLinkFinder - A python tool used to discover endpoints (and potential parameters) for a given target
JeffLIrion/adb_shell - A Python implementation of ADB with shell and FileSync functionality.
0xacb/viewgen - Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
lyc8503/fc-proxy - 利用阿里云函数当作代理池.
fatmo666/InfoScripts - 一个渗透测试/SRC挖掘中用于信息收集的脚本集合，面向安全从业者、学习人员，严禁用于非法用途。
shadowabi/AutoDomain - 自动提取主域名/IP，并调用fofa、quake、hunter等网络资产测绘系统搜集子域名，可配合指纹扫描工具达到快速资产整理
W01fh4cker/Serein - 【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
ciprianster/OSIPs - A Python script that gathers all valid IP addresses from all text files from a directory, and checks them against Whois database, TOR relays and location
Anof-cyber/Pentest-Mapper - A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities
komomon/CVE-2022-30190-follina-Office-MSDT-Fixed - CVE-2022-30190-follina.py-修改版，可以自定义word模板，方便实战中钓鱼使用。
wietze/windows-dll-hijacking - Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.
z1un/TongdaOA-exp - TongdaOA 11.7 ~11.8 通达OA，任意用户登录+后台getshell
JohnHammond/msdt-follina - Codebase to generate an msdt-follina payload
XiaoliChan/Fastjson-ForwardShell - Breaking fastjson with forward shell
duty1g/subcat - Another fast subdomain enumeration tool
nexB/vulnerablecode - A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase
laluka/bypass-url-parser - bypass-url-parser
WingsSec/Meppo - 漏洞检测框架 Meppo | By WingsSec
gokulapap/Reconator - Automated Recon for Pentesting & Bug Bounty
li8u99/Seeyon_exp_plus - seeyon致远OA全漏洞检测与利用
fortalice/bofhound - Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
fyoorer/ShadowClone - Unleash the power of cloud
light-Life/CVE-Search - 开源软件漏洞排查脚本,接口为nvd
d-rn/vulBox - 漏洞收集
lishang520/AutoScan - AutoScan:一款基于重点资产的自动识别+漏洞检测的工具
givemefivw/SecurityServiceBox - 一个既可以满足安服仔日常渗透工作也可以批量刷洞的工具盒子。集合了常见的域名收集、目录扫描、ip扫描、指纹扫描、PoC验证等常用工具，方便安服仔快速展开渗透测试
givemefivw/Pocsearch - 一个在本地搜索CVE编号漏洞的PoC/EXP在Github的地址的小工具
N0puple/VulPOC - VulPOC 用于记录本人复现过的漏洞
awake1t/Awesome-hacking-tools - 收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。大部分我都用过、部分会写上自己的感想与建议，希望对你有帮助
ultrasecurity/TeleKiller - A Tools Session Hijacking And Stealer Local Passcode Telegram Windows
jurelou/epagneul - Graph Visualization for windows event logs
b1ackc4t/14Finger - 功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构，并集成了长亭出品的rad爬虫的功能，内置了一万多条互联网开源的指纹信息。
JettChenT/scan-for-webcams - scan for webcams on the internet
pwnedshell/Larascript - Laravel RCE exploit. CVE-2018-15133
cyberark/MITM_Intercept - A little bit less hackish way to intercept and modify non-HTTP protocols through Burp & others.
abcd1234564499sc/analysisEvtx - 解析windows日志文件(.evtx)
Nekmo/dirhunt - Find web directories without bruteforce
UzJu/Cloud-Bucket-Leak-Detection-Tools - 六大云存储，泄露利用检测工具
H3rmesk1t/AWDTools - 一个简易的AWD攻击框架，希望对于该项目大家有更好的建议和改进！
DWiskow/CaddyGoAccessDataLoggerConverter - Caddy/GoAccess data logger & converter (translates Caddy web server JSON logs to a format that GoAccess can ingest)
lawiet47/autoresponder - Carbon Black Response IR tool
Ernket/shepherd - 将fofa quake zoomeye hunter等空间测绘聚合的小工具
kozmer/log4j-shell-poc - A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
BeetleChunks/SpoolSploit - A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.
Pear1y/CVE-2022-26133 - Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification.
jax7sec/EmailCollect - 帮助红队收集目标企业员工的邮箱信息，借助必应搜索引擎爬取邮箱。
lucky-ecat/wechat_info_collect - 调查取证 | 针对微信客户端的信息收集工具, 自动化提取本地PC所有的微信信息, 包括微信号, 手机号等
AbelChe/whichAlive - 信息收集，批量多线程探测url存活、获取基本信息（标题、ip、长度、跳转、server等）
GGStudy-DDUp/SafeInfoCollect - 安全信息事件收集工具
shengshengli/tig - Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
moyuwa/wechat_appinfo_wxapkg - 渗透测试：微信小程序信息在线收集，wxapkg源码包内提取信息
TomAPU/ev - EV: IDS Evasion via Packet Manipulation
lyshark/LyScript - 一款强大的针对x64dbg开发的自动化反汇编控制模块，提高逆向分析效率。 A powerful automatic disassembly control module developed for x64dbg improves the efficiency of reverse analysis.
Quantika14/email-prediction-asterisks -
ZephrFish/F5-CVE-2022-1388-Exploit - Exploit and Check Script for CVE 2022-1388
Lucksi/Mr.Holmes - :mag: A Complete Osint Tool
horizon3ai/CVE-2022-1388 - POC for CVE-2022-1388
lijiejie/subDomainsBrute - A fast sub domain brute tool for pentesters
tomijerenko/KaminskyAttack - DNS poisoning attack.
exhuz3u/Dpscanner - 基于域名的web端口扫描器、title扫描、多线程、进度展示、端口批量扫描
CLincat/vulcat - vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞，发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式，可以持续利用漏洞
aodsec/Unauthorized_Application_Check - Unauthorized_Application_Check 未授权应用漏洞批量检查，包含redis,Hadoop,docker,CouchDB,ftp,zookeeper,elasticsearch,memcached,mongodb,rsync_access,mysql,target,jenkins,target,jboss的未授权访问
fdl66/Golang_SCA - Golang SCA（Software Composition Analysis）通过分析你的go.mod文件，协助你发现，Golang项目的依赖库是否存在漏洞
zhan741965531/vmp_helper - 启明的漏洞管理平台，用了太烦心了，写了几个小脚本。
Pyy-dev/IpconFig-Summ1e233 - 哈喽呀，大家好，本期在Github上面分享一下小工具🔧-能快速的查找IP的归属地址与IP的子域名之类的，来帮助大家快速的认定一下CNVD或者CNNVD的实践型漏洞的挖掘认定。
light-Life/Climb-cnnvd - 随手写的爬取CNNVD高价值漏洞的脚本
openx-org/BLEN - 漏洞批量验证框架
VMsec/ihoneyBakFileScan_Modify - 批量网站备份文件扫描器，增加文件规则，优化内存占用
brevityinmotion/goodfaith - Stay within program scope
agentzex/chrome_v80_password_grabber - Grab passwords from Chrome > v80 using their new AES encryption
Haoyunforever/Study - 记录渗透测试学习中的笔记
0xApt/evil-xmlrpc - evil-xmlrpc is a tool that I created to help me bruteforce Wordpress user accounts using xmlrpc.php while bypassing iThemes Security preventing lockouts
rly0nheart/osinteye - Username enumeration & reconnaisance suite
mathfaria/Layla - [EN] BETA: Layla - recon tool for bug bounty
adavarski/DevSecOps-full-integration-chain - DevSecOps full integration chain : Jenkins (or GitLab) pipelines, Docker, k8s, Ansible, Clair, Nessus, Nmap NSE, OWASP Dependency-Check, OWASP ZAP, Nikto, Lynis, Bandit, Gauntlt, etc.
righel/ms-exchange-version-nse - Nmap script to detect a Microsoft Exchange instance version with OWA enabled.
idiothacker/SignChecker - SignChecker is a simple Python script that uses NMAP NSE SMB scripts to check for SMB signing and outputs the results of IPs where SMB Signing is disabled to a CSV file.
SECUREFOREST/WebMap - Nmap Web Interface including XML parsing, maps and reports
CyberDruid-Codes/Automated-Reconator -
shirosaidev/sharesniffer - Network share sniffer and auto-mounter for crawling remote file systems
c-sh0/santacruz - Elasticsearch and Kibana setup for Penetration testing and reconnaissance.
scmanjarrez/CVEScannerV2 - Nmap script that looks for probable vulnerabilities based on services discovered in open ports.
NickSanzotta/scanman - ScanMan is the amalgamation of Masscan, Metasploit Framework (MSF) and Nmap Scripting Engine (NSE).
kazet/wpgarlic - A proof-of-concept WordPress plugin fuzzer
cado-security/rip_raw - Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Lu3ky13/lu3ky13-SCANNER - tools to find xss in a website
aodsec/CVE-2022-0543 - CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行
waderwu/extractor-java - CodeQL extractor for java, which don't need to compile java source
1oid/cms_poc_exp - cms漏洞插件搜集(一起来搜集)
kracer127/Mysql-Exp-Collection - 自己编写的udf漏洞提权脚本、msf的mysql模块mof脚本以及后续的提权脚本收集。
F6JO/Suture_Box - 集合渗透测试常用工具进行一键扫描的缝合怪
password123456/malwarescanner - Simple Malware Scanner written in python
mnrkbys/ma2tl - macOS forensic timeline generator using the analysis result DBs of mac_apt
fullhunt/spring4shell-scan - A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
imfht/webhelper -
j2ekim/YonyouNC_Tip -
intel/cve-bin-tool - The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or
Ostorlab/ostorlab - Ostorlab is a security scanning orchestrator for the modern age.
rook1337/googlecertfarm -
Sc0rp10nn/AwsScraper - Automatic python tool to Scrape files from open AWS Buckets.
hakivvi/CVE-2022-29464 - WSO2 RCE (CVE-2022-29464) exploit and writeup.
ynikitenko/yarsync - Yet Another Rsync: a file synchronization and backup tool
toluaina/pgsync - Postgres to Elasticsearch/OpenSearch sync
wagga40/Zircolite - A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
HellKnightsCrew/CVE-2022-26809 - vuln scaner and exploit
mcdulltii/CVE-2022-1329 - WordPress Elementor 3.6.0 3.6.1 3.6.2 RCE POC
dievus/Oh365UserFinder - Python3 o365 User Enumeration Tool
Aabyss-Team/awsKeyTools - aws云平台 accessKey 泄漏利用工具
CsEnox/CVE-2021-22911 - Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1
bewhale/CVE-2022-22954 - CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞命令执行、批量检测脚本、文件写入
9rnt/poro - Scan publicly accessible assets on your AWS cloud environment
fortalice/modifyCertTemplate - ADCS cert template modification and ACL enumeration
icyguider/Shhhloader - Syscall Shellcode Loader (Work in Progress)
blacklanternsecurity/writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
Stonzyy/dumpxss - Scanner Tool For XSS Vulnerability
Soufaker/laoyue - 一款自动化监控收集资产的工具,可以帮助你定期收获资产,敏感信息和漏洞信息.
nszy007/CN_Nessus_Plugins_Interface - nessus插件中文查询接口
tarrell13/Nessus-Quick-Scripts - Houses some quick Nessus API scripts to handle repetitive task
KonEch0/PullMyReports - PullMyReports is a tool that allows you to automatically download reports from your Nessus Scanner using the Nessus API.
cyberheisen/cve2nessus - A simple python script to search the Nessus plugins for specific CVEs
nickrabbott/Nessus-Exporter - Automate the export of Nessus information
drakstik/NessCat - NessCat is a tool that helps maintains a categorization template and summarizes Nessus scans.
Bandit-HaxUnit/haxunit -
nullt3r/rapiddns - Rapidly enumerate subdomains and domains using rapiddns.io.
bellingcat/octosuite - Advanced Github OSINT Framework
tunelko/CVE-2022-22954-PoC - VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual.
JZY-nuist/Anti-Virus-PHP - 【随机动态生成】php免杀webshell
ev0A/Mysqlist - Mysql Server端伪造-任意文件读取-CTF快速利用脚本
Hamza-Megahed/odin - Central IoC scanner based on Loki
Sakura-501/CVE-2020-24186-exploit - CVE-2020-24186的攻击脚本
chipik/SAP_RECON - PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)
allyomalley/LiveTargetsFinder - Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts and gather service information
DistriNet/timeless-timing-attacks - A Python implementation that facilitates finding timeless timing attack vulnerabilities.
emalderson/ThePhish - ThePhish: an automated phishing email analysis tool
ice-doom/codeql_compile - 自动反编译闭源应用，创建codeql数据库
c1y2m3/ATAttack - 敌后侦察
Telefonica/HomePWN - HomePwn - Swiss Army Knife for Pentesting of IoT Devices
Wrin9/weaverOA_sql_RCE - 泛微OA_V9全版本的SQL远程代码执行漏洞
midisec/Repackets-X - Resend and mass-utilize common packets in burpsuite and packets in wireshark. Commonly used for AWD competitions, bulk attacks using other people's packets.
volkandindar/agartha - a burp extension for dynamic payload generation to detect injection flaws (LFI, RCE, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http req
h33tlit/Parameter-Reflect-Finder - Parameter-Reflect-Finder is a python based tool that helps you find reflected parameters which can have potential XSS or Open redirection vulnerabilities.
PDWR/AVKiller - 利用图形化识别技术快速关闭目标机器上的杀毒软件
RyanJarv/cdn-proxy - A tool that can be used by web app pentesters to create a copy of a targeted website with CDN and WAF restrictions disabled.
Ryze-T/cdb-wds - 利用白名单文件 cdb.exe 执行 shellcode
PShlyundin/ldap_shell - AD ACL abuse
H5a337230/ZKShS - Search shodan without any knowledge about its queries
icyguider/ICMP-TransferTools - Transfer files to and from a Windows host via ICMP in restricted network environments.
Ridter/owa_info - 获取Exchange信息的小工具
xepor/xepor - Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask
RaiderZP/cnvd_fofa_gather - （由于fofa接口改变，所以该脚本已经失效了哦）通过公司名称，在fofa上搜索可能存在通用产品的公司；如果想挖掘cnvd证书，可导出注册资金大于5000w的公司到这个脚本中进行通用系统收集。
HACK-THE-WORLD/IDAPluginList - IDA插件集合，含项目名称及项目地址，每日定时Clone项目。
Unknow101/FuckThatPacker - A simple python packer to easily bypass Windows Defender
carlospolop/PurplePanda - Identify privilege escalation paths within and across different clouds
dolevf/graphql-cop - Security Auditor Utility for GraphQL APIs
nullt3r/jfscan - JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate repor
cisagov/gophish-tools - Helpful tools for interacting with a GoPhish phishing instance
FirmWire/FirmWire - FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
chrismaddalena/Goreport - A Python script to collect campaign data from Gophish and generate a report
veerendra2/wifi-deauth-attack - An automated script for deauthentication attack
BayesWitnesses/m2cgen - Transform ML models into a native code (Java, C, Python, Go, JavaScript, Visual Basic, C#, R, PowerShell, PHP, Dart, Haskell, Ruby, F#, Rust) with zero dependencies
Accenture/VulFi -
yhy0/AVByPass - 一款Web在线自动免杀工具
marcinguy/betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)
trustedsec/CrackHound -
Lz1y/jdwp-shellifier - 修改利用方式为通过对Sleeping的线程发送单步执行事件，达成断点，从而可以直接获取上下文、执行命令，而不用等待断点被击中。
markgacoka/r3c0n - A tool for performing reconnaissance on web targets in Python
v4d1/Dome - Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
kevincali/modbus-flooding-demo - Modbus TCP vulnerability demonstration
hi-KK/PySpider-ICS - 使用pyspider爬虫框架爬取工控相关数据(漏洞、预警、安全事件等)
MDudek-ICS/TRISIS-TRITON-HATMAN - Repository containting original and decompiled files of TRISIS/TRITON/HATMAN malware
d0ubl3g/Industrial-Security-Auditing-Framework - ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditin
mushorg/conpot - ICS/SCADA honeypot
R0X4R/snetra - A Python based scanner uses shodan-internetdb to scan the IP.
andreafortuna/autotimeliner - Automagically extract forensic timeline from volatile memory dump
helviojunior/shellcodetester - An application to test windows and linux shellcodes
sec-tools/litefuzz - A multi-platform fuzzer for poking at userland binaries and servers
atenreiro/opensquat - The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis. Thi
xerohackcom/Chaya - Advance Image Steganography
ClaudiuGeorgiu/Obfuscapk - An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques
qiannianshuangxue/safe_message_spider - About Solve CTF offline disconnection problem - based on python3's small crawler, support keyword search and local map bed establishment, currently support Jianshu, xianzhi,anquanke,freebuf,seebug
thewhiteninja/deobshell - Powershell script deobfuscation using AST in Python
vkit-x/pywhlobf - Python Wheel Obfuscator
Taonn/EmailAll - EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
Cr0DiX666/RSecxXx_MassDork - Priv8 Tools Software Mass Dork Auto Exploit.
tongchengbin/ocean_ctf - CTF平台动态flag docker部署管理管理端由flask提供API VUE+element构建
opsdisk/scantron - A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.
BugScanTeam/hackhttp - Hackhttp is an HTTP library, written in Python.
abhigyantrips/hackerone-bot - An unofficial Discord bot that displays info using the HackerOne API.
p0dalirius/DumpSMBShare - A script to dump files and folders remotely from a Windows SMB share.
c0ny1/ascii-jar - 构造字节在ASCII范围内的jar
sebastian-mora/AWS-Loot - Pull secrets from an AWS environment
Ophion-Security/sret - Salesforce Recon and Exploitation Toolkit
tr0uble-mAker/POC-bomber - 利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点
xjjdog/crazy-email-recv-srv - 模拟邮件服务器，批量注册利器
ExpLangcn/WanLi - 方便红队人员对目标站点进行安全检测，快速获取资产。It is convenient for red team personnel to conduct security detection on the target site and quickly obtain assets.
ANSSI-FR/bmc-tools - RDP Bitmap Cache parser
fox-it/BloodHound.py - A Python based ingestor for BloodHound
Audiobahn/CVE-2022-20699 - Cisco Anyconnect VPN unauth RCE (rwx stack)
cmrex/redis-attack - about the redis attack script, we can use it to crack the redis password and upload reverse shell to control the machine.
lxflxfcl/monitor - 漏洞监控平台——Monitor。目前实现了监控GitHub、微软、CNNVD三者的漏洞信息，并使用企业微信实时推送。还可以使用邮箱推送，默认关闭。
p0dalirius/ipsourcebypass - This Python script can be used to bypass IP source restrictions using HTTP headers.
toyakula/luna - luna webscanner
phith0n/PaddingZip - PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.
orleven/Hamster - Hamster是基于mitmproxy开发的异步被动扫描框架，基于http代理进行被动扫描，主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能（开发中）。
abcd1234564499sc/scanJSUrlThreading - 多线程扫描JS文件中可能存在的URL的扫描器
jonrau1/SyntheticSun - SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to cont
AppThreat/dep-scan - Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as
bahruzjabiyev/t-reqs - Grammar-based HTTP/1 fuzzer with mutation ability
alechilczenko/spidex - A little internet crawler
unicornunicode/FACT - FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise.
BloodHoundAD/BloodHound-Tools - Miscellaneous tools for BloodHound
puzzlepeaches/Log4jHorizon - Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.
quarkslab/AERoot - AERoot is a command line tool that allows you to give root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs.
ce-automne/FastjsonPatrol - 一款探测fastjson漏洞的BurpSuite插件
SkewwG/BurpExtender - Burp suite 的插件集合
n00py/DCSync - DCSync Attack from Outside using Impacket
as0ler/r2flutch - Tool to decrypt iOS apps using r2frida
DoranekoSystems/frida-ceserver - frida based ceserver.Fusion of cheat engine and frida.
zyn3rgy/LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication
voutilad/BloodHound-Tools - Miscellaneous tools for BloodHound
ZZ-SOCMAP/CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907
pixelbubble/PasteMonitor - Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match.
knight0x07/pyc2bytecode - A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Py
jbaines-r7/badblood - SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)
danielpatrickhug/entity_error_identification_suite - Python module for detecting spacy NER prediction errors from gold standard annotations
righettod/website-passive-reconnaissance - Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.
cybersecsi/RAUDI - A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.
wuppp/cve-2021-45232-exp -
Jumbo-WJB/Exchange_SSRF - Some Attacks of Exchange SSRF ProxyLogon&ProxyShell
momosecurity/Mloger - 安全测试平台
sml2h3/ddddocr - 带带弟弟通用验证码识别OCR pypi版
thewhiteh4t/nexfil - OSINT tool for finding profiles by username
Tencent/CodeAnalysis - Static Code Analysis - 静态代码分析
cert-ee/cuckoo3 - Cuckoo 3 is a Python 3 open source automated malware analysis system.
lintstar/CS-PushPlus - 使用免费支持微信模板消息推送的 PushPlus 进行上线主机提醒
crow821/crowsec - 视频课件和工具分享
asaotomo/FofaMap - FofaMap是一款基于Python3开发的跨平台FOFA API数据采集器，支持普通查询、网站存活检测、统计聚合查询、Host聚合查询、网站图标查询、批量查询等查询功能。同时FofaMap还能够自定义查询FOFA数据，并根据查询结果自动去重，生成对应的Excel表格。另外春节特别版还可以调用Nuclei对FofaMap查询出来的目标进行漏洞扫描，让你在挖洞路上快人一步。
c3c/ADExplorerSnapshot.py - ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
klezVirus/vortex - VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
trailofbits/ManticoreUI - The Manticore User Interface with plugins for Binary Ninja and Ghidra
Sunlight-Rim/SQLbit - Just another script for automatize boolean-based blind SQL injections. (Demo)
MarkoH17/Spray365 - Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypas
kostas-pa/LFITester - LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
XiaoliChan/wmiexec-RegOut - Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.
numba/llvmlite - A lightweight LLVM python binding for writing JIT compilers
ChrisTheCoolHut/Zeratool - Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
zR00t1/ImageStrike - ImageStrike是一款用于CTF中图片隐写的综合利用工具
lijiejie/log4j2_vul_local_scanner - Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)
msfisgood/JSFinderAAA - JSFinder魔改版
GoVanguard/Log4jShell_Scanner - Python script to tamper with pages to test for Log4J Shell vulnerability.
SteveD3/kit_hunter - A basic phishing kit scanner for dedicated and semi-dedicated hosting
jhftss/IDA2Obj - Static Binary Instrumentation
Narasimha1997/py4jshell - Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit cod
bkerler/edl - Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
leonjza/log4jpwn - log4j rce test environment and poc
BinaryDefense/log4j-honeypot-flask - Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228
DarkSprings/CVE-2021-42321 - Microsoft Exchange Server Poc
Cyber-Guy1/domainCollector - Simple tool to gather domains from crt.sh using the organization name
cyberstruggle/L4sh - Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
KissPeter/APIFuzzer - Fuzz test your application using your OpenAPI or Swagger API definition without coding
kracer127/SiteScan - 专注一站化解决渗透测试的信息收集任务，功能包括域名ip历史解析、nmap常见端口爆破、子域名信息收集、旁站信息收集、whois信息收集、网站架构分析、cms解析、备案信息收集、CDN信息解析、是否存在waf检测、后台寻找以及生成检测结果html报告表。
heikanet/SpringBootEnvDecrypt - SpringBoot获取被星号脱敏的密码的明文
R0X4R/bhedak - A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
albinowax/ActiveScanPlusPlus - ActiveScan++ Burp Suite Plugin
gh0stkey/Command2API - Command2API - 万物皆可API
ly4k/Pachine - Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)
leovan/SciHubEVA - A Cross Platform Sci-Hub GUI Application
SamsungLabs/ritm_interactive_segmentation - Reviving Iterative Training with Mask Guidance for Interactive Segmentation
fullhunt/log4j-scan - A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
alexandre-lavoie/python-log4rce - An All-In-One Pure Python PoC for CVE-2021-44228
shmilylty/vhost_password_decrypt - vhost password decrypt
Ridter/noPac - Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
WazeHell/sam-the-admin - Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Neo23x0/log4shell-detector - Detector for Log4Shell exploitation attempts
pedrohavay/exploit-grafana-CVE-2021-43798 - This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).
hash3liZer/SillyRAT - A Cross Platform multifunctional (Windows/Linux/Mac) RAT.
NotSoSecure/udp-hunter - Network assessment tool for various UDP Services covering both IPv4 and IPv6 protocols
Hamza-Megahed/LOLBins - PyQT5 app for LOLBAS and GTFOBins
JoelGMSec/FakeDataGen - Full Valid Fake Data Generator
PalindromeLabs/STEWS - A Security Tool for Enumerating WebSockets
SecuProject/ADenum - AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.
takito1812/log4j-detect - Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
Te-k/cobaltstrike - Code and yara rules to detect and analyze Cobalt Strike
tweksteen/jenkins-decrypt - Credentials dumper for Jenkins
chopicalqui/KaliIntelligenceSuite - Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internall
Mesh3l911/Sub_Search -
captainGeech42/ransomwatch - Ransomware leak site monitoring
rsmusllp/eapeak - Analysis Suite For EAP Enabled Wireless Networks
no001ce/N-DecodeAllUnicode - Burpsuite插件：自动解码Burpsuite中被Unicode编码的内容
CompassSecurity/burp-copy-request-response - Burp extension for quickly copying request/response data.
donot-wong/EasyBurpVuln -
githublihaha/ddddocr_api_for_burpsuite_captcha_killer - burpsuite插件captcha-killer的ddddocr的web接口
0xdln1/getlevels - Tool for sorting different Level of subdomains form 1...N
morph3/crawpy - Yet another content discovery tool
HuiMengYouXian/excel_analysis - Excel虽然可以非常方便地处理数据，但数据量大时速度就变慢了，本项目把Excel数据分析的常用功能：筛选、多表合并、多表汇总、多表分组，通过Python+Pandas重新实现，因为Pandas处理数据更快且能处理大的数据，此工具还可根据业务需求灵活修改少量代码实现通用。
ant4g0nist/Susanoo - A REST API security testing framework.
HenrisonTao/ftx_grid_trading_bot -
Sma11New/HunterExport - 奇安信全球鹰Hunter数据批量查询导出工具
wikiZ/ServerlessScan - 云函数扫描器实现代码
QAX-A-Team/redis_lua_exploit -
akkuman/HunterApi - 奇安信的网络空间测绘引擎 hunter 的 api 查询导出工具
Seals6/CVE-2021-41277 - Metabase任意文件读取漏洞批量扫描工具
rizakara/teardrop - Simple ransomware project written in Python3.
MrLion7/Lmap - A tool combined with the advantages of masscan and nmap
center-for-threat-informed-defense/sightings_ecosystem - This project aims to fundamentally advance our collective ability to see threat activity across organizational, platform, vendor and geographical boundaries.
Anish-M-code/URL-obfuscator - Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
timwhitez/Frog-checkCDN - 批量检查目标是否为cdn
zh-explorer/alphanumeric_shellcode_encoder -
tenable/nessrest - A python library for using the new Nessus REST API.
chibd2000/myscan - 构建信息搜集/漏洞扫描
AuFeng111/for_beian - 基于天眼查的批量备案域名查询脚本
kost/reGeorg - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn. Fork of sensepost/regeorg.
ycdxsb/Security_Articles - 爬取安全领域文章(Seebug、先知社区、安全客、freebuf等)，转成pdf存到本地，离线学习
GoSecure/pyrdp - RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
wavestone-cdt/abaddon -
punk-security/pwnspoof - Pwnspoof repository
asottile/all-repos - Clone all your repositories and apply sweeping changes.
evanRubinsteinIT/subforce - Python powered DNS bruteforce tool for subdomains
melbadry9/WhoEnum - Mass querying whois records
Yash114Bansal/PyIntruder - A Powerful Intruder written in Python
ethicalhackingplayground/TProxer - A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
th3unkn0n/TeleGram-Scraper - telegram group scraper tool. fetch all information about group members
Retrospected/kerbmon - Continuous kerberoast monitor
MayankPandey01/Jira-Lens - Fast and customizable vulnerability scanner For JIRA written in Python
CravateRouge/bloodyAD - BloodyAD is an Active Directory Privilege Escalation Framework
Al1ex/CVE-2021-22205 - CVE-2021-22205& GitLab CE/EE RCE
vysecurity/DomLink - A tool to link a domain with registered organisation names and emails, to other domains.
SkyBlueEternal/wifi-Mesh-monitor - wifi 空口监控技术
ba0gu0/520apkhook - 把msf生成的安卓远控附加进普通的app中，并进行加固隐藏特征。可以绕过常见的手机安全管家。
HDCodePractice/EnglishHelper - English study corner小助手
tenable/pyTenable - Python Library for interfacing into Tenable's platform APIs
lucasg/findrpc - Idapython script to carve binary for internal RPC structures
secureworks/whiskeysamlandfriends - GoldenSAML Attack Libraries and Framework
xxcdd/docker_nessus_unlimited - docker build nessus with unlimited ip
XTeam-Wing/PyInteractsh - Dnslog Interactsh的Py版接口查询
gaogaotiantian/viztracer - VizTracer is a low-overhead logging/debugging/profiling tool that can trace and visualize your python code execution.
gfek/Lepus - Subdomain finder
horizon3ai/vcenter_saml_login - A tool to extract the IdP cert from vCenter backups and log in as Administrator
mr-r3bot/Gitlab-CVE-2021-22205 -
miaoyongsen/butian_Real_time_push - 通过微信公众号推送漏洞消息
lawndoc/mediator - An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.
ricardojoserf/http-protocol-exfil - Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)
splunk/melting-cobalt - A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
s4dhulabs/vimana-framework - Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
karthi-the-hacker/pr0xyP4rs3 - Load your data into burp
c0dejump/notForbidden - Security tool to test different bypass of forbidden
test502git/Hosts_scanV2 - 这是一个用于IP和域名碰撞匹配访问的小工具优化版，能减少碰撞中出来的误报，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。
USTC-Hackergame/hackergame-challenge-docker - nc 类题目的 Docker 容器资源限制、动态 flag、网页终端
laluka/jolokia-exploitation-toolkit - jolokia-exploitation-toolkit
Summer177/seeyon_exp - 致远OA综合利用工具
hpthreatresearch/subcrawl - SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP.
mpgn/CVE-2018-16341 - CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection
blueudp/AF-ShellHunter - Shell hunter for AF
WSP-LAB/FUSE - A penetration testing tool for finding file upload bugs (NDSS 2020)
arch4ngel/BruteLoops - Protocol agnostic online password guessing API.
domain-protect/domain-protect - OWASP Domain Protect - prevent subdomain takeover
salesforce/metabadger - Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
ptswarm/reFlutter - Flutter Reverse Engineering Framework
MrCl0wnLab/SimplesApachePathTraversal - Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
herwonowr/exprolog - ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
p0dalirius/LDAPmonitor - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
chris408/ct-exposer - An OSINT tool that discovers sub-domains by searching Certificate Transparency logs
EONRaider/Packet-Sniffer - A Network Packet Sniffing tool developed in Python 3.
JamVayne/CobaltStrikeDos - CVE-2021-36798: CobaltStrike < 4.4 Dos
emcghee/PayloadAutomation -
pureqh/Troy - 特洛伊-免杀webshell生成工具PLUS
h4fan/bpext - burpsuite python extention / burp python插件
chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor - This python file will decrypt the configurationFile used by hikvision cameras vulnerable to CVE-2017-7921.
ly4k/Certipy - Tool for Active Directory Certificate Services enumeration and abuse
Intsights/PyDomainExtractor - A blazingly fast domain extraction library written in Rust
ambionics/laravel-exploits - Exploit for CVE-2021-3129
r3nt0n/bopscrk - Generate smart and powerful wordlists
ly4k/PrintNightmare - Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
login-securite/DonPAPI - Dumping DPAPI credz remotely
Henry4E36/Solr-SSRF - Apache Solr SSRF(CVE-2021-27905)
shimmeris/SCFProxy - A proxy tool based on cloud function.
iframepm/FuckAV - python写的一款免杀工具（shellcode加载器）BypassAV，国内杀软全过（windows denfend）2021-9-13
Ridter/redis-rce - Redis 4.x/5.x RCE
PaddlePaddle/PaddleSleeve - PaddleSleeve
Yelp/fuzz-lightyear - A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
brightio/penelope - Penelope Shell Handler
CheckPointSW/Karta - Karta - source code assisted fast binary matching plugin for IDA
parikhakshat/autoharness - A tool that automatically creates fuzzing harnesses based on a library
Telefonica/on-the-fly - on-the-fly
IlanKalendarov/PyHook - PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.
Greenwolf/ntlm_theft - A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
defparam/haptyc -
hosch3n/ProxyVulns - [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207
AttackTeamFamily/blackip - 沙箱IP、网络测绘ip、全网扫描ip等等收集
purplebaronj/Nessus_Parser - Parse Nessus scans and send data into Splunk, Elastic, Postgres or other
sysophost/Vulcan - Tool to extract various things from .nessus files
LimberDuck/nessus-file-reader - CLI tool and python module which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc.
DanMcInerney/msf-autoshell - Feed the tool a .nessus file and it will automatically get you MSF shell
center-for-threat-informed-defense/security-stack-mappings - This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.
angerbjorn/butcher - Nessus enterprise vulnerability management - visualise data from multiple nessus reports simultaneously, filter data, and output on terminal, as text, html or excel / xlsx
Micro-sheep/efinance - efinance 是一个可以快速获取基金、股票、债券、期货数据的 Python 库，回测以及量化交易的好帮手！🚀🚀🚀
horizon3ai/CVE-2021-38647 - Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
sysopfb/malware_decoders - Static based decoders for malware samples
aslitsecurity/CVE-2021-40444_builders - This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit
d3k4z/burp-copy-as-ffuf - Burp Extension that copies a request and builds a FFUF skeleton
fofapro/fapro - Fake Protocol Server
CHYbeta/URLFilterBypassDemo -
t3hbb/NSGenCS - Extendable payload obfuscation and delivery framework
stacscan/stacs - Static Token And Credential Scanner
BitTheByte/Orkestra - Web-based Android debugger with inspection capabilities using Frida and Jadx as a backbone
Impact-I/x8-Burp - Hidden parameters discovery suite
Abdulrahman-Kamel/dpfilter - BugBounty , sort and delete duplicates param value without missing original value
incogbyte/laravel-phpunit-rce-masscaner - Masscanner for Laravel phpunit RCE CVE-2017-9841
ko2sec/apkizer - apkizer is a mass downloader for android applications for all available versions.
nsonaniya2010/sanfinder - It finds Subject Alternative Names for a given list of domains
robotshell/robotScraper - RobotScraper is a simple tool written in Python to check each of the paths found in the robots.txt file and what HTTP response code they return.
RossGeerlings/webstor - A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
jonaslejon/lolcrawler - Headless web crawler for bugbounty and penetration-testing/redteaming
sdushantha/dora - Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
SigmaHQ/sigma - Main Sigma Rule Repository
knavesec/bloodhound-scripts - Bloodhound helper scripts
jrmdev/mitm_relay - Hackish way to intercept and modify non-HTTP protocols through Burp & others.
GDSSecurity/Jetleak-Testing-Script - Script to test if a server is vulnerable to the JetLeak vulnerability
dolevf/graphw00f - graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
z1un/seeyon_exp - 致远OA漏洞综合利用脚本
LeadroyaL/drozer-py3 - The Leading Security Assessment Framework for Android.
Bashfuscator/Bashfuscator - A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
duc-nt/RCE-0-day-for-GhostScript-9.50 - RCE 0-day for GhostScript 9.50 - Payload generator
burpheart/CS_mock - 模拟cobalt strike beacon上线包. Simulation cobalt strike beacon connection packet.
luck-ying/Library-POC - 基于Pocsuite3、goby编写的漏洞poc&exp存档
cytopia/smtp-user-enum - SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.
mogwailabs/mjet - MOGWAI LABS JMX exploitation toolkit
Tw1sm/HTTPS-MalleableC2-Config - Create Cobalt Strike malleable C2 profiles with HTTPS configs
GeorgePatsias/ScareCrow-CobaltStrike - Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
strozfriedberg/cobaltstrike-config-extractor - Cobalt Strike Beacon configuration extractor and parser.
LiveOverflow/ctf-screenshotter - a CTF web challenge about making screenshots
mandiant/speakeasy - Windows kernel and user mode emulation.
xFreed0m/ADFSpray - Python3 tool to perform password spraying against Microsoft Online service using various methods
Shapa7276/Android-Deeplink-Parser -
HXSecurity/DongTai - DongTai is an interactive application security testing(IAST) product that supports the detection of OWASP WEB TOP 10 vulnerabilities, multi-request related vulnerabilities (including logic vulnerabili
wrlu/bt-tester - Bluetooth tester on Raspberry Pi device
apachecn/GorgonProxy - 灵蛇·代理抓取工具
s0md3v/uro - declutters url lists for crawling/pentesting
guguyu1/IDOR-bypass-fuzz - IDOR bypass fuzz 权限绕过burp 插件 fuzz （shiro 等）
devcoinfet/gitlab_userdump - gitlab user enum
lintstar/CS-ServerChan - CobaltStike 挂载脚本将上线主机信息通过 Server 酱通知到微信
Dump-GUY/Malware-analysis-and-Reverse-engineering - Some of my publicly available Malware analysis and Reverse engineering.
popovicn/grepgithub - Command line util for grep.app - Search across a half million git repos
bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
Dev-Ali/extractJS_2.0 - An upgraded version of extractJS
jonaslejon/malicious-pdf - 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
G-Security-Team/JS-Forward - 前端参数加密渗透测试通用解决方案
G-Security-Team/GSLibrary - 轻量级知识库&POC管理平台
REW-sploit/REW-sploit - Emulate and Dissect MSF and other attacks
TelefonicaTC2Tech/packagedna - This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information t
nccgroup/keimpx - Check for valid credentials across a network over SMB
hhhrrrttt222111/Dorkify - Perform Google Dork search with Dorkify
YoungRichOG/Hosts_Boom - 通过hosts碰撞发现目标内部系统，扩大攻击面。
jupyter-incubator/sparkmagic - Jupyter magics and kernels for working with remote Spark clusters
exbotanical/brutus - extensible exploitation framework shipped on a modular and multi-tasking architecture
davidhalter/jedi - Awesome autocompletion, static analysis and refactoring library for python
KingOfBugbounty/Discovery-Header-Bug-Bounty - Discovery Header Bug Bounty to DoD
splunk/security_content - Splunk Security Content
StudyCat404/WhatAV - windows pc 端杀毒软件识别（需要tasklist 命令执行的结果）
madhuakula/kubernetes-network-security-boundaries -
bkfish/html2markdown_Spider - Solve CTF offline disconnection problem - based on python3's small crawler, support keyword search and local map bed establishment, currently support Jianshu and xianzhi
darkchats/notedrive - 百度云盘、蓝奏云一些简单API
h1pmnh/bcstats - A tool to download program information from Bugcrowd, for use by researchers to compare programs they are eligible to participate in
zh-explorer/ida_script - some ida script
mpgn/Padding-oracle-attack - :unlock: Padding oracle attack against PKCS7 :unlock:
ShutdownRepo/httpmethods - HTTP verb tampering & methods enumeration
zer1t0/certi - ADCS abuser
Udyz/Automatic-Proxylogon-Exploit - Automatic OWA Proxylogon Exploit
BlackArch/blackarch-installer - The official BlackArch Linux installer
justmorpheus/burp-automation - Performing automated scan using Burp Suite Pro & Vmware Burp Rest API
CERT-Polska/karton - Distributed malware processing framework based on Python, Redis and S3.
MythicAgents/Nimplant - DEPRECATED - A cross-platform implant written in Nim
rovellipaolo/NinjaDroid - Ninja Reverse Engineering on Android APK packages
babysor/MockingBird - 🚀AI拟声: 5秒内克隆您的声音并生成任意语音内容 Clone a voice in 5 seconds to generate arbitrary speech in real-time
Ridter/proxyshell_payload - proxyshell payload generate
brevityinmotion/brevityrecon -
dmaasland/proxyshell-poc -
Skiller9090/Lucifer - A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security L
devanshbatham/ArchiveFuzz - Hunt down the secrets from the WebArchives for Fun and Profit
EnableSecurity/sipvicious - SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks ag
TryCatchHCF/PacketWhisper - PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data betw
fierceoj/ShonyDanza - A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
LimberDuck/nessus-file-analyzer - GUI tool which enables you to parse nessus scan files from Nessus and Tenable.SC by (C) Tenable, Inc. and exports results to a Microsoft Excel Workbook for effortless analysis.
Plabick/NPM-Vulnerability-Auditor - A tool to find and fix vulnerabilities caused by out of date packages in npm repositories
hafiz-kamilin/exercise_vbaStomperDetector - A VBA stomp code detection to see if the Microsoft Office file was tampered to hide malicious code from the Anti-Virus.
DeepakPawar95/cswsh - A command-line tool for Cross-Site WebSocket Hijacking
prasannan-robots/Dynamic_command - Tool for encryption and decryption with kinda rolling keys
zeuscybersec/File_Monitor.py - Detects Any File Created/Deleted/Changed in Windows /tmp folder👁️‍🗨️
dogoncouch/LogESP - Open Source SIEM (Security Information and Event Management system).
k8scop/k8s-security-dashboard - A security monitoring solution for Kubernetes
DrPython3/MailRipV2 - Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.
skipmcgee/host_security - Red Hat Enterprise Linux 6 & 7 security tool for enumerating security and IT operations-relevant information on a host and forwarding to a SIEM or enterprise syslog server in key='value' format.
rsrdesarrollo/sarna - Security Assessment Report geNerated Automatically
ICTU/zap2docker-auth-weekly - Zap baseline scanner in Docker with authentication
Thomas-Quig/ld3p - ld3p stands for LDap Domain Dump Parser. It is exactly as the acronym says, ld3p (ldep) quickly parses large ad dumps based on various filters and parameters both regenerated and user created.
0xirison/PrintNightmare-Patcher - A patch for PrintNightmare vulnerability that occurs to print spooler service for Windows machines [CVE-2021-34527]
mrlew1s/BrokenSMTP - Small python script to look for common vulnerabilities on SMTP server.
mrlew1s/SubdomainTakeover - Small python or powershell script to look for potential subdomain takeover vulnerabilities via vulnerable Alias.
passtheticket/DCDumlu - Enumeration and persistence on the Active Directory
rfc-st/humble - A humble, and fast, security-oriented HTTP headers analyzer
tasooshi/exfilkit - Data exfiltration utility for testing detection capabilities
goldfiglabs/introspector - A schema and set of tools for using SQL to query cloud infrastructure.
F5-Labs/cryptonice - CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the ssly
ochronasec/ochrona-cli - A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
JerryLinLinLin/VirusTotalSmartScanner - A Smart Anti-Virus Scanner Powered by Virus Total
dmuhs/mythx-cli - A command line interface for the MythX smart contract security analysis API
BishopFox/GitGot - Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
wildcardcorp/samson - Cryptanalysis and attack library
fabidick22/inject-sec-to-devops - Security tools that you can inject into devops
X0RBYT3/OSINT-Tools - An Online Collection of Open Source Intelligence Tools
EONRaider/Web-Probe - Web Probe is a Python 3 asynchronous port scanner with the purpose of checking live web servers
dotanuki-labs/gradle-bodyguard - An experimental tool that scans dependencies in your Gradle project and warns you about potential security issues
nxenon/c2x - C2X - C2/Post-Exploitation Tool on (Raw Socket Traffic)
0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
Ge0rg3/requests-ip-rotator - A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
forseti-security/forseti-security - Forseti Security
e-m-b-a/embark - EMBArk - The firmware security scanning environment
the0cp/awesome-ddos-tools - Collection of several DDos tools.
Litre-WU/businessInfo-api - 企业工商信息接口(包含天眼查、企查查、爱企查、国家企业公示系统平台、快准)
0xdevalias/sparty - Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
NexusFuzzy/CobaltSpam - Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons
wdsjxh/fiddler_tools - 基于fiddler被动扫描（越权检测）系统
bigblackhat/oFx - 漏洞批量验证框架
hakril/PythonForWindows - A codebase aimed to make interaction with Windows and native execution easier
tintinweb/ecdsa-private-key-recovery - A simple library to recover the private key of ECDSA and DSA signatures sharing the same nonce k and therefore having identical signature parameter r
mrphrazer/obfuscation_detection - Binary Ninja plugin to identify obfuscated code and other interesting code constructs
Regala/burp-graphql-logger - Burp Suite extension to log GraphQL operations as a comment
dlegs/php-jpeg-injector - Injects php payloads into jpeg images
ReAbout/web-sec - WEB安全手册(红队安全技能栈)，漏洞理解，漏洞利用，代码审计和渗透测试总结。【持续更新】
antonioCoco/SharPyShell - SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
0xHJK/TotalPass - Default password scanner. 默认密码扫描器
stratosphereips/StratosphereLinuxIPS - Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT
Samsung/cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols
KartheekLade/CANalyse - A vehicle network analysis and attack tool.
eshard/scared - Make your first side-channel attack on public datasets with eShard. This is a mirror of scared Gitlab repository. All contributions and merge request must be done through Gitlab project.
qilingframework/qiling - A True Instrumentable Binary Emulation Framework
quark-engine/quark-engine - Dig Vulnerabilities in the BlackBox
cloud-sniper/cloud-sniper - Cloud Security Operations Orchestrator
Ridter/pyForgeCert - pyForgeCert is a Python equivalent of the ForgeCert.
D4Vinci/elpscrk - An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)
facebook/sapp - Post Processor for Facebook Static Analysis Tools.
shanfenglan/bruteforce_cs_pwd - 暴力破解cs的teamserver密码脚本
SB-GC-Labs/hAFL1 -
ShutdownRepo/targetedKerberoast - Kerberoast with ACL abuse capabilities
hash3liZer/Proxverter - Cross platform system wide proxy server & TLS Interception library for Python
zeronine9/Putter-CUP - A tool for testing improper put method vulnerability
CERT-Polska/drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
awake1t/HackReport - 渗透测试报告/资料文档/渗透经验文档/安全书籍
HackerDev-Felix/Phoenix-Framework - Phoenix Framework Project
PentHertz/5GC_API_parse - A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks
trustedsec/unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented
ShutdownRepo/smartbrute - Password spraying and bruteforcing tool for Active Directory Domain Services
Hackndo/WebclientServiceScanner - Python tool to Check running WebClient services on multiple targets based on @leechristensen
long2ice/asynch - An asyncio ClickHouse Python Driver with native (TCP) interface support.
Cerbrutus-BruteForcer/cerbrutus - Network brute force tool, written in Python. Faster than other existing solutions (including the main leader in the network brute force market).
ShutdownRepo/pywhisker - Python version of the C# tool for "Shadow Credentials" attacks
light-Life/BUG-Pocket - 小型漏洞库，提供FOFA语法及批量脚本，具体利用法请参考别的漏洞库，共4种类型47项
knownsec/Kunyu - Kunyu, more efficient corporate asset collection
Ridter/RelayX - NTLM relay test.
0x727/ShuiZe_0x727 - 信息收集自动化工具
dirkjanm/PKINITtools - Tools for Kerberos PKINIT and relaying to AD CS
fengziHK/bypass_py - c++ 加载shellcode 免杀
NHPT/FireEyeGoldCrystal - 一个GitHub监控和信息收集工具，支持监控和收集CVE、免杀、漏洞利用等内置关键字和自定义关键字。
crazy0x70/Simple-Confusion - 混淆加密文件以到达免杀效果
devl00p/tekover - Subdomain takeover scanner using Python asyncio
jmrivas86/django-json-widget - An alternative widget that makes it easy to edit the new Django's field JSONField (PostgreSQL specific model fields)
jerrylususu/joplin-vacuum - Removes attachments (resources) that are not referred in Joplin.
lesnik512/fast-api-sqlalchemy-template - Dockerized web application on FastAPI, sqlalchemy1.4, PostgreSQL
sumeshi/evtx2es - A library for fast parse & import of Windows Eventlogs into Elasticsearch.
qonwaygameoflife/qonwaygameoflife - Qiskit Camp - Hackaton Madrid 2019 - Quantum Game of Life
Cyberlands-io/epiphany - A pre-DDoS security assessment tool
elastic/dorothy - Dorothy is a tool to test security monitoring and detection for Okta environments
oppsec/juumla - 🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.
xuanhun/PythonHackingBook1 - Python黑客编程之极速入门
adelapie/ghidra-evm - The Ghidra EVM Module (ghidra-evm) leverages Ghidra 9.1.2 to disassemble and analyze compiled Ethereum smart contracts. Ghidra-evm was presented at BlackHat Asia 2021.
kira2040k/php_code_analysis -
spicesouls/onelinepy - Python Obfuscator to generate One-Liners and FUD Payloads.
gl4ssesbo1/Nebula - Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Comp
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
Josue87/EmailFinder - Search emails from a domain through search engines
pentest-a2p2v/pentest-a2p2v-core - Core A2P2V functionality (command line based)
sec-consult/aggrokatz - Aggrokatz is an aggressor plugin extension for Cobalt Strike which enables pypykatz to interface with the beacons remotely and allows it to parse LSASS dump files and registry hive files to extract cr
Hamza-Megahed/volatility-gui - GUI for Volatility forensics tool written in PyQT5
a13xp0p0v/kconfig-hardened-check - A tool for checking the security hardening options of the Linux kernel
ranguli/ioccheck - A tool for simplifying the process of researching IOCs.
Telefonica/HashCheck - Ideaslocas Repository
EntySec/CamRaptor - CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
AvalZ/WAF-A-MoLE - A guided mutation-based fuzzer for ML-based Web Application Firewalls
thunlp/OpenAttack - An Open-Source Package for Textual Adversarial Attack.
XMCyber/MacHound -
Ebryx/GitDump - A pentesting tool that dumps the source code from .git even when the directory traversal is disabled
ConsciousHacker/WFH -
mhaskar/Bughound - Static code analysis tool based on Elasticsearch
k4yt3x/orbitaldump - A simple multi-threaded distributed SSH brute-forcing tool written in Python
G4LB1T/pstf2 - Passive Security Tools Fingerprinting Framework
xchopath/pathprober - Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once
s0md3v/Hash-Buster - Crack hashes in seconds.
HackerDev-Felix/CVEAP - Send CVE information to the specified mailbox (from Github)
XiaoBai-12138/OA-EXP - 红队工具：各大OA利用工具，万户、致远、通达等
RicterZ/PySharpSphere - Yet another SharpSphere
Sma11New/DanceShell - DanceShell，一个集远程反向shell连接与控制、常见漏洞扫描、自写杂项脚本于一身的安全工具。
dengxmenglihua/struts2 - 一个用来批量扫描的struts2漏洞利用工具
UnlightedOtaku/doc88Download - 使用python下载道客巴巴文件并自动合并为pdf
rty813/doc_downloader - 下载豆丁、淘豆、道客巴巴、原创力、金锄头文档，并自动转换为PDF
DigeeX/raider - DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider
Random936/autobrute -
capt-meelo/Beaconator - A beacon generator using Cobalt Strike and a variety of tools.
ludwig-ai/ludwig - Data-centric declarative deep learning framework
sajjadium/ctf-archives - CTF Archives: Collection of CTF Challenges.
blacklanternsecurity/MANSPIDER - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
nccgroup/Winstrument - Winstrument is a framework of modular scripts to aid in instrumenting Windows software using Frida for reverse engineering and attack surface analysis.
YungGuo08/WebSpider -
LogicJake/WebMonitor - 实时监控网页变化，并发送通知（Monitor web page changes in real time and send notifications）
rook1337/hakrawlerx8chain -
ccyanxyz/uniswap-arbitrage-analysis - Uniswap arbitrage problem analysis
rabbitmask/Libra - Libra [ 天秤座 ] | 网站篡改、暗链、死链监测平台
byt3bl33d3r/ItWasAllADream - A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
0671/RabR - Redis-Attack By Replication (通过主从复制攻击Redis)
micahvandeusen/gMSADumper - Lists who can read any gMSA password blobs and parses them if the current user has access.
robotshell/dorkSraper - DorkScraper is a simple tool written in Python to extract all the urls that appear when using a Google Dork.
Paradoxis/Flask-Unsign - Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
munki/munki - Managed software installation for macOS —
malwaredllc/byob - An open-source post-exploitation framework for students, researchers and developers.
nccgroup/raccoon - Salesforce object access auditor
jeansgit/NessusReport - Nessus Report
the-useless-one/pywerview - A (partial) Python rewriting of PowerSploit's PowerView
dqzg12300/fridaUiTools - frida工具的缝合怪
abankalarm/blockchain-hacker - This is a tool to directly connect to any exposed block chain connection.
3gstudent/pyXSSPlatform - Used to build an XSS platform on the command line.
certmichelin/Redscan -
pureqh/webshell - 免杀webshell生成工具
eastmountyxz/SystemSecurity-ReverseAnalysis - 该资源为系统安全和逆向分析实验，包括作者从零学习恶意代码分析、病毒逆向分析的工具及样本，基础性文章，希望对您有所帮助~
0ss/byp4ss3r - tool to bypass 403/401 pages ( helpful for bug hunting)
M4cs/traxss - traxss | Automated XSS Vulnerability Scanner Currently In Development :snake: HACKTOBERFEST PROJECT 2019
Sachin-v3rma/MrURL - A Tool to scrape URLs for a given domain from wayback machine, Commoncrawl and OTX Alienvault
littlebin404/CVE-2017-11882 - CVE-2017-11882（通杀Office 2003到2016）
Retr0-code/SignHere - SignHere is implementation of CVE-2017-11882. SignHere is builder of malicious rtf document and VBScript payloads.
SecPros-Team/laravel-CVE-2021-3129-EXP -
dirkjanm/forest-trust-tools - Proof-of-concept tools for my AD Forest trust research
STMCyber/boobsnail - BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
P1-Team/AlliN - A flexible scanner
tristanlatr/burpa - Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
ngalongc/openapi_security_scanner -
xnianq/cve-2021-21985_exp - cve-2021-21985 exploit
s0i37/karma - karma WiFi attack implementation
Bywalks/OnTimeHacker - 爬取各大SRC当日公告 | 通过微信通知的小工具 | 赏金工具
OneHone/HoneTool -
unode/firefox_decrypt - Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
FlareSolverr/FlareSolverr - Proxy server to bypass Cloudflare protection
initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
TelefonicaTC2Tech/typodetect - Typodetect
krzys-h/CTFd_first_blood - First Blood challenges plugin for CTFd
offsecginger/CTFd-Docker-Challenges - Docker Challenge creation for CTFd. Allows per team/user containers!
csnp/njit-ctf - Fully automated CTF for JerseyCTF | CTFd
Hong5489/Custom-CTFd-Engine - Custom CTFd platform used in SKR CTF
ignis-sec/CtfCryptoTool - A tool for automated analysis of ctf type crypto challenges
Err0rCM/CTFd_with_CTFd-whale - This repository is used to provide a reference for CTF dynamic target machine
qianxiao996/CTF-Tools - 一款Python+Pyqt写的CTF编码、解码、加密、解密工具。
p1ay8y3ar/cve_monitor - Automatic monitor github cve using Github Actions
wgpsec/ENScan - 基于各大API的一款企业信息查询工具，为了更快速的获取企业的信息，省去收集的麻烦过程，web端于plat平台上线
qeeqbox/honeypots - 30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip,
Fly-Wuhoo/Fofa - Fofa自动化采集脚本
jazwiecki/neo4j-cve - Graph database version of the CVE database
rm1984/IMAPLoginTester - A simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login on IMAP servers.
dirkjanm/ldapdomaindump - Active Directory information dumper via LDAP
nikitastupin/clairvoyance - Obtain GraphQL API schema even if the introspection is disabled
mhaskar/DNSStager - Hide your payload in DNS
xforcered/InvisibilityCloak - Proof-of-concept obfuscation toolkit for C# post-exploitation tools
eslam3kl/GG-Dorking - GG Dorking is a tool to generate GitHub and Google dorking for pentesters and bug bounty hunters.
M4tir/Github-Monitor - Github RCE/0day监控系统 My'Blog:
Hypdncy/NessusToReport - Nessus扫描报告自动化生成工具
shadow1ng/ProxyPool - 一款用于自动切换ip的代理池服务,无需任何依赖，能快速运行。
LyleMi/Learn-Binary-Hacking - Binary Hacking Study Notes
dirsoooo/Recon - Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities. Created based on @ofjaaah and @Jhaddix methodologies
santoru/shcheck - A basic tool to check security headers of a website
kiks7/frida-non-root - Add frida-gadgets into APK for non rooted devices.
Leoid/MatchandReplace - Match and Replace script used to automatically generate JSON option file to BurpSuite
benjaminp/six - Python 2 and 3 compatibility library
Viralmaniar/MurMurHash - This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
firatesatoglu/shodanSearch - Shodan search tool with api
aleprada/exposed-assets - A tool for gathering IT/OT exposed assets on the Internet and sending the results to a MISP instance for further Threat Intelligence analysis.
RogerRordo/fofa_scraper - 可无限抓取FOFA爬虫
WhiteHSBG/FofaSearch -
9emin1/charlotte - c++ fully undetected shellcode launcher ;)
sqlfluff/sqlfluff - A modular SQL linter and auto-formatter with support for multiple dialects and templated code.
Sachin-v3rma/Astra - Astra is a tool to find URLs and secrets inside a webpage/files
tp7309/TTDeDroid - 一键反编译工具(不需要手动安装Python) One key for quickly decompile apk/aar/dex/jar, support by jadx/dex2jar/enjarify.
xnl-h4ck3r/GAP-Burp-Extension - Burp Extensions
ycdxsb/PocOrExp_in_Github - 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
D0g3-Lab/H1ve - An Easy / Quick / Cheap Integrated Platform
ahmedkhlief/APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi
dirkjanm/krbrelayx - Kerberos unconstrained delegation abuse toolkit
7Ragnarok7/DEDMAP - A Network Automation framework focused on Cyber-Security
0vercl0k/CVE-2021-31166 - Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
mgeeky/RedWarden - Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
wongzeon/ICP-Checker - ICP备案查询，可查询企业或域名的ICP备案信息，自动完成滑动验证，保存结果到Excel表格，适用于新版的工信部备案管理系统网站，告别频繁拖动验证，以及某站*工具要开通VIP才可查看备案信息的坑
paralax/awesome-honeypots - an awesome list of honeypot resources
fastapi-admin/fastapi-admin - A fast admin dashboard based on FastAPI and TortoiseORM with tabler ui, inspired by Django admin
Julian-Nash/cwe - Common weakness enumeration library for Python
unknwncharlie/Metamap - Nmap/Vulners Automated Vulnerability Scanner
snobear/nmapvis - A web-based dashboard for importing and viewing nmap scan results
bfleal/nmap-summarize-results - Repository containing the scripts used to run nmap and summarize its results.
snovvcrash/DivideAndScan - Divide full port scan results and use it for targeted Nmap runs
RedCursorSecurityConsulting/NMap-xml-to-docx -
gh0x0st/pythonizing_nmap - A detailed guide showing you different ways you can incorporate Python into your workflows around Nmap.
howie6879/liuli - 一站式构建多源、干净、个性化的阅读环境(Build a multi-source, clean and personalized reading environment in one stop.)
Metarget/metarget - Metarget is a framework providing automatic constructions of vulnerable infrastructures.
Ben0xA/HoneyCreds - HoneyCreds network credential injection to detect responder and other network poisoners.
ice-doom/EyeJo - EyeJo是一款自动化资产风险评估平台，可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查，快速发现存在的薄弱点和攻击面。
b0bac/PyNoPSExec - 修改自SharpNoPSExec的基于python的横移工具 A Lateral Movement Tool Learned From SharpNoPSExec -- Twitter: @juliourena
blazeinfosec/ssrf-ntlm - Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.
D00MFist/Mystikal - macOS Initial Access Payload Generator
Accenture/jenkins-attack-framework -
franccesco/getaltname - Extract subdomains from SSL certificates in HTTPS sites.
YinWC/2021hvv_vul - 2021hvv漏洞汇总
blazeinfosec/bt2 - Blaze Telegram Backdoor Toolkit is a post-exploitation tool that leverages the infrastructure of Telegram as a C&C
verctor/Cobalt_Homework - 分析cobaltstrike c2 协议
EventGhost/EventGhost - EventGhost is an advanced, yet easy-to-use extensible automation tool for Windows.
jeffbryner/pyKeylogger - python client/server keystroke logger
sevagas/macro_pack - macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. T
NewBeginning6/nologin-upload-cpy - 未授权任意文件上传检测脚本
BishopFox/SpoofcheckSelfTest - Web application that lets you test if your domain is vulnerable to email spoofing
WeAreCloudar/s3-account-search - S3 Account Search
adbar/trafilatura - Python & command-line tool to gather text on the Web: web crawling/scraping, extraction of text, metadata, comments
boy-hack/nmap-parser - nmap-service-probes parser
mmioimm/shiro_echo - shiro 反序列化回显检测
gaasedelen/tenet - A Trace Explorer for Reverse Engineers
b0bac/GetMail - 利用NTLM Hash读取Exchange邮件
calebstewart/pwncat - Fancy reverse and bind shell handler
qianxiao996/Super-PortScan - 端口扫描工具
M4tsuri/Autopwn - 更好的包装pwntools，提高编写pwn题exp效率的工具
zPrototype/bugbounty_stuff -
wireghoul/traversty - Directory traversal tool
VitthalS/Az-Blob-Attacker - You can check below blog post on attacks related to azure storage.
katlol/cloudflare-phishing-report - CloudFlare Phishing Report API I use in combination with n8n
ricardojoserf/adfsbrute - A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
epi052/osed-scripts - bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)
Porchetta-Industries/pyMalleableC2 - Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
sensepost/dwn - d(ockerp)wn - a docker pwn tool manager
The-XSS-Rat/SecurityTesting -
noptrix/sshprank - A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan and shodan module.
RealityNet/attack-coverage - an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques
ninefiger/shiroDecrypt - remeberMe的AES解密脚本
yang8e/jdbc_mysql_redfile -
MoralCode/pihole-antitelemetry - A research-based starter pihole list to improve your privacy
visma-prodsec/columbo - Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.
oldrho/ip2provider - Resolves an IP address to the cloud provider it is hosted on
martinradev/gdb-pt-dump -
gwen001/dnspy - Find subdomains and takeovers.
ce-automne/OrderbyHunter - 一款辅助探测Orderby注入漏洞的BurpSuite插件
ecederstrand/exchangelib - Python client for Microsoft Exchange Web Services (EWS)
sc0tfree/mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat an
SECFORCE/SNMP-Brute - Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.
0vercl0k/CVE-2021-24086 - Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.
UnaPibaGeek/ctfr - Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
wapiti-scanner/wapiti - Web vulnerability scanner written in Python3
threatexpress/random_c2_profile - Cobalt Strike random C2 Profile generator
blackbotsecurity/Atomic-Red-Team-Intelligence-C2 - ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.
MohamedTarekq/trailso - [+]An Automation Tool Based on [ securitytrails.com ]
ghostlulzhacks/s3brute - s3 brute force tool
saleem8054/clickjack - A simple tool to check subdomains for clickjacking attack.
HXSecurity/vulhub-compose - vulhub-compose是一款屏蔽docker-compose的命令行工具，目的是降低火线平台社区用户使用vulhub靶场的难度，减少学习docker-compose的时间成本；同时，支持直接安装洞态IAST（原灵芝IAST）到vulhub靶场，用于漏洞复现、漏洞挖掘。
h4x0r-dz/RCE-Exploit-in-BIG-IP -
microsoft/playwright-python - Python version of the Playwright testing and automation library.
GuoKerS/Charset_encoding-Burp - 利用字符集编码绕过waf的burpsuite插件
EASY233/Finger - 一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具
kaluche/bloodhound-quickwin - Simple script to extract useful informations from the combo BloodHound + Neo4j
Malfrats/xeuledoc - Fetch information about a public Google document.
hausec/ProxyLogon -
S1xHcL/f5_rce_poc - cve-2021-22986 f5 rce 漏洞批量检测 poc
mandiant/ReelPhish -
luodameinv/SonicWallSSL-VPN_RCE - 一个简单的SonicWallSSL-VPN远程命令执行批量检测脚本
dogasantos/masstomap - A bridge between masscan and nmap - run fast masscan, parse output, execute nmap using masscan as input
bugcrowd/vulnerability-rating-taxonomy - Bugcrowd’s baseline priority ratings for common security vulnerabilities
JohnTroony/Blisqy - Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
kabilan1290/grapX - grapX will iterate through the URLs and grep the endpoints with all possible extensions.
atdpa4sw0rd/Search-Tools - 聚合空间测绘搜索（Fofa,Zoomeye,Quake,Shodan,Censys,BinaryEdge）
jeansgit/Pentest - Pentest 收集、整理、分享
worawit/CVE-2021-3156 - Sudo Baron Samedit Exploit
tehryanx/normal.py - Find unicode codepoints to use in normalisation and transformation attacks.
s0md3v/dump - Stuff that doesn't deserves its own repository.
HJ23/Raptor - Passive subdomain enumeration tool with http-probe.
phor3nsic/graphqlBrute -
Bhadresh-Malankiya/SendGET - Basically this open source python script for linux users to send automatically GET requests in bulk from input file and save output having response code and domain name
wgpsec/tig - Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
FabriceSalvaire/CodeReview - CodeReview is a Git GUI tool to perform code review (Diff Viewer) written in Python3 and Qt5.
pylava/pylava - Code audit tool for python (a community maintained fork of Pylama)
wafinfo/Sunflower_get_Password - 一款针对向日葵的识别码和验证码提取工具
WithSecureLabs/awspx - A graph-based tool for visualizing effective access and resource relationships in AWS environments.
doyensec/regexploit - Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
yhy0/github-cve-monitor - 实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控，并多渠道推送通知
EnableSecurity/wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
unipacker/unipacker - Automatic and platform-independent unpacker for Windows binaries based on emulation
firmianay/security-paper - （与本人兴趣强相关的）各种安全or计算机资料收集
luckyster895/GoldenRecon -
extremecoders-re/pyinstxtractor - PyInstaller Extractor
vchinnipilli/kubestriker - A Blazing fast Security Auditing tool for Kubernetes
KrispyCamel4u/SysMonTask - Linux system monitor with the compactness and usefulness of windows task manager to allow higher control and monitoring.
zongdeiqianxing/Autoscanner - 输入域名>爆破子域名>扫描子域名端口>发现扫描web服务>集成报告的全流程全自动扫描器。集成oneforall、masscan、nmap、dirsearch、crawlergo、xray等工具，另支持cdn识别、网页截图、站点定位；动态识别域名并添加功能、工具超时中断等
HoangKien1020/CVE-2021-23132 - com_media allowed paths that are not intended for image uploads to RCE
kmahyyg/my-htb-tools2 -
pureqh/bypassAV - 免杀shellcode加载器
eveem-org/panoramix - Decompiler at the heart of Eveem.org
ghostop14/sparrow-wifi - Next-Gen GUI-based WiFi and Bluetooth Analyzer for Linux
swisskyrepo/GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
ekiojp/dfex - DNS File EXfiltration
aedoo/ACMSDiscovery - CMS识别，CMS检测，多线程，超大指纹库。CMS identification, CMS detection, multi-threading, large fingerprint library.
0xrishabh/websy - Keep track of changes in website with WEBSY
PushpenderIndia/apkinfector - Advanced Android AV Evasion Tool Written In Python 3 that can Embed/Bind meterpreter APK to any Legitimate APK
DC3x6/FOFA_API - 以excel表形式输出通过fofa-api查询获得的结果，需要开通fofa会员。
BishopFox/json-interop-vuln-labs - Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"
SummerSec/BypassSuper - Bypass 403 or 401 or 404
conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972 - VMware vCenter 未授权RCE（CVE-2021-21972）
milo2012/CVE-2021-21972 - CVE-2021-21972
demonxian3/crack-yakpro-php - 破解由 yakpro 混淆的PHP代码 (cracking PHP code obfuscation using yarkpo method)
ARPSyndicate/rescro - regular expression extractor for webpages
Zarcolio/grepaddr - Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.
QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC -
0xTRAW/PwnLnX - An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out with the development. Disclaimer: This reverse shell sho
NorthwaveSecurity/wikiraider - Want to crack passwords faster by using a wordlist that fits your 'target audience'? Use WikiRaider.
pierky/arouteserver - A tool to automatically build (and test) feature-rich configurations for BGP route servers.
NS-Sp4ce/huaweiSwitchCrack - 华为交换机批量爆破脚本【WEB+Telnet】
NS-Sp4ce/NpsCrack - 一款适用于爆破NPS服务器的脚本
burpheart/mbtm - 攻击流量模拟用于迷惑蓝队分散蓝队精力混淆真实攻击流量
smackerdodi/allowed-methods - get the http allowed methods for URLs list
yzhao062/pyod - A Comprehensive and Scalable Python Library for Outlier Detection (Anomaly Detection)
scoringengine/scoringengine - Scoring Engine for Red/White/Blue Team Competitions
lipoja/URLExtract - URLExtract is python class for collecting (extracting) URLs from given text based on locating TLD.
zj1244/beholder_scanner - 一款监控端口变化的系统——beholder_scanner端
smackerdodi/403bypasser - automate the procedure of 403 response code bypass
bartdag/pylinkvalidator - pylinkvalidator is a standalone and pure python link validator and crawler that traverses a web site and reports errors (e.g., 500 and 404 errors) encountered.
mrtc0/speedtest-exporter -
hpthreatresearch/tools - Scripts and tools accompanying HP Threat Research blog posts and reports.
knassar702/zaphoster - Fix host header error in zaproxy
ctxis/crackerjack - CrackerJack / Hashcat Web Interface / Context Information Security
rortega/Frukah - This is a Frida/Gui tool is used for dynamic analysis of android applications. The tool allows you to inject/hook javascript to various java methods. This will allow you to follow/modify the applicat
blabla1337/skf-labs - Repo for all the OWASP-SKF Docker lab examples
oerlex/ZoneTransferFuzzer -
Rodney-O-C-Melby/dns-zone-transfer-test - Automates Domain Name System (DNS) zone transfer testing. Checks for CVE-1999-0532 by automatically finding a given domains nameservers, and tests for zone transfers, if successful, subdomains are pr
Veraxy00/Shiro-EXP - Apache Shiro 反序列化漏洞检测与利用工具，一键注入内存马
0x802/LinkSniper - Spider or repeater to find all links.
it-jhack/subsort - Subsort removes grep redundancies for subdomains in a list.
gnebbia/pdlist - A passive subdomain finder
Zarcolio/1pfuscat0r - A tool to automatically generate alternative IP representations, a rewritten version of IPFuscator
loseys/BlackMamba - C2/post-exploitation framework
allyomalley/BurpParamFlagger - A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.
DimopoulosElias/CIExtender -
tothi/rbcd-attack - Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
byt3bl33d3r/Utinni - An async Python client library for Empire's RESTful API
Veraxy00/Jumpserver-EXP - JumpServer远程代码执行漏洞检测利用脚本
yunemse48/403bypasser -
cyberark/BlobHunter - Find exposed data in Azure with this public blob scanner
google/osv.dev - Open source vulnerability DB and triage service.
jasperla/CVE-2020-11651-poc - PoC exploit of CVE-2020-11651 and CVE-2020-11652
tgbot-collection/YYeTsBot - 🎬 人人影视机器人和网站，包含人人影视全部资源以及众多网友的网盘分享
rackerlabs/pyndiff - Generate human-readable ndiff output when comparing 2 Nmap XML scan files
rotemreiss/uddup - Urls de-duplication tool for better recon.
tjnull/OSCP-Stuff - List of Stuff I did to get through the OSCP :D
ecriminal/phpvuln - 🕸️ Audit tool to find common vulnerabilities in PHP source code
rakjong/Jumpserver-unauthorized-POC - Jumpserver未授权读取漏洞
MzzdToT/ApacheFlink_poc - ApacheFlink未授权访问+远程代码执行批量扫描poc。
JYanger/redis-unauthorized-check - 内网redis未授权弱口令批量检测工具
m7xss/fastcgi-exploits - fastcgi-client 、php-fpm未授权访问漏洞、exploit
mrknow001/xxl-job-rce - xxl-job未授权命令执行
Juneah/Rsync-unauthorized-scan - rsync未授权空密码扫描
pan3a/Redis-Getshell - Redis 未授权检测,密码爆破,Webshell写入,SSH公私钥写入,定时计划反弹Shell.
rakjong/seeyon-unauthorized-upload-getshell - 致远OA未授权文件上传漏洞批量getshell
burningmantech/ranger-ims-server - Ranger Incident Management System—Server
jwhitt3r/SIEMEz - A open-source Django Security Incident and Event Management System
certsocietegenerale/FIR - Fast Incident Response
guptabless/unclaim-s3-finder -
Mesh3l911/Sub_Analyser -
ambionics/symfony-exploits - Exploits targeting Symfony
pypa/pipx - Install and Run Python Applications in Isolated Environments
BiZken/PhishMailer - Generate Professional Phishing Emails Fast And Easy
fumengze/rad_xray - 基于radium爬虫编写的批量任务处理脚本，使用进程池
shanyuhe/follow - 一个web安全深度爬虫，可以和漏扫软件进行联动，如 burp xray ,效果棒棒哒
redfast00/malidate - A logging DNS and HTTP(S) server. Opensource alternative to some parts of the Burpsuite Collaborator server.
SygniaLabs/security-cloud-scout -
possib1e/OneDragon - OneDragon 安全圈一条龙服务，全自动化挖洞，助力挖SRC的赏金猎人白帽子，一键实现子域名扫描，全端口扫描，目录扫描，漏洞扫描。
opendevops-cn/codo-cmdb - 基于Tornado实现的一套资产管理系统、支持AWS、阿里云、腾讯云、华为云自动拉取资产信息等
tsug0d/AndroidMobilePentest101 - Pentesting Android Application Course For Kids+ (English and Vietnamese edition)
thibmaek/vrt-http-flask - Small example of running pyvrt in a Flask HTTP server
jayus0821/swagger-hack - 自动化爬取并自动测试所有swagger接口
MrCl0wnLab/ShellShockHunter - It's a simple tool for test vulnerability shellshock
lanjelot/patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Roo7K1d/D0x-K1t-v2 - Active reconaissance, information gathering and OSINT built in a portable web application test.
s7ckTeam/Glass - Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹，也可针对IP/IP段或资产列表进行快速的指纹识别。
opencve/opencve - CVE Alerting Platform
HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
deafmute1/refeed - Monitors an imap mailbox and converts incoming email matching filters to atom/rss feeds.
hypn0s/AJPy -
NobleSiXSS/getjswords.py_fork - getjswords.py with local files support
dkgee/public_monitors - 公网IP扫描
dawn0207/python_masscan_nmap - 通过python调取masscan扫描开放端口，然后通过nmap对端口服务和版本进行确认，最终输出表格
screetsec/BruteSploit - BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used
eslam3kl/3klector - 3klector is an automation Recon tool which collecting information about Acquisitions and ASN which related to Big Scope company
eslam3kl/crtfinder - Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
zhuifengshen/DingtalkChatbot - 钉钉群自定义机器人消息Python封装
knqyf263/dnspooq - DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
pmiaowu/BurpHttpForwardRequests - burp-http请求转发至其他模块的插件
Hzllaga/BT_Panel_Privilege_Escalation - 宝塔面板Windows版提权方法
ocrmypdf/OCRmyPDF - OCRmyPDF adds an OCR text layer to scanned PDF files, allowing them to be searched
PaddlePaddle/PaddleOCR - Awesome multilingual OCR toolkits based on PaddlePaddle (practical ultra lightweight OCR system, support 80+ languages recognition, provide data annotation and synthesis tools, support training and de
Y4er/CVE-2020-14756 - WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar
oppo-security/rpktool - A toolkit to unpack, debug and repack an rpk file.
ajinabraham/package_scan - PoC: Python package static and dynamic analysis to detect environment variable stealing
darrenmartyn/VisualDoor - SonicWall SSL-VPN Exploit
knownsec/LSpider - LSpider 一个为被动扫描器定制的前端爬虫
synacktiv/eos - Enemies Of Symfony - Debug mode Symfony looter
DontPanicO/jwtXploiter - A tool to test security of json web token
AidenPearce369/exif-gps-tracer - A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces output in CSV file and also in HTML Google Maps
Raikia/UhOh365 - A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering ass
pawlaczyk/sarenka - OSINT tool - gets data from services like shodan, censys etc. in one app
pixelbubble/ProtOSINT - ProtOSINT is a Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses
edoardottt/longtongue - Customized Password/Passphrase List inputting Target Info
ssh-mitm/ssh-mitm - ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
GitLab-Red-Team/token-hunter - Collect OSINT for GitLab groups and members and search the group and group members' snippets, issues, and issue discussions for sensitive data that may be included in these assets.
tyki6/MyJWT - A cli for cracking, testing vulnerabilities on Json Web Token(JWT)
Josue87/MetaFinder - Search for documents in a domain through Search Engines (Google, Bing and Baidu). The objective is to extract metadata
omarhashem123/venom - Tool designed for fast crawl and extract endpoints
s0md3v/MyPapers - Repository for hosting my research papers
josehelps/git-wild-hunt - A tool to hunt for credentials in github wild AKA git*hunt
w0x68y/bypassWAF - bypassD盾、安全狗、云锁
m8sec/subscraper - Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.
m8sec/pymeta - Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
0x240x23elu/JSScanner - Js File Scanner
WangYihang/GitHacker - 🕷️ A .git folder exploiting tool that is able to restore the entire Git repository, including stash, common branches, common tags.
potats0/javaSerializationTools -
Sumeet-R/L7-Inspector - A python based security auditing tool that can find various injection payloads from web server and application logs
ScRiPt1337/hackthebox_notes - random script and tools and notes i create while doing hack the box
clevercoder91/Subanser - A simple Python Script you must take a Try !
epi052/recon-pipeline - An automated target reconnaissance pipeline.
notmarshmllow/credax - Credax - Fuzzing Tool with Slack Notifications. Also removes false positive responses.
zh-explorer/openvpn_route - openvpn route config helper
byt3bl33d3r/webview_d3 - Generate graphs with NetworkX, natively visualize with D3.js and pywebview
denandz/OpManager-Decrypter - Some simple scripts for decrypting passwords retrieved from a Manage Engine OpManager installation
DreyAnd/DeadDNS - DNS hijacking via dead records automation tool
moloch--/RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
micah5/ace-attorney-reddit-bot - 👨🏼‍⚖️ reddit bot that turns comment chains into ace attorney scenes
dtmilano/AndroidViewClient - Android ViewServer and ADB client
0xInfection/XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
zongdeiqianxing/hscan - 集成crawlergo、xray、dirsearch、nmap等工具的src漏洞挖掘工具，使用docker封装运行；使用oneforall自动遍历子域名并扫描；
r0x0r/pywebview - Build GUI for your Python program with JavaScript, HTML, and CSS
Higurashi-kagome/pythontools - 微信读书笔记助手、Markdown 添加标题、Markdown 标题添加序号...
SabyasachiRana/WebMap - WebMap-Nmap Web Dashboard and Reporting
lijiejie/BBScan - A fast vulnerability scanner
dotPY-hax/gitlab_RCE - RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
bitranox/fingerprint - Monitoring Registry and File Changes in Windows
DEMON1A/Blinder - A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
ankit0183/Wifi-Hacking - Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)
darkoperator/dnsrecon - DNS Enumeration Script
zeronine9/Blind_SPOT - Blind spot is a python tool for blind injection vulnerabilities , SQLi time based , Command injection , code injection , SSTI
dirkjanm/ROADtools - A collection of Azure AD tools for offensive and defensive security purposes
adarshshetty18/fcm_server_key - Tool to extract & validate google fcm server keys from apks
SharonBrizinov/s3viewer - Storage Explorer - Publicly open storage viewer (Amazon S3 Bucket, Azure Blob, FTP server, HTTP Index Of/)
MrWQ/vulnerability-paper - 收集的文章 https://mrwq.github.io/vulnerability-paper/
f0cker/crackq - CrackQ: A Python Hashcat cracking queue system
ihebski/DefaultCreds-cheat-sheet - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
enemy-submarine/pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
oasiszrz/XAIGen -
SkyBlueEternal/Nessus-update - Nessus 一键下载最新更新脚本
BugBountyResources/targets - A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
six2dez/degoogle_hunter - Simple fork from degoogle original project with bug hunting purposes
s0md3v/ote - Generate Email, Register for anything, Get the OTP/Link
w9w/JSA - Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
n0x08/ShodanTools - Collection of scripts & fingerprinting tricks for Shodan.io
breenmachine/httpscreenshot -
loseys/Oblivion - Data leak checker & OSINT Tool
UserExistsError/webshooter - Inspired by gowitness and EyeWitness
gquere/pwn_jenkins - Notes about attacking Jenkins servers
Ridter/CVE-2019-1040-dcpwn - CVE-2019-1040 with Kerberos delegation
Loveforkeeps/ThreatReputationQuery - 基于威胁情报厂商服务平台API的即时Domain/IP/URL信誉查询系统
maxmind/MaxMind-DB-Reader-python - Python MaxMind DB reader extension
w5teams/w5 - Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效
irsl/google-osconfig-privesc - Proof of concept about the privilege escalation flaw identified in Google's Osconfig
ARPSyndicate/dmass - scrapes domains from VDP/BBP scopes
vulnersCom/mikrot8over - mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4
SourceCode-AI/aura - Python source code auditing and static analysis on a large scale
shazsyed/FavHunt - Favicon based recon for faster fingerprinting of web services
TebbaaX/GRecon - Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.
captain-woof/DirtyPortScanner - A simple, fast port scanner that can work with Nmap.
f-froehlich/nmap-scan - Nmap wrapper for python with full Nmap DTD support, parallel scans and threaded callback methods support for faster analytics.
creditease-sec/insight2 -
r3change/TPLogScan - ThinkPHP全日志扫描工具，命令行版和BurpSuite插件版
mrknow001/aliyun-accesskey-Tools - 阿里云accesskey利用工具
7hj4/links-html -
anshumanpattnaik/http-request-smuggling - HTTP Request Smuggling Detection Tool
j3ers3/Searpy - 🥀 Search Engine Tookit，URL采集、Favicon哈希值查找真实IP、子域名查找
bak6ry/Getshell - 一款基于shodan识别漏洞，批量getshell的脚本，可以用来渗透测试练手使用，只写了海康威视一个漏洞的，感兴趣可以自己修改
7CLewis/SAAST_Project - Shodan API Automated Search Tool
Ethancck/TFofa - 一个使用Fofa API查询的小工具
n00py/LAPSDumper - Dumping LAPS from Python
jordan9001/dobby2 - Build your emulation environment as needed
defparam/Coldsnap -
PeterL1n/BackgroundMattingV2 - Real-Time High-Resolution Background Matting
JYanger/Weblogic_Scan - 一款Weblogic漏洞扫描工具，批量ip，多端口检测。
philipperemy/3.7-billion-passwords-tools - Tools to manipulate the data behind Collection #1 (and #2–5) - AntiPublic.
NoDataFound/RiskIQ.SunBurst.Hunter - The Purpose of this research tool is to provide a Python client into RiskIQ API services.
Arno0x/NtlmRelayToEWS - ntlm relay attack to Exchange Web Services
ARPSyndicate/xlocate - the ultimate exploits/references finder
stamparm/identYwaf - Blind WAF identification tool
Margular/frida-skeleton - 基于frida的安卓hook框架，提供了很多frida自身不支持的功能，将hook安卓变成简单便捷，人人都会的事情
Santandersecurityresearch/corsair_scan - Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
MurkFox/Otter_scan -
zeronetworks/BloodHound-Tools - Collection of tools that reflect the network dimension into Bloodhound's data
TheKingOfDuck/easyXssPayload - XssPayload List . Usage:
synacktiv/lumina_server - Local server for IDA Lumina feature
TheTwitchy/xxer - A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
noperator/CVE-2019-18935 - RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
Manjesh24/JSON-JS-Beautifier - Burp Suite JSON/JS-Beautifier
grayddq/EBurst - 这个脚本主要提供对Exchange邮件服务器的账户爆破功能，集成了现有主流接口的爆破方式。
gotr00t0day/forbiddenpass -
markgacoka/selenium-proxy-rotator - A python wrapper around selenium that makes web automation anonymous through proxy rotation
EvilPulsar/S2-061 - some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cause ONGL expression execute
theLSA/burp-sensitive-param-extractor - burpsuite extension for check and extract sensitive request parameter
wmathor/Rubbish-Video-Generator - 营销号视频生成器
wuzuowei/CVE-2020-17530 - S2-061 的payload，以及对应简单的PoC/Exp
ka1n4t/CVE-2020-17530 -
m8sec/taser - Python resource library for creating security related tooling
deepseagirl/degoogle - search Google and extract results directly. skip all the click-through links and other sketchiness
Damian89/simple-oob-scanner - Simple tool to test for SSRF/OOB HTTP Read within the Path of a request
demantz/frizzer - Frida-based general purpose fuzzer
dephell/dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump versio
QPromise/EasyTrans - 支持谷歌翻译、百度翻译、有道翻译的免费接口，基于Django、PyMuPDF实现了pdf文档英译汉的功能，翻译后的pdf格式基本保持不变，可以下载docx和pdf格式的翻译文档，基本解决复制caj中文论文时的格式问题，简单的满足看论文以及写总结的需求。
RodrickOMG/PDF-translator - A PDF translator which can translate English pdf into Chinese pdf. 将英文的PDF翻译并自动生成中文版PDF
HACHp1/chptrans - 翻译英文pdf论文的小工具，类似于不使用浏览器的划词翻译
beurtschipper/Depix - Recovers passwords from pixelized screenshots
SimplySecurity/SimplyEmail - Email recon made fast and easy, with a framework to build on
Rockyzsu/stock - 30天掌握量化交易 (持续更新)
codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
NS-Sp4ce/TongDaOA-Fake-User - 通达OA 任意用户登录漏洞
jpadilla/pyjwt - JSON Web Token implementation in Python
Mesh3l911/SQLi_Checker_v1.1 -
mitre-attack/car - Cyber Analytics Repository
py2exe/py2exe - Create standalone Windows programs from Python code
sneakerhax/C2PE - C2 and Post Exploitation Code
sv3nbeast/ShiroScan - Shiro<=1.2.4反序列化，一键检测工具
eslam3kl/3klCon - Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
r0ysue/r0capture - 安卓应用层抓包通杀脚本
ptoomey3/evilarc - Create tar/zip archives that can exploit directory traversal vulnerabilities
alphaSeclab/malware-ioc-hash - Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.
LandGrey/domainNamePredictor - 一个简单的现代化公司域名使用规律预测及生成工具
imjdl/Apache-NiFi-Api-RCE -
prisma-cloud/IAMFinder - IAMFinder enumerates and finds users and IAM roles in a target AWS account.
nccgroup/s3_objects_check - Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
ARPSyndicate/kenzer - automated web assets enumeration & scanning [DEPRECATED]
BC-SECURITY/Empire-Cli - CLI Frontend for PowerShell Empire.
xenoscr/SessionHound - A pair of scripts to import session and local group information that has been collected from alternate data sources into BloodHound's Neo4j database.
GGyao/CVE-2020-14882_ALL - CVE-2020-14882_ALL综合利用工具，支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。
dariusztytko/jwt-key-id-injector - Simple python script to check against hypothetical JWT vulnerability.
righettod/burp-piper-custom-scripts - Custom scripts for the PIPER Burp extensions.
panch0r3d/Bug_Bounty_Tools - Random tools I've made for bug bounty hunting
z3dc0ps/0x0p1n3r - 0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover
lyy289065406/threat-broadcast - 威胁情报播报
seemoo-lab/toothpicker -
htr-tech/fake-mailer - Send Mail Anonymously with this Script
S2-group/android-runner - Python framework for automatically executing measurement-based experiments on native and web apps running on Android devices
disclose/diodb - Open-source vulnerability disclosure and bug bounty program database.
hoat23/Nessus2Elasticsearch -
Ovi3/awvs_xray - AWVS13和xray的自动化扫描脚本
Hefei-Harden/AUTO-AWVS -
0671/MyCT - 用于渗透测试、安全运维的插件化并发框架，自写插件可进行-PoC测试、子域发现、端口扫描等。
winezer0/infoport - Masscan-+Nmap等多种语言扫描器组件构成的端口+服务扫描检测工具
airob0t/idcardgenerator - 身份证图片生成工具 generate an id card picture
CaledoniaProject/password-distance - 常见密码变形方法
gakki429/Git_Extract - 提取远程 git 泄露或本地 git 的工具
raoweijian/jacoco-diff - 在 jacoco 覆盖率报告的基础上，计算出增量覆盖率
nabilm/aneo4j - Yet another simple async client wrapper for neo4j
Charmve/BLE-Security-Attack-Defence - ✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
nyxgeek/ntlmscan - scan for NTLM directories
Dliv3/redis-rogue-server - Redis 4.x/5.x RCE
sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory
PaytmLabs/nerve - NERVE Continuous Vulnerability Scanner
Miagz/XrayFofa - 一款将xray和fofa完美结合的自动化工具,调用fofaAPI进行查询扫描,新增爬虫爬取扫描(懒人必备)
n3k/Pentest - Notes/Tools for pentesting
Gality369/CS-Loader - CS免杀
dhaneshsivasamy07/hackthebox - Notes Taken for HTB Machines & InfoSec Community.
salesforce/jarm -
Ganofins/subcapture - Another automated script to check for subdomain takeover
DiegoCaraballo/Email-extractor - The main functionality is to extract all the emails from one or several URLs - La funcionalidad principal es extraer todos los correos electrónicos de una o varias Url
sameera-madushan/Print-My-Shell - Python script wrote to automate the process of generating various reverse shells.
rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
timwhitez/Frog-Fp - 🐸fingerprint detect framework 批量深度指纹识别框架
mschwager/0wned - Code execution via Python package installation.
Ithrael/beian_miit_spider - 一个工业和信息化部ICP备案查询的爬虫
WBGlIl/CS_Decrypt -
profmoriarity/rexsser - This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope.
uknowsec/BurpSuite-Extender-fastjson - Reference：https://www.w2n1ck.com/article/44/
dcsync/pycobalt - Cobalt Strike Python API
XTeam-Wing/SSRF_BYPASS - SSRF 绕过 Payload
morpheus65535/bazarr - Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements. You define your preferences by TV show or movie and Bazarr takes care of everythi
cve-search/cve-search - cve-search - a tool to perform local searches for known vulnerabilities
0cirius0/Subdomains-Tracker - A notification script to help with Recon Stuff
bytebutcher/decoder-plus-plus - An extensible application for penetration testers and software developers to decode/encode data into various formats.
google/nogotofail - An on-path blackbox network traffic security testing tool
FSecureLABS/N1QLMap - The tool exfiltrates data from Couchbase database by exploiting N1QL injection vulnerabilities.
skynet0x01/tugarecon - Pentest: Subdomains enumeration tool for penetration testers.
ascr0b/PCWT -
apache/rocketmq-client-python - Apache RocketMQ python client
Ch1ngg/JCE - JCE - JSP/JPSX CodeEncode - 用于 Webshell 逃避静态查杀的辅助脚本
evilpenguin/APKProxyHelper - Patches those pesky APKs for proxy use.
LanikSJ/dfimage - Reverse-engineer a Dockerfile from a Docker image.
amcai/myscan - myscan 被动扫描
jofpin/brutto - Easy brute forcing to whatever you want - Jose Pino
lightspin-tech/red-kube - Red Team K8S Adversary Emulation Based on kubectl
samloader/samloader - Download Samsung firmware from official servers
j1anFen/burp_jspath - A burp suite plugin to discover hidden paths in javascript code
Rozendantz/subforce - A commandline forced browsing tool for subdomain lists
blackorbird/APT_REPORT - Interesting APT Report Collection And Some Special IOC
s1kr10s/CVE-2020-14882 - CVE-2020–14882 by Jang
LyleMi/papers - Academic papers and articles that I read related to web hacking, fuzzing, etc. / 阅读过的Web安全方向、模糊测试方向的一些论文与阅读笔记
withdk/pulse-secure-vpn-mitm-research - Pulse Secure VPN mitm Research - CVE-2020-8241, CVE-2020-8239
timwhitez/Frog-Auth - 🐸Unauthorized Detection Framework未授权访问检测框架
elfarsaouiomar/monitor-new-subdomain - MNS is a security and reconnaissance tool for monitoring new subdomains
hanbings/qwq - BilibiliCTF 简单记录
devanshbatham/CertEagle - Weaponizing Live CT logs for automated monitoring of assets
shemesh999/oregami - IDA plugins and scripts for analyzing register usage frame
NetSPI/NetblockTool - Find netblocks owned by a company
threat9/routersploit - Exploitation Framework for Embedded Devices
S1lkys/CVE-2020-15906 - Writeup of CVE-2020-15906
kbandla/ImmunityDebugger - ImmunityDebugger
integrity-sa/burpcollaborator-docker - This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the
its-a-feature/Mythic - A collaborative, multi-platform, red teaming framework
jiansiting/cve-2020-16898 - PoC BSOD for CVE-2020-16898
suanve/recode - 基于python的代码审计工具
refraction-ray/xalpha - 基金投资管理回测引擎
an00byss/TheCl0n3r - TheCl0n3r will allow you to download and manage your git repositories.
BitTheByte/Eagle - Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
hu4wufu/CVE-2020-15227 - CVE-2020-15227 exploit
BitTheByte/Monitorizer - Multithreaded monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools with support for Acunetix & Nuclei
arbazkiraak/certstream-subdomains-monitor - Monitor subdomains with certstream
strikergoutham/Anti-Takeover - Anti-Takeover is a sub domain monitoring tool for (blue/purple) team / internal security team which uses cloud flare. Currently Anti-Takeover monitors more than a dozen third party services for dangli
timwhitez/Frog-Submon - 🐸Subdomain Monitor, 子域名监控
ZacharyZcR/AWD - AWD线下攻防常用Python库及集成框架
theLSA/burp-unauth-checker - burpsuite extension for check unauthorized vulnerability
BigFaceCat2017/frida_ssl_logger - ssl_logger based on frida
PaperMtn/gitlab-watchman - Monitoring GitLab for sensitive data shared publicly
thalesgroup-cert/Watcher - Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
SomeKirill/wordlist_generator - Unique wordlist generator of unique wordlists.
TesterlifeRaymond/doraemon - Doraemon-接口自动化测试工具
laike9m/Cyberbrain - Python debugging, redefined.
Ares-X/shiro-exploit - Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload
zhzyker/vulmap - Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
mzfr/liffy - Local file inclusion exploitation tool
mame82/misc -
Cisco-Talos/DynDataResolver -
PCanyi/CAPEv2 - Malware Configuration And Payload Extraction
obheda12/GitDorker - A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
lexfo/rpc2socks - Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.
honoki/bbrf-client - The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
amygdela09/discrete-console - A terminal emulator that automatically proxies commands through ProxyChains.
LandGrey/flink-unauth-rce - exploit Apache Flink Web Dashboard unauth rce on right way by python2 scripts
mgeeky/tomcatWarDeployer - Apache Tomcat auto WAR deployment & pwning penetration testing tool.
patois/HexraysToolbox - Hexrays Toolbox - Find code patterns within the Hexrays AST
Wenzel/checksec.py - Checksec tool in Python, Rich output. Based on LIEF
iphelix/pack - PACK (Password Analysis and Cracking Kit)
sp00ks-git/hat - HAT (Hashcat Automation Tool) - An Automated Hashcat Tool for common wordlists and rules to speed up the process of cracking hashes during engagements. Created for Linux based systems
Ridter/cve-2020-0688 - cve-2020-0688
GainSec/GoldenNuggets-1 - Burp Extension for easily creating Wordlists
elastic/detection-rules - Rules for Elastic Security's detection engine
mxrch/GHunt - 🕵️‍♂️ Offensive Google framework.
monkey-wenjun/get_domain_info - 批量查询备案和域名解析的工具
PushpenderIndia/ORhunter - ORhunter is an Open Redirect Vulnerability Scanner which Passively Crawls URLs from 3 Sources & Then Filter Potential URLs based on Parameter Values, then finally hunt them for Unvalidated Open Redire
gnothiseautonlw/burp-shell-fwd-lfi - A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration
gquere/CVE-2020-7931 - Hacking Artifactory with server side template injection
wxq0309/fastapi - 基于Fastapi开发，集成Celery-redis分布式任务队列、JWT 用户系统、ElasticSearch和encode orm的基础项目模板，大家可以根据自己的需求在本模板上进行修改
leezp/SubdomainWash - 子域名清洗工具+awvs12联动xray分布式
guohongze/adminset - 自动化运维平台：CMDB、CD、DevOps、资产管理、任务编排、持续交付、系统监控、运维管理、配置管理
er10yi/MagiCude - 分布式端口（漏洞）扫描、资产安全管理、实时威胁监控与通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架
matterport/Mask_RCNN - Mask R-CNN for object detection and instance segmentation on Keras and TensorFlow
FunnyWolf/CThun - 集成快速端口扫描服务识别和暴力破解
bwiko/UrlAutoFire - URLAUTOFIRE made to make your life easier, this tool allow you to browse a file of urls faster just by adding shortcut to your machine(linux)
AhmedConstant/BlindCrawler - A tool for web crawling & content discovery
ihebski/db - Bugbounty utility to store the list of the enumerated subdomains into an sqlite3 db [one liner style / Pipe and save]
knownsec/LBot - A simple xss bot template
knownsec/Minitools-bin_extractor - A simple script for quickly mining sensitive information in binary files.
knownsec/Minitools-CookieTest - A script used to quickly test APIs or required parameters and cookies for a certain request.
Echocipher/Subdomain-Takeover - 一个子域名接管检测工具
k8gege/CVE-2019-0708 - 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
autoing/RSAS-Data-Export - 绿盟极光远程安全评估系统(RSAS)-RSAS漏洞数据导出工具
asmjmp0/fridaMemoryAccessTrace - android memory access trace utility powered by frida framework
3NC0D/Powershell-Obfuscator - Powerful script for logical obfuscation of powershell scripts
bb00/zer0dump - Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.
fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
CERT-Polska/hfinger - Hfinger - fingerprinting HTTP requests
Phoenix1112/subtakeover -
VoidSec/CVE-2020-1472 - Exploit Code for CVE-2020-1472 aka Zerologon
mxrch/darkshot - Lightshot scraper on steroids with OCR.
httpvoid/CVE-Reverse -
sslab-gatech/freedom - A DOM fuzzer
jtpereyda/boofuzz - A fork and successor of the Sulley Fuzzing Framework
gnebbia/kb - A minimalist command line knowledge base manager
VulnTotal-Team/IoT-vulhub - IoT固件漏洞复现环境
SecuraBV/CVE-2020-1472 - Test tool for CVE-2020-1472
securing/DumpsterDiver - Tool to search secrets in various filetypes.
TheNittam/RPOscanner - Relative Path Overwrite Vulnerability Scanner
nil0x42/cracking-utils - scripts for generating password wordlists
freqtrade/freqtrade - Free, open source crypto trading bot
TophantTechnology/ARL - ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。
rudSarkar/Payloads - Exploits for different vulnerabilities
Bitwise-01/Loki - Remote Access Tool
sinfulz/JustTryHarder - JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
TebbaaX/Katana - Python Tool that gives you the ability to run Advanced Google Queries (Known as Google Dorks - Google Dorking) - (No longer maintained)
smackerdodi/CVE-bruter - take a list of subdomain and the required path for specific CVE and give the response code for each url
arthaud/git-dumper - A tool to dump a git repository from a website
L-codes/oneshellcrack - a very very fast brute force webshell password tool
zeroSteiner/crimson-forge - Sustainable shellcode evasion
BishopFox/h2csmuggler - HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
jfarley248/MEAT - This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
PushpenderIndia/subdover - Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
d1y1n/xxetester - Test your XXE Payloads
daxAKAhackerman/XSS-Catcher - A blind XSS detection and XSS data capture framework
mrknow001/fastjson_rec_exploit - fastjson一键命令执行
pyupio/safety - Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
SAP/credential-digger - A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
aress31/jwtcat - A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
devanshbatham/Drishti - A fast HTTP Response status checker implemented in Python3
theori-io/ctf - writeup from some ctfs
craighays/bucketkicker - Brute force AWS bucket finder
jordanpotti/CloudScraper - CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Err0rzz/Attack_Defense_Framework - XMAN2017 结营攻防赛漏洞利用及Flag提交框架
mainframed/DOGECICS - Doge bank expensive new COBOL front end. The retail branches are gonna love this!
evyatarmeged/Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
Gerapy/Gerapy - Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Django and Vue.js
guidepointsecurity/RedCommander - Red Team C2 Infrastructure built in AWS using Ansible!
a0rtega/metame - metame is a metamorphic code engine for arbitrary executables
VainlyStrain/Vailyn - A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
kelvinBen/iosReverseTools - iosReverseTools是ios逆向渗透测试辅助工具集合
kelvinBen/AppInfoScanner - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。
Chirantar7004/Android-Pentesting-Project - Exploited a bank application to find vulnerabilities in the app using Drozer, IDA-Pro and X-posed framework
ronaldyho/hacking_Mobile - Drozer scripts, Knowledge and how-tos from all over the internet - all on hacking Android
carlospolop/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
chriskiehl/Gooey - Turn (almost) any Python command line program into a full GUI application with one line
w4fz5uck5/wp-file-manager-0day - wp-file-manager 6.7 (Aug 2020) Wordpress Plugin 0day - Remote Code Execution
iSafeBlue/redis-rce - Redis RCE 的几种方法
aatlasis/Pholus - A multicast DNS and DNS Service Discovery Security Assessment Tool
melbadry9/ScanApi - Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
7hj4/Fuzzing - A simple script to guess on the website directory
spicesouls/spicescan - Fingerprinting, Port Scanning, Directory Brute Forcing, it's got it all!
kootenpv/gittyleaks - :droplet: Find sensitive information for a git repo
tenable/poc - Proof of Concepts
ztgrace/mole - Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.
h0ffayyy/Jira-CVE-2019-8451 - POC to check for Jira instances vulnerable to CVE-2019-8451
pwn0sec/PwnSSRF - A Python based scanner to find potential SSRF parameters in a web application.
AFLplusplus/Grammar-Mutator - A grammar-based custom mutator for AFL++
ropnop/impacket_static_binaries - Standalone binaries for Linux/Windows of Impacket's examples
strazzere/golang_loader_assist - Making GO reversing easier in IDA Pro
Rhynorater/reports -
SkyBlueEternal/667788 - 动态爬虫+logo识别
ianzhao05/textshot - Python tool for grabbing text via screenshot
gfek/Hunting-New-Registered-Domains - Hunting Newly Registered Domains
allyshka/Rogue-MySql-Server - MySQL fake server for read files of connected clients
quentinhardy/odat - ODAT: Oracle Database Attacking Tool
darryllane/Bluto - DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking
stanislav-web/OpenDoor - OWASP WEB Directory Scanner
kangvcar/InfoSpider - INFO-SPIDER 是一个集众多数据源于一身的爬虫工具箱🧰，旨在安全快捷的帮助用户拿回自己的数据，工具代码开源，流程透明。支持数据源包括GitHub、QQ邮箱、网易邮箱、阿里邮箱、新浪邮箱、Hotmail邮箱、Outlook邮箱、京东、淘宝、支付宝、中国移动、中国联通、中国电信、知乎、哔哩哔哩、网易云音乐、QQ好友、QQ群、生成朋友圈相册、浏览器浏览历史、12306、博客园、CSDN博客、开源
rarecoil/unwebpack-sourcemap - Extract uncompiled, uncompressed SPA code from Webpack source maps.
bkerler/android_universal - Universal android boot to root
smackerdodi/http_r_code - python tool take a list of subdomains and give you the response code for each
BitTheByte/BitMapper - Burp-suite Extension For finding .map files
fO-000/bluing - An intelligence gathering tool for hacking Bluetooth
KingOfBugbounty/KingOfBugBountyTips - Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish t
smackerdodi/domain-ip - this tool take a list of subdomains and give you the ip for each
ustayready/fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
blackberry/pe_tree - Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.
nil0x42/phpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
lakemoon602/snail2.0 - 批量检测敏感信息泄露
FunnyWolf/DarkGuardian - RDP远程登录挂盘监控工具
cnucky/DarkGuardian - RDP远程登录挂盘监控工具
orleven/srcscan - SRCScan(submon) is a SRC assistant tool that periodically scans subdomains and requests WEB services on port 80/443 to check if it is available, and send result to you by e-mail.
kurogai/nero-phishing-server - An full HTTP server for Phishing. Downloads recursively the entire webpage.
IntelligenceX/SDK - Public SDK for Intelligence X
yzddmr6/WebCrack - WebCrack是一款web后台弱口令/万能密码批量检测工具，在工具中导入后台地址即可进行自动化检测。
fatihsirin/Tweettioc-Splunk-App - Tweettioc Splunk App
s0md3v/Parth - Heuristic Vulnerable Parameter Scanner
guardicore/vmware_vcenter_cve_2020_3952 - Exploit for CVE-2020-3952 in vCenter 6.7
TopScrew/CVE-2019-2725 - CVE-2019-2725命令回显+webshell上传+最新绕过
smackerdodi/get-title - multi threaded python tool to get pages's title
mazen160/server-status_PWN - A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
sensepost/routopsy - Routopsy - Hacking Routers with Routers
SPuerBRead/HTMLSimilarity - 网页相似度判断：根据网页结构判断页面相似性，可用于相似度计算、越权检测等(Determine page similarity based on HTML page structure)
swimlane/soc-faker - A python package for use in generating fake data for SOC and security automation.
spacesiren/spacesiren - A honey token manager and alert system for AWS.
VirusTotal/vt-ida-plugin - Official VirusTotal plugin for IDA Pro
pureqh/bypasswaf - 关于安全狗和云锁的自动化绕过脚本
nicolas-carolo/houndsploit - An advanced graphical search engine for Exploit-DB
jfmaes/Parsers - parsers to make life easier
ppbibo/PentesterSpecialDict - 渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker
SkyBlueEternal/FOFA_Search_Tools - FOFA 搜索工具 Python 版 - FOFA Search Tools | Version Python
mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
ambionics/mt_rand-reverse - Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.
Verizon/redshell - An interactive command prompt for red teaming and pentesting. Automatically pushes commands through SOCKS4/5 proxies via proxychains. Optional Cobalt Strike integration pulls beacon SOCKS4/5 proxies f
hamoshwani/Archive-py - Customizing web archives result
smallcham/sec-admin - 分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)
Lonely-night/fastjson_gadgets_scanner -
Jewel591/xssmap - XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
kiang70/Github-Monitor - 对github新CVE，0DAY，RCE等的监控并推送到微信
miracle2k/k8s-snapshots - Automatic Volume Snapshots on Kubernetes.
andxyz/slack-history-export - export your slack-history
FortyNorthSecurity/C2concealer - C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
D4Vinci/bugz-tools - A collection of tools I wrote for bug bounty or hacking and don't mind publishing it :smile:
aufzayed/digit - Extract endpoints from specific Git repository for fuzzing
joefizz/autofindomain -
TheZ3ro/gogsownz - Gogs CVEs
mnemonic-no/SNIcat - SNIcat
intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
ttonys/Scrapy-CVE-CNVD - 漏洞监控，基于scrapy，scrapy-redis，获取每日最新的CVE和CNVD漏洞，邮件通知
lwangenheim/PW_Spy -
cr0hn/rsm - Redis Security Map - Anti-hacking for Redis
Lucifer1993/TPscan - 一键ThinkPHP漏洞检测
serain/bbrecon - Python library and CLI for the Bug Bounty Recon API
cr0hn/festin - FestIn - S3 Bucket Weakness Discovery
admintony/shiro_rememberMe_Rce - 利用长亭xray高级版的回显Gadget重写的一个shiro反序列化利用工具。
xer0days/SQLi-Query-Tampering - SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
arno567/ShiroScanF - shiro反序列化批量ip快速检测脚本
chenjj/espoofer - An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
r35tart/GetIPinfo - 用于寻找多网卡主机方便内网跨网段渗透避免瞎打找不到核心网
Hxzeroone/quoted-printable-Parser - A Burp Suite extension to parse Content-Transfer-Encoding: quoted-printable emails received in Burpcollaborator's SMTP
theLSA/f5-bigip-rce-cve-2020-5902 - F5 BIG-IP RCE CVE-2020-5902 automatic check tool
donot-wong/dnslog - weblog/dnslog平台 Docker容器化部署
yzddmr6/cmd2bx - 把jsp的cmdshell升级为冰蝎一句话
7hang/Fuzz_dic - 参数 | 字典 collections
codingo/Interlace - Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
sv3nbeast/X-Fofa - Fofa的API快速调用，使用了一些小Tips，自用勿传
wnma3mz/wechat_articles_spider - 微信公众号文章的爬虫
0neOfU4/spider_butian_src - Spider of butian src
Cynthrial/butian_urls - 补天公益厂商域名列表
cwkiller/unauthorized-check - 扫描常见未授权访问（redis、mongodb、memcached、elasticsearch、zookeeper、ftp、CouchDB、docker、Hadoop）
ox01024/Xray_and_crwlergo_in_server - 雇一位免费的360工程师和一位长亭工程师为你挖洞，还有听话的server酱给你汇报
fasalmbt/reconme - Recon tool
ac0d3r/WebHunt - A command line tool for analyzing web components for security testing. 𒈯
cL0und/cas4.x-execution-rce - exp for 4.1.x-4.1.6, 4.1.7-4.2.x, padding oracle attack
aatlasis/cve_manager - A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs da
0x5ECF4ULT/CVE-2020-3452 - CVE-2020-3452 exploit
D4Vinci/CWFF - Create your Custom Wordlist For Fuzzing
repnz/ida-plugins - A collection of my IDA plugins
ggolawski/CVE-2020-9495 -
momosecurity/mosec-pip-plugin - 用于检测python项目的第三方依赖组件是否存在安全漏洞。
momosecurity/mosec-x-plugin-backend - MOSEC-X-PLUGIN 后端API服务
arxsys/dff - DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about us
AngelSecurityTeam/RapidPayload - Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion
knassar702/pmg - Extract parameters/paths from urls
ShielderSec/CVE-2020-11579 - Exploit code for CVE-2020-11579, an arbitrary file disclosure through the MySQL client in PHPKB
test502git/awvs14-scan - 针对 Acunetix AWVS扫描器开发的批量扫描脚本，支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项，支持联动xray、burp、w13scan等被动批量
alexhude/uEmu - Tiny cute emulator plugin for IDA based on unicorn.
skelsec/jackdaw - gather gather gather
jipegit/dfir-ioc-ut - DFIR IoC Unit Testing
PortSwigger/lightbulb-framework - Tools for auditing WAFS
coco413/DiscoverPort - 轻量化端口扫描工具
SkyoKen/RasCon_NS - Connect to Nintendo Switch over Bluetooth, emulate amiibo and use script from the web.（蓝牙连接Nintendo Switch，并可通过网页控制和使用脚本与amiibo）
s1kr10s/BurpFuzz -
vi3k6i5/flashtext - Extract Keywords from sentence or Replace keywords in sentences.
jas502n/Shiro_Xray - CommonsBeanutils1,CommonsCollectionsK1
ksharinarayanan/SourceWolf - Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
MIMAZHAN/PVD-HACK - 自动化越权检测PVD
PR3R00T/CVE-2020-3452-Cisco-Scanner - CVE-2020-3452 Cisco ASA Scanner -unauth Path Traversal Check
esecuritylab/kostebek -
virt-manager/virt-manager - Desktop tool for managing virtual machines via libvirt
ra1nb0rn/avain - A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
smackerdodi/cidr2ip - take a list of CIDR and the output is ip list of these CIDR
wetw0rk/CA-UIM-Nimbus-Research - Vulnerability research on the CA UIM Nimbus protocol
google/clusterfuzz - Scalable fuzzing infrastructure.
utkusen/jeopardize - a low(zero) cost threat intelligence&response tool against phishing domains
abhinavsingh/proxy.py - ⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶
00theway/Ghostcat-CNVD-2020-10487 - Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)
aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
WithSecureLabs/captcha22 - CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.
davidson679/Bypass-Web-Application-Firewalls - Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) an
mhaskar/CVE-2020-14947 - The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947
422926799/powershell_c2 - powershell and py -> c2
redhuntlabs/BurpSuite-Asset_History -
redhuntlabs/BurpSuite-Asset_Discover - Burp Suite extension to discover assets from HTTP response.
sweetsoftware/Ares - Python botnet and backdoor
yakuza8/peniot - PENIOT: Penetration Testing Tool for IoT
r0075h3ll/Oralyzer - Open Redirection Analyzer
duc-nt/CVE-2020-6287-exploit - PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasplo
rabbitmask/SB-Actuator - Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测
BeWhoYouWantToBe/ShellScan -
404notf0und/CVE-Flow - CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送
Tib3rius/AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
twelvesec/rootend - A *nix Enumerator & Auto Privilege Escalation tool.
mrh0wl/Cloudmare - Cloudflare, Sucuri, Incapsula real IP tracker.
A-YATTA/AMDH - Android Mobile Device Hardening
GoonSecurity/EAN_CLI - Tool to find leaked tokens in JavaScript
snooppr/snoop - Snoop — инструмент разведки на основе открытых данных (OSINT world)
teamssix/shiro-check-rce - shiro反序列化漏洞检测RCE工具
saucer-man/Hscan - Host scan:Host vulnerability scan主机漏洞扫描
capture0x/XSS-LOADER - Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
timfrazier1/AdversarySimulation - Compilation of resources to help with Adversary Simulation automation harness
ShiftLeftSecurity/sast-scan - Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
jas502n/CVE-2020-8193 - Citrix ADC Vulns
Barriuso/SMBGhost_AutomateExploitation - SMBGhost (CVE-2020-0796) Automate Exploitation and Detection
Healdb/Gather - URL Screenshot Utility
GrrrDog/weird_proxies - Reverse proxies cheatsheet
0x0mar/smod - MODBUS Penetration Testing Framework
tmasto/nike-deobfuscator - Script for libnike-obfuscator
google/turbinia - Automation and Scaling of Digital Forensics Tools
noperator/panos-scanner - Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.
madhavmehndiratta/dorkScanner - A typical search engine dork scanner scrapes search engines with dorks that you provide in order to find vulnerable URLs.
mzfr/slicer - A tool to automate the boring process of APK recon
knassar702/scant3r - ScanT3r - Module based Bug Bounty Automation Tool
byt3bl33d3r/WitnessMe - Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
JaidedAI/EasyOCR - Ready-to-use OCR with 80+ supported languages and all popular writing scripts including Latin, Chinese, Arabic, Devanagari, Cyrillic and etc.
robre/jsmon - a javascript change monitoring tool for bugbounties
Z4nzu/hackingtool - ALL IN ONE Hacking Tool For Hackers
Ch0pin/medusa - Binary instrumentation framework based on FRIDA
daeken/httprebind - Automatic tool for DNS rebinding-based SSRF attacks
sorokinpf/ApiWordlistGenerator - Generate wordlists for fuzzing API method names
minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
devanshbatham/FavFreak - Making Favicon.ico based Recon Great again !
IncideDigital/Mistica - An open source swiss army knife for arbitrary communication over application protocols
qsecure-labs/overlord - Overlord - Red Teaming Infrastructure Automation
microsoft/msticpy - Microsoft Threat Intelligence Security Tools
s-tip/stip-common - Seamless Threat Intelligence Platform
Marten4n6/EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
orleven/Tentacle - Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bu
alfiopuglisi/guietta -
ShawnDEvans/smbmap - SMBMap is a handy SMB enumeration tool
0ang3el/aem-hacker -
Bl1nnnk/kAFL - Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
dtmsecurity/bof_helper - Beacon Object File (BOF) Creation Helper
MandConsultingGroup/Espionage - A Network Packet and Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network.
Matrix07ksa/EvilNet - Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../
mufeedvh/basecrack - Decode All Bases - Base Scheme Decoder
majksec/grom - Http/Https multi threading checker
Stu2014/scan - 自用脚本欢迎star
RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
JE2Se/J2ExpSuite - 一个以python3编写的的漏洞检测框架，可自定义，添加poc，exp，，不需要修改其他内容，只需要编写POC自动执行检测
dhondta/dronesploit - Drone pentesting framework console
google/python-adb - Python ADB + Fastboot implementation
chopicalqui/TurboDataMiner - The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynam
Hackndo/lsassy - Extract credentials from lsass remotely
dhondta/webgrep - Grep Web pages with extra features like JS deobfuscation and OCR
PerezMascato/URLCADIZ - A simple script to generate a hidden url for social engineering.
m4ll0k/BBTz - BBT - Bug Bounty Tools (examples💡)
encoderlee/android_tools - some useful tools for android reverse engineer
lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
ozguralp/gmapsapiscanner -
Tribler/tribler - Privacy enhanced BitTorrent client with P2P content discovery
aldo-moreno-leon/ORtester - Open Redirect scanner - (out of date)
TRSTN4/EagleShell - EagleShell is a high-quality tool that aims to improve your pentest.
hugsy/gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
NickstaDB/patch-apk - Wrapper to inject an Objection/Frida gadget into an APK, with support for app bundles/split APKs.
sidaf/scripts - Some useful scripts I have written or collected
Emoe/OpenBugBounty-Scrapper - This script scrapes the list of open Bug Bounty Programs from openbugbounty.org
EdOverflow/can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
ritiksahni/ASN-Eagle - A tool to discover ASN of any host and fetch IP ranges.
orlyjamie/asnrecon - ASN reconnaissance script
wgpsec/urlscan - 一款url快速检测工具，能够根据关键词搜索域名信息、快速获取url信息来自Plat狼组安全平台
schenkd/nginx-ui - Nginx UI allows you to access and modify the nginx configurations files without cli.
moyuwa/0sec-search - 新版零组资料文库离线漏洞名搜索，功能：更新、查询（不包含漏洞详情）
Knowledge-Wisdom-Understanding/recon - Enumerate a target Based off of Nmap Results
CoffeeJunkiee/Subvenkon - Subvenkon is a subdomain enumerator from Venkon
7hj4/Brute-force-otp - Brute force otp on has no rate limit
alwentiu/COVIDSafe-CVE-2020-12856 - A bluetooth-related vulnerability in some contact tracing apps
MisakiKata/python_code_audit - python 代码审计项目
fellchase/flumberboozle - Suite of programs meant to aid in bug hunting and security assessments
OTRF/bloodhound-notebook - BloodHound Cypher Queries Ported to a Jupyter Notebook
jstrosch/Username_Generator - A Burp Extension that parses emails from HTTP content and can optionally generate usernames.
dariusztytko/vhosts-sieve - Searching for virtual hosts among non-resolvable domains
inforion/idapython-cheatsheet - Scripts and cheatsheets for IDAPython
lengjibo/RedTeamTools - 记录自己编写、修改的部分工具
SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
hluwa/Wallbreaker - 🔨 Break Java Reverse Engineering form Memory World!
christophetd/CloudFlair - 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
zzwlpx/weblogicPoc - Weblogic Vuln POC EXP cve-2020-2551 cve-2020-2555 cve-2020-2883 ，。。。
xiaoheiwo/GGSCAN - 一款渗透时快速资产探测工具
Lucifer1993/SatanSword - 红队综合渗透框架
FunnyWolf/pystinger - Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具
JehadAlqurashi/BlackDir-Framework - Web Application Vulnerability Scanner
immunityinc/bravestarr - Fedora 31 netkit-telnet-0.17 telnetd remote exploit
vsec7/BurpSuite-Xkeys - A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
kingkaki/ctf-wscan - 为ctf而生的web扫描器
qiygan/fofa-dump - Fofa Pro Api下载工具
CERTCC/PoC-Exploits - Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
yassineaboukir/Asnlookup - Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
lucky-luk3/Grafiki - Threat Hunting tool about Sysmon and graphs
amazigh-kil3r/Reconkil3r - Script Recon Bug Bounty
vaguileradiaz/tinfoleak - The most complete open-source tool for Twitter intelligence analysis
Jumbo-WJB/burp_find_shiro - 通过burp代理流量寻找shiro站点
defparam/tiscripts - Turbo Intruder Scripts
rndinfosecguy/Scavenger - Crawler (Bot) searching for credential leaks on paste sites.
mlgualtieri/NTLMRawUnHide - NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supported:
defparam/smuggler - Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
bigb0sss/RedTeam-OffensiveSecurity - Tools & Interesting Things for RedTeam Ops
wysec2020/vulnReport - 安服自动化脚本：包括 Nessus、天境主机漏洞扫描6.0、APPscan、awvs等漏洞报告的整理，Google翻译等
ZecOps/CVE-2020-0796-RCE-POC - CVE-2020-0796 Remote Code Execution POC
moe-ih/ConverterWebContent - simple tools to convert parameter in POST request from json to html or html to json
Yezz123-Archive/tools - Install Nmap/Hydra/SQLMap/Metasploit & others on your device :rocket:
FayyiChou/Phishing-Detection - Phishing Webpage；Isolation Forest；XGBoost；Random Forest
p1g3/Fastjson-Scanner - a burp extension to find where use fastjson
deadjakk/patch-checker - Web-based check for Windows privesc vulnerabilities
zeropwn/spyse.py - Python API wrapper and command-line client for the tools hosted on spyse.com.
ggg4566/SQLEXP - SQL 注入利用工具，存在waf的情况下自定义编写tamper脚本 dump数据
omergunal/Attacker-Group-Predictor - Tool to predict attacker groups from the techniques and software used
kholia/OSX-KVM - Run macOS on QEMU/KVM. With OpenCore + Big Sur + Monterey + Ventura support now! Only commercial (paid) support is available now to avoid spammy issues. No Mac system is required.
sukabuliet/ThinkphpRCE - Thinkphp rce扫描脚本，附带日志扫描
grayddq/ScanCVE - 监控github上CVE增量，并发送微信通知
s0md3v/hardcodes - find hardcoded strings from source code
Sentinel-One/CobaltStrikeParser -
windy-purple/AndroidManifestCheck - AndroidManifest.xml文件校验工具
Talkaboutcybersecurity/GitMonitor - One way to continuously monitor sensitive information that could be exposed on Github
justcatthefish/ctf-writeups - CTF write-ups
Cillian-Collins/subscraper - Reconnaissance tool which scans javascript files for subdomains and then iterates over all javascript files hosted on subsequent subdomains to enumerate a list of subdomains for a given URL.
fnmsd/MySQL_Fake_Server - MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
nian-hua/BurpExtender -
chompie1337/SMBGhost_RCE_PoC -
zxcvbn001/password_brute_dictionary - 口令爆破字典，有键盘组合字典、拼音字典、字母与数字混合这三种类型
byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
ninoseki/shodan-dojo - Learning Shodan through katas
samuelcolvin/python-devtools - Dev tools for python
blackarrowsec/pivotnacci - A tool to make socks connections through HTTP agents
EntySec/Ghost - Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.
facebook/chisel - Chisel is a collection of LLDB commands to assist debugging iOS apps.
lanmaster53/recon-ng - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
rbsec/dnscan -
JLospinoso/unfurl - An Entropy-Based Link Vulnerability Tool
maaaaz/webscreenshot - A simple script to screenshot a list of websites
nahamsec/JSParser -
threatexpress/edc - Event Data Collector
artssec/burp-exporter - Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.
dwisiswant0/apkleaks - Scanning APK file for URIs, endpoints & secrets.
rishuranjanofficial/JWTweak - Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
c0dejump/HawkScan - Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)
daeken/SSRFTest - SSRF testing tool
oddcod3/Phantom-Evasion - Python antivirus evasion tool
guimaizi/testing_wave -
HexNio/ssl_pinning_remover - An Android SSL Pinning Remover tool for Security research and Bug Bounty
mitre-attack/joystick - Joystick is a tool that gives you the ability to transform the ATT&CK Evaluations data into concise views that brings forward the nuances in the results.
r35tart/RedisWriteFile - 通过 Redis 主从写出无损文件
MuhammadKhizerJaved/Insecure-Firebase-Exploit - A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write
devcoinfet/Static_Analysis.py - My stab at some basic static analysis needs allot of work but works on things like yahoo.com etc may need better requests handling to dodge waf's
0xKira/api_palette - A code-searching/completion tool, for IDA APIs
3gstudent/Worse-PDF - Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
wrlu/SecurityBulletinPush - Security bulletin pulling tools
5alt/ssl_logger - Decrypts and logs a process's SSL traffic.
Macr0phag3/email_hack - A email bomb/fake email tool, by Python
utkusen/shotlooter - a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
EveYen/Injection_Test - Command injection extension for Burpsuite
Miladkhoshdel/burp-to-sqlmap - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap
misskiki/MysqlLogmonitor - 代码审计辅助工具
xmsec/redis-ssrf - redis ssrf gopher generater & redis ssrf to rce by master-slave-sync
madhuakula/aws-iam-analyser - AWS IAM Analysis utility to gather entire useful information from an AWS account
Azure/Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
zsdlove/ApkVulCheck - This is a tool to help androidcoder to check the flaws in their projects.
aufzayed/HydraRecon - All In One, Fast, Easy Recon Tool
hluwa/frida-dexdump - A frida tool to dump dex in memory to support security engineers analyzing malware.
Meteorix/airtest-douyin -
jcesarstef/dotdotslash - Search for Directory Traversal Vulnerabilities
Zarcolio/sitedorks - Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.
DissectMalware/XLMMacroDeobfuscator - Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
alexMyG/AndroPyTool - A framework for automated extraction of static and dynamic features from Android applications
Zarcolio/wwwordlist - Wwwordlist is a wordlist generator. It extract words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files in order to generate wordlists.
m57/dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests.
Skyscanner/whispers - Identify hardcoded secrets in static structured text
ReddyyZ/URLBrute-Py - Tool to brute website sub-domains and dirs.
BetterDefender/AwvsBatchImport - AWVS12&AWVS13 通用API批量导入脚本 AWVS12 & AWVS13 common API batch import script.
sibears/IDAGolangHelper - Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary
CTF-MissFeng/Watchdog - Watchdog是bayonet修改版，重新优化了数据库及web及扫描程序,加入多节点
PlumHound/PlumHound - Bloodhound for Blue and Purple Teams
Tecnativa/docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
pwn0sec/PwnXSS - PwnXSS: Vulnerability (XSS) scanner exploit
r0ysue/AndroidSecurityStudy - 安卓应用安全学习
dstmath/frida-unpack - 基于Frida的脱壳工具
LeadroyaL/JebScript -
GuoKerS/domain_scan_demo - 一个简陋的分布式子域名扫描轮子
Tuhinshubhra/ExtAnalysis - Browser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels
ClaudiuGeorgiu/PlaystoreDownloader - A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)
adeojoemmanuel/Switching-IP-address - Python Script which changes the Public IP address randomly to different location around the world in every 10 Seconds Interval with the help tor package
lijiaxing1997/Gr33k - 图形化漏洞利用集成工具
P0cL4bs/wifipumpkin3 - Powerful framework for rogue access point attack.
cwolff411/powerob - An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.
ShutdownRepo/shellerator - Simple CLI tool for the generation of bind and reverse shells in multiple languages
benbusby/whoogle-search - A self-hosted, ad-free, privacy-respecting metasearch engine
jimmy-ly00/dirlister - Create wordlists from source codes files/directories for enumeration
sv3nbeast/2019_Vul_warning_Poc_Collect - 整理的2019年厂商发布的漏洞预警公开POC集合，不足之处还希望多多补充，完善
ThePorgs/Exegol - Fully featured and community-driven hacking environment
ashishb/androidtool - A better version of the command-line android tool with a more intuitive command-line interface.
skelsec/pypykatz - Mimikatz implementation in pure Python
insightglacier/Shiro_exploit - Apache Shiro 反序列化漏洞检测与利用工具
nsonaniya2010/SubDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Scille/parsec-cloud - Open source Dropbox-like file sharing with full client encryption !
PaperMtn/slack-watchman - Monitoring your Slack workspaces for sensitive information
ahmetumitbayram/subscraper-security-trails-module -
spenkk/rapiddns-extractor - Extract subdomains from rapiddns.io
devanshbatham/Awesome-Bugbounty-Writeups - A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Mr-xn/BurpSuite-collections - 有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
doyensec/inql - InQL - A Burp Extension for GraphQL Security Testing
broken5/WebAliveScan - 对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描
hxnoyd/ossem-power-up - A tool to assess data quality, built on top of the awesome OSSEM.
hayasec/reGeorg-Weblogic - reGeorg的特殊版本，适用于老版本weblogic。
opendevops-cn/opendevops - CODO是一款为用户提供企业多混合云、一站式DevOps、自动化运维、完全开源的云管理平台、自动化运维平台
ail-project/ail-framework - AIL framework - Analysis Information Leak framework
hackxc/Dir_Monitor - Dir_Monitor — 可以防御文件上传漏洞的监控脚本
gauravnarwani97/Trishul - Burp Extension written in Jython to hunt for common vulnerabilities found in websites. Developed by Gaurav Narwani to help people find vulnerabilities and teach how to exploit them.
sdnewhop/grinder - :mag_right: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
gwen001/github-search - A collection of tools to perform searches on GitHub.
shivsahni/APKEnum -
rabbitmask/AssetsHunter - 资产狩猎框架-AssetsHunter，信息收集是一项艺术~
gwen001/pentest-tools - A collection of custom security tools for quick needs.
hisxo/gitGraber - gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
vortexau/dnsvalidator - Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
idealclover/RSS-OPML-to-Markdown - 🎁 Convert RSS OPML file to Markdown - easy to read and share
ispras/rop-benchmark - ROP Benchmark is a tool to compare ROP compilers
noptrix/nullscan - A modular framework designed to chain and automate security tests.
noptrix/httpgrep - Scans for HTTP servers and finds given strings in HTTP body and HTTP response headers.
m4ll0k/Atlas - Quick SQLMap Tamper Suggester
devanshbatham/OpenRedireX - A Fuzzer for OpenRedirect issues
abrignoni/JSON-to-HTML-and-XLS - Simple script to convert JSON to html or excel
Gallopsled/pwntools - CTF framework and exploit development library
l0n3rs/ctf-wscan - 为ctf而生的web扫描器
WithSecureLabs/Jamf-Attack-Toolkit - Suite of tools to facilitate attacks against the Jamf macOS management platform.
Symbo1/wsltools - Web Scan Lazy Tools - Python Package
devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives
joshbressers/cve-analysis - Tools for conducting analysis of CVE data in Elasticsearch
xuchaoa/WebScan - 正在写的一个资产管理和扫描相结合的分布式扫描器
zhzyker/exphub - Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-201
HacTF/poc--exp - 常用渗透poc收集
khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
m8sec/ActiveReign - A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
janmasarik/bucketsperm -
saeeddhqan/Maryam - Maryam: Open-source Intelligence(OSINT) Framework
virink/awd_auto_attack_framework - AWD 自动化攻击框架
NEALWE/AWD_FrameWork - 近乎无解的AWD框架
pikpikcu/Pentest-Tools-Framework - Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabili
hackxc/Pyhacker - 【Pyhacker】Python安全开发
initstring/evil-ssdp - Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
morsoli/python-interview-guide - Python Web 开发面试过程中的知识点总结
miyakogi/pyppeteer - Headless chrome/chromium automation library (unofficial port of puppeteer)
sth2018/FastWordQuery - Query words definitions or examples etc. from local or web dictionaries to fill into Anki cards.
ProjectAnte/dnsgen - Generates combination of domain names from the provided input.
zsdlove/Hades - Static code auditing system
pinnace/burp-jwt-fuzzhelper-extension - JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.
taomujian/linbing - 本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫描.前端采用vue技术,后端采用python fastapi.
wargio/fufluns - Easy to use APK/IPA Mobile App Inspector
Heart-Sky/port-multiplexing - 端口复用相关思路和工具
blackarrowsec/mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
RhinoSecurityLabs/IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Damian89/extended-ssrf-search - Smart ssrf scanner using different methods like parameter brute forcing in post and get...
webanalyzer/rules - 通用的指纹识别规则
jiangsir404/POC-S - POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞，对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
kr1shn4murt1/get_Team_Pass - Get teamviewer's ID and password from a remote computer in the LAN
dariusztytko/progress-burp - Burp Suite extension to track vulnerability assessment progress
testert1ng/hacker101-ctf - Hacker101 CTF Writeup
Lhaihai/PythonPersistence - python3 写的一些权限维持脚本
tarunkant/Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi - Tomcat-Ajp协议文件读取漏洞
CTF-MissFeng/bayonet - bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
0xn0ne/weblogicScanner - weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、
nccgroup/fuzzowski - the Network Protocol Fuzzer that we will want to use.
NotSoSecure/android_application_analyzer - The tool is used to analyze the content of the android application in local storage.
wshuSuperman/HawkeyeMonitor - HawkeyeMonitor 可用于企业内部的安全管理，自动化漏洞检测漏洞、企业内部资产管理，周期巡检，实时监控等服务
nfstream/nfstream - NFStream: a Flexible Network Data Analysis Framework.
reddelexc/hackerone-reports - Top disclosed reports from HackerOne
AlessandroZ/LaZagneForensic - Windows passwords decryption from dump files
RUB-NDS/CORStest - A simple CORS misconfiguration scanner
d4em0n/exrop - Automatic ROPChain Generation
Clayeee/Win-Logs-Parse-tool -
ztosec/hunter - Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多企业。
Ascotbe/Medusa - :cat2:Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
matrix1001/heapinspect - 🔍Heap analysis tool for CTF pwn.
matrix1001/nadbg - 👀Dynamic memory watcher/tracer/analyzer for CTF pwn
darkarnium/secpub - Published security vulnerabilities, research, and associated information.
lwzSoviet/NoXss - Faster xss scanner,support reflected-xss and dom-xss
MatthewPierson/Vieux - Vieux - A tool for 32/64 Bit iOS downgrades using OTA Blobs
nict-csl/exist - EXIST is a web application for aggregating and analyzing cyber threat intelligence.
ucsb-seclab/karonte - Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
sahilmgandhi/IotShark - IotShark - Monitoring and Analyzing IoT Traffic
Viralmaniar/XposedOrNot - XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual accoun
anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti
icryo/RFCpwn - An enumeration and exploitation toolkit using RFC calls to SAP
patois/dsync - IDAPython plugin that synchronizes disassembler and decompiler views
redteam-project/lem - Linux Exploit Mapper correlates CVEs local to a Linux system with known exploits
lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
Go0p/emmmm - struts2系列漏洞，jboss，weblogic，webshell(爆破的方式),thinkphp5_rce....
ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
OWASP/DVSA - a Damn Vulnerable Serverless Application
appsecco/vulnerable-apps -
ankane/s3tk - A security toolkit for Amazon S3
ehForwarderBot/ehForwarderBot - An extensible message tunneling chat bot framework. Delivers messages to and from multiple platforms and remotely control your accounts.
laconicwolf/Masscan-to-CSV - Converts the Masscan XML output option (-oX) to a csv format.
guardicore/monkey - Infection Monkey - An open-source adversary emulation platform
0xInfection/TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
InitRoot/BurpJSLinkFinder - Burp Extension for a passive scanning JS files for endpoint links.
aas-n/spraykatz - Credentials gathering tool automating remote procdump and parse of lsass process.
insightglacier/IMAP_Bruteforce - IMAP Bruteforce Script
XjnFc4kdAp/TrelloC2 - Simple C2 over the Trello API
xtiankisutsa/MARA_Framework - MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing
pahaz/sshtunnel - SSH tunnels to remote server.
cve-search/git-vuln-finder - Finding potential software vulnerabilities from git commit messages
grayddq/PypiScan - 这个脚本主要提供对pypi供应链的源头进行安全扫描研究，扫描并发现未知的恶意包情况。
Concinnity-Risks/RansomCoinPublic - A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries.
timwhitez/crawlergo_x_XRAY - 360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
DavidBuchanan314/dlinject - Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
wrlu/FridaHookUniversal - An universal frida hook project
PunitTailor55/WebMap - Nmap Web Dashboard and Reporting
cyberark/KubiScan - A tool to scan Kubernetes cluster for risky permissions
cylance/CyBot - Open Source Threat Intelligence Chat Bot
tatanus/SPF - SpeedPhishing Framework
kudelskisecurity/fumblechain - A Purposefully Vulnerable Blockchain
laincode/shodan-seeker - Command-line tool using Shodan API. Generates and downloads CSV results, diffing of historic scanning results, alerts and monitoring of specific ports/IPs, etc.
anirudhduggal/medaudit - A tool for auditing medical devices and healthcare infrastructure
nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
aquasecurity/kube-hunter - Hunt for security weaknesses in Kubernetes clusters
Viralmaniar/Powershell-RAT - Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen c
akamai-threat-research/mqtt-pwn - MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
izar/pytm - A Pythonic framework for threat modeling
yampelo/beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
ytisf/PyExfil - A Python Package for Data Exfiltration
twosixlabs/acsploit - A tool for generating worst-case inputs to commonly used algorithms
ragulbalaji/RF-Xfil - Prototype Toolkit for Data Exfiltration over Radio Frequencies -- Developed @ HackSmith v2.0
sensepost/DNS-Shell - DNS-Shell is an interactive Shell over DNS channel
OWASP/QRLJacking - QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts wh
mIcHyAmRaNe/okadminfinder3 - [ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻
bambish/ScanQLi - SQLi scanner to detect SQL vulns
ThoughtfulDev/EagleEye - Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa
anyant/rssant - 蚁阅 - 让 RSS 更好用，轻松订阅你喜欢的博客和资讯
Ph0rse/Flask_Bug_Platform - Flask代码审计练习靶场，初始代码源自https://github.com/yubang/cms
rackerlabs/scantron - A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.
BitTheByte/BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
s0md3v/XSStrike - Most advanced XSS scanner.
GerbenJavado/LinkFinder - A python script that finds endpoints in JavaScript files
fleetcaptain/Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains
s0md3v/Arjun - HTTP parameter discovery suite.
LangziFun/LangSrcCurise - SRC子域名资产监控
dr0op/bufferfly - 攻防演习/渗透测试资产处理小工具，对攻防演习/渗透测试前的信息搜集到的大批量资产/域名进行存活检测、获取标题头、语料提取、常见web端口检测等。
pnfsoftware/jeb-samplecode - Sample scripts and extensions for JEB Decompiler.
orlikoski/CDQR - The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Andr
ph4ntonn/Behold3r - 👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱
ownthink/KnowledgeGraphData - 史上最大规模1.4亿中文知识图谱开源下载
superhedgy/AttackSurfaceMapper - AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
NtesEyes/pylane - An python vm injector with debug tools, based on gdb.
AndroBugs/AndroBugs_Framework - AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
tintinweb/ethereum-dasm - An ethereum evm bytecode disassembler and static/dynamic analysis tool
Tencent/HaboMalHunter - HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
WazeHell/metateta - Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit
xebia/mobilehacktools - A repository for scripting a mobile attack toolchain
4ch12dy/xia0LLDB - LLDB python scripts for iOS arm64 reversing by xia0
wulio/Coeus - Android apk/sdk Scan包括android apk/sdk 安全审计代码扫描以及国内政策扫描
patois/HRDevHelper - Context-sensitive HexRays decompiler plugin that visualizes the ctree of decompiled functions.
gaasedelen/lighthouse - A Coverage Explorer for Reverse Engineers
zhkl0228/AndroidAttacher - IDA debugging plugin for android armv7 so
L4ys/LazyIDA - Make your IDA Lazy!
IDArlingTeam/IDArling - Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
nologic/idaref - IDA Pro Instruction Reference Plugin
mandiant/flare-ida - IDA Pro utilities from FLARE team
maddiestone/IDAPythonEmbeddedToolkit - IDA Python Embedded Toolkit -- IDAPython scripts for automating analysis of firmware of embedded devices
haqpl/automate_knoxss - Automation of KNOXSS extension.
VincentDS/HackerOne-Notifier - Send notifications if a new program is published on HackerOne using Pushbullet
M507/Kali-TX - Customized Kali Linux - Ansible playbook
0xgalz/Virtuailor - IDAPython tool for creating automatic C++ virtual tables in IDA Pro
WithSecureLabs/Jandroid -
YagamiiLight/Cerberus - 一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Think
deepfakes/faceswap - Deepfakes Software For All
ray-project/ray - Ray is a unified framework for scaling AI and Python applications. Ray consists of a core distributed runtime and a toolkit of libraries (Ray AIR) for accelerating ML workloads.
OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
Flo354/Androick -
OWASP/owasp-masvs - The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
snare/voltron - A hacky debugger UI for hackers
Luth1er/KitPloit_Arsenal - It is a tool that brings together exploits and news about security and vulnerabilities, with the intention of contributing to the open source community, developed from the site http://www.kitploit.com
s0md3v/Silver - Mass scan IPs for vulnerable services
sensepost/objection - 📱 objection - runtime mobile exploration
nettitude/scrounger - Mobile application testing toolkit
Imtiazkarimik23/ATFuzzer - "Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019
nightwatchcybersecurity/truegaze - Static analysis tool for Android/iOS apps focusing on security issues outside the source code
meolu/walle-web - walle - 瓦力 Devops开源项目代码部署平台
giantbranch/pwn_deploy_chroot - 可以方便地部署一个或者多个pwn题到一个docker容器中（使用chroot，并可以设置是否使用我自己写的catflag程序替换默认的/bin/sh程序，以增加安全性）
N1ckDunn/Exploitivator - Automate Metasploit scanning and exploitation
blark/aiodnsbrute - Python 3.5+ DNS asynchronous brute force utility
0voice/interview_internal_reference - 2021年最新总结，阿里，腾讯，百度，美团，头条等技术面试题目，以及答案，专家出题人分析汇总。
0xzmz/burpsuite_jsapi - A BurpSuite extension written by Python,used to find API interface in JS file.
linkedin/qark - Tool to look for several security related Android application vulnerabilities
nilboy/pixel-recursive-super-resolution - Tensorflow implementation of pixel-recursive-super-resolution(Google Brain paper: https://arxiv.org/abs/1702.00783)
seecode-audit/seecode-scanner - SeeCode Scanner 扫描引擎
404notf0und/FXY - Security-Scenes-Feature-Engineering-Toolkit, Continuous Integration.一款安全数据特征化工具
LandGrey/ClassHound - 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码
amimo/ollvm-breaker - 使用Binary Ninja去除ollvm流程平坦混淆
mhaskar/Octopus - Open source pre-operation C2 server based on python and powershell
7dog7/bottleneckOsmosis - 瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf
facebookarchive/WEASEL - DNS covert channel implant for Red Teams.
AeonLucid/AndroidNativeEmu - Allows you to partly emulate an Android native library.
amimo/dcc - DCC (Dex-to-C Compiler) is method-based aot compiler that can translate DEX code to C code.
hanbinglengyue/FART - ART环境下自动化脱壳方案
WithSecureLabs/drozer - The Leading Security Assessment Framework for Android.
LoRexxar/redis-rogue-server - Redis 4.x & 5.x RCE
pwnfoo/NTLMRecon - Enumerate information from NTLM authentication enabled web endpoints 🔎
misterch0c/BeaconTelegram - Send message on Telegram when you get a new Cobalt Strike beacon
netspooky/gtfoplus - Linux Local Privesc Helper and Agent
lyzz0612/iosMixTools - ios混淆脚本工具
Tiangewang0524/sms_verification_code_API - 在线接收市面大部分app和网页的短信验证码，多平台，代替客户端使用
baidu-security/openrasp-iast - IAST 灰盒扫描工具
JE2Se/AssetScan - 资产探测工具，检测存活，检测风险端口，常规端口，全端口探测等等，对探测的端口的脆弱面进行安全分析进行
teamssix/pigat - pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具
RhinoSecurityLabs/ccat - Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
kivy/python-for-android - Turn your Python application into an Android APK
AbsoZed/DockerPwn.py - Python automation of Docker.sock abuse
sunyoubo/code2docx - java、python、go、shell等项目代码读取并存储到一个word文档中，软著申请工具。
nihaohello/proxypool - ip代理池，提供在线查询
striver-ing/wechat-spider - 开源微信爬虫：爬取公众号所有文章、阅读量、点赞量和评论内容。易部署。持续维护！！！
idhyt/jeb-keygen - JEB install env
CorentinJ/Real-Time-Voice-Cloning - Clone a voice in 5 seconds to generate arbitrary speech in real-time
cloudflare/flan - A pretty sweet vulnerability scanner
qianxiao996/FrameScan - FrameScan 一款python3编写的简易的cms漏洞检测框架
FSecureLABS/drozer-modules -
gehaxelt/Python-dsstore - A library for parsing .DS_Store files and extracting file names
andreafioraldi/IDAngr - Use angr in the IDA Pro debugger generating a state from the current debug session
njcx/pocsuite_poc_collect - collection poc use pocsuite framework 收集一些 poc with pocsuite框架
hanc00l/some_pocsuite - 用于漏洞排查的pocsuite3验证POC代码
newpanjing/simpleui - A modern theme based on vue+element-ui for django admin.一款基于vue+element-ui的django admin现代化主题。全球20000+网站都在使用！喜欢可以点个star✨
Hsury/BiliDrive - ☁️ 哔哩云，不支持任意文件的全速上传与下载
glzjin/CTFd-Whale - A plugin for CTFd which allow your users to deploy a standalone instance for challenges.
HaoZhang95/Python24 - 网上搜集的自学python语言的资料集合,包括整套代码和讲义集合，这是至今为止所开放网上能够查找到的最新视频教程，网上找不到其他最新的python整套视频了,. 具体的无加密的mp4视频教程和讲义集合可以在更新的Readme文件中找到，下载直接打开就能播放，项目从零基础的Python教程到深度学习，总共30章节，其中包含Python基础中的飞机大战项目，WSGI项目，Flask新经资讯项目， Dj
ZO1RO/CVE-2019-2890 - CVE-2019-2890 Exploit for WebLogic with T3
5alt/hrida - Hrida is a http interface for Frida
Qianlitp/WatchAD - AD Security Intrusion Detection System
secretsquirrel/the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
SpiderLabs/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
USArmyResearchLab/Dshell - Dshell is a network forensic analysis framework.
p1g3/JSINFO-SCAN - 递归式寻找域名和api。
vnpy/vnpy - 基于Python的开源量化交易平台开发框架
nccgroup/ABPTTS - TCP tunneling over HTTP/HTTPS for web application servers
X0Leon/XQuant - Simple backtester for human.
zer0yu/Berserker - A list of useful payloads for Web Application Security and Pentest/CTF
shmilylty/OneForAll - OneForAll是一款功能强大的子域收集工具
GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
tp4a/teleport - Teleport是一款简单易用的堡垒机系统。
trustedsec/ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
HASecuritySolutions/VulnWhisperer - Create actionable data from your Vulnerability Scans
swimlane/pyattck - A Python package to interact with the Mitre ATT&CK Framework
seemoo-lab/internalblue - Bluetooth experimentation framework for Broadcom and Cypress chips.
iGio90/Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida
huashengdun/webssh - :seedling: Web based ssh client
xiaolai/regular-investing-in-box - 定投改变命运 —— 让时间陪你慢慢变富 https://onregularinvesting.com
nashcontrol/bounty-monitor - Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains participating in bug bounty programs.
sethsec/celerystalk - An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
devsecboy/DomainRecon - Based on URL and Organization Name, collect the IP Ranges, subdomains using various tools like Amass, subfinder, etc.. And check for uphost and Run Masscan to grap CNAME entries, take the screenshot o
mkorman90/regipy - Regipy is an os independent python library for parsing offline registry hives
nidem/kerberoast -
13o-bbr-bbq/machine_learning_security - Source code about machine learning and security.
Artemis1029/Java_xmlhack - 帮助java环境下任意文件下载情况自动化读取源码的小工具
Ciyfly/y_subdomain - 🐗 造轮子之子域名获取工具
Threezh1/JSFinder - JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
guimaizi/get_domain -
al0ne/Vxscan - python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。
Wfzsec/awd_attack_framework - awd攻防常用脚本+不死马+crontab+防御方法
xuchaoa/CTF_AWD_Platform - CTF 攻防对抗平台
Fieyina/evernote_remove_duplicates - 印象笔记去重
yassineaboukir/sublert - Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
lufeirider/CVE-2019-2725 - CVE-2019-2725 命令回显
Raikia/Kali-Setup - Script for Kali that adds a bunch of tools and customizes it to be much better
Ridter/Exchange2domain - CVE-2018-8581
Ridter/CVE-2019-1040 - CVE-2019-1040 with Exchange
PINGXcpost/F-NAScan-PLUS - F-NAScan-PLUS 安服资产搜集
hellogoldsnakeman/masnmapscan-V1.0 - 一款用于资产探测的端口扫描工具。整合了masscan和nmap两款扫描器，masscan扫描端口，nmap扫描端口对应服务，二者结合起来实现了又快又好地扫描。
xmendez/wfuzz - Web application fuzzer
HatBoy/Pcap-Analyzer - Python编写的可视化的离线数据包分析器
Srinivas11789/PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
BugScanTeam/DNSLog - DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
wangzheng0822/algo - 数据结构和算法必知必会的50个代码实现
Ekultek/Graffiti - A tool to generate obfuscated one liners to aid in penetration testing
HatBoy/Struts2-Scan - Struts2全漏洞扫描利用工具
WangYihang/Reverse-Shell-Manager - :hammer: A multiple reverse shell session/client manager via terminal
rabbitmask/WeblogicScanLot - WeblogicScanLot系列，Weblogic漏洞批量检测工具，V2.2
NguyenKhong/CrackNetDrive3 -
stewartmcgown/uds - 📀 Unlimited Drive Storage by splitting binary files into base64
lightless233/geye - 🚀Faster Github Monitor🚀
hhyo/Archery - SQL 审核查询平台
w-digital-scanner/w9scan - Plug-in type web vulnerability scanner
TheKingOfDuck/fuzzDicts - Web Pentesting Fuzz 字典,一个就够了。
HurricaneLabs/machinae - Machinae Security Intelligence Collector
ticarpi/jwt_tool - :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
orleven/BurpCollect - 基于BurpCollector的二次开发，记录Burpsuite Site Map记录的里的数据包中的目录路径参数名信息，并存入Sqlite，并可导出txt文件。
se55i0n/Webfinger - web指纹识别
TideSec/TideFinger - TideFinger——指纹识别小工具，汲取整合了多个web指纹库，结合了多种指纹检测方法，让指纹检测更快捷、准确。
ecstatic-nobel/OSweep - Don't Just Search OSINT. Sweep It.
thewhiteh4t/FinalRecon - The Last Web Recon Tool You'll Need
jiangsir404/pbscan - 基于burpsuite headless 的代理式被动扫描系统
jackfrued/Python-100-Days - Python - 100天从新手到大师
TophantTechnology/osprey -
r35tart/RedisDirScan - 此脚本用于测试 Rdies 未授权访问，在没权限写ssh私钥和定时任务又不知道web绝对路径的情况下，进行WEB目录探测
chrismaddalena/ODIN - Automated network asset, email, and social media profile discovery and cataloguing.
SpiderLabs/HostHunter - HostHunter a recon tool for discovering hostnames using OSINT techniques.
dyboy2017/WTF_Scan - 一款WEB端的在线敏感资产扫描器，扫描网站中的指纹、漏洞及相关敏感信息，针对已经识别的CMS指纹，进行二次0day扫描利用，一键GetShell也不是不可能！！！
MyKings/python-masscan - python-masscan is a python library which helps in using masscan port scanner.
mseclab/PyJFuzz - PyJFuzz - Python JSON Fuzzer
opensec-cn/vtest - 用于辅助安全工程师漏洞挖掘、测试、复现，集合了mock、httplog、dns tools、xss，可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
H4ckForJob/dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。
needmorecowbell/sniff-paste - Pastebin OSINT Harvester
jerrychan807/WSPIH - Website Sensitive Personal Information Hunter 网站个人敏感信息文件扫描器
trubitsyn/bookmarks2markdown - Convert bookmarks to Markdown
pyinstaller/pyinstaller - Freeze (package) Python programs into stand-alone executables
zhl2008/awd-platform - platform for awd
grayddq/FileCheck - 本脚本是HIDS组成的一部分，旨在对指定监控目录进行文件hash记录，定时运行，发现文件替换、修改等后门可疑程序。
zhaoolee/StarsAndClown - ☀️Github星聚弃疗榜, 让吃瓜群众也能享受Github带来的乐趣~Github StarsAndClown, Let the people who eat me can enjoy the fun of Github~
grayddq/GScan - 本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。
aStrowxyu/pocscan -
nihaohello/N-MiddlewareScan - N-MiddlewareScan 魔改，自写的一款中间件漏洞扫描脚本
gojek/dollhouse -
QAX-A-Team/LuWu - 红队基础设施自动化部署工具
lufeirider/SqlChecker - 注入检测工具
TideSec/web_pwd_common_crack - 通用web弱口令破解脚本，旨在批量检测那些没有验证码的管理后台，可用于刷分~
LyleMi/Learn-Web-Hacking - Study Notes For Web Hacking / Web安全学习笔记
Lucifer1993/ALB - 攻击日志分析工具
422926799/Ipscan -
T3st0r-Git/HackMySQL - Using To MySQL Elevate Privileges.
Who1sCarl/Pictures-Trojans -
gildasio/h2t - h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply
GoVanguard/legion - Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
dark-lbp/isf - ISF(Industrial Control System Exploitation Framework)，a exploitation framework based on Python
ryanohoro/csbruter - Cobalt Strike team server password brute force tool
tanjiti/mysql_log_check - MySQL Log Analysis
groundcat/disposable-email-domain-list - A list of disposable email domains, cleaned and validated by scanning MX records.
ramen0x3f/AggressorScripts -
GhostManager/Shepherd - A Django application to help red team operators manage a library of domain names
GhostManager/DomainCheck - DomainCheck is designed to assist operators with monitoring changes related to their domain names. This includes negative changes in categorization, VirusTotal detections, and appearances on malware b
euphrat1ca/fuzzdb-collect - 网络上安全资源的搜集
akkuman/yujian_keygen - 御剑算号破解激活工具
avantasia/inventedAttack - A POC attack combining IP SPoofing, SYN Flood and IP Fragmentation
r35tart/RW_Password - 此项目用来提取收集以往泄露的密码中符合条件的强弱密码
Wookai/paper-tips-and-tricks - Best practice and tips & tricks to write scientific papers in LaTeX, with figures generated in Python or Matlab.
chrispetrou/FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
google/vulncode-db - Vulncode-DB project
Macr0phag3/GithubMonitor - 根据关键字与 hosts 生成的关键词，利用 github 提供的 api，监控 git 泄漏。
s045pd/DarkNet_ChineseTrading - 🚇暗网中文网监控爬虫(DEEPMIX)
blackye/Jenkins - Jenkins漏洞探测、用户抓取爆破
theLSA/tp5-getshell - thinkphp5 rce getshell
Kr1s77/Python-crawler-tutorial-starts-from-zero - python爬虫教程，带你从零到一，包含js逆向，selenium, tesseract OCR识别,mongodb的使用，以及scrapy框架
instantbox/instantbox - 📦 Get a clean, ready-to-go Linux box in seconds.
TheKingOfDuck/FileMonitor - 文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)
c0ny1/xxe-lab - 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
abdulgaphy/r3con1z3r - R3con1z3r is a lightweight Web information gathering tool with an intuitive features written in python. it provides a powerful environment in which open source intelligence (OSINT) web-based footprint
lyft/cartography - Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
MrFk/WebShellCheck - Webshell Detection Based on Deep Learning
p3pperp0tts/leaks_parser - Parser for data dumps Collection #1 / Collection #2-5
PyxYuYu/MyBlog - 记录和分享学习的旅程！
boy-hack/POC-T - 基于poc-t 并在此基础上增加批量功能！
BinaryDefense/artillery - The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
Mr-Un1k0d3r/SPFAbuse - SPF are not as strong as you may think. Red Team tool to send email on behalf of your target corp
initstring/dirty_sock - Linux privilege escalation exploit via snapd (CVE-2019-7304)
he1m4n6a/findWebshell - findWebshell是一款基于python开发的webshell检测工具。
shengqi158/CVE-2018-2628 - CVE-2018-2628 & CVE-2018-2893
AttackandDefenceSecurityLab/AD_WebScanner - AD工作室精心研发漏洞安全扫描器
hanc00l/weblogic_unserialize_exploit - java unserialize vul for weblogic exploit
jas502n/CVE-2018-3191 - Weblogic-CVE-2018-3191远程代码命令执行漏洞
blacknbunny/mcreator - Encoded Reverse Shell Generator With Techniques To Bypass AV's
Ivan1ee/struts2-057-exp - s2-057 最新漏洞分析和EXP脚本
firefart/CVE-2018-7600 - CVE-2018-7600 - Drupal 7.x RCE
k8gege/K8CScan - K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持
LandGrey/CVE-2018-2894 - CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script
az0ne/BitcoinPriceReader - Bitcoin Price Reader
chenxuuu/24h-raspberry-live-on-bilibili - 🎦树莓派/VPS驱动的b站直播弹幕点播台，代码写得很烂，看之前请吃点降压药。已计划重写
s0md3v/Photon - Incredibly fast crawler designed for OSINT.
meliht/Mr.SIP - SIP-Based Audit and Attack Tool
imp0wd3r/Scanner - 端口扫描 + 敏感文件扫描 + POC批量调用框架
vulscanteam/vulscan - vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
random-robbie/My-Shodan-Scripts - Collection of Scripts for shodan searching stuff.
shodansploit/shodansploit - 🔎 shodansploit > v1.3.0
chenjj/CORScanner - 🎯 Fast CORS misconfiguration vulnerabilities scanner
threatexpress/cs2modrewrite - Convert Cobalt Strike profiles to modrewrite scripts
1120362990/vulnerability-list - 在渗透测试中快速检测常见中间件、组件的高危漏洞。
agrawalsmart7/autoRecon - This tool is for automate the initial things that we usually do in daily pentesting. So you can focus more on the main target.
shenril/Sitadel - Web Application Security Scanner
medbenali/CyberScan - CyberScan: Network's Forensics ToolKit
hahwul/a2sv - Auto Scanning to SSL Vulnerability
highmeh/pentest_scripts - penetration testing scripts
sfyc23/EverydayWechat - 微信助手：1.每日定时给好友（女友）发送定制消息。2.机器人自动回复好友。3.群助手功能（例如：查询垃圾分类、天气、日历、电影实时票房、快递物流、PM2.5等）
wish-i-was/femida - Automated blind-xss search for Burp Suite
fnmsd/ChunkedHTTPAdapter - 参考《利用分块传输吊打所有WAF》修改的requests的Adapter
ym2011/POC-EXP - Collecting and writing PoC or EXP for vulnerabilities on some application
saucer-man/saucerframe - python3批量poc检测工具
milo2012/metasploitHelper - metasploitHelper
githubmaidou/tools - Python渗透漏洞工具
laconicwolf/burp-extensions - A collection of scripts to extend Burp Suite
TEag1e/BurpCollector - 通过BurpSuite来构建自己的爆破字典，可以通过字典爆破来发现隐藏资产。
bonsaiviking/NfSpy - ID-spoofing NFS client
mildsunrise/protobuf-inspector - 🕵️ Tool to reverse-engineer Protocol Buffers with unknown definition
knownsec/pocsuite3 - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
w-digital-scanner/w12scan-client - 网络资产搜索发现引擎，w12scan 扫描端程序
rabbitmask/WeblogicScan - Weblogic一键漏洞检测工具，V1.5，更新时间：20200730
swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool
kingkaki/weblogic-scan - weblogic 漏洞扫描工具
02husky/domain_pass_generate - 通过域名生成爆破字典
c0ny1/upload-fuzz-dic-builder - 上传漏洞fuzz字典生成脚本
rfunix/Pompem - Find exploit tool
we1h0/SecurityManageFramwork - Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security s
teal33t/poopak - POOPAK - TOR Hidden Service Crawler
abbey2023/payjs_faka - 这个是基于payjs的发卡平台。
nikallass/sharesearch - Samba, NFS shares spider and grepper
0oVicero0/OneList - A simple directory index for OneDrive
RhinoSecurityLabs/Security-Research - Exploits written by the Rhino Security Labs team
TuuuNya/WebPocket - Exploit management framework
bitsadmin/wesng - Windows Exploit Suggester - Next Generation
skavngr/rapidscan - :new: The Multi-Tool Web Vulnerability Scanner.
0x00-0x00/ShellPop - Pop shells like a master.
laconicwolf/Nmap-Scan-to-CSV - Converts Nmap XML output to csv file, and other useful functions
0xInfection/Awesome-WAF - 🔥 Web-application firewalls (WAFs) from security standpoint.
manulqwerty/Evil-WinRAR-Gen - Generator of malicious Ace files for WinRAR < 5.70 beta 1
wenfengshi/ddos-dos-tools - some sort of ddos-tools
jimywork/stretcher - Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
TideSec/TDScanner - 自动化检测小工具，主要实现了域名枚举、链接爬取、注入检测、主机扫描、目录枚举、敏感信息检测等功能~
hadg/sgk_data_handler - 社工库半自动处理
grayddq/PicLocation - 快速获取图片的GPS和其拍摄地理位置
schutzwerk/CANalyzat0r - Security analysis toolkit for proprietary car protocols
aliasrobotics/aztarna - aztarna, a footprinting tool for robots.
kezhenxu94/house-renting - Possibly the best practice of Scrapy 🕷 and renting a house 🏡
entropage/mijisou - Privacy-respecting metasearch engine
dirkjanm/PrivExchange - Exchange your privileges for Domain Admin privs by abusing Exchange
pjialin/py12306 - 🚂 12306 购票助手，支持集群，多账号，多任务购票以及 Web 页面管理
WyAtu/Perun - Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
maaaaz/nmaptocsv - A simple python script to convert Nmap output to CSV
ahuigo/xcut - Enhanced cut command
ahuigo/xlparser - Parse file(xlsx/xls/csv) to other format(dict, csv, json, ...).
phantom0301/VulCloud - A Simple Web-UI for Vulhub (Docker) / 便捷的漏洞镜像管理部署Web应用
nbedos/termtosvg - Record terminal sessions as SVG animations
Hsury/Geetest3-Crack - 🤖 Geetest3 Distributed Cracking Platform 极验3代分布式破解平台
3xp10it/xupload - A tool for automatically testing whether the upload function can upload webshell
fighting41love/funNLP - 中英文敏感词、语言检测、中外手机/电话归属地/运营商查询、名字推断性别、手机号抽取、身份证抽取、邮箱抽取、中日文人名库、中文缩写库、拆字词典、词汇情感值、停用词、反动词表、暴恐词表、繁简体转换、英文模拟中文发音、汪峰歌词生成器、职业名称词库、同义词库、反义词库、否定词库、汽车品牌词库、汽车零件词库、连续英文切割、各种中文词向量、公司名字大全、古诗词库、IT词库、财经词库、成语词库、地名词库、历史名
c0ny1/WorkScripts - 信息安全工程师工作常用脚本
tapannallan/awesome-scoop - A collection of awesome resources for the scoop package manager for windows
nopernik/mpDNS - Multi-Purpose DNS Server
zricethezav/h1domains - HackerOne "in scope" domains
3xp10it/stockbook - 豆瓣经典证券书籍收录并排名
verctor/CS_xor64 - cobaltstrike xor64.bin补完计划
CcphAmy/NetEaseCloudMusic-nonmembership-list-download - 网易云音乐歌曲批量下载,免VIP【支持歌单,排名榜】
outflanknl/RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
TypeError/domained - Multi Tool Subdomain Enumeration
yulingtianxia/FuckFakeGitHubStars - GitHub 虚假 Star 净网行动
cc06/DNS_Transfer_Check - 一个用来批量检测网站是否存在域传送漏洞的Python脚本
Jrohy/multi-v2ray - v2ray/xray多用户管理部署程序
SkewwG/VulScan - 漏洞扫描：st2、tomcat、未授权访问等等
jachinlin/geektime_dl - 把极客时间装进 Kindle
TKCERT/mail-security-tester - A testing framework for mail security and filtering solutions.
tiaotiaolong/TTLScan - 一款简易的插件化的漏洞扫描器框架
y1ng1996/F-Scrack -
boy-hack/airbug - Airbug(空气洞)，收集漏洞poc用于安全产品
snowkylin/TensorFlow-cn - 简单粗暴 TensorFlow (1.X) | A Concise Handbook of TensorFlow (1.X) | 此版本不再更新，新版见 https://tf.wiki
buckhacker/SubDomainTakeoverTools -
WinHeapExplorer/WinHeap-Explorer - WinHeap Explorer repository.
brianlam38/Sec-Cheatsheets - Cheatsheets on security vulnerabilities and exploits.
p1r06u3/opencanary_web - The web management platform of honeypot
zutianbiao/baize - 白泽自动化运维系统：配置管理、网络探测、资产管理、业务管理、CMDB、CD、DevOps、作业编排、任务编排等功能,未来将添加监控、报警、日志分析、大数据分析等部分内容
tcpiplab/Web-App-Hacking-Notes - Notes I've taken while working through various web app pentesting labs.
ctf-wiki/ctf-wiki - Come and join us, we need you!
boy-hack/hack-requests - The hack-requests is an http network library for hackers
callmefeifei/SvnHack - 一个Svn信息泄露辅助工具，可以使用这个脚本列取网站目录，读取源码文件以及下载整站代码。
aleenzz/mybugscan - fofa_api+bugscan插件扫描
Tuhinshubhra/CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
lcatro/etherum_rpc_steal - The Etherum RPC Steal Toolset and honeypot .以太坊"偷渡"漏洞利用和蜜罐工具集.
liuhuanyong/EventMonitor - Event monitor based on online news corpus including event storyline and analysis，基于给定事件关键词，采集事件资讯，对事件进行挖掘和分析。
thehackingsage/hacktronian - Tools for Pentesting
Jumbo-WJB/JPentest - Jumbo Python Penetration testing framework
super-l/superl-url - 根据关键词，对搜索引擎内容检索结果的网址内容进行采集的一款程序。可自动从多个搜索引擎采集相关网站的真实地址与标题等信息，可保存为文件，自动去除重复URL。同时，也可以自定义忽略多条域名等。
abbey2023/PyOne - PyOne-一款给力的onedrive文件管理、分享程序
sshuttle/sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
xjh22222228/awesome-web-editor - 🔨 Open source WEB editor summary
wstart/DB_BaseLine - 数据库基线检查工具
JPCERTCC/LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
zer0h/httpscan - 一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR
jeffzh3ng/fuxi - Penetration Testing Platform
BugScanTeam/GitHack - .git 泄漏利用工具，可还原历史版本
AonCyberLabs/Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploit
duoergun0729/nlp - 兜哥出品 <一本开源的NLP入门书籍>
m4ll0k/takeover - Sub-Domain TakeOver Vulnerability Scanner
bit4woo/teemo - A Domain Name & Email Address Collection Tool
philipperemy/tensorflow-1.4-billion-password-analysis - Deep Learning model to analyze a large corpus of clear text passwords.
SYWorks/waidps - Wireless Auditing, Intrusion Detection & Prevention System
LennonChin/Code-Confuse-Plugin - iOS代码混淆插件；A plugin to confuse codes in iOS Platform.
naozibuhao/iGuardForPython -
welliamcao/OpsManage - 自动化运维平台: 代码及应用部署CI/CD、资产管理CMDB、计划任务管理平台、SQL审核|回滚、任务调度、站内WIKI
gr4ym4ntx/attackintel - A python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups.
tlkh/prowler - Distributed Network Vulnerability Scanner
imWildCat/scylla - Intelligent proxy pool for Humans™
Lucifer1993/struts-scan - Python2编写的struts2漏洞全版本检测和利用工具
ropnop/windows_sshagent_extract - PoC code to extract private keys from Windows 10's built in ssh-agent service
boy-hack/w8fuckcdn - Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址
superhj1987/awesome-scripts - useful scripts for Linux op
Brucetg/Pentest-tools - 内网渗透工具
lcatro/PHP_Source_Audit_Tools - PHP 白盒分析工具,结合AST 和数据流跟踪分析代码,达到自动化白盒审计功能
WangYihang/SourceLeakHacker - :bug: A multi threads web application source leak scanner
yuxiaokui/Intranet-Penetration - 内网渗透必备工具。
ezelf/CVE-2018-9995_dvr_credentials - (CVE-2018-9995) Get DVR Credentials
he1m4n6a/btScan - 批量漏洞扫描框架
Fplyth0ner-Combie/Bug-Project-Framework - 漏洞利用框架模块分享仓库
Tycx2ry/docker_api_vul - docker 未授权访问漏洞利用脚本
malleum-inc/canari3 - Canari v3 - next gen Maltego framework for rapid remote and local transform development
doyler/SecurityTools - A single repository for any security tools, scripts, documentation, etc. that I add
flipkart-incubator/Astra - Automated Security Testing For REST API's
klsecservices/rpivot - socks4 reverse proxy for penetration testing
wwong99/pentest-notes -
initstring/passphrase-wordlist - Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
rvrsh3ll/FindFrontableDomains - Search for potential frontable domains
SecWiki/office-exploits - office-exploits Office漏洞集合 https://www.sec-wiki.com
WangYihang/ccupp - 基于社会工程学的弱口令密码字典生成工具
rootm0s/WinPwnage - UAC bypass, Elevate, Persistence methods
giovanifss/Gitmails - An information gathering tool to collect git commit emails in version control host services
51x/WHP - Micro$oft Windows Hacking Pack
3gstudent/GetExpiredDomains - Search for available domain from expireddomains.net
pimps/CVE-2018-7600 - Exploit for Drupal 7 <= 7.57 CVE-2018-7600
feicong/jni_helper - Android SO自动化分析工具
samhaxr/hackbox - HackBox is a powerful and comprehensive tool that combines a variety of techniques for web application and network security assessments, including XSS testing, subdomain scanning, SSRF injection, and
lifetyper/AsyncHttpsDNS - DNS Over Https Powered By Asyncio
lbp0200/PRCDNS - 准确、CDN友好
bieberg0n/bjdns - A dns server which can protect yourself against DNS poisoning in China. / 抗污染带缓存的dns服务器
jekil/awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
jmcgrath207/DnsCryptProxyPiTool - DnsCrypt Proxy 2 for PiHole Raspberry Pi 3
ThunderEX/py-kms - A KMS server written in python.
ngalongc/AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
naozibuhao/crackedmysql -
FallenGaven/AWVS11_Python3 - 之前做系统，要对接AWVS11，写了一个可以python3的调用文档，感兴趣的可以看看
AV1080p/LayerPyAwvs - Python结合Layer子域名挖掘机实现Awvs自动扫描
KiriKira/scripts - Simple repo just for fun and for personal usage. Use them at your own risk.
chrissimpkins/codeface - Typefaces for source code beautification
fendouai/Awesome-TensorFlow-Chinese - Awesome-TensorFlow-Chinese，TensorFlow 中文资源精选，官方网站，安装教程，入门教程，视频教程，实战项目，学习路径。QQ群：167122861，公众号：磐创AI，微信群二维码：http://www.tensorflownews.com/
5up3rc/NagaScan - NagaScan is a distributed passive scanner for Web application.
operatorequals/SMBRat - A Windows Remote Administration Tool in Visual Basic with UNC paths
bonkc/BugBountySubdomains - Tools to gather subdomains from Bug Bounty programs
lyyyuna/DHT_sniffer - DHT 公网嗅探器
getpatchwork/patchwork - Patchwork is a web-based patch tracking system designed to facilitate the contribution and management of contributions to an open-source project.
Crypt0s/FakeDns - A regular-expression based python MITM DNS server with support for DNS Rebinding attacks
blackye/lalascan - 自主开发的分布式web漏洞扫描框架，集合webkit爬虫，Subdomain子域名发现，sqli、反射xss、Domxss等owasp top10漏洞扫描和边界资产发现能力。同时为通用CMS POC扫描提供了插件扩展平台
euske/pyrexecd - Standalone SSH server for Windows
crazyguitar/pysheeet - Python Cheat Sheet
Rhilip/PT-help -
se55i0n/DBScanner - 自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch)，包含未授权访问及常规弱口令检测
c0mmand3rOpSec/CVE-2017-10271 - WebLogic Exploit
yhangf/PyQuickInstall - :zap::zap::zap:超好用的pip下载加速工具，谁用谁知道！
anhkgg/PyRat - PyRat，a rat by python xmlrpc
jiangsir404/S7scan - a pentest scanner / 一个漏洞综合利用工具轮子，大佬请忽略
tuna/blogroll - 世界一流兼容并包TUNA协会收集的周围同学们的Blog
mandiant/flare-fakenet-ng - [Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool
649/Memcrashed-DDoS-Exploit - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
AlessandroZ/LaZagne - Credentials recovery project
bisguzar/twitter-scraper - Scrape the Twitter Frontend API without authentication.
FeeiCN/ESD - Enumeration sub domains(枚举子域名)
SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
SungYK/DoubanHistory - 豆瓣热映电影30天历史评分
quentinhardy/msdat - MSDAT: Microsoft SQL Database Attacking Tool
v1cker/src_edu - 为各位出色的渗透工程师提供攻击目标。
azizaltuntas/Pymap-Scanner -
jamiecaesar/securecrt-tools - SecureCRT scripts, written in Python, for doing various tasks when connected to Cisco equipment.
cym13/vbs-reverse-shell - VBS reverse shell scripts
laixintao/feed - Some feeds output from feedly.
SECFORCE/sparta - Network Infrastructure Penetration Testing Tool
shakenetwork/mimipenguin - Mimipenguin密码抓取神器
bl4de/security-tools - My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
iceyhexman/onlinetools - 在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..
wetw0rk/Sickle - Payload development tool
leapsecurity/InSpy - A python based LinkedIn enumeration tool
FunctionClub/uPing - 一个24小时监测VPS延迟的工具
WazeHell/CVE-2018-6389 - CVE-2018-6389 Exploit In WordPress DoS
admintony/svnExploit - SvnExploit支持SVN源代码泄露全版本Dump源码
alpha1e0/kiwi - kiwi：安全源码审计工具
ropnop/windapsearch - Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
mstxq17/dbLeakscan - this scanner try to scan some dbbak or ctf #源码泄露
0xbug/SQLiScanner - Automatic SQL injection with Charles and sqlmap api
joh/when-changed - Execute a command when a file is changed
rxwx/CVE-2018-0802 - PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)
stevecoward/ansible-pentest-deploy - Using Ansible as an orchestrator, this project is another solution for testers looking to configure and deploy a new VM or VPS box with the tools that they need for penetration testing.
m4ll0k/Infoga - Infoga - Email OSINT
trustedsec/hate_crack - A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
NullArray/AutoSploit - Automated Mass Exploiter
naozibuhao/QQLocation -
5alt/ZeroScan - ZeroScan is a tool that auto gathers subdomains and scan ports
almandin/fuxploider - File upload vulnerability scanner and exploitation tool.
PegasusLab/WiFi-Miner-Detector - Detecting malicious WiFi with mining cryptocurrency.
twelvesec/gasmask - Information gathering tool - OSINT
bit4woo/DNSLog - DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
neargle/ver-observer - 🐽 Detection version of framework \ CMS \ dev-dependence on target website.
abbey2023/ojbk_jiexi - ojbk视频解析源码，支持tumblr/2mm/91porn/微博
FortuneC00kie/bug-monitor - Seebug、structs、cve漏洞实时监控推送系统🔦
odboy/shadowProxy -
mh4x0f/kinproxy - my implements transparent proxies (mitmproxy) can use to intercept and manipulate HTTP traffic modifying requests and responses. CLI
sgayou/medfusion-4000-research - Medfusion 4000 security research & a MQX RCE.
nathanlopez/Stitch - Python Remote Administration Tool (RAT)
securifera/MaltegoNessusParser - Maltego transform for visualizing Nessus scan data
UndeadSec/EvilURL - Generate unicode domains for IDN Homograph Attack and detect them.
Fanduzi/MySQL-Scripts - 收集的一些MySQL维护脚本
1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
OWASP/owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls
D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations, privilege escalation and more
SigPloiter/GTScan - The Nmap Scanner for Telco
se55i0n/Awvs_Nessus_Scanner_API - 扫描器Awvs 11和Nessus 7 Api利用脚本
jiangsir404/PHP-code-audit - php code audit for cms vulnerabilities / 代码审计，对一些大型cms漏洞的复现研究，更新源码和漏洞exp
FeeiCN/GSIL - GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）
yuhang-dong/CTF_tools - 用于CTF密码学和编码转换的小工具
haikouxuege/better-ctf-tools - 更好的ctf密码学加解密及编解码工具
dirkjanm/mitm6 - pwning IPv4 via IPv6
Ridter/RTF_11882_0802 - PoC for CVE-2018-0802 And CVE-2017-11882
Manisso/fsociety - fsociety Hacking Tools Pack – A Penetration Testing Framework
1oid/webknife - Web在线菜刀
blackye/webdirdig - web敏感目录、信息泄漏批量扫描脚本，结合爬虫、目录深度遍历。
owocki/pytrader - cryptocurrency trading robot
CryptoSignal/Crypto-Signal - Github.com/CryptoSignal - Trading & Technical Analysis Bot - 4,100+ stars, 1,100+ forks
artkond/cisco-snmp-rce - Cisco IOS SNMP RCE PoC
ethereum/py-evm - A Python implementation of the Ethereum Virtual Machine
coco413/DiscoverSubdomain - 前渗透信息探测工具集-子域名
3xp10it/xcdn - Try to find out the real ip behind cdn
borgmatic-collective/borgmatic - Simple, configuration-driven backup software for servers and workstations
JQ-Networks/UnifiedMessageRelay - Group Message Forward Framework (supports QQ Telegram Line Discord)
grayddq/PublicMonitors - 对公网IP列表进行端口服务扫描，发现周期内的端口服务变化情况和弱口令安全风险
vipkidzhangxiao/exchangecrack - 用于探测公司用户是否存在弱口令
CHYbeta/cmsPoc - CMS渗透测试框架-A CMS Exploit Framework
rudSarkar/crlf-injector - A CRLF ( Carriage Return Line Feed ) Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
maK-/parameth - This tool can be used to brute discover GET and POST parameters
utiso/dorkbot - Command-line tool to scan Google search results for vulnerabilities
ajinabraham/WebAppSec - Web Application Security
miaouPlop/GWT-3D -
SewellDinG/SitePathScan - 🔨基于Python的网站路径扫描工具
We5ter/GSDF - A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具
grayddq/PubilcAssetInfo - 以甲方安全人员的视角，尽可能收集发现企业的域名和服务器公网IP资产
LockGit/Hacking - hacker, ready for more of our story ! 🚀
linroid/sadb - (safe adb) Easy your adb operation when connected multiple devices
bit4woo/passmaker - 可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified
public-apis/public-apis - A collective list of free APIs
gaojiuli/toapi - Every web site provides APIs.
1337g/CVE-2017-10271 - CVE-2017-10271 WEBLOGIC RCE (TESTED)
AlessandroZ/BeRoot - Privilege Escalation Project - Windows / Linux / Mac
livc/CryptoHub_Bot - Everything you desire in the revolution of cryptocurrency.
yutiansut/QUANTAXIS - QUANTAXIS 支持任务调度分布式部署的股票/期货/期权数据/回测/模拟/交易/可视化/多账户纯本地量化解决方案
bbfamily/abu - 阿布量化交易系统(股票，期权，期货，比特币，机器学习) 基于python的开源量化交易，量化投资架构
brannondorsey/PassGAN - A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)
firejq/mdpicker-qiniu - :scissors: 简化使用 markdown 写作时插入图片的繁琐流程，自动将截图后剪贴板中的图片上传至个人七牛云空间，并获取图片外链，输出到剪贴板
cls1991/gy - Yet another .gitignore magician in your command line.
sa7mon/S3Scanner - Scan for open S3 buckets and dump the contents
jonluca/Anubis - Subdomain enumeration and information gathering tool
Cisco-Talos/Decept - Decept Network Protocol Proxy
WeblateOrg/weblate - Web based localization tool with tight version control integration.
003random/003Recon - Some tools to automate recon - 003random
llxxs/awada - lcx in python edition
pritunl/pritunl - Enterprise VPN server
0x27/ssh_keyscanner - ssh public host key scanner using shodan
gelim/nmap-erpscan - Nmap custom probes for better detecting SAP services
vah13/SAP_vulnerabilities - DoS PoC's for SAP products
h2y/Shadowrocket-ADBlock-Rules - 提供多款 Shadowrocket 规则，带广告过滤功能。用于 iOS 未越狱设备选择性地自动翻墙。
pypa/pipenv - Python Development Workflow for Humans.
Cryin/JavaID - java source code static code analysis and danger function identify prog
Ridter/CVE-2017-11882 - CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882
embedi/CVE-2017-11882 - Proof-of-Concept exploits for CVE-2017-11882
ideal/mirror - Task scheduler for open source mirror site (initially for https://mirror.bjtu.edu.cn)
mzeyong/CVE-2017-13089 - CVE-2017-13089
s0md3v/Striker - Striker is an offensive information and vulnerability scanner.
JohannesEbke/aws_list_all - List all your AWS resources, all regions, all services.
hlldz/SpookFlare - Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
RoganDawes/P4wnP1 - P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
elceef/dnstwist - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Lucifer1993/AngelSword - Python3编写的CMS漏洞检测框架
cdhowie/netflix-no-ipv6-dns-proxy - NOTE: I am no longer a Netflix subscriber and therefore cannot reasonably maintain this project anymore. (Fix for Netflix blocking various IPv6 tunnels by returning no results for AAAA queries of Netf
chubin/cheat.sh - the only cheat sheet you need
knownsec/rtcp - 利用 Python 的 Socket 端口转发，用于远程维护
LoRexxar/Kunlun-M - KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。
Voulnet/CVE-2017-8759-Exploit-sample - Running CVE-2017-8759 exploit sample.
lennylxx/ipv6-hosts - Fork of https://code.google.com/archive/p/ipv6-hosts/, focusing on automation
coffeehb/Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写
MA3STR0/kimsufi-crawler - Crawler that will send you an email alert as soon as servers on OVH/Kimsufi become available for purchase
aploium/zmirror - The next-gen reverse proxy for full site mirroring
i-am-myrte/CloudXNS-DDNS - The Python shell of CloudXNS DDNS
sivel/speedtest-cli - Command line interface for testing internet bandwidth using speedtest.net
zhongzhi107/raspberry-pi-tutorials - 面向软件工程师的树莓派入门教程
codingo/VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
mmmwhy/pure_attention - 使用 attention 实现 nlp 和 cv 相关模型。
onvno/resizeup - Dropzone3's Action Plugin - Markdown insert images solution
nopernik/SSHPry2.0 - SSHPry v2 - Spy & Control os SSH Connected client's TTY
mozilla/cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target.
Mr-Un1k0d3r/ThunderShell - Python / C# Unmanaged PowerShell based RAT
ojasookert/CVE-2017-0785 - Blueborne CVE-2017-0785 Android information leak vulnerability
Tylous/SniffAir - A framework for wireless pentesting.
OsandaMalith/LFiFreak - A unique automated LFi Exploiter with Bind/Reverse Shells
Ekultek/Zeus-Scanner - Advanced reconnaissance utility
googleprojectzero/domato - DOM fuzzer
nopernik/sshpry - Seamlessly spy on SSH session like it is your tty
DanMcInerney/net-creds - Sniffs sensitive data from interface or pcap
airbnb/binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
kevthehermit/PasteHunter - Scanning pastebin with yara rules
cujanovic/SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
sh1nu11bi/Routerhunter-2.0 - Testing vulnerabilities in devices and routers connected to the Internet.
chroming/pdfdir - PDF导航（大纲/目录）添加工具
Nitr4x/whichCDN - WhichCDN allows to detect if a given website is protected by a Content Delivery Network
GreatSCT/GreatSCT - The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.
WangYihang/Webshell-Sniper - :hammer: Manage your website via terminal
Yggdroot/LeaderF - An efficient fuzzy finder that helps to locate files, buffers, mrus, gtags, etc. on the fly for both vim and neovim.
brianwrf/S2-053-CVE-2017-12611 - A simple script for exploit RCE for Struts 2 S2-053(CVE-2017-12611)
gelstudios/gitfiti - abusing github commit history for the lulz
sleventyeleven/linuxprivchecker - linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Nandaka/PixivUtil2 - Download images from Pixiv and more!
honeynet/beeswarm - Honeypot deployment made easy
Dragon2fly/vpngate-with-proxy - vpn gate client for linux, be able to connect to open vpn server through proxy
zam1024t/LocalizedMenu - Localize Tool & Localized Menu for Sublime Text 2/3/4 End User. Localization with 简体中文(Simplified Chinese)/繁体中文(Traditional Chinese)/Русский(Russian)/Español(Spanish)/Հայերեն(Armenian)/Svenska(Swedish
fengyouchao/webzmap - Zmap on Web
telekom-security/explo - Human and machine readable web vulnerability testing format
satwikkansal/wtfpython - What the f*ck Python? 😱
DanMcInerney/LANs.py - Inject code and spy on wifi users
swisskyrepo/Wordpresscan - WPScan rewritten in Python + some WPSeku ideas
billy-osullivan/IOT-Protect-Continous-Vulnerability-Scanner - A continous vulnerability scanner which scanys for Qbot and Mirai vulnerabilites and displays results in a browser
ohmyadd/wetland - A high interaction SSH honeypot
LoveCppp/Http-Proxy-Scan - Use Censys.io Scan Http Proxy
eldraco/domain_analyzer - Analyze the security of any domain by finding all the information possible. Made in python.
A3sal0n/CyberThreatHunting - A collection of resources for Threat Hunters - Sponsored by Falcon Guard
drego85/JoomlaScan - A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.
SilverBlog/silverblog - A fast and lightweight blog framework based on Python3 development
RsaCtfTool/RsaCtfTool - RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
ius/rsatool - rsatool can be used to calculate RSA and RSA-CRT parameters
hillsbird/db_security - 数据库安全审计平台
smgoller/rangehttpserver - Python module that implements a simple HTTP server that understands the HTTP Range header.
ferstar/qiniu4blog - 使用七牛云存储创建自己的图床,用于写博客
LiuXingMing/QQSpider - QQ空间爬虫（日志、说说、个人信息）
coderzh/coderzh-hugo-blog - My Perfect Hugo Blog
pentestmonkey/windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
sensepost/reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
deibit/cansina - Web Content Discovery Tool
vishnubob/wait-for-it - Pure bash script to test and wait on the availability of a TCP host and port
alainiamburg/sniffROM - A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual information
jjf012/PassiveScanner - a passive scanner based on Mitmproxy and Arachni
earwig/git-repo-updater - A console script that allows you to easily update multiple git repositories at once
lahwaacz/arch-wiki-docs - A script to download pages from Arch Wiki for offline browsing
fooying/fthreadpool - 线程池模块，增加超时监控，自动Kill
derv82/wifite2 - Rewrite of the popular wireless network auditor, "wifite"
tor2web/Tor2web - Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
anhkgg/hxsec_search -
PaulSec/DET - (extensible) Data Exfiltration Toolkit (DET)
k4m4/onioff - 🌰 An onion url inspector for inspecting deep web links.
mazen160/GithubCloner - A script that clones Github repositories of users and organizations.
hslatman/awesome-industrial-control-system-security - A curated list of resources related to Industrial Control System (ICS) security.
Mosuan/FileScan - FileScan: 敏感文件扫描 / 二次判断降低误报率 / 扫描内容规则化 / 多目录扫描
SharadKumar97/OSINT-SPY - Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep
codezjx/netease-cloud-music-dl - Netease cloud music song downloader, with full ID3 metadata, eg: front cover image, artist name, album name, song title and so on.
hongfeioo/UserDeviceTracker - 快速定位一个IP或MAC在你的网络中的位置，是网络工程师提高工作效率的利器，也可以为CMDB提供基础网络数据。
erevus-cn/scan_webshell - 很简单的webshell扫描
Heurs/parseNTFS - Simple NTFS crawler.
temesgeny/ppsx-file-generator - ppsx file generator for cve-2017-8570 (based on bhdresh/cve-2017-8570)
shadowsocksrr/shadowsocksr - Python port of ShadowsocksR
pwning/defcon25-public - Publicly released tools/plugins from PPP for DEFCON 25 CTF Finals
bugcrowd/HUNT -
jpiechowka/jenkins-cve-2016-0792 - Exploit for Jenkins serialization vulnerability - CVE-2016-0792
salesforce/ja3 - JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
ggusoft/inforfinder - Inforfinder is a tool to collect information of any domains pointing at some server (ip, domain, range, file). Is able to detect all domains pointing to an IP address and detect CMS version installed
LandGrey/pydictor - A powerful and useful hacker dictionary builder for a brute-force attack
SparkSharly/DL_for_xss - Deep learnning for detection with xss
madeye/sssniff - ShadowSocks(SS) traffic sniffer
s0md3v/ReconDog - Reconnaissance Swiss Army Knife
infosec-au/altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
dowsnature/dowsDNS - 快速翻跃中国防火墙
XX-net/XX-Net - A proxy tool to bypass GFW.
out0fmemory/GoAgent-Always-Available - 一直可用的GoAgent，会定时扫描可用的google gae ip，提供可自动化获取ip运行的版本
ccbikai/backuptoqiniu - 备份vps到七牛云存储脚本
janeczku/calibre-web - :books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
Lee-0x00/sec-awvs-agent - High Concurrency of Awvs Scan Agent By AWVS HTTP API
PeterDing/aget - Aget - An Asynchronous Downloader
redapple0204/my-boring-python - shhh.... sth interesting
JusticeRage/freedomfighting - A collection of scripts which may come in handy during your freedom fighting activities.
appsecco/bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
zjy-ucas/ChineseNER - A neural network model for Chinese named entity recognition
rikonaka/katoolin4china - Kali tools installer
jimywork/shodanwave - Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
loveshell/rtcp -
rdiff-backup/rdiff-backup - Reverse differential backup tool, over a network or locally.
magic-wormhole/magic-wormhole - get things from one computer to another, safely
RUB-NDS/PRET - Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
mps-youtube/yewtube - yewtube, forked from mps-youtube , is a Terminal based YouTube player and downloader. No Youtube API key required.
aploium/shootback - a reverse TCP tunnel let you access target behind NAT or firewall
Fare9/OSINTretasNoHayPastebines - Trabajo de OSINT para búsqueda de patrones en pastebin.
rossant/awesome-math - A curated list of awesome mathematics resources
williballenthin/python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).
tornadoweb/tornado - Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
dragoneeg/Struts2-048 - CVE-2017-9791
sonickun/ctf-crypto-writeups -
jordanpotti/AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets
google/ssl_logger - Decrypts and logs a process's SSL traffic.
beurtschipper/crackcoin - Very basic blockchain-free cryptocurrency PoC in Python
lightbulb-framework/lightbulb-framework - Tools for auditing WAFS
ThomasTJdev/WMD - Python framework for IT security tools
borgbackup/borg-import - importer for rsync+hardlink based backups / rsnapshot
XuShaohua/bcloud - 百度网盘的linux桌面客户端
retext-project/retext - ReText: Simple but powerful editor for Markdown and reStructuredText
Yelp/osxcollector - A forensic evidence collection & analysis toolkit for OS X
m0rtem/CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
D35m0nd142/LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
AdamLaurie/RFIDIOt - python RFID / NFC library & tools
ethereum/web3.py - A python interface for interacting with the Ethereum blockchain and ecosystem.
attify/firmware-analysis-toolkit - Toolkit to emulate firmware and analyse it for security vulnerabilities
x90skysn3k/brutespray - Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
CTFd/CTFd - CTFs as you need them
D4Vinci/Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
sensepost/autoDANE - Auto Domain Admin and Network Exploitation.
feeluown/FeelUOwn - trying to be a robust, user-friendly and hackable music player
fcavallarin/htcap - htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.
nccgroup/Winpayloads - Undetectable Windows Payload Generation
letiantian/TextRank4ZH - :deciduous_tree:从中文文本中自动提取关键词和摘要
attardi/wikiextractor - A tool for extracting plain text from Wikipedia dumps
3xp10it/xwaf - Automatic bypass (brute force) waf
monperrus/crawler-user-agents - Syntactic patterns of HTTP user-agents used by bots / robots / crawlers / scrapers / spiders. pull-request welcome :star:
nanshihui/PocCollect - a plenty of poc based on python
fgeek/pyfiscan - Free web-application vulnerability and version scanner
Tr3jer/dnsAutoRebinding - ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6
praetorian-inc/pentestly - Python and Powershell internal penetration testing framework
sizzop/HEVD-Exploits - Various exploits for the HackSys Extreme Vulnerable Driver
coffeehb/struts2_check - 一个用于识别目标网站是否采用Struts2框架开发的工具demo
ldionmarcil/sudo-backdoor - Wraps sudo; transparently steals user's credentials and exfiltrate over DNS. For those annoying times when you get a shell/file write on a sudoers account and need to leverage their credentials.
NetSPI/crossdomainscanner - Python tool for expired domain discovery in crossdomain.xml files
shispt/discover-books - 发现图书：豆瓣图书关系图
netxfly/passive_scan - 基于http代理的web漏洞扫描器的实现
fate0/getproxy - getproxy 是一个抓取发放代理网站，获取 http/https 代理的程序
superhuahua/xunfengES -
mellow-hype/keysniffer-poc - Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.
nsacyber/goSecure - An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber
leostat/rtfm - A database of common, interesting or useful commands, in one handy referable form
royharoush/rtools - pentest floating repo (based off git submodules), and some useful scripts i wrote
Saferman/cupper - It comes!!
koutto/java-binary-deserializer - Java Binary data Deserializer/Serializer - Convert serialized Java Objects into readable XML
ywolf/F-NAScan - Scanning a network asset information script
RoliSoft/ReconScan - Network reconnaissance and vulnerability assessment tools.
zhongyiio/crack-geetest - 滑动验证码破解示例，仅供学习使用。
swisskyrepo/DamnWebScanner - Another web vulnerabilities scanner, this extension works on Chrome and Opera
threatexpress/domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
maurosoria/dirsearch - Web path scanner
gaojiuli/gain - Web crawling framework based on asyncio.
wafpassproject/wafpass - Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.
0x09AL/WordSteal - This script will create a POC that will steal NTML hashes from a remote computer. Do not use this for illegal purposes.The author does not keep responsibility for any illegal action you do.
FSecureLABS/win_driver_plugin - A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
gonzalo/cryptoradio - Python script to encrypt and publish on Twitter. Also decrypt tweets from file
Coalfire-Research/java-deserialization-exploits - A collection of curated Java Deserialization Exploits
shengqi158/svn_git_scanner - 用于扫描git，svn泄露
joxeankoret/CVE-2017-7494 - Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
nickjj/ansigenome - A tool to help you gather information and manage your Ansible roles.
debops/debops-tools - Your Debian-based data center in a box
debops/debops-playbooks - Ansible playbooks used by DebOps project
yanxiu0614/subdomain3 - A new generation of tool for discovering subdomains( ip , cdn and so on)
dvopsway/datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
anantshri/svn-extractor - simple script to extract all web resources by means of .SVN folder exposed over network.
faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall - Machine learning driven web application firewall to detect malicious queries with high accuracy.
xdavidhu/portSpider - 🕷 A lightning fast multithreaded network scanner framework with modules.
vulnersCom/getsploit - Command line utility for searching and downloading exploits
TheRook/subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
Lingerhk/fshell - 基于机器学习的分布式webshell检测系统
TravisFSmith/SweetSecurity - Network Security Monitoring on Raspberry Pi type devices
pathetiq/BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!
owtf/owtf - Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
stamparm/maltrail - Malicious traffic detection system
smxlabs/gibbersense - Extract Sense out of Gibberish stuff
vysecurity/morphHTA - morphHTA - Morphing Cobalt Strike's evil.HTA
dev-zzo/pwn-tools - Various tools I have made for pwnage.
musicmancorley/HVACScanner - Locates Honeywell/Tridium/Niagara HVAC JACEs/Controllers via HTTP fingerprints/strings. Very handy for vulnerability/pentesting.
RicterZ/zabbixPwn - Zabbix Jsrpc.php Injection Exploit
i3visio/osrframework - OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
Mr-Un1k0d3r/PowerLessShell - Run PowerShell command without invoking powershell.exe
darknessomi/musicbox - 网易云音乐命令行版本
brianwrf/SambaHunter - It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
byt3bl33d3r/DeathStar - Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTP
andialbrecht/sqlparse - A non-validating SQL parser module for Python
jm33-m0/mec - for mass exploiting
Hadi999/NXcrypt - NXcrypt - 'python backdoor' framework
denyhosts/denyhosts - Automated host blocking from SSH brute force attacks
ahhh/Reverse_DNS_Shell - A python reverse shell that uses DNS as the c2 channel
dazhouzhou/ICS-Vulnerabilities - Some ICS Vulnerabilities I've found will be listed here.
RUB-SysSec/Password-Guessing-Framework - A Framework for Comparing Password Guessing Strategies
kownet/osint-series - Source codes related to the articles about OSINT. Using social media APIs and Python language.
lbarman/kali-tools - Run Kali tools on all distributions. Offline search, including in package descriptions.
betab0t/cve-2017-7494 - Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share)
jmortega/osint_tools_security_auditing - osint_tools_security_auditing
shaanen/osint-combiner - Combining OSINT sources in Elastic Stack
scott48074/Mastodon-OSINT - Scripts related to Mastodon investigations
keithjjones/hostintel - A modular Python application to collect intelligence for malicious hosts.
fluproject/flunym0us - Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default
ziirish/burp-ui - Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
MisterBianco/BoopSuite - A Suite of Tools written in Python for wireless auditing and security testing.
fnk0c/cangibrina - A fast and powerfull dashboard (admin) finder
CubicaLabs/IDASynergy - A combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro. By
claudioviviani/ms17-010-m4ss-sc4nn3r - MS17-010 multithreading scanner written in python.
ruter/free-PACKT-eBooks-Crawler - A tool for claim and save PACKT's FREE TECHNOLOGY EBOOKS.
wanjunzh/ssct - A wrapper tool for shadowsocks to consistently bypass firewalls.
vincd/burpproxypacextension - Exemple d'extension Burp permettant d'utiliser les fichiers de configuration de proxy PAC
brianwrf/Joomla3.7-SQLi-CVE-2017-8917 - Joomla 3.7 SQL injection (CVE-2017-8917)
lcatro/CVE-2017-7269-Echo-PoC - CVE-2017-7269 回显PoC ,用于远程漏洞检测..
ethvpn/code - The sourecode
matthewearl/deep-anpr - Using neural networks to build an automatic number plate recognition system
mehulj94/BrainDamage - Remote administration tool which uses Telegram as a C&C server
SECFORCE/CVE-2017-3599 - Proof of concept exploit for CVE-2017-3599
0x90/routerz - Some exploits for ZeroNights 0x03
stasinopoulos/ZTExploit - ZTE ZXV10 H108L Router with <= V1.0.01_WIND_A01 - Remote root RCE Exploit
danilabs/rexploit - RExploit (Router Exploitation) is a tool that search exploits for any router SOHO. It is written on Python and QT.
G-bdennour/Huawei - Some Of Huawei Routers Exploits
b40yd/security - Happy Hacker
techgaun/github-dorks - Find leaked secrets via github search
jflyup/goMS17-010 - Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)
Mr-Un1k0d3r/CatMyPhish - Search for categorized domain
zhangzhenfeng/AnyScan - AnyScan
igogo-x86/HexRaysPyTools - IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
lijiejie/IIS_shortname_Scanner - an IIS shortname Scanner
lijiejie/ds_store_exp - A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
MK-Ware/Forensic-Tools - A collection of tools for forensic analysis
schollz/howmanypeoplearearound - Count the number of people around you :family_man_man_boy: by monitoring wifi signals :satellite:
lc4t/clean-baidutieba - 删除自己在百度贴吧的发帖和回复
mdiazcl/fuzzbunch-debian - Fuzzbunch deployment for Debian - Intructions: Readme.md
FortyNorthSecurity/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
zeruniverse/QQParking - QQBot, QQ机器人，用于QQ挂机。自动回复私聊及临时对话，记录留言并转发至邮箱，账号（被踢）下线邮件提醒。
zeruniverse/QBotWebWrap - Web Wrap for QBot series QQ/QQ空间在线挂机
ivytin/cve-crawler -
sam-b/z3-stuff - z3 scripts and ctf challenge solutions.
WebBreacher/emailwhois - Look up an email domain (@example.com), using Python, across all known domains.
jingweiz/pytorch-dnc - Neural Turing Machine (NTM) & Differentiable Neural Computer (DNC) with pytorch & visdom
drduh/macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
zerokeeper/WebEye -
appliedsec/pygeoip - DEPRECATED: Pure Python API for Maxmind's binary GeoIP databases
vesche/histstat - history for netstat
FeeiCN/Cobra - Source Code Security Audit (源代码安全审计)
abatchy17/WindowsExploits - Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.
plane636/rsync_scan - rsync空口令扫描器
gdelugre/ida-arm-system-highlight - IDA script for highlighting and decoding ARM system instructions
plane636/opmanager_exp - opmanager运维监控系统上传漏洞测试工具
xtools-at/AssistantPi - Bring both Google Assistant and Alexa to your Raspberry Pi
iphelix/dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts
CIRCL/bgp-ranking - BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN).
kengz/openai_lab - An experimentation framework for Reinforcement Learning using OpenAI Gym, Tensorflow, and Keras.
kahunalu/pwnbin - Python Pastebin Webcrawler that returns list of public pastebins containing keywords
vesche/scanless - online port scan scraper
iSECPartners/RtspFuzzer - RTSP network protocol fuzzer
roothaxor/The-Password-Manager - Manager/Generator With AES Encrypted Vault - Updated 27/9/2017
CERT-W/certitude - The Seeker of IOC
arthepsy/ssh-audit - SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
TheRook/nsshell - A DNS connectback shell executed by strings in payloads.txt
epinna/tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
SafeBreach-Labs/pyekaboo - Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
pwnlandia/mhn - Modern Honey Network
shengqi158/pyvulhunter - python audit tool 审计注入 inject
msracver/Deformable-ConvNets - Deformable Convolutional Networks
Xyntax/pocserver - Scripts running in public webserver for vulnerability PoC
ArchiveBox/ArchiveBox - 🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...
hashtagcyber/bropy - Basic Anomaly IDS capabilities with Python and Bro
wifiphisher/wifiphisher - The Rogue Access Point Framework
travisbgreen/intel_amt_honeypot - intel amt honeypot
Porchetta-Industries/CrackMapExec - A swiss army knife for pentesting networks
n4xh4ck5/fInd0 - Tool to find domains in sold about a target
p4-team/ctf - Ctf solutions from p4 team
lijiejie/struts2_045_scan - Struts2-045 Scanner
danielplohmann/apiscout - This project aims at simplifying Windows API import recovery on arbitrary memory dumps
nccgroup/Zulu - The Zulu fuzzer
HarmJ0y/pylnker - This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.
kacperszurek/exploits -
plasma-disassembler/plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
skenan/BitcoinStrategy - bitcoin arbitrage between Huobi and Okcoin
BitcoinExchangeFH/BitcoinExchangeFH - Cryptocurrency exchange market data feed handler
tijme/not-your-average-web-crawler - A web crawler (for bug hunting) that gathers more than you can imagine.
ctfs/write-ups-2017 - Wiki-like CTF write-ups repository, maintained by the community. 2017
dylanmc/CryptoBook - Learning Cryptography, math and programming with Cryptol (and maybe some Python)
PeterDing/iScript - 各种脚本 -- 关于虾米 xiami.com, 百度网盘 pan.baidu.com, 115网盘 115.com, 网易音乐 music.163.com, 百度音乐 music.baidu.com, 360网盘/云盘 yunpan.cn, 视频解析 flvxz.com, bt torrent ↔ magnet, ed2k 搜索, tumblr 图片下载, unzip
pwndbg/pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
farrokhi/dnsdiag - DNS Measurement, Troubleshooting and Security Auditing Toolset
csirtgadgets/bearded-avenger - CIF v3 -- the fastest way to consume threat intelligence
lgandx/PoC - Various PoCs
root2ch/ZipCrack - ZipCrack with Python
octodns/octodns - Tools for managing DNS across multiple providers
fnzv/trsh - Telegram Remote-Shell
john-kurkowski/tldextract - Accurately separates a URL’s subdomain, domain, and public suffix, using the Public Suffix List (PSL).
cobrateam/splinter - splinter - python test framework for web applications
yandex/gixy - Nginx configuration static analyzer
zer0yu/ZEROScan - Multi-Thread Vulnerability Verify Framework
openstack/hacking - OpenStack Hacking Style Checks. Mirror of code maintained at opendev.org.
yehia-mamdouh/XSSYA-V-2.0 -
coursera-dl/coursera-dl - Script for downloading Coursera.org videos and naming them.
mjg59/python-broadlink - Python module for controlling Broadlink RM2/3 (Pro) remote controls, A1 sensor platforms and SP2/3 smartplugs
NightRang3r/Broadlink-e-control-db-dump - These two scripts will "parse" the broadlink e-Control Android application database or SharedData and dump the IR / RF codes for selected accessories into a text file which can be later used with broa
paxosglobal/subconscious - redis-backed (in memory) db for python3 that is asyncio compatible
Deeplocal/mocktailsmixer - Make a DIY Robotic Mocktails Mixer Powered by the Google Assistant SDK
bl4de/irc-client - Simple IRC (Internet Relay Chat) Client written in Python
LionSec/katoolin - Automatically install all Kali linux tools
tanchao90/hexo-git-backup-tools - Back-up the source files of my blog.
intezer/docker-ida - Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.
fonttools/fonttools - A library to manipulate font files from Python.
jymcheong/aptc - Automated Payload Test Controller
azheng333/BigDataML -
cornerpirate/cve-offline - An easy to grep dump of the NVD database showing only; CVE-ID, CVSS Risk Score, and Summary.
utkusen/leviathan - wide range mass audit toolkit
n0tr00t/Beehive - Beehive is an open-source vulnerability detection framework based on Beebeeto-framework. Security researcher can use it to find vulnerability, exploits, subsequent attacks, etc.
Lekensteyn/pacemaker - Heartbleed (CVE-2014-0160) client exploit
searx/searx - Privacy-respecting metasearch engine
robputt/Py-DNS-over-HTTPS-Proxy - Provides a simple Python based proxy for running DNS over HTTPS to Google's DNS over HTTPS service.
ZonkSec/weblogic-serialization-exploit-updated - Updated the FoxGlove Security WebLogic serialization exploit.
brianwrf/hackUtils - It is a hack tool kit for pentest and web security research.
keon/algorithms - Minimal examples of data structures and algorithms in Python
breenmachine/JavaUnserializeExploits -
reyammer/shellnoob - A shellcode writing toolkit
nixawk/labs - Vulnerability Labs for security analysis
brainsik/virtualenv-burrito - One command to have a working virtualenv + virtualenvwrapper environment.
webxscan/scan -
webxscan/eval -
agienka/blindy - Simple script to automate brutforcing blind sql injection vulnerabilities
ssrselvamraju/mblogic-S2-client - The client side HMI for the S2 modbus control. This has many html and css pages which were custom edited and also have needed server and client base programs.
shmilylty/cheetah - a very fast brute force webshell password tool
mitre/multiscanner - Modular file scanning/analysis framework
trailofbits/manticore - Symbolic execution tool
LxiaoGirl/exp - 各种流行的POC批量扫描工具，当然其中的目标需要自己去收集。
aboul3la/Sublist3r - Fast subdomains enumeration tool for penetration testers
bsmali4/sicklepoc -
maK-/scantastic-tool - It's bloody scantastic
fxsjy/jieba - 结巴中文分词
Lingerhk/hacking_script - 开发或收集的一些网络安全方面的脚本、小工具
marcotinari/CustomDeserializer - Custom Deserializer
laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT
torque59/Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation
IOActive/jdwp-shellifier -
infobyte/faraday - Open Source Vulnerability Management Platform
Ptr32Void/OSTrICa -
UnkL4b/GitMiner - Tool for advanced mining for content on Github
nneonneo/eqgrp-free-file - Free sampling of files from the purported Equation Group hack.
MorvanZhou/tutorials - 机器学习相关教程
joaomatosf/jexboss - JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
cloudburst/libheap - python library to examine ptmalloc (the glibc userland heap implementation)
paraschetal/PortScan -
SQSamir/NVRScanner -
narata/password - 1
op1hacks/op1repacker - 🗜 Tool for unpacking, modifying and repacking firmware for the OP-1 synth by Teenage Engineering.
XiphosResearch/exploits - Miscellaneous exploit code
yeti-platform/yeti - Your Everyday Threat Intelligence
THIBER-ORG/userline - Query and report user logons relations from MS Windows Security Events
nopernik/fuzzbunch_wrapper - Fuzzbunch Python-Wine wrapper
CIRCL/AIL-framework - AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
mgeeky/expdevBadChars - Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.
automatingosint/osint_public -
w4kfu/IDA_loader - Some loader module for IDA
3gstudent/Smbtouch-Scanner - Automatically scan the inner network to detect whether they are vulnerable.
0xbharath/datasploit - Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the us
uber-archive/focuson - A tool to surface security issues in python code
python-security/pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
bhdresh/CVE-2017-0199 - Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious R
vrnetlab/vrnetlab - Run virtual routers with docker
504ensicsLabs/DAMM - Differential Analysis of Malware in Memory
evilsocket/opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Neo23x0/Loki - Loki - Simple IOC and YARA Scanner
ethereum/casper - Casper contract, and related software and tests
kitctf/writeups - CTF writeups
nixawk/pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
mrschyte/nmap-converter - Python script for converting nmap reports into XLS
fuzzbunch/fuzzbunch - NSA finest tool
WithSecureLabs/doublepulsar-detection-script - A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
the-c0d3r/pynmap - A serious attempt to implement multi-threading to nmap module, which would result in faster scanning speed. I know that one can write NSE scripts for multi-threaded scanning with it, but I wanted to t
houbbit/haveibeenpwned - Python script to verify multiple email addresses for pwnage
icanhasfay/PyPwned - A Python client for the HaveIBeenPwned REST API
insecurityofthings/jackit - JackIt - Exploit Code for Mousejack
misterch0c/GithubLeakAlert -
cjaymes/pyscap - Python implementation of a Security Content Automation Protocol compatible Configuration, Vulnerability, Patch and Inventory Scanner
codepr/creak - Poison, reset, spoof, redirect MITM script
superfashi/FakeGit - FakeGit: A great tool to fool yourself and others
SecarmaLabs/dns-parallel-prober - PoC for an adaptive parallelised DNS prober
artkond/cisco-rce - CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC
lockout/tun64 - IPv6 transition tunnel-based mechanism information exfiltration tool
kootenpv/whereami - Uses WiFi signals :signal_strength: and machine learning to predict where you are
axi0mX/ipwndfu - open-source jailbreaking tool for many iOS devices
JinnLynn/genpac - PAC/Dnsmasq/Wingy file Generator, working with gfwlist, support custom rules.
boy-hack/pythonwebhack - 用python实现的web框架建立的在线渗透平台
JasonLearning/github_trending_spider -
LJ147/githubSpider - 使用python爬虫批量爬取GitHub上的高star项目并定期pull保持最新
JamCh01/github_relationship - a simple spider for github instead of api
TuuuNya/webdirscan - 跨平台的web目录扫描工具
TuuuNya/Exploit - 常用的一些Exploit，经常会更新，也欢迎各位提交新的exp给我。
jhao104/proxy_pool - Python爬虫代理IP池(proxy pool)
seb-m/pyinotify - Monitoring filesystems events with inotify on Linux.
chrizator/netattack - A simple python script to scan and attack wireless networks.
Xyntax/POC-T - 渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
nethunteros/punter - Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, Shodan, Crimeflare
axi0mX/apticket-nonce-checker - Python script which parses 32-bit SHSH/APTickets and prints the APTicket nonce, if any.
phodal/awesome-iot - Awesome IoT. A collaborative list of great resources about IoT Framework, Library, OS, Platform
Germey/TaobaoUser - Get anonymous user of Taobao
QingdaoU/OnlineJudge - open source online judge based on Vue, Django and Docker. | 青岛大学开源 Online Judge | QQ群 496710125 | [email protected]
DanMcInerney/xsscrapy - XSS spider - 66/66 wavsep XSS detected
laixintao/Report-IP-hourly - 📬 Report Linux IP by email hourly.
MrNox/CTF - CTF's writeups
C0reL0ader/EaST - Exploits and Security Tools Framework 2.0.1
CERT-Bund/yara-exporter - Exporting MISP event attributes to yara rules usable with Thor apt scanner
google/timesketch - Collaborative forensic timeline analysis
DavidKorczynski/RePEconstruct -
rajeshmajumdar/PloitKit - The Hacker's ToolBox
smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
sangaline/advanced-web-scraping-tutorial - The Zipru scraper developed in the Advanced Web Scraping Tutorial.
yunjey/pytorch-tutorial - PyTorch Tutorial for Deep Learning Researchers
jopohl/urh - Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
DataSploit/datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
romain-fontugne/RTTanalysis - Estimation and analysis of round trip time in TCP traffic
polymorf/findcrypt-yara - IDA pro plugin to find crypto constants (and more)
luyishisi/Anti-Anti-Spider - 越来越多的网站具有反爬虫特性，有的用图片隐藏关键数据，有的使用反人类的验证码，建立反反爬虫的代码仓库，通过与不同特性的网站做斗争（无恶意）提高技术。（欢迎提交难以采集的网站）（因工作原因，项目暂停）
pagewong/Get-ip-address - python脚本自动获取本机ip，并发送到邮箱。适应linux系统和树莓派（raspberry pi）
jackgitgz/CnblogsSpider - 用scrapy采集cnblogs列表页爬虫
VHTgcB1N/Sisyphus - 一个方便的用来分析LOL中数据的工具
bharshbarger/AutOSINT - Tool to automate common OSINT tasks
NullArray/DorkNet - Selenium powered Python script to automate searching for vulnerable web apps.
edouardoyallon/pyscatwave - Fast Scattering Transform with CuPy/PyTorch
essandess/isp-data-pollution - ISP Data Pollution to Protect Private Browsing History with Obfuscation
kgretzky/evilginx - PLEASE USE NEW VERSION: https://github.com/kgretzky/evilginx2
opendns/og-miner - OpenDNS Graph Miner
OTRF/ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Moving-Electrons/TravelPhotoBackup - This is an OLD repository and has been left here for reference purposes only. New repository can be found at: https://github.com/Moving-Electrons/photo-backup. More information at www.movingelectrons.
Comsecuris/gdbida - gdbida - a visual bridge between a GDB session and IDA Pro's disassembler
kendricktan/drawlikebobross - Draw like Bob Ross using the power of Neural Networks (With PyTorch)!
az0ne/MongoDB_AutoDump - 用于快速探测未授权MongoDB数据库结构，取第一条内容，并统计数据数量。A tool for unauthorized MongoDB database , take the first content, and the number of statistical data.
he1m4n6a/dictBuilder - 渗透测试中字典生成工具
nxez/SAKS-tutorials - SAKS Tutorials
n8henrie/pycookiecheat - Borrow cookies from your browser's authenticated session for use in Python scripts.
animalize/qqwry-python3 - 在纯真IP数据库（qqwry.dat）查询IP归属地， for python 3.0+，已上传至pypi：https://pypi.org/project/qqwry-py3/
nladuo/taobao_bra_crawler - a taobao web crawler just for fun.
repoog/GitPrey - Searching sensitive files and contents in GitHub associated to company name or other key words
stamparm/DSXS - Damn Small XSS Scanner
ring04h/weakfilescan - 动态多线程敏感信息泄露检测工具
RicterZ/genpAss -
multiangle/Distributed_Microblog_Spider - 分布式新浪微博爬虫
qiyeboy/IPProxyPool - IPProxyPool代理池项目，提供代理ip
iamdaiyuan/SinaWeiboSpider-Mongodb - weibo spider
x0rz/tweets_analyzer - Tweets metadata scraper & activity analyzer
tweepy/tweepy - Twitter for Python!
bianjiang/twitter-user-geocoder - Resolve the location string in Twitter users' profiles to US states (and cities)
bianjiang/tweetf0rm - A twitter crawler in Python
WUJJU/ScrapyTwitter - Crawling twitter info Using Scrapy+Splash
eddiewang/TwitterScrape - A Twitter scraping tool using Scrapy
molcay/msku-etkinlik - MSKU Etkinlik Kodları
zaycev/cbg-scrapy - Simple HTTP server for asynchronous scrapping data from Twitter API using Twisted library
yall/scrapy-twitter -
hauntek/python-ngrokd -
luong-komorebi/Awesome-Linux-Software - 🐧 A list of awesome Linux softwares
wl879/SublimeOnSave - Executes commands on file save.
facert/github_search - 根据 keywords 搜索 github 上面的 repos, 并通过 web 展示
InRaiDi/TwitterSpider - Parsing tweets from Twitter Profiles with Python
iam-xiaoyi-zhang/woeid - Scrapy crawling woeid and twitter trends (using api)
tomowang/scrapy-twitter - crawl twitter timeline using scrapy
muscledreamer/twitter_scrapy - Use Scrapy to crwal Twitter .THE 1.0 Edition
YuLin12345/Sneaker-Notify - Sneaker/Restock/Monitor Notify via Twitter coded in Python using Scrapy.
zoalst/reddit_all_rising - Simple example of a Scrapy spider that scrapes Reddit + Twitter bot made with python-twitter, deployed to Heroku
r00k5A58/pyc2 - simple c2 written in python to demonstrate security concepts
n00py/WPForce - Wordpress Attack Suite
vinta/awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
521xueweihan/HelloGitHub - :octocat: 分享 GitHub 上有趣、入门级的开源项目。Share interesting, entry-level open source projects on GitHub.
soimort/you-get - :arrow_double_down: Dumb downloader that scrapes the web
weaming/gitbook-wiki - :book: Wiki powered by Gitbook :)
hexcola/gitbook-deploy - a simple tool help me deploy gitbook to github pages.
kun945/weixinpy - Python client SDK for Micro Message Public Platform API.
juliangaal/python-cheat-sheet - Python Cheat Sheet NumPy, Matplotlib
pydata/pandas-datareader - Extract data from a wide range of Internet sources into a pandas DataFrame.
waditu/tushare - TuShare is a utility for crawling historical data of China stocks
yhat/pandasql - sqldf for pandas
brianwrf/HackRequests - It is a dedicated requests lib that supports cookie, headers, get/post, etc. And it also supports rendering the response (e.g. Javascript, CSS, etc.) of GET requests by using PhantomJs enginee.
az0ne/Github_Nuggests - 自动爬取Github上文件敏感信息泄露，抓取邮箱密码并自动登录邮箱验证，支持126，qq，sina，163邮箱
houtianze/bypy - Python client for Baidu Yun (Personal Cloud Storage) 百度云/百度网盘Python客户端
Mebus/cupp - Common User Passwords Profiler (CUPP)
x-hw/amazing-qr - 💮 amazing QRCode generator in Python (supporting animated gif) - Python amazing 二维码生成器（支持 gif 动态图片二维码）
observerss/textfilter - 敏感词过滤的几种实现+某1w词敏感词库
saffsd/langid.py - Stand-alone language identification system
reddit-archive/reddit - historical code from reddit.com
reorx/httpstat - curl statistics made simple
PyMySQL/PyMySQL - MySQL client library for Python
alisaifee/flask-limiter - Rate Limiting extension for Flask
nicolargo/glances - Glances an Eye on your system. A top/htop alternative for GNU/Linux, BSD, Mac OS and Windows operating systems.
amoffat/sh - Python process launching
taobao/nginx-book - Nginx开发从入门到精通
rpicard/explore-flask - Source of Explore Flask book
jumpserver/jumpserver - JumpServer 是广受欢迎的开源堡垒机，是符合 4A 规范的专业运维安全审计系统。
locustio/locust - Write scalable load tests in plain Python 🚗💨
dbcli/mycli - A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.
ethan-funny/explore-python - :green_book: The Beauty of Python Programming.
qiwsir/algorithm -
luyishisi/Raspberry_face_recognition_attendance_machine - 2016年完成，调用face++进行人脸识别语音发音的树莓派平台下的考勤机。
backto17/SinaHouseCrawler - 基于scrapy,scrapy-redis实现的一个分布式网络爬虫,爬取了新浪房产的楼盘信息及户型图片,实现了常用的爬虫功能需求.
doubunv/phantomJS-weibo - phantomJS新浪微博爬虫
szcf-weiya/SinaSpider - 动态IP解决新浪的反爬虫机制，快速抓取内容。
NewBee119/telnet-scanner - telnet服务密码撞库
v3n0m-Scanner/V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
rajeshmajumdar/BruteXSS - BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more conv
m4n3dw0lf/pythem - pentest framework
luyidong/log_visual - 日志可视化
heiyhia/thinkstats - 程序员统计入门, fork自thinkstats, 改动: 用Numpy, Pandas处理数据, Seaborn可视化
yutiansut/QUANTAXIS_SPIDER - QUANTAXIS 爬虫mod python/javascript/mongodb
boy-hack/AnalysePass -
M157q/py-feedr - A Python parser to tweet the latest updates from multiple RSS feeds.
codecrack3/Shortcut-Downloader - Shortcut Downloader

REXX

drb-ra/C2IntelFeeds - Automatically created C2 Feeds

Rascal

kmahyyg/ban_cnshort - Ban China Short Video Websites

Rich Text Format

frankwxu/digital-forensics-lab - Free hands-on digital forensics labs for students and faculty
asiamina/A-Course-on-Digital-Forensics - A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
adamshostack/eop - The Elevation of Privilege Threat Modeling Game
lhajh/Alfred-Powerpack - Alfred-Powerpack
tsingui/clover-efi - 分享整理一些黑苹果Clover驱动配置文件
huangyz0918/Hackintosh-Installer-University - Open source tutorial & information collector for hackintosh installation.
sqlsec/clover - Share some hackintosh Clover files 分享一些黑苹果clover配置文件
decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Roff

lcatro/cve_diff_checker - 快速对自己项目中引入的第三方开源库进行1day patch检索,patch数据每天晚上11点更新
lxhao61/integrated-examples - 以Xray或V2Ray（v4版）、Trojan-Go或Trojan、NaiveProxy、Hysteria等打造科学上网的优化配置及最优组合示例，且提供集成常用插件的Caddy（v2版）程序，分享给大家食用及自己备份。
slimm609/checksec.sh - Checksec.sh
NS-Sp4ce/Dict - 一些弱口令、fuzz字典
hardenedlinux/harbian-qa - Bug hunting through fuzzer/*-sanitizer/etc...
ldbfpiaoran/websearch - Search engine for web assets

Ruby

f0ng/autoDecoder-usages - autoDecoder的用法及案例，包含加解密方法、绕waf、替换参数等操作。
ronin-rb/ronin-vulns - Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
seeu-inspace/easyg - Here I gather all the resources about hacking that I find interesting
Bywalks/DarkAngel - DarkAngel 是一款全自动白帽漏洞扫描器，从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。
greatghoul/remote-working - 收集整理远程工作相关的资料
Homebrew/homebrew-bundle - 📦 Bundler for non-Ruby dependencies from Homebrew, Homebrew Cask and the Mac App Store.
r0eXpeR/fingerprint - 各种工具指纹收集分享
safesword/WebExp - 2020年~2021年网站CMS、中间件、框架系统漏洞集合
ly4k/CurveBall - PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)
DannyBen/bashly - Bash command line framework and CLI generator
mubix/local-hibp - How to set up a local copy of Have-I-Been-Pwned's password checking service
eastmountyxz/CVE-2020-0601-EXP - 这资源是作者复现微软签字证书漏洞CVE-2020-0601，结合相关资源及文章实现。推荐大家结合作者博客，理解ECC算法、Windows验证机制，并尝试自己复现可执行文件签名证书和HTTPS劫持的例子。作为网络安全初学者，自己确实很菜，但希望坚持下去，加油！
ZeroChaos-/blue_hydra - Blue Hydra
presidentbeef/brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
mschuchard/rapid-vaults - Ad-hoc encrypt and decrypt data behind multiple layers of protection via OpenSSL or GPG
noraj/rabid - :cookie: A CLI tool and library allowing to simply decode all kind of BigIP cookies.
winezer0/whatweb-plus - whatweb 增强版合并多个指纹库 8000+插件（提供exe版）
L-codes/pwcrack-framework - Password Crack Framework
Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
duckstroms/Web-CTF-Cheatsheet - Web CTF CheatSheet 🐈
hartator/wayback-machine-downloader - Download an entire website from the Wayback Machine.
bcoles/jira_scan - A simple remote scanner for Atlassian Jira
lyy289065406/CVE-2021-22192 - CVE-2021-22192 靶场：未授权用户 RCE 漏洞
evait-security/envizon - network visualization & pentest reporting
m0nad/HellRaiser - Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
FunnyWolf/execute-assembly -
bcoles/ssrf_proxy - SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
TW-D/WiFi-Pineapple-MK7_REST-Client - WiFi Hacking Workflow with WiFi Pineapple Mark VII API
zed-0xff/zsteg - detect stegano-hidden data in PNG & BMP
rapid7/dap - Data Analysis Pipeline
kiks7/rusty_joomla_rce - Rusty Joomla RCE Exploit
tryzealot/zealot - 开源自部署移动应用和 macOS 应用分发平台，提供 iOS、Android SDK、fastlane 等丰富组件库 | Self-hosted Beta App Distribution for Android, iOS and macOS apps
th3maid/zynix-fusion - zynix-Fusion is a framework that aims to centralize, standardize and simplify the use of various security tools for pentest professionals
pedrib/PoC - Advisories, proof of concept files and exploits that have been made public by @pedrib.
ring0lab/catphish - CATPHISH project - For phishing and corporate espionage. Perfect for RED TEAM.
hahwul/mad-metasploit - Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
navisecdelta/X-Prey - A password spraying wordlist generator. Takes breach data as a valid input in order to target password reuse.
centriascolocation/inspec-aws-baseline - InSpec AWS Baseline Profile
navisecdelta/EmailGen - A simple email generator that uses dorks on Bing to generate emails from LinkedIn Profiles.
busyloop/lolcat - Rainbows and unicorns!
intrigueio/intrigue-core - Discover Your Attack Surface!
appvia/krane - Kubernetes RBAC static analysis & visualisation tool
noraj/Bludit-auth-BF-bypass - Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass
bacongravy/macinbox - Puts macOS in a Vagrant box
lucasallan/CVE-2020-8163 - CVE-2020-8163 - Remote code execution of user-provided local names in Rails
subhajitsaha0x/N-POT - N-POT is a honeypot framework, It runs on your network with advance configuration.It can be run on specific ports and have the ability to clone any web application.It also have included other tools li
hackedteam/rcs-common - Common components for RCS backend
pry0cc/cloud-ranges - A list of cloud ranges from different providers.
intrigueio/intrigue-ident - Application and Service Fingerprinting
R3dy/capsulecorp-pentest - Vagrant VirtualBox environment for conducting an internal network penetration test
digininja/CeWL - CeWL is a Custom Word List Generator
jobertabma/virtual-host-discovery - A script to enumerate virtual hosts on a server.
nahamsec/lazys3 -
TideSec/Mars - Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
criteo-cookbooks/wsus-server - Chef Cookbook to install and configure server for Windows Server Update Services (WSUS)
hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
noraj/OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
udzura/bpfql - eBPF query runner (Ruby DSL or something useful)
thesp0nge/dawnscanner - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
hahwul/XSpear - Powerfull XSS Scanning and Parameter analysis tool&gem
s1kr10s/D-Link-DIR-859-RCE - D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621)
Shopify/tainted_love - Dynamic Security Analysis for Ruby
planetruby/awesome - Awesome Ruby Collections - Web Servers, Web Frameworks, Rack, Active Record, Functional, Crypto, and More
dmayer/idb - idb is a tool to simplify some common tasks for iOS pentesting and research
arkadiyt/bounty-targets - This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
redmine/redmine - Mirror of redmine code source - Official Subversion repository is at https://svn.redmine.org/redmine - contact: @vividtone or maeda (at) farend (dot) jp
kaich/codeobscure - code obscure for object-c project. 方便强大的OC工程代码自动混淆工具
praetorian-inc/purple-team-attack-automation - Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
TideSec/FuzzScanner - 一个主要用于信息搜集的工具集，主要是用于对网站子域名、开放端口、端口指纹、c段地址、敏感目录等信息进行批量搜集。
bahaabdelwahed/killshot - A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
darkoperator/Metasploit-Plugins - Plugins for Metasploit Framework
feedbin/feedbin - A nice place to read on the web.
prat0318/json_resume - Generates pretty HTML, LaTeX, markdown, with biodata feeded as input in JSON
w181496/Web-CTF-Cheatsheet - Web CTF CheatSheet 🐈
bit4woo/Summit_PPT - 各种安全大会PPT PDF
arkadiyt/aws_public_ips - Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
Arachni/arachni-ui-web - Arachni's Web User Interface.
zcgonvh/cve-2017-7269 - fixed msf module for cve-2017-7269
ociredefz/vsaudit - VOIP Security Audit Framework
SaulLawliet/watchdog - IF (接口/网页有变化) THEN (提醒你)
0x09AL/CVE-2017-11882-metasploit - This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.
nopernik/msfvenom-bc-generator - Metasploit msfvenom Bash Completions Generator
eik00d/Reverse_DNS_Shellcode - Revrese DNS payload for Metasploit: Download Exec x86 shellcode. Also DNS Handler and VBS bot (alsow working over DNS) as PoC included.
luizluca/bridge - brigde is a dynamic port forwarder over HTTP (with HTTP PROXY support)
openblockchains/awesome-blockchains - A collection about awesome blockchains - open distributed public databases w/ crypto hashes incl. git ;-). Blockchains are the new tulips :tulip::tulip::tulip:. Distributed is the new centralized.
felixonmars/dnsmasq-china-list - Chinese-specific configuration to improve your favorite DNS server. Best partner for chnroutes.
hahwul/metasploit-autopwn - db_autopwn plugin of metasploit
vallejocc/Hacking-Busybox-Control - Some metasploit scripts to help to control busybox based embedded devices
sidaf/homebrew-pentest - Homebrew Tap - Pen Test Tools
twngo/Tails-zh_TW - website of TAILS (l10n project for Traditional Chinese)
mdrights/tails-zh_CN - Website of Tails ( l10n project for Simplified Chinese )
iagox86/shuffler - Just a quick ruby script to explore perfect card shuffles. :)
rastating/joomlavs - A black box, Ruby powered, Joomla vulnerability scanner
SpiderLabs/cve_server - Simple REST-style web service for the CVE searching
ffleming/timing_attack - Perform timing attacks against web applications
Fuzzapi/fuzzapi - Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
siberas/watobo -
urbanadventurer/WhatWeb - Next generation web scanner
rastating/wordpress-exploit-framework - A Ruby framework designed to aid in the penetration testing of WordPress systems.
inspec/inspec - InSpec: Auditing and Testing Framework
zed-0xff/pedump - dump windows PE files using ruby
DeathKing/Learning-SICP - MIT视频公开课《计算机程序的构造和解释》中文化项目及课程学习资料搜集。
puppetlabs/puppetlabs-firewall - Puppet Firewall Module
huginn/huginn - Create agents that monitor and act on your behalf. Your agents are standing by!
WhitewidowScanner/whitewidow - SQL Vulnerability Scanner
napcs/rubynew - Ruby new project generator.
HatBashBR/HatCloud - discontinued
github/secure_headers - Manages application of security headers with many safe defaults
Telefonica/Eternalblue-Doublepulsar-Metasploit - Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.
brunofacca/zen-rails-security-checklist - Checklist of security precautions for Ruby on Rails applications.
porterhau5/BloodHound-Owned - A collection of files for adding and leveraging custom properties in BloodHound.
michenriksen/birdwatcher - Data analysis and OSINT framework for Twitter
sue445/ccc_privacy_crawler - Tカードの個人情報提供の停止対象企業一覧の新着を通知するためのTwitterボットです
kost/dockscan - dockscan is security vulnerability and audit scanner for Docker installations
dmchell/metasploit-framework - Metasploit Framework
tinyclub/open-shell-book - 开源书籍：《Shell 编程范例》，面向操作对象学 Shell！本书作者发布了《360°剖析 Linux ELF》视频课程，欢迎订阅：https://www.cctalk.com/m/group/88089283
Arachni/arachni - Web Application Security Scanner Framework

Rust

tw93/Pake - 🤱🏻 Turn any webpage into a desktop app with Rust. 🤱🏻 很简单的用 Rust 打包网页生成很小的桌面 App
ruffle-rs/ruffle - A Flash Player emulator written in Rust
AbelChe/rabbithole - 🦀️ 一个完全使用Rust编写的代理池工具，从网络搜索socks5代理，检测可用性之后开启socks5代理服务。A proxy pool tool completely written in Rust, which searches for SOCKS5 proxies from the network, and after checking their availability, starts
ethicalhackingplayground/pathbuster - A path-normalization pentesting tool.
lencx/ChatGPT - 🔮 ChatGPT Desktop Application (Mac, Windows and Linux)
voidz0r/CVE-2022-44268 - A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
Sndav/WeChatDB-Rust - 用Rust语言编写，使用特征值从微信内存中提取数据库密钥的工具
thekingofsex/lazfinder - 快速遍历目标目录中所有指定后缀文件中包含的敏感信息
YDHCUI/manjusaka - 牛屎花一款基于WEB界面的远程主机管理工具
GDATASoftwareAG/vaas - Verdict-as-a-Service SDKs: Analyze files for malicious content
MythicAgents/tetanus - Mythic C2 agent targeting Linux and Windows hosts written in Rust
sharkdp/fd - A simple, fast and user-friendly alternative to 'find'
AbdulRhmanAlfaifi/Fennec - Artifact collection tool for *nix systems
mufeedvh/moonwalk - Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
ekzhang/bore - 🕳 bore is a simple CLI tool for making tunnels to localhost
mttaggart/OffensiveNotion - Notion as a platform for offensive operations
Esc4iCEscEsc/skanuvaty - Dangerously fast DNS/network/port scanner
gfreezy/seeker - 通过使用 tun 来实现透明代理。实现了类似 surge 增强模式与网关模式。
frank2/oxide - A PoC packer written in Rust!
EAimTY/tuic - Delicately-TUICed 0-RTT proxy protocol
gamozolabs/elfloader - An architecture-agnostic ELF file flattener for shellcode
PaulJuliusMartinez/jless - jless is a command-line JSON viewer designed for reading, exploring, and searching through JSON data.
AFLplusplus/LibAFL - Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
Kibouo/rustpad - Multi-threaded Padding Oracle attacks against any service. Written in Rust.
zu1k/ldap-log - 一个LDAP请求监听器，摆脱dnslog平台和java
AppFlowy-IO/AppFlowy - AppFlowy is an open-source alternative to Notion. You are in charge of your data and customizations. Built with Flutter and Rust.
shmuelamar/cracken - a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust
trickster0/OffensiveRust - Rust Weaponization for Red Team Engagements.
RedisJSON/RedisJSON - RedisJSON - a JSON data type for Redis
knownsec/ct - 简单易用的域名爆破工具
editso/fuso - 一款体积小, 快速, 稳定, 高效, 轻量的内网穿透, 端口转发工具支持多连接,级联代理,传输加密 (A small volume, fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy,
postrequest/link - link is a command and control framework written in rust
Agnoctopus/Tartiflette - Snapshot fuzzing with KVM and LibAFL
0x727/ObserverWard - Cross platform community web fingerprint identification tool
ihciah/clean-dns-bpf - 基于 Rust + eBPF 丢弃 GFW DNS 污染包
weggli-rs/weggli - weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
revoltchat/vortex - (in development) Pluggable WebRTC Voice Server
knassar702/lorsrf - Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
str4d/rage - A simple, secure and modern encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts
DNSCrypt/doh-server - Fast, mature, secure DoH and ODoH server proxy written in Rust. Previously known as doh-proxy and rust-doh.
skerkour/black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Lifars/gargamel - A forensic evidence acquirer
hora-search/hora - 🚀 efficient approximate nearest neighbor search algorithm collections library written in Rust 🦀 .
Sh1Yo/request_smuggler - Http request smuggling vulnerability scanner
dwisiswant0/ppfuzz - A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
robiot/rustcat - Rustcat(rcat) - The modern Port listener and Reverse shell
R4yGM/stegbrute - Fast Steganography bruteforce tool written in Rust useful for CTF's
melbadry9/domain_reg - Check domain availability for registration
resyncgg/armada - A high performance TCP SYN port scanner.
theflakes/reg_hunter - Blueteam operational triage registry hunting/forensic tool.
Sh1Yo/x8 - Hidden parameters discovery suite
doctorn/micro-mitten - You might not need your garbage collector
Edu4rdSHL/rusolver - A fast and accurate DNS resolver written in Rust.
teloxide/teloxide - 🤖 An elegant Telegram bots framework for Rust
jvns/dnspeep - spy on the DNS queries your computer is making
foniod/foniod - Data first monitoring agent using (e)BPF, built on RedBPF
pemistahl/grex - A command-line tool and Rust library for generating regular expressions from user-provided test cases
Nukesor/pueue - :stars: Manage your shell commands.
TheBinitGhimire/NtHiM - Now, the Host is Mine! - Super Fast Sub-domain Takeover Detection!
bytecodealliance/wasmtime - A fast and secure runtime for WebAssembly
microsoft/windows-rs - Rust for Windows
ballista-compute/ballista - Distributed compute platform implemented in Rust, and powered by Apache Arrow.
ysf/anewer - anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew
sharkdp/bat - A cat(1) clone with wings.
reacherhq/check-if-email-exists - Check if an email address exists without sending any email, written in Rust. Comes with a ⚙️ HTTP backend.
melbadry9/SSLEnum - Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
ogham/dog - A command-line DNS client.
nccgroup/scrying - A tool for collecting RDP, web and VNC screenshots all in one place
epi052/feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
Edu4rdSHL/fhc - Fast HTTP Checker.
microsoft/onefuzz - A self-hosted Fuzzing-As-A-Service platform
JohnWoodman/FES - Fast Endpoint Scanner
Edu4rdSHL/unimap - Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
TimeToogo/tunshell - Remote shell into ephemeral environments 🐚 🦀
hardik05/Damn_Vulnerable_C_Program - An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.
nushell/nushell - A new type of shell
aws/http-desync-guardian - Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).
analysis-tools-dev/dynamic-analysis - ⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.
twilco/kosmonaut - A web browser engine for the space age :rocket:
jmdx/TLS-poison -
gamozolabs/cookie_dough - A fuzzing introspection tool
oliverdaff/hprobe - A HTTP probe written in Rust
RustScan/RustScan - 🤖 The Modern Port Scanner 🤖
0xeb-bp/subdomain_prepender - Prepend subdomains to domains for brute forcing.
junnlikestea/vita - A tool to find subdomains or domains from passive sources.
junnlikestea/bulkssrf - Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
parallaxsecond/parsec - Platform AbstRaction for SECurity service
phra/rustbuster - A Comprehensive Web Fuzzer and Content Discovery Tool
extrawurst/gitui - Blazing 💥 fast terminal-ui for git written in rust 🦀
nccgroup/dirble - Fast directory scanning and scraping tool
iovxw/rssbot - Lightweight Telegram RSS notification bot. 用于消息通知的轻量级 Telegram RSS 机器人
joinsec/BadDNS -
bottlerocket-os/bottlerocket - An operating system designed for hosting containers
fkie-cad/cwe_checker - cwe_checker finds vulnerable patterns in binary executables
SUPERAndroidAnalyzer/super - Secure, Unified, Powerful and Extensible Rust Android Analyzer
BurntSushi/ripgrep - ripgrep recursively searches directories for a regex pattern while respecting your gitignore
Findomain/Findomain - The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, mul
Aloxaf/rbkcrack - Crack legacy zip encryption with Biham and Kocher's known plaintext attack. 使用明文攻击破解加密的 zip 文件
PinkP4nther/EroDir - A fast web directory/file enumeration tool written in Rust
kpcyrd/sn0int - Semi-automatic OSINT framework and package manager
square/sudo_pair - Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
rust-unofficial/awesome-rust - A curated list of Rust code and resources.
loggerhead/shadowsocks-rust - Oh my implementation of Shadowsocks in Rust
smoqadam/rust-youtube-downloader - Youtube video downloader written in Rust
isra17/dirt - Dynamic Identification and Recognition Technology
analysis-tools-dev/static-analysis - ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

SCSS

sivan/heti - 赫蹏（hètí）是专为中文内容展示设计的排版样式增强。它基于通行的中文排版规范而来，可以为网站的读者带来更好的文章阅读体验。
Keldos-Li/typora-latex-theme - 将Typora伪装成LaTeX的中文样式主题，本科生轻量级课程论文撰写的好帮手。This is a theme disguising Typora into Chinese LaTeX style.
ceciliamay/obsidianmd-theme-primary - Comfy, playful but productive theme for Obsidian. "Primary instantly puts you in a relaxed state that opens the door to creativity and exploration. Wonderfully executed down to the smallest details,"
RamonGiovane/guiptables - A Graphic User Interface for Linux's Iptables Firewall. Made with Cockpit for CentOS
hug-sun/element3 - A Vue.js 3.0 UI Toolkit for Web. Build with Javascript
nostalgic-css/NES.css - NES-style CSS Framework | ファミコン風CSSフレームワーク
mzfr/vulnhub-writeups - Writeups for Vulnhub's boot2root machines that I've done
rabobank-cdc/DeTTECT - Detect Tactics, Techniques & Combat Threats
olOwOlo/hugo-theme-even - 🚀 A super concise theme for Hugo https://hugo-theme-even.netlify.app
mastodon/documentation - Mastodon documentation

Sage

pcw109550/write-up - :smirk_cat: CTF write-ups

SaltStack

skymyyang/salt-k8s-ha - SaltStack自动化部署Kubernetes-HA集群、二进制部署、便于理解原理

Sass

nisrulz/app-privacy-policy-generator - A simple web app to generate a generic privacy policy for your Android/iOS apps

Scala

seveniruby/AppCrawler - 基于appium的app自动遍历工具
joernio/joern - Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
albuch/sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
geekyouth/SZT-bigdata - 深圳地铁大数据客流分析系统🚇🚄🌟
sbaresearch/amlsec - Automated Security Risk Identification Using AutomationML-based Engineering Data
arguslab/Argus-SAF - Argus static analysis framework
TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Scheme

vah13/radamsa - a general purpose fuzzer

Shell

yeahwu/check - Streaming Media Unlock Test
kuletco/iso-helper - Ubuntu-20.04 Custom Helper Script
QiuChenly/MyMacsAppCrack - MacBook 自用软件破解（macOS Intel）
shouyinji1/MyTorProxy - Tor SOCKS5代理工具
retkoussa/reFresh - A bash tool used to install famous bug bounty tools. Mainly used when setting up a fresh environment.
regorsec/Linux-Post-Exploitation - Tips, Tricks, and Scripts for Linux Post Exploitation
teamssix/container-escape-check - docker container escape check || Docker 容器逃逸检测
spiritLHLS/Oracle-server-keep-alive-script - 甲骨文服务器保活脚本(Oracle Server Keep Alive Script)
youngyangyang04/leetcode-master - 《代码随想录》LeetCode 刷题攻略：200道经典题目刷题顺序，共60w字的详细图解，视频难点剖析，50余张思维导图，支持C++，Java，Python，Go，JavaScript等多语言版本，从此算法学习不再迷茫！🔥🔥 来看看，你会发现相见恨晚！🚀
yeahwu/v2ray-wss -
n3m1dotsys/CVE-2023-22809-sudoedit-privesc - A script to automate privilege escalation with CVE-2023-22809 vulnerability
stilleshan/frps - 基于原版 frp 内网穿透服务端 frps 的一键安装卸载脚本和 docker 镜像.支持 Linux 服务器和 docker 等多种环境安装部署.
9bie/sshdHooker - 一键注入SSHD进程记录并发送ssh登录的密码
OrangeHacking-CyberSecurity/kali-build-config - 构建基于gnome桌面模式的kali Linux
rix4uni/SubDog - subdog is a subdomain enumeration tools, this tool collect number of different sources to create a list of root subdomains
tom-snow/wechat-windows-versions - 保存微信历史版本
whitehatsoumya/Nutoscan - An Automated Mass Network Vulnerability Scanner and Recon Tool
cxf-boluo/magisk_All - magisk 一键集成环境，再也不用每次刷完机繁琐的配置环境了！
1N3/BruteX - Automatically brute force all services running on a target.
haiwen/seafile-server-installer-cn - One script to install seafile server
neargle/my-re0-k8s-security - :atom: [WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐
z-shell/zi - ✨ A Swiss Army Knife for Zsh - Unix Shell
makdosx/mip22 - :computer: :iphone: mip22 is a advanced phishing tool
githubfoam/nmap-githubactions - nmap nse lua vulnerability scanner githubactions
LeKlex/Attack-simulation-infrastructure - A small and simple network infrastructure with automated attacks on a VM server documented by tshark
scmanjarrez/CVEScannerV2DB - Semiupdated database of CVEScannerV2
arget13/DDexec - A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
DataDog/security-labs-pocs - Proof of concept code for Datadog Security Labs referenced exploits.
decoymini/DecoyMini - 🐝 A highly scalable, safe, free enterprise honeypots 一款高可扩展、安全、免费的企业级蜜罐系统
lefayjey/linWinPwn - linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
snowyyowl/writeups -
JoyGhoshs/0install - A bash script that will automatically install Bug Hunting tools used for recon
JoyGhoshs/BalerRecon - Baler Recon Script
JoyGhoshs/Airattackit - Automated Wireless Attack Framework
oxff644/Waf_auto_pretest - WAF自动化质量测试工具
ViRb3/magisk-frida - 🔐 Run frida-server on boot with Magisk, always up-to-date
basharkey/CVE-2022-0847-dirty-pipe-checker - Bash script to check for CVE-2022-0847 "Dirty Pipe"
BytecodeDL/ByteCodeDL - A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
G4rb3n/Malbox - 恶意软件容器靶机
r1is/CVE-2022-0847 - CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞，可覆盖重写任意可读文件中的数据，从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞（Dirty Cow），但它更容易被利用。漏洞作者将此
philcryer/prickly-pete - A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)
720922/chaosDump - A powerful and clean bash script to dump and extract information from Project Discovery's Chaos Project https://chaos.projectdiscovery.io.
veerendra2/elasticsearch-deploy-notes - Elasticsearch deploy notes
nightwatchcybersecurity/gitbleed_tools -
ffffffff0x/403-fuzz - 针对 403 页面的 fuzz 脚本
wslutilities/wslu - A collection of utilities for Windows Subsystem for Linux
v4d1/SpoofThatMail - Bash script to check if a domain or list of domains can be spoofed based in DMARC records
0xJin/awesome-bugbounty-builder - Awesome Bug bounty builder Project
nyxnor/onionjuggler - Manage your Onion Services via CLI or TUI on Unix-like operating system with a POSIX compliant shell.
MvsCode/frps-onekey - Frps 一键安装脚本&管理脚本 A tool to auto-compile & install frps on Linux
Security-Onion-Solutions/securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case mana
adilsoybali/Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
tangjie1/-Baseline-check - windows和linux基线检查，配套自动化检查脚本。纯手打。
graphql/graphql-spec - GraphQL is a query language and execution engine tied to any backend service.
juaromu/wazuh-log4j -
ssstonebraker/log4j-scan-turbo - Multithreaded log4j vulnerability scanner using only bash! Tests all JNDI protocols, HTTP GET/POST, and 84 headers.
redcode-labs/AirStrike - Automatically grab and crack WPA-2 handshakes with distributed client-server architecture
AlphabugX/csOnvps - CobaltStrike4.4 一键部署脚本随机生成密码、key、端口号、证书等，解决cs4.x无法运行在Linux上报错问题灰常银杏化设计
santosomar/log4j-ioc-detector - A Simple Log4j Indicator of Compromise Linux Detector
hackinghippo/log4shell_ioc_ips - log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
cisagov/log4j-affected-db - A community sourced list of log4j-affected software
zhangyoufu/log4j2-without-jndi - log4j2-core JAR w/o JndiLookup.class
sindresorhus/pure - Pretty, minimal and fast ZSH prompt
Jonnyan404/zerotier-planet - 一分钟自建zerotier-planet
bodsch/docker-jolokia - Docker Container with tomcat-9, jre and jolokia
WeiyiGeek/SecOpsDev - 项目介绍: 自己闲来无事所写以及工作中抽取的安全/运维/开发方面的代码小脚本，希望大家多多star支持。
DamonMohammadbagher/NativePayload_Image - Transferring Backdoor Payloads with BMP Image Pixels
evanRubinsteinIT/BugBounty-Oneliners - A compilation of quick bash scripts I wrote to make life easier while bug bounty hunting
mrtc0/kubectf - Kubernetes CTF
mack-a/v2ray-agent - （VLESS+TCP+TLS_Vision/VLESS+Reality/VLESS+Reality+gRPC/VLESS+gRPC+TLS/VLESS+WS+TLS/VMess+WS+TLS/Trojan+TCP+TLS/Trojan+gRPC+TLS/Hysteria）+伪装站点、八合一共存脚本，支持多内核安装
V1n1v131r4/webdiscover - The purpose of this script is to automate the web enumeration process and search for exploits
Dheerajmadhukar/4-ZERO-3 - 403/401 Bypass Methods + Bash Automation + Your Support ;)
720922/Uncomment - A Powerful tool to fetch all the comments from the supplied URL's
HightechSec/scarce-apache2 - A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public
TheLastVvV/CVE-2021-42013_Reverse-Shell - PoC CVE-2021-42013 reverse shell Apache 2.4.50 with CGI
WithSecureLabs/LinuxCatScale - Incident Response collection and processing scripts with automated reporting scripts
WSA-Community/WSAGAScript - Scripts to install Google Apps into a WSA image. Plus optional root
profuzzbench/profuzzbench - ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
darklotuskdb/SSTI-XSS-Finder - XSS Finder Via SSTI
souravbaghz/Carpunk - The CAN Injection Toolkit
DK9510/automate-with-actions -
dn0m1n8tor/project-morya - Project Morya is just a collection of bash scripts that runs iteratively to carry out various tools and recon process & store output in an organized way
itboxltda/pentestlab - Script to manage and create local pentesting training virtual lab
pdelteil/BugBountyHuntingScripts - I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.
honoki/bbrf-server - The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
YouGina/reconmaster - ReconMaster contest - scripts used and a write-up
KingOfBugbounty/DockerHunt -
WoeUSB/WoeUSB - A Microsoft Windows® USB installation media preparer for GNU+Linux
egrullon/Wounty - Wounty is a simple web enumeration script that makes use of other popular tools to automate the early stages of recognition in Bug Bounty processes. This tool is very important as part of the Bug Boun
machine1337/reverse-shells - This tool will help in generating reverse shells easily for all types of OS.
iamthefrogy/frogy - My subdomain enumeration script. It's unique in the way it is built upon.
RAJANAGORI/Nightingale - It's a Docker Environment for Pentesting which having all the required tool for VAPT.
Markdown-Bug-Bounty-Recon/Markdown-Bug-Bounty-Recon - A recon Framework for Bug Bounty Hunters that would convert the output of a script into Markdown syntax document, which would help them to make better notes, have everything in one document, or concen
R0X4R/scvault - Custom scripts for directory fuzzing, subdomain enumeration, and more.
A3h1nt/gimmeSH - For pentesters who don't wanna leave their terminals.
clu3bot/owt - Update Version 3.1 added free SMS messaging.
trimstray/massh-enum - OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
xiaoyunjie/Shell_Script - Linux系统的安全，通过脚本对Linux系统进行一键检测和一键加固
alex-matty/bash-scripts - Tools and scripts written in bash. Created to automate common tasks.
Dheerajmadhukar/karma_v2 - ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
shifa123/nuclei-templates-all - Bash Script to download all Nuclei Templates from different awesome sources
dung-bycn/bycn-mobsf-scan -
D1rk9ghT/Recon - Bug Bounty Recon Tools
slsa-framework/slsa - Supply-chain Levels for Software Artifacts
k8sli/kubeplay - Deploy kubernetes by kubespray in offline
B3nac/deeplink-fuzz.sh - A Bash wrapper for radamsa that can be used to fuzz exported activities and deep links.
shk0x/PRTG-Network-Monitor-RCE - Remote code execution prtg network monitor cve2018-9276
jay-johnson/owasp-jenkins - Want to test your applications using the latest OWASP security toolchains and the NIST National Vulnerability Database using Jenkins, Ansible and docker? :whale: :shield: :lock:
BiasedRiot/Glanadh - Service to automatically remove Metadata from your files.
alcideio/kaudit - Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
Mixeway/MixewayHub - Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run
thomasleplus/jwt-utils - A few utilities to work with JWTs.
iamthefrogy/nerdbug - Full Nuclei automation script with logic explanation.
wirefalls/geo-nft - Bash script to create nftables sets of country specific IP address ranges for use with firewall rulesets. The project provides a simple and flexible way to implement geolocation filtering with nftable
konstruktoid/hardening - Hardening Ubuntu. Systemd edition.
SDA-SE/cluster-image-scanner - Discover vulnerabilities and container image misconfiguration in production environments.
H21lab/tsharkVM - tshark + ELK analytics virtual machine
mviereck/x11docker - Run GUI applications and desktops in docker and podman containers. Focus on security.
threeworld/Security-baseline - 安全基线
oldboy21/LDAP-Password-Hunter - Password Hunter in Active Directory
supr4s/WebHackingTools - Automatically install some web hacking/bug bounty tools.
MacMiniVault/Mac-Scripts - Automation scripts focused around Mac OS X Server
wazuh/wazuh-docker - Wazuh - Docker containers
arismelachroinos/lscript - The LAZY script will make your life easier, and of course faster.
sushant-kamble/kalioncloud - This is a shell script to install kali on cloud VPS server with a GUI.
m3n0sd0n4ld/uDork - uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications,
justmeandopensource/vagrant - Vagrant and corresponding Vagrantfiles
takito1812/FireStorePwn - fsp - Firestore Database Vulnerability Scanner Using APKs
A3h1nt/Dnsrr - DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS.
owerdogan/whoami-project - Whoami provides enhanced privacy, anonymity for Debian and Arch based linux distributions
Cyber-Guy1/Subdomainer - Automated tool for domains & subdomains gathering
cloudsec/brootkit - Lightweight rootkit implemented by bash shell scripts v0.10
Dheerajmadhukar/karma_v1 - KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Ports.
enomothem/Whoamifuck - 用于Linux应急响应，排查异常用户登入情况和入侵信息排查。
mvallim/live-custom-ubuntu-from-scratch - This procedure shows how to create a bootable and installable Ubuntu Live (along with the automatic hardware detection and configuration) from scratch.
swapravo/polkadots - CVE-2021-3560 Local PrivEsc Exploit
R0X4R/Pinaak - A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
emadshanab/Gf-Patterns-Collection -
nankeen/pwndocker - Docker tools for CTF pwning 👩🏻‍💻👨🏻‍💻🚩
ManasHarsh/Cobra - All in one tool to make your hacking easier.
elliotkillick/qvm-create-windows-qube - Spin up new Windows qubes quickly, effortlessly and securely on Qubes OS
nikhil1232/Bucket-Flaws - Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
mrrobot1o1/asnips -
thetrebelcc/gobuster_looper - Bust URLs directory's from a text file.
mdrights/LiveSlak - 中文化的隐私加强 GNU/Linux 系统 - Forked from Alien Bob's powerful building script for Slackware Live.
pocdork/gitdomain - Discover endpoints using companies GitHub Repositories name
mcnamee/huntkit - Docker - Ubuntu with a bunch of PenTesting tools and wordlists
dreamer1eh/ultimate_bughunter_tools - Ultimate Package Of 50 Bug Bounty Hunting Tools
matrix-ops/kbi - Kubernetes Binarization Installer
Thrimbda/shell-set-up - my personal shell set up script-我的超好看的oh-my-zsh配置
sansatart/scrapts - Scrapts Scrapts Scrapts
shakalaca/MagiskOnEmulator - Install Magisk on Official Android Emulator
Dheerajmadhukar/Lilly - Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to val
NVISOsecurity/MagiskTrustUserCerts - A Magisk module that automatically adds user certificates to the system root CA store
Aju100/VulWebaju - VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
phith0n/projector-runner - Run Swing based GUI application within the Docker container through the Jetbrains Projector, and access it from browsers.
Dheerajmadhukar/back-me-up - This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
s0md3v/shades -
philips-labs/blackduck-scanner-action - BlackDuck GItHub Action
zephrax/linux-pam-backdoor - Linux PAM Backdoor
Kitsun3Sec/Pentest-Cheat-Sheets - A collection of snippets of codes and commands to make your life easier!
ArpitKubadia/JS-Secret-Finder -
21y4d/nmapAutomator - A script that you can run in the background!
openservicebrokerapi/servicebroker - Open Service Broker API Specification
loyess/Shell - Shadowsocks with plugins one-click installation. e.g. v2ray-plugin, kcptun, simple-obfs, goquiet, cloak, mos-tls-tunnel, rabbit-tcp, simple-tls, gost-plugin, xray-plugin, qtun, gun
dalbonip/theGreatRecon -
iamthefrogy/bucketbunny - AWS S3 open bucket poc automated script.
TheCrysp/Hackbuntu -
nitefood/asn - ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server
jotyGill/ezsh - quickly install zsh, oh-my-zsh with power-level-9k zsh-completions zsh-autosuggestions zsh-syntax-highlighting history-substring-search
XTeam-Wing/infrastructure - 基础设施脚本聚合
jorgebucaran/fisher - A plugin manager for Fish.
obheda12/MoneyScope - A Simple Tool to Pull Paid Bounty Scopes for Wide Recon Actvities
ffffffff0x/f8x - 红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
shubhampathak/autosetup - Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
thevillagehacker/Bug-Hunting-Arsenal - The Repository contains various payloads, tools, tips and tricks from various hackers around the world. Please take a quick look down here 👇👇
1N3/AttackSurfaceManagement - Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
febinrev/quester - QUESTER is a Web Pentesting & Bug Bounty Recon tool which queries URLs / Subdomains from the given list of URLs or subdomains.
effortlessdevsec/ApkRecon - Scanning APK file for URIs, endpoints & secrets.
jinwyp/one_click_script - install latest or LTS linux kernel and enable BBR or BBR plus
jiuqi9997/Xray-yes - Xray安装脚本 / Xray install script (VLESS TCP XTLS)
woniuzfb/iptv - Alist / FFmpeg / Nginx / Openresty / V2ray / Xray / Cloudflare / IBM Cloud Foundry / Armbian / Proxmox VE / ....... All In One Script
vsec7/Command-Collections - Simple command shell collections
taherio/redi - Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
vp777/surferFTP - SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing the FTP protocol/clients
kafroc/emergency-response-toolbox -
daffainfo/bash-bounty - Random Tools for Bug Bounty
anyuzu99/heroku-miniflux - one click to deploy miniflux on heroku.
cujanovic/Open-Redirect-Payloads - Open Redirect Payloads
2-alchemists/krossboard - 📊 Krossboard is a Multi-cluster, Cross-Cloud & Cross-Distribution Kubernetes Usage Accounting & Analytics. Actively tested against Amazon EKS, Microsoft AKS, Google GKE, Red Hat OpenShift, & vanilla d
gibrown/bash-my-day - Bash scripts for my day
cdpxe/nefias - Network Forensic & Anomaly Detection System; tailored for covert channel/network steganography detection
k1LoW/wazuh-agent-debug - Wazuh agent binary for "Agent event queue is flooded" debug
souravbaghz/RadareEye - Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.
burhanxd/SimpleRecon - Simple Recon is just a simple bash script to automate my recon process.
jseidl/Multi-TOR - Shellscript opens multiple TOR instances
ArchStrike/ArchStrike - An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
ev1lm0rty/Dump_Programs - Dump bug bounty scopes from bug crowd, hackerone etc.
e-m-b-a/emba - EMBA - The firmware security analyzer
P3TERX/Aria2-Pro-Core - Aria2 static binaries for GNU/Linux with some powerful feature patches. | 破解无限线程防掉线程优化静态编译二进制文件增强版
dwisiswant0/continuous-nuclei - Running nuclei Continuously
six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
vincentcox/bypass-firewalls-by-DNS-history - Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
stealthcopter/deepce - Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
MichaIng/DietPi - Lightweight justice for your single-board computer!
darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter - CISCO CVE-2020-3452 Scanner & Exploiter
sumerzhang/PhishingInstall - 发信平台自动化部署
3CORESec/PTRB - PTR Bouncer - Keeping legitimate Internet security scanners off of poor reputation IP lists
Dheerajmadhukar/subzzZ - SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
zeroc00I/AllVideoPocsFromHackerOne - This script grab public report from hacker one and make some folders with poc videos
thewqer/recontooler -
Fadavvi/Sub-Drill - A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
0xApt/awesome-bbht - A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
meltest/simple_shodan_recon -
juewuy/ShellClash - One-click deployment and management of Clash services using Shell scripts in Linux environment
giovanifss/Gitmails-sh - An information gathering tool to collect git emails in version control host services
Nyr/wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
cve-search/CVE-Search-Docker - Docker Image for CVE-Search
chromedp/docker-headless-shell - Minimal container for Chrome's headless shell, useful for automating / driving the web
InGeek-IoV-Security-Research-RedTeam/IoV-Security-Wiki - Research sharing on offense and defense of IoV.
starnightcyber/Miscellaneous - 百宝箱
maaaaz/thc-hydra-windows - The great THC-HYDRA tool compiled for Windows
iamj0ker/bypass-403 - A simple script just made for self use for bypassing 403
th3hack3rwiz/Lazy-FuzzZ - Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the false positives we obtain in those results. To solve this probl
tinyclub/open-c-book - 开源书籍:《C语言编程透视》，配套视频课程《360° 剖析 Linux ELF》已上线，视频讲解更为系统和深入，欢迎订阅：https://www.cctalk.com/m/group/88089283
elreydetoda/packer-kali_linux - This is a repository that will be used to help create a process of a new kali vagrant box for hashicorp each week.
theinfosecguy/QuickXSS - Automating XSS using Bash
samhaxr/recox - Master script for web reconnaissance
xiaoZ-hc/redtool - 日常积累的一些红队工具及自己写的脚本，更偏向于一些diy的好用的工具，并不是一些比较常用的msf/awvs/xray这种
0x25/useful - useful pentest note
1N3/MassBleed - MassBleed SSL Vulnerability Scanner
Raywando/4xxbypass - 4xxbypass
six2dez/OneListForAll - Rockyou for web fuzzing
Hagb/docker-easyconnect - 使深信服（Sangfor）开发的非自由的 VPN 软件 EasyConnect 运行在 docker 或 podman 中，并作为网关和/或提供 socks5、http 代理服务
venom26/recon - information gathering
pprietosanchez/CVE-2020-14750 - PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882
koutto/pi-pwnbox-rogueap - Homemade Pwnbox :rocket: / Rogue AP :satellite: based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap :bulb:
KathanP19/JSFScan.sh - Automation for javascript recon in bug bounty.
Ysurac/openmptcprouter-vps - OpenMPTCProuter VPS scripts
vp777/procrustes - A bash script that automates the exfiltration of data over dns in case we have blind command execution on a server with egress filtering
mvberg/ib-gateway-docker - Interactive Brokers Trading Gateway running in Docker
aforensics/HiddenVM - HiddenVM — Use any desktop OS without leaving a trace.
securfreakazoid/autoPhisher - Script to setup a phishing server on the cloud
iamj0ker/Find-domains - This repo contain scripts written for finding subdomains using various available tools
sickcodes/Docker-eyeOS - Run iPhone (xnu-arm64) in a Docker container! Supports KVM + iOS kernel debugging (GDB)! Run xnu-qemu-arm64 in Docker! Works on ANY device.
mansoorr123/wp-file-manager-CVE-2020-25213 - https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8
SixArm/gitconfig-settings - gitconfig setttings, files, aliases, colors, branches, etc.
wireghoul/htshells - Self contained htaccess shells and attacks
QAX-A-Team/WeblogicEnvironment - Weblogic环境搭建工具
IoT-PTv/List-of-Tools - List of the tools and usage
tothi/ad-honeypot-autodeploy - Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically.
sup3r-b0y/mobi -
cheshireca7/smbAutoRelay - SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments.
jaykali/maskphish - Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phishing.
R0X4R/Garud - An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
robotshell/magicRecon - MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in
osamahamad/CVE-2020-9484-Mass-Scan - CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
dylanbai8/kmspro - windows系统一句命令激活，office套件一句命令激活，一键搭建kms服务器，kms一键脚本，安卓Android搭建kms服务器
chroblert/SecurityBaselineCheck -
ashishb/android-malware - Collection of android malware samples
fundacaocerti/mobsf-action - GitHub Actions for MobSF
Iamstanlee/bee - Bee Recon Framework
tabbysable/POC-2020-8559 - Proof of Concept exploit for Kubernetes CVE-2020-8559
Johnler/Wi-Ploit - Wi-Fi Exploit Tool
m4xx101/subash -
redcode-labs/Citadel - Collection of pentesting scripts
chvancooten/BugBountyScanner - A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
m4xx101/cacert-installer -
MS-WEB-BN/h4rpy - Automated WPA/WPA2 PSK attack tool.
urakesh661/port-checker - Script for checking connection to ports using nc.
fieu/discord.sh - Write-only command-line Discord webhooks integration written in 100% Bash script
YashGoti/dac - Fetch ASN [Number] / CIDR [IP Range] from Domain, Fetch CIDR [IP Range] from ASN [Number] using https://ipinfo.io/ API
l4yton/RegHex - A collection of regexes for every possbile use
dwisiswant0/bounty-targets-alert - It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.
dwisiswant0/gf-secrets - Secret and/or credential patterns used for gf.
insightglacier/Dictionary-Of-Pentesting - Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
dirtyfilthy/siem-from-scratch - SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab
harsh-bothra/Bheem -
h0rv4th/c2matrix-analyzer - Basic c2-matrix analysis enviroment using Suricata + Wazuh + Elastic stack
NullArray/SBD - Static Binary Deployer. Download and deploy *Nix utilities on a compromised system.
TomAPU/poc_and_exp - 搜集的或者自己写的poc或者exp
urbanadventurer/Android-PIN-Bruteforce - Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
triat/terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
z0ph/aws-security-toolbox - AWS Security Tools (AST) in a simple Docker container. :package:
KathanP19/bash_script_templates - Some Templates for Bash Scripting
openbridge/ob_hacky_slack - Hacky Slack - a bash script that sends beautiful messages to Slack
wunderwuzzi23/BashSpray - Password Spray Testing Tool in Bash
PassZhang/ansible-install-k8s - 自动化部署kubernetes（支持版本1.18,1.17,1.16）
wangao1236/k8s_single_deploy - 单节点部署 k8s 集群的相关脚本和文件，Master 和 Node 位于同一机器
stoensin/K8s - k8s集群一键化，Kubernetesv1.13.2集群"真一键"离线安装,图形化菜单向导实测单机版支持腾讯云服务器
sandflysecurity/sandfly-setup - Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
devploit/put2win - Script to automate PUT HTTP method exploitation to get shell
MS-WEB-BN/t14m4t - Automated brute-forcing attack tool.
abdulr7mann/hackerEnv -
ASHWIN990/ADB-Toolkit - ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!
nagarajcruze/cruze-the-web - a simple script to do basic to advanced recon.... in simple words -> a script to automate all the lazy recon flow of the hunter with the tools great people have developed.
rotemreiss/subvenom - Enumerate subdomains using multiple tools for bigger scope enumeration.
V2RaySSR/Tools - 波仔常用的一些工具包
Anof-cyber/pentest-recon - Web application pentesting recon
r4d1k4l/jumpbox -
g0tmi1k/msfpc - MSFvenom Payload Creator (MSFPC)
robre/scripthunter - Tool to find JavaScript files on Websites
awslabs/git-secrets - Prevents you from committing secrets and credentials into git repositories
pry0cc/multiscan - A set of scripts compatible with axiom-spend and axiom-execb :) For parallel scanning!
thomfre/OSCP-Exam-Report-Template - OSCP Exam Report Template in Markdown
xElkomy/Workflow-Bug-Bounty - My Tools For Bug Bounty
rene-d/mini-kali - Docker image for hacking
stevemcilwain/quiver - Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
udit-thakkur/AdvancedKeyHacks - API Key/Token Exploitation Made easy.
pikpikcu/XRCross - XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
KathanP19/portscan.sh - All in one port scanning script.
IvanGlinkin/Fast-Google-Dorks-Scan - The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread f
trimstray/htrace.sh - My simple Swiss Army knife for http/https troubleshooting and profiling.
sickcodes/Docker-OSX - Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
tianyulab/Threat_Hunting_with_ELK - 天御攻防实验室 - 威胁猎杀实战系列
bing0o/bash_scripting - bash scripting thing!
0xdekster/deksterecon - Web Application recon automation
m9rco/Genymotion_ARM_Translation - 👾👾 Genymotion_ARM_Translation Please enjoy！
DominicBreuker/stego-toolkit - Collection of steganography tools - helps with CTF challenges
nahamsec/recon_profile -
tomdev/teh_s3_bucketeers -
foxlet/macOS-Simple-KVM - Tools to set up a quick macOS VM in QEMU, accelerated by KVM.
souravbaghz/Reconx - Automated Recon Framework
Shuffle/Shuffle - Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
pry0cc/axiom - The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
HightechSec/git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
activecm/BeaKer - Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
GainSec/TreeHouse-Wordlists - Wordlist for Hacking, Penetration Testing, Vulnerability Assessments and More
x1mdev/ReconPi - ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
cihanmehmet/sub.sh - Multiprocessing(Parallel)Subdomain Detect Script
bing0o/SubEnum - bash script for Subdomain Enumeration
neargle/cloud_native_security_test_case - 🌶 一些和容器化/容器编排/服务网格等技术相关的安全代码片段[自用备份]
KathanP19/gaussrf - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
ksharinarayanan/SSRFire - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
putsi/privatecollaborator - A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Mad-robot/Spartan - My Recon Automation
CompassSecurity/Hacking_Tools_Cheat_Sheet -
freeyoung/netfilter-persistent-plugin-ipset - A plugin of netfilter-persistent in debian/ubuntu to make ipset rules persistent, especially on reboot.
nullenc0de/vps_setup - Auto deployment of my VPS
aristocratos/bashtop - Linux/OSX/FreeBSD resource monitor
dark-warlord14/ffufplus - You can read the writeup on this script here
BountyStrike/Bountystrike-sh - Poor (rich?) man's bug bounty pipeline https://dubell.io
hackerspider1/EchoPwn - Recon Automation for hackers by hackers
drduh/YubiKey-Guide - Guide to using YubiKey for GPG and SSH
huan/docker-wechat - DoChat is a Dockerized WeChat (盒装微信) PC Windows Client for Linux
noobsec/hacktivity-notify - Get newest public disclosed HackerOne report notifications on your Desktop
TheKingOfDuck/ApkAnalyser - 一键提取安卓应用中可能存在的敏感信息。
al0ne/MacCheck - 一个Mac下信息搜集小脚本主要用于信息搜集/应急响应/检测挖矿进程/异常进程/异常启动项
linkease/synology-easyexplorer - EasyExplorer 跨设备、点对点文件传输同步工具 http://koolshare.cn/thread-129199-1-1.html
screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
RichardLitt/standard-readme - A standard style for README files
trick77/ipset-blacklist - A bash script to ban large numbers of IP addresses published in blacklists.
myspaghetti/macos-virtualbox - Push-button installer of macOS Catalina, Mojave, and High Sierra guests in Virtualbox for Windows, Linux, and macOS
stuxnet999/MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics
thomaspatzke/elk-detection-lab - An ELK environment containing interesting security datasets.
r00t-3xp10it/venom - venom - C2 shellcode generator/compiler/handler
Cyb0r9/SocialBox - SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi
sanjusss/aria2-ariang-docker - 打包了Aria2、AriaNg，支持密码验证，无需手动设置aria2 rpc
nahamsec/lazyrecon - This script is intended to automate your reconnaissance process in an organized fashion
nahamsec/bbht - A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
01rabbit/PAKURI - PAKURI has been merged with Python and launched as a new project, PAKURI-THON.
ashishb/osx-and-ios-security-awesome - OSX and iOS related security tools
ssaroussi/android-kernel-lab - Automated Android Kernel Playground
WazeHell/PE-Linux - Linux Privilege Escalation Tool By WazeHell
spujadas/elk-docker - Elasticsearch, Logstash, Kibana (ELK) Docker image
toniblyx/my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
fransr/bountyplz - Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
ernw/static-toolbox - A collection of statically compiled tools like Nmap and Socat.
hq450/fancyss - fancyss is a project providing tools to across the GFW on asuswrt/merlin based router.
zudochkin/awesome-newsletters - A list of amazing Newsletters
rtrouton/create_macos_vm_install_dmg -
4ch12dy/xadb - some useful adb commands for android reversing and debugging both 32 and 64 bit and support macOS and win10's MINGW64.
bcoles/local-exploits - Various local exploits
mdrights/CSObot - A IRC/Matrix bot helping Civil Society Organizations in China. #csobot:matrix.org
ztj1993/ShellManageSoftware - 软件长期未更新，寻找合作者维护本项目
EtherDream/anti-portscan - 使用 iptables 防止端口扫描
goodboy23/shell-script-collection - shell小框架，地址：http://www.linkops.cn/363.htm
agnoster/agnoster-zsh-theme - A ZSH theme designed to disclose information contextually, with a powerline aesthetic
yw9381/Burp_Suite_Doc_zh_cn - 这是基于Burp Suite官方文档翻译而来的中文版文档
0xspade/Automated-Scanner - Trying to make automated recon for bug bounties
bkuhlmann/mac_os-config - Shell scripts for customized macOS machine setup and configuration.
Kicksecure/genmkfile - Simplifies Debian Packaging and Maintenance
BreakerOfStems/DebianLiveBuilder - Bash script for the automation of building a Debian live iso
fsvh/plank-themes -
erikdubois/plankthemes - A repository of all planks I find
tliron/install-gnome-themes - Script to install the latest versions of some fine GNOME 3 themes
keeganjk/kali-anonymous - :bust_in_silhouette: The anonymous script from ParrotSec OS and BackBox Linux, perfected to run on Kali Linux Rolling. Run the script with sudo sh script.sh and then it will install and configure
alicfeng/Linux_env - This is about Unix/Linux Tool including shell 、python as well as tool，and so on
Distroshare/distroshare-ubuntu-imager - Creates an installable live CD from an installed Ubuntu or derivative distribution
stockmind/dell-xps-9560-ubuntu-respin - Collection of scripts and tweaks to adapt Ubuntu and Linux Mint ISO images to let them run smooth on Dell XPS 15 9560.
myxuchangbin/dnsmasq_sniproxy_install - One-click Install and Configure Dnsmasq and Sniproxy for CentOS/Debian/Ubuntu
ramitsurana/awesome-kubernetes - A curated list for awesome kubernetes sources :ship::tada:
lanser2077/msfautoinstall - copy metasploit auto install shell script.
dwmkerr/hacker-laws - 💻📖 Laws, Theories, Principles and Patterns that developers will find useful. #hackerlaws
Leviathan36/trigmap - A wrapper for Nmap to quickly run network scans
KALILINUXTRICKSYT/easysploit - EasySploit - Metasploit automation (EASIER and FASTER than EVER)
rwv/docker-zerotier-moon - 🐳 A docker image to create ZeroTier moon in one step.
apachecn/ai-roadmap - ApacheCN AI 路线图（知识树）
hanxi/dotfiles - bash + tmux + neovim
daliansky/Hackintosh - Hackintosh long-term maintenance model EFI and installation tutorial
EtherDream/jsproxy -
giovtorres/kvm-install-vm - Bash script to build local virtual machines using KVM/libvirt and cloud-init.
trawor/zerotier - Join zerotier network auto
pssss/Security-Baseline - Linux/Windows 安全加固脚本
dylanbai8/frpspro - Frps 一键安装脚本，Frpc Windows 便捷脚本！Frp 远程桌面！
si9ma/Archlinux-Installer - Arch Linux Installer,Install your Arch Linux more quickly
EnigmaCurry/arch-ppa - Create and maintain personal Arch linux package repositories
Baiyuetribe/meedu - 基于Laravel开发的在线点播系统。
lordbasex/PXE-Server-Centos-7 - PXE Server Centos 7
jpetazzo/pxe - Dockerfile to build a PXE server in a Docker container
random-robbie/kube-scan - Kubernetes Scanner
trimstray/nginx-admins-handbook - How to improve NGINX performance, security, and other important things.
nanmu42/k8s-by-kubeadm - :building_construction: 如何使用kubeadm在国内网络环境搭建单主k8s集群
Tinywan/dnmp - docker-compose部署LNMP环境 Nginx/Openresty、MySQL（5.7、8.0、8.1）、PHP7.4（8.0、5.6）、Redis5.0、PHPMyAdmin、Xdebug、RabbitMQ、Nacos
HyperionGray/tor2proxy -
teamatldocker/confluence - Dockerized Atlassian Confluence
PabloMansanet/c0toolkit - Miscellaneous pentesting scripts for OSCP
vishnudxb/automated-pentest - Minimal docker container of Parrot OS for running an automated scan & pentest report.
paulirish/github-email - Get a GitHub user's email. :sunglasses: Use this responsibly.
maldevel/PenTestKit - Tools, scripts and tips useful during Penetration Testing engagements.
RackunSec/Penetration-Testing-Grimoire - Custom Tools and Notes from my own Penetration Testing Experience
marcan/takeover.sh - Wipe and reinstall a running Linux system via SSH, without rebooting. You know you want to.
shr3ddersec/Shr3dKit - Red Team Tool Kit
Leviathan36/kaboom - A tool to automate penetration tests
ctf-wiki/ctf-tools - CTF 工具集合
Zo3i/OCS - 一键脚本(One-click script)
niezhiliang/java-env-install - Centos系统 Java环境自动安装脚本 jdk1.8、maven3.5.3、 Tomacat8.0、Docker、Nodejs Npm
kirillF/centos-tomcat - Docker CentOs 7 + Java 15 + Tomcat 9
cvezalis/oracledb-ansible - Ansible playbook to configure a CentOS/RHEL/Oracle Linux 7.1 server with Oracle 12c R1 Enterprise Edition Database
lis912/Evaluation_tools - 测评工具
al0ne/LinuxCheck - Linux应急处置/信息搜集/漏洞检测工具，支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查
elespec/rpi-backup - RaspberryPi Backup shell
lmc999/auto-add-routes - China Route for VPN
ILLKX/smokeping-onekey -
YahuiWong/docker-ss-tproxy - ss-redir 全局透明代理 (REDIRECT + TPROXY)
Aniverse/inexistence - I know nothing, you see nothing.
hanxi/aria2-bt-tracker - auto update aria2 bt-tracker
apachecn/awesome-indie-zh - 独立开发/自由职业/远程工作资源列表
jgamblin/MacOS-Security-Baseline - Baseline Security Configuration For MacOS
Corb3nik/PwnBox - A VM for RE and Pwn
Mr-xn/Kali-install-docker - Docker-ce Install script for Kali
SteveMcGrath/docker-nessus_scanner - Nessus Scanner Docker Image
ClassicOldSong/shadow - Run shadow clones of your system parallely with Docker
magicSwordsMan/Linux-baseline-scan - Linux baseline scan,make sure the host security
aqzt/kjyw - 快捷运维，代号kjyw，项目基于shell、python，运维脚本工具库，收集各类运维常用工具脚本，实现快速安装nginx、mysql、php、redis、nagios、运维经常使用的脚本等等...
swizzin/swizzin - A simple, modular seedbox solution
shell-script/mtprotoproxy-onekey - MTPROTOPROXY EASY TO USE.
ustclug/neatdns - anti-pollution DNS server
mricon/tor-relay-bootstrap-rpi - Script to bootstrap a Debian server to be a set-and-forget Tor relay
corbin-r/dots - My dotfiles (still a WIP)
manjaro/iso-profiles - This is a mirror repo of iso-profiles
FunctionClub/MTProxy-Bash - MTProxy 一键搭建管理脚本
jactor-sue/Deepin-Apps-Installation - 本仓库介绍如何在基于Ubuntu的系统上安装Deepin移植的软件。This repo shows how to install apps packaged by Deepin.
imccie/rpi_backup_script - 树莓派备份脚本，备份出来的img可以当做系统镜像分发
powerline/fonts - Patched fonts for Powerline users.
arch4edu/arch4edu - Arch Linux Repository for Education
xlui/scripts - Scripts do automation works.
c0ny1/vulstudy - 使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。
eoli3n/dotfiles - Sway acid dark
helmuthdu/aui - Archlinux Ultimate Install
233boy/v2ray - 最好用的 V2Ray 一键安装脚本 & 管理脚本
huyudong1991/setmac - dhcp网络通过随机mac刷新ip
trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
spaceship-prompt/spaceship-prompt - :rocket::star: Minimalistic, powerful and extremely customizable Zsh prompt
bitleaf/optimize-ubuntu - Optimize Ubuntu for usability, security, privacy and stability
uxbug/ant - Linux服务器信息收集脚本
firehol/blocklist-ipsets - ipsets dynamically updated with firehol's update-ipsets.sh script
Tsuk1ko/Block-IPs-from-countries - A linux bash script help you block or unblock IPs from countries
altiplanogao/raspberry-ss - Transparent proxy server (use shadowsocks & chinadns) on raspberry pi
danielfree/asus-v2ray-transparent-proxy - transparent proxy with v2ray, iptables, ipset 无线路由器 v2ray 透明代理
lanjelot/twisted-honeypots - SSH, FTP and Telnet honeypots based on Twisted
mdrights/aqi-share - A platform for sharing aqi data from the folks
233boy/filebrowser - Filebrowser 一键安装脚本
licess/lnmp - LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RHEL/Fedora/Aliyun/Amazon、Debian/Ubuntu/Raspbian/Deepin/Mint Linux VPS或独立主机安装LNMP(Nginx/MySQL/PHP)、LNMPA(Nginx/MySQL/PHP/Apache)、LAMP(Apache/MySQL/PHP)生产环境的Shell程序
nanqinlang-script/CloudFlare_DNS_Record - Script to modify DNS Record via CloudFlare
docker-library/official-images - Primary source of truth for the Docker "Official Images" program
rootsongjc/docker-handbook - Docker handbook - https://jimmysong.io/docker-handbook
GONZOsint/WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
opsnull/follow-me-install-kubernetes-cluster - 和我一步步部署 kubernetes 集群
bollwarm/SecToolSet - The security tool(project) Set from github。github安全项目工具集合
skywind3000/awesome-cheatsheets - 超级速查表 - 编程语言、框架和开发工具的速查表，单个文件包含一切你需要知道的东西 :zap:
nanqinlang-script/defender - simple scripts to provide defence
dakkidaze/one-key-kms - 在Linux上一键搭建KMS服务器
deviantony/docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
antitree/private-tor-network - Run an isolated instance of a tor network in Docker containers
joarleymoraes/net_guard - A command line tool to detect new unknown device in your network using ARP protocol
brimstone/windows-ova - Self-Installing Windows OVA. Automate and distribute Windows as an OVA.
linhua55/lkl_study - study the LKL(linux kernel library) https://github.com/lkl/linux
linux-china/jenv - Java enVironment Manager
rebootuser/LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
FunctionClub/ZBench - 又一个Linux VPS测评脚本
jialezi/GoogleVoice -
zfl9/ss-tproxy - 搭建 SS/SSR/V2Ray/Socks5 透明代理环境的简易脚本
EdOverflow/contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities.
jagerzhang/CCKiller - Linux轻量级CC攻击防御工具脚本
wulabing/Xray_onekey - Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本
sb2nov/mac-setup - Installing Development environment on macOS
feicong/ida_for_mac_green - IDA Pro for macOS绿化
recall704/Husky - k8s 离线部署脚本
budtmo/docker-android - Android in docker solution with noVNC supported and video recording
r1b/CVE-2017-13089 - PoC for wget v1.19.1
Jiu-Ling/Bash - Bash.
zardus/ctf-tools - Some setup scripts for security research tools.
jessfraz/k8s-snowflake - Configs and scripts for bootstrapping an opinionated Kubernetes cluster anywhere.
jgamblin/AWSScripts - Various AWS Automation Scripts
tklx/blockstack - Docker image for Blockstack
leonteale/pentestpackage - a package of Pentest scripts I have made or commonly use
anti-ddos/Anti-DDOS - 🔒 Anti DDOS | Bash Script Project 🔒
killswitch-GUI/CobaltStrike-ToolKit - Some useful scripts for CobaltStrike
pentestmonkey/unix-privesc-check - Automatically exported from code.google.com/p/unix-privesc-check
ANK1036Official/Git_Pentesting_Toolkit - Exploit pack for pentesters and ethical hackers.
q3aql/aria2-static-builds - MOVED: https://gitlab.com/q3aql/aria2-static-builds
SeedboxCreator/SeedboxCreationScript - Scripts and related items for creating a fully featured Seedbox on various Linux platforms.
kfei/docktorrent - :zap: Full-featured BitTorrent box runs in Docker
dannyti/sboxsetup -
etiennerached/rutorrent-auto-installer-centos - ruTorrent Auto Installer Script for CentOS and Debian
htpcBeginner/AtoMiC-ToolKit - AtoMiC Toolkit simplifies HTPC / Home Server setup and management on Ubuntu and Debian variants including Raspbian. It currently supports: Couchpotato, Deluged, Emby, FFmpeg, Headphones, Htpcmanager,
HenryHo2006/RpiProxy - Make a Raspberry PI as a proxy route, work with shadowsocks server, provide clean dns/proxy service
91yun/uml -
lowendbox/lowendscript - Bash scripts to set up/bootstrap low end virtual servers
duy13/VDVESTA - Welcome to VDVESTA, a shell script auto Custom & Install VESTACP for your CentOS Server Release 7 x86_64. Thanks you for using!
salakis/ssss - Stupid Simple Seedbox Script
xjyxh1/rtinstall -
Wonderfall/dockerfiles - Discontinued. Fork at your will.
strues/swerpbox - SwerpBox, a seedbox and Media Center combined with the power of 🐳 Docker.
Kelvin-Chen/seedbox - Docker containers for running a seedbox/media server
jxzy199306/ipv6_dhclient_online_net - seedbox一键脚本 Deluge+Flexget,rutorrent, rtorrent + ruTorrent,Transmission+Flexget,FTP,VPN,VNC,SSH Proxy,Rapidleec
dawidd6/seedbox - rTorrent + ruTorrent + Webserver + XMLRPC-C (un)installation script
DeadlockState/Seedbox-installer - Preparing and installing a fully seedbox server (Plex Media Server + Sonarr/Radarr or SickRage/CouchPotato + Transmission or rTorrent/ruTorrent + Jackett + Tautulli)
xataz/docker-rtorrent-rutorrent -
exrat/rutorrent-essential - Auto install script for rTorrent with ruTorrent
binhex/arch-rtorrentvpn - Docker build script for Arch Linux base with ruTorrent, rTorrent, autodl-irssi, Privoxy and OpenVPN
pyroscope/pimp-my-box - :seedling: Automated seedbox install of rTorrent-PS and PyroScope CLI etc. via Ansible.
xombiemp/ultimate-torrent-setup - All the files needed for the Ultimate Torrent Setup, featuring Ubuntu, rtorrent, ruTorrent, Sonarr, Radarr.
exrat/rutorrent-bonobox - Auto install script for rTorrent with ruTorrent
Kerwood/Rtorrent-Auto-Install - Auto install script for rtorrent with Rutorrent as GUI.
arakasi72/rtinst - seedbox installation script for Ubuntu and Debian systems
zfl9/gfwlist2privoxy - 将 gfwlist.txt（Adblock Plus 规则）转换为 privoxy.action
drizzt/vps2arch - The fastest way to convert a VPS to Arch Linux!
haugene/docker-transmission-openvpn - Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
gaoyifan/china-operator-ip - 中国运营商IPv4/IPv6地址库-每日更新
veerendra2/searx-with-dnscrypt - Searx metadata search engine meets dnscrypt in Docker
oooldking/script - Some Linux scripts
PapirusDevelopmentTeam/adapta-kde - Adapta KDE customization
centminmod/centminmod - CentOS Shell menu based Nginx LEMP web stack auto installer (GPLv3 licensed)
StamusNetworks/SELKS - A Suricata based IDS/IPS/NSM distro
aktos-io/dcs-tools - Tools for making remote Linux node management easy
Yaoshicn/make-ngrok - One bash to rule ngrok all. 一键编译 Ngrok 全平台客户端。
WangYihang/LinuxShellScript - LinuxShell编程笔记
maravento/blackip - IP Blocklist for Ipset / Squid-Cache
conanwhf/RaspberryPi-script - RaspberryPi 2-B script
ZZROTDesign/alpine-caddy - Alpine Linux Docker Container running Caddyserver
sayem314/Caddy-Web-Server-Installer - Script to manage Caddy web server
alexellis/docker-arm - Build Docker and Swarm on an ARM SoC like the Raspberry Pi
jae-jae/docker-pan - Docker:Filerun+AriaNg+Aria2,Personal cloud disk 搭建个人的可离线云盘
the0demiurge/CharlesScripts - My awesome scripts for Arch Linux or Ubuntu Gnome latest LTS or MacBook.
SecurityFTW/cs-suite - Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
benzBrake/whois.sh - A light weight whois tools written by shell.
StreisandEffect/streisand - Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these serv
ugukkylbklaom/Vultr-SS-Firewall - 一整套网络加速方案(SS)，速度，安全，便捷面面俱到，操作简单，适合非IT专业人士
geerlingguy/macos-virtualbox-vm - Instructions and script to help you create a VirtualBox VM running macOS.
peterpt/eternal_scanner - An internet scanner for exploit CVE-2017-0144 (Eternal Blue) & CVE-2017-0145 (Eternal Romance)
acmesh-official/acme.sh - A pure Unix shell script implementing ACME client protocol
shengxinjing/programmer-job-blacklist - :see_no_evil:程序员找工作黑名单，换工作和当技术合伙人需谨慎啊更新有赞
quericy/one-key-ikev2-vpn - A bash script base on Centos or Ubuntu help you to create IKEV2/L2TP vpn.
johnnyxmas/ScanCannon - Combines the speed of masscan with the reliability and detailed enumeration of nmap
captainswain/EasySeedbox - Easy Seedbox is an unobtrusive transmission seedbox installation script for Ubuntu and Debian systems
elijahpaul/install-transmission - Transmission Install Script (CentOS)
travislee8964/Ocserv-install-script-for-CentOS-RHEL-7 - Ocserv(AnyConnect Server) install script for CentOS/RHEL 7
judasn/Linux-Tutorial - 《Java 程序员眼中的 Linux》
kuoruan/shell-scripts - Linux Shell Scripts
arctg70/ssr-finalspeed-server-docker -
malaohu/ssr-with-net-speeder - Shadowsocksr with net speeder
letssudormrf/ssr-bbr-docker - Dockerfile for ssr+bbr_powered
FunctionClub/Fail2ban - 最简单的防止SSH暴力破解的脚本
FunctionClub/YankeeBBR - 来自Loc大佬Yankee魔改的BBR的Debian一键安装包
attactics/PowerShellEmpireDocker - PowerShell Empire docker build
hwdsl2/setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
hwdsl2/docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
ohmyzsh/ohmyzsh - 🙃 A delightful community-driven (with 2,100+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python,
angristan/openvpn-install - Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
helloxz/Resilio-Sync - Resilio Sync一键安装脚本
1N3/ReverseAPK - Quickly analyze and reverse engineer Android packages
PNPtutorials/PNP-PortableHackingMachine - This script will convert your Raspberry Pi 3 into a portable hacking machine.
abiosoft/caddy-docker - Docker container for Caddy
52fancy/GooGle-BBR - GooGle开源TCP加速算法
JulianOliver/dropkick.sh - Detect and disconnect hidden WiFi cameras in that AirBnB you're staying in
Freaky/borg-backup.sh - A simple shell script for driving BorgBackup
rugk/borg-cron-helper - Helper shell scripts for BorgBackup to automate backups and make your life easier… 😉
Oros42/CustomDebian - script to build your custom live Debian
Nyr/openvpn-install - OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
Tomas-M/linux-live - Linux Live Kit
mutse/remastersys - Remastersys Tool for Backup Your Ubuntu System
RackunSec/dciso - These are scripts I made to help with the design and customization of a Debian ISO (Primarily WeakerThan Linux)
hardenedlinux/STIG-4-Debian - Security Technical Implementation Guide for Debian
riobard/bash-powerline - Powerline-style Bash prompt in pure Bash script. See also https://github.com/riobard/zsh-powerline
duguying/parsing-techniques - 📕 parsing techniques 中文译本——《解析技术》
rccoder/Awesome-Shadowsocks-Qt5-Installation-on-Debian - Installation Script For shadowsocks-Qt5 on Debian
cmpitg/infinality-debian-package - Necessary files and scripts to build Infinality for Debian
DenizParlak/Zeus - AWS Auditing & Hardening Tool
YangMame/Arch-Linux-Installer - Arch-Linux-Install-Script/Arch Linux 安装脚本
woolabs/Woobuntu -
looly/elasticsearch-definitive-guide-cn - Elasticsearch权威指南中文版
nilotpalbiswas/Auto-Root-Exploit - Auto Root Exploit Tool
nccgroup/LazyDroid - bash script to facilitate some aspects of an Android application assessment
M4sc3r4n0/astroid - ASTROID v 1.2 bypass most A.V softwares
SpiderLabs/jboss-autopwn - A JBoss script for obtaining remote shell access
ashishb/android-security-awesome - A collection of android security related resources
91yun/vpn - vpn一键安装包
internetwache/GitTools - A repository with 3 tools for pwn'ing websites with .git repositories available
teddysun/across - Across the Great Wall we can reach every corner in the world
cytopia/awesome-ci - Awesome Continuous Integration - Lot's of tools for git, file and static source code analysis.
duoduo369/oh-my-shadowsocks - shadowsocks config on server, supervisor support
superteece/OSINT_Script -
444xxk/dumbpentester - Fire and forget pentest script automating the finding of all vulns which can be found automaticaly
The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL - Meterpreter Paranoid Mode - SSL/TLS connections
philhagen/sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572
google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
rootsongjc/kubernetes-handbook - Kubernetes中文指南/云原生应用架构实战手册 - https://jimmysong.io/kubernetes-handbook
MichielDerhaeg/build-linux - A short tutorial about building Linux based operating systems.
1N3/Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
menzow/sn1per-docker - Dockerized version of Sn1per (https://github.com/1N3/Sn1per)
r00t-3xp10it/FakeImageExploiter - Use a Fake image.jpg to exploit targets (hide known file extensions)
spwhitton/git-remote-gcrypt - PGP-encrypted git remotes
iam4x/zsh-iterm-touchbar - Display feedback of terminal in the 🍏 Touchbar
bitvijays/Pentest-Scripts - Github for the scripts utilised during Penetration test
zjhou/E2P - Email 2 Post: 监测并解析博客管理员邮件，自动部署博文，更新博客。（针对hexo博客系统）
source-foundry/Hack - A typeface designed for source code
sameersbn/docker-gitlab - Dockerized GitLab
bitquark/dnspop - Analysis of DNS records to find popular trends
cryptolok/GhostInTheNet - Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan
butteff/Ubuntu-Telemetry-Free-Privacy-Secure - This Bash script just removes a pre-installed Telemetry, a pre-installed software and libs with some potentional or high risk. Script removes them to make your experience better and more secure. Also,
DieterReuter/arm-docker-fixes - Scripts and hotfixes to fix some issues with Docker on ARM devices
MISP/misp-book - User guide of MISP
thibmaek/awesome-raspberry-pi - 📝 A curated list of awesome Raspberry Pi tools, projects, images and resources
1N3/Sn1per - Attack Surface Management Platform | Sn1perSecurity LLC
WMAL/kodachi - Linux Kodachi operating system is based on Xubuntu 18.04 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about
sjqlwy/ccrm - 新手检测树莓派国内源脚本
foospidy/payloads - Git All the Payloads! A collection of web attack payloads.
breezecloud/myPiLFS - linux from scratch (lfs) on raspberry pi
adon90/ip2hosts - Dirty bash script to obtain hosts given an IP address
superkojiman/snuff - Automate ARP poisoning, ssltrip, and ettercap.
eniac/crypscan - A suite of tools for cryptographic analysis developed with system administrators in mind.
drwetter/testssl.sh - Testing TLS/SSL encryption anywhere on any port
b1ack0wl/OnLive - Onlive Firmware Dumps
wireghoul/graudit - grep rough audit - source code auditing tool
hrishioa/nomohead - Simple Bash script that announces IP Address and ngrok tunnel of Raspberry Pi at boot
Hanson/ngrok-script - A script to run local ngrok client for linux and windows
alicfeng/AShell - 开发者常用脚本shell
tj/n - Node version management
Bash-it/bash-it - A community Bash framework.
akalongman/ubuntu-configuration - Configuration of Debian based OS, such as: Ubuntu, Mint, and Elementary OS
JREAM/config-ubuntu - Quickly Setup Ubuntu Desktop or Server with all-in-one Bash Scripts.
Medicean/VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
ppabc/cc_iptables - 收集处理DDOS、CC攻击各类脚本，包括NGINX日志中的CC攻击IP处理。
codingplanets/EasyKit - Rootkit developed via Shell

Smali

ScRiPt1337/Teardroid-phprat - :india: :robot: It's easy to use android botnet work without port forwarding, vps and android studio
aszx826477/AnnhubBS - 卓护（Annhub）加固平台是一个针对安卓平台应用进行扫描评估和安全加固的平台。
XploitWizer-Community/XploitSPY - XploitSPY is an Android Monitoring Tool
langgithub/RXjadx - Fart脱壳后指令抽取修复 jadx对抗对抗jadx Fart脱壳 Android脱壳 dexDump dex主动抽取
plum-umd/redexer - The Redexer binary instrumentation framework for Dalvik bytecode
aress31/sci - Framework designed to automate the process of assembly code injection (trojanising) within Android applications.
yifengyou/Android-software-security-and-reverse-analysis - Android软件安全与逆向分析
xxxyanchenxxx/SigKill - 一键绕过App签名验证
AhMyth/AhMyth-Android-RAT - Android Remote Administration Tool

Smarty

chvancooten/follina.py - POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes
drago-96/CVE-2022-0778 - Proof of concept for CVE-2022-0778, which triggers an infinite loop in parsing X.509 certificates due to a bug in BN_mod_sqrt
sairson/MateuszEx - bypass AV生成工具,目前免杀效果不是很好了，但是过个360，火绒啥的没问题
threatexpress/threatbox - ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to
rubyhan1314/Golang-100-Days - Golang - 100天从新手到大师
NodyHub/k8s-ctf-rocks - Kubernetes Easter CTF
w-digital-scanner/w13scan - Passive Security Scanner (被动式安全扫描器)

Solidity

Project-DARC/DARC - Decentralized Autonomous Regulated Company (DARC), a company virtual machine that runs on any EVM-compatible blockchain, with on-chain law system, multi-level tokens and dividends mechanism.
SunWeb3Sec/DeFiVulnLabs - To learn common smart contract vulnerabilities using Foundry!
AmazingAng/WTF-Solidity - 我最近在重新学solidity，巩固一下细节，也写一个“WTF Solidity极简入门”，供小白们使用，每周更新1-3讲。官网: https://wtf.academy
d-xo/weird-erc20 - weird erc20 tokens
xf97/JiuZhou - JiuZhou is a data set of Ethereum bug smart contracts (ICSME 2020).
Dapp-Learning-DAO/Dapp-Learning - Dapp learning project for developers at all stages. Becoming and cultivating sovereign individuals. Nonprofit organization.
xxxeyJ/Awesome-Blockchain-Security - A collection of awesome resources, tools, and other shiny things for blockchain security researcher.
Tuditi/dPACE - dPACE, a decentralized Privacy-preserving, yet Accountable Car-sharing Environment

SourcePawn

fnmsd/awvs_script_decode - 解密好的AWVS10.5 data/script/目录下的脚本

Svelte

filedescriptor/untrusted-types -

Swift

prateek147/DVIA-v2 - Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetrat
CodeEditApp/CodeEdit - CodeEdit App for macOS – Elevate your code editing experience. Open source, free forever.
Finb/Bark - Bark is an iOS App which allows you to push custom notifications to your iPhone
ObuchiYuki/DevToysMac - DevToys For mac
Lakr233/mobilePillowTalkLite - An iOS & SwiftUI server monitor tool for linux based machines using remote proc file system with script execution.
DeVaukz/MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
cedowens/Swift-Attack - Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.
goranmoomin/HackerNews - macOS HackerNews client that aims to be a Mac-assed Mac app. Written in Swift + AppKit.
zenangst/Gray - :first_quarter_moon: Tailor your macOS Mojave experience
T-Pham/CoinPriceBar - 💰 Cryptocurrency prices on MacBook Touch Bar
ricoberger/Alertmanager - Alertmanager for macOS.
googleprojectzero/fuzzilli - A JavaScript Engine Fuzzer
neil-wu/SwiftDump - SwiftDump is a command-line tool for retriving the Swift Object info from Mach-O file.
securing/IOSSecuritySuite - iOS platform security & anti-tampering Swift library
frida/frida-swift - Frida Swift bindings
MonitorControl/MonitorControl - 🖥 Control your display's brightness & volume on your Mac as if it was a native Apple Display. Use Apple Keyboard keys or custom shortcuts. Shows the native macOS OSDs.
cedowens/SwiftBelt - A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
L-Zephyr/Drafter - 在iOS项目中自动生成类图和方法调用图 - Generate call graph in iOS project
shadowsocks/ShadowsocksX-NG - Next Generation of ShadowsocksX
paradiseduo/ShadowsocksX-NG-R8 - ShadowsocksX-NG-R for MacOS, ShadowsocksR
utmapp/UTM - Virtual machines for iOS and macOS
netyouli/WHC_ConfuseSoftware - iOS代码混淆工具，Uniapp代码混淆工具，iOS代码混淆助手，Android代码混淆助手，Uniapp代码混淆助手，过机器审核，过4.3审核，过other审核，android、ios、uniapp、u3d、cocos2dx、flutter、代码翻新(WHC_ConfuseSoftware)是一款运行在MAC OS平台的App、完美支持Objc和Swift、U3D、Flutter、Cocos2d
Ranchero-Software/NetNewsWire - RSS reader for macOS and iOS.
mas-cli/mas - :package: Mac App Store command line interface
EyreFree/EFResume - Emmmmmn, a normal resume templete in Swift.
Urinx/iOSAppHook - 专注于非越狱环境下iOS应用逆向研究，从dylib注入，应用重签名到App Hook
songkuixi/ARGitHubCommits - Show your GitHub commit records in 3D with ARKit and SceneKit. 用 ARKit 展示你的 GitHub 提交图
codesourse/iInjection -
zhuhaow/NEKit - A toolkit for Network Extension Framework
darkerk/v2ex - The unofficial V2EX app for iOS

TSQL

cisagov/cset - Cybersecurity Evaluation Tool
wrlu/SecIoT-Web - IoT漏洞检测平台，支持固件第三方库版本分析。移动安全相关功能移至SecMobile。
404notf0und/Security-Data-Analysis-and-Visualization - 2018-2020青年安全圈-活跃技术博主/博客
sjr7/shoppingMall - 使用主流框架组合SSM开发，并引入新技术，全面丰富的一个商城项目
wenguonideshou/zhuye_kim - Django框架开发的仿zhuye.kim的简单个人主页/导航程序，带后台

Tcl

tdiesler/nessus-cardano - A Cardano playground that explores various build/runtime aspects of the project. Something like an incubation space, before we are propose changes upstream. The initial focus is on "container first" f
mohemiv/TCLtools - Сollection of TCL scripts for Cisco IOS penetration testing

TeX

qyxf/qyxf-book - 钱院学辅 LaTeX 书籍模板
soulmachine/machine-learning-cheat-sheet - Classical equations and diagrams in machine learning
xcfcode/Summarization-Papers - Summarization Papers
secdr/latex-template - collections of latex template source
Wandmalfarbe/pandoc-latex-template - A pandoc LaTeX template to convert markdown files to PDF or LaTeX.
FengMengZhao/LaTeX_generate_Chinese_resume - 用LaTeX制作优雅的中文个人简历，适合IT从业者。FontAwesome字体+Adobe字体+有照片和无照片版本，总有一款适合你。
shendengnian/latex - 这是一个latex的个人简历排版与前端各类学习站点仓库
huwan/WanHuCV - LaTeX Template for Curriculum Vitæ 个人中英文简历 LaTeX 模板
geekplux/cv_resume - A latex cv/resume template.
zhanggyb/nndl - Another Chinese Translation of Neural Networks and Deep Learning
exacity/deeplearningbook-chinese - Deep Learning Book Chinese Translation
edelahozuah/awesome-tls-security - A collection of (not-so, yet) awesome resources related to TLS, PKI and related stuff
xiaoleeza/Ankihelp - LaTeX 排版的中文 Anki 手册
chenshuo/typeset -

TypeScript

Yidadaa/ChatGPT-Next-Web - One-Click to deploy well-designed ChatGPT web UI on Vercel. 一键拥有你自己的 ChatGPT 网页服务。
weekend-project-space/chatgpt-sites - 搜集国内可用的 ChatGPT 在线体验免费网站列表。定时任务每日更新，点击下面链接探索更多ai使用技巧和有趣应用
inkeio/dbm - Full platform database management tool, supports ClickHouse, Presto, Trino, MySQL, PostgreSQL, Apache Druid, ElasticSearch...
r3x5ur/unveilr - 小程序反编译工具
lxfater/Portal -
chathub-dev/chathub - All-in-one chatbot client
yetone/openai-translator - 基于 ChatGPT API 的划词翻译浏览器插件和跨平台桌面端应用 - Browser extension and cross-platform desktop application for translation based on ChatGPT API.
Bin-Huang/chatbox - the Ultimate Copilot on Your Desktop. Chatbox is a desktop app for GPT-4 / GPT-3.5 (OpenAI API) that supports Windows, Mac & Linux.
mucen-l/camille-js - 基于 Frida 的 App 隐私合规检测辅助工具
rockbenben/ChatGPT-Shortcut - Maximize your efficiency and productivity. 让生产力加倍的 ChatGPT 快捷指令，按照领域和功能分区，可对提示词进行标签筛选、关键词搜索和一键复制。
easydu2002/chat_gpt_oicq - ChatGPT qq机器人谁不想拥有一只可爱的猫娘呢~
immersive-translate/immersive-translate - Immersive Dual Web Page Translation Extension - 沉浸式双语网页翻译扩展
debanjandhar12/logseq-anki-sync - An logseq to anki syncing plugin with superpowers - image occlusion, card direction, incremental cards, and a lot more.
book-searcher-org/book-searcher - Easy and fast book searcher, create and search your private library. Index metadata for over 10 million books in one minute as well as search in 30µs.
cumany/obsidian-editing-toolbar - An obsidian toolbar plugin, modified from the Cmenu plugin
EasyChris/obsidian-to-notion - Share obsidian markdown file to notion and generate notion share link 同步obsdian文件到notion，并生成notion分享链接，可以方便的分享obsidian的文件。
yume-chan/ya-webadb - ADB in your browser
yqcs/heartsk_community - Hearts K-企业资产发现与脆弱性检查工具，自动化资产信息收集与漏洞扫描
lzghzr/TampermonkeyJS - 一些自用的TM脚本
highlightjs/vue-plugin - Highlight.js Vue Plugin
turkyden/watermark-pro - 💦 保护你的敏感信息，一款所见即所得的证件加水印工具
lunasec-io/lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTra
frangoteam/FUXA - Web-based Process Visualization (SCADA/HMI/Dashboard) software
alibaba/x-render - 🚴‍♀️ 阿里 - 很易用的中后台「表单 / 表格 / 图表」解决方案
cool-team-official/cool-admin-midway - 🔥 cool-admin(midway版)一个很酷的后台权限管理框架，模块化、插件化、CRUD极速开发，永久开源免费，基于midway.js 3.x、typescript、typeorm、mysql、jwt、vue3、vite、element-ui等构建
lusess123/web-pdm - An ER graph tool made with G6, the ultimate goal is to make an online PowerDesigner
yaklang/yakit - Cyber Security ALL-IN-ONE Platform
FrenchYeti/interruptor - Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
deathmemory/fridaRegstNtv - 利用 frida 获取 Jni RegisterNatives 动态注册的函数
kubeshop/monokle - 🧐 Monokle lets you create, analyze, and deploy YAML manifests with a visual UI, and provides policy validation and cluster management.
AeonLucid/frida-syscall-interceptor -
baidu/amis - 前端低代码框架，通过 JSON 配置就能生成各种页面。
github/codeql-action - Actions for running CodeQL analysis
projectdiscovery/interactsh-web - Web dashboard for Interactsh client
opensec-cn/crx-scouter - 🔎 Chrome 扩展指纹探测。
microsoft/clarity - A behavioral analytics library that uses dom mutations and user interactions to generate aggregated insights.
cybersecsi/dockerized-android - A container-based framework to enable the integration of mobile components in security training platforms
SeeFlowerX/frida-protobuf -
honzaap/Systemizer - A system design tool that allows you to simulate data flow of distributed systems.
Milkdown/milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.
sourcefuse/loopback4-ratelimiter - A rate limiting extension for loopback4 applications
alipay/AOP-Based-Runtime-Security-Analysis-Toolkit -
bloomrpc/bloomrpc - Former GUI client for gRPC services. No longer maintained.
rxliuli/joplin-utils - Joplin-based peripheral community tool
vfsfitvnm/frida-il2cpp-bridge - A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
mcuking/mobile-web-best-practice - :tiger: 移动 web 最佳实践
ChiChou/vscode-frida - Unofficial frida extension for VSCode
ninoseki/mitaka - A browser extension for OSINT search
hua1995116/react-resume-site - 木及简历，一款markdown的在线简历工具。 https://www.mujicv.com
xjh22222228/nav - 🔍 发现导航 , 打造最强静态导航网站(支持SEO) | Discovery Navigation: A purely static, powerful navigation website that supports SEO and online editing
MariusVinaschi/Auto-Scan - Automate Auxiliary Module in Metasploit
CaoMeiYouRen/push-all-in-one - Push All In One！支持 Server酱、自定义邮件、钉钉机器人、企业微信机器人、企业微信应用、pushplus、iGot 、Qmsg、息知、PushDeer 等多种推送方式
n8n-io/n8n - Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services.
hediet/vscode-debug-visualizer - An extension for VS Code that visualizes data during debugging.
deathmemory/FridaContainer - FridaContainer 整合了网上流行的和自己编写的常用的 frida 脚本，为逆向工作提效之用。 frida 脚本模块化，Java & Jni Trace。
pizzafinancebsc/frontend-ui - UI interface for Pizza Finance
conwnet/github1s - One second to read GitHub code with VS Code.
puppeteer/puppeteer - Headless Chrome Node.js API
peter-murray/github-security-report-action -
Higurashi-kagome/wereader - 一个浏览器扩展：主要用于微信读书做笔记，对常使用 Markdown 做笔记的读者比较有帮助。
juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
LeekHub/leek-fund - :chart_with_upwards_trend: 韭菜盒子——VSCode 里也可以看股票 & 基金实时数据，做最好用的投资插件 🐥
APKLab/APKLab - Android Reverse-Engineering Workbench for VS Code
TFNS/CTFNote - CTFNote is a collaborative tool aiming to help CTF teams to organise their work.
ondras/my-mind - Online Mindmapping Software
awehook/blink-mind - Fully customizable mindmap framework for react.js. 支持插件的，可被完全定制的思维导图库，基于react.js和immutable.js。
foambubble/foam - A personal knowledge management and sharing system for VSCode
luisfontes19/CSRFER - Tool to generate csrf payloads based on vulnerable requests
siyuan-note/siyuan - Build Your Eternal Digital Garden
javascript-obfuscator/javascript-obfuscator - A powerful obfuscator for JavaScript and Node.js
Lakr233/iOSreExtension - A fast and elegant extension for VSCode used for iOSre projects.
iorate/ublacklist - Blocks specific sites from appearing in Google search results
SteveSandersonMS/WebWindow - .NET Core library to open native OS windows containing web UI on Windows, Mac, and Linux. Experimental.
softrams/bulwark - An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
luisfontes19/xxexploiter - Tool to help exploit XXE vulnerabilities
haishanh/yacd - Yet Another Clash Dashboard
x-extends/vxe-table - vxe-table vue 表格解决方案
momosecurity/mosec-node-plugin - 用于检测 node 项目的第三方依赖组件是否存在安全漏洞。
phodal/ledge - Ledge —— DevOps knowledge learning platform. DevOps、研发效能知识和工具平台，是我们基于在 ThoughtWorks 进行的一系列 DevOps 实践、敏捷实践、软件开发与测试、精益实践提炼出来的知识体系。它包含了各种最佳实践、操作手册、原则与模式、度量、工具，用于帮助您的企业在数字化时代更好地前进，还有 DevOps 转型。
PostHog/posthog - 🦔 PostHog provides open-source product analytics, session recording, feature flagging and a/b testing that you can self-host.
LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
edp963/davinci - Davinci is a DVsaaS (Data Visualization as a Service) Platform
yang991178/fluent-reader - Modern desktop RSS reader built with Electron, React, and Fluent UI
lensapp/lens - Lens - The way the world runs Kubernetes
ritz078/moose - 🦌 An application to stream, cast and download torrents.
kac89/vulnrepo - VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Tri
mitre-attack/attack-navigator - Web app that provides basic navigation and annotation of ATT&CK matrices
Azure/container-scan - A GitHub action to help you scan your docker image for vulnerabilities
Place1/wg-access-server - An all-in-one WireGuard VPN solution with a web ui for connecting devices
antonycourtney/tad - A desktop application for viewing and analyzing tabular data
codebdy/rxdrag - Design anything based on HTML, 可视化编辑，设计一切基于HTML的东西，模块化设计
voidcosmos/npkill - List any node_modules 📦 dir in your system and how heavy they are. You can then select which ones you want to erase to free up space 🧹
roshanca/autochangelog - A very lightweight command line tool for generating a changelog from git tags and commit history
OWASP/RiskAssessmentFramework - The Secure Coding Framework
zenghongtu/PPet - 👻在你的桌面放一个萌妹子，多一点乐趣😏~（支持Mac、Win和Linux）
antvis/gatsby-theme-antv - ⚛️ Polished Gatsby theme for documentation site
getgridea/gridea - ✍️ A static blog writing client (一个静态博客写作客户端)
nowsecure/r2frida - Radare2 and Frida better together.
shroudedcode/apk-mitm - 🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
hoppscotch/hoppscotch - 👽 Open source API development ecosystem - https://hoppscotch.io
crawlab-team/artipub - Article publishing platform that automatically distributes your articles to various media channels
lit/lit - Lit is a simple library for building fast, lightweight web components.
Eugeny/tabby - A terminal for a more modern age
MCSManager/MCSManager - Distributed, Docker-supported, Multilingual, and Lightweight control panel for Minecraft server and more.
0123cf/layout-ui - 可视化布局纯css布局 Layout-UI
storybookjs/storybook - Storybook is a frontend workshop for building UI components and pages in isolation. Made for UI development, testing, and documentation.
zenghongtu/Mob - Mob - 一个有颜值的喜马拉雅桌面客户端，支持 Mac、Win 和 Linux
fangpenlin/avataaars-generator - Simple generator React app for avataaars
3c7/aptmap - A map displaying threat actors from the misp-galaxy
PeterDing/chord - Chord - A Modern Music Player
OI-wiki/OI-wiki - :star2: Wiki of OI / ICPC for everyone. （某大型游戏线上攻略，内含炫酷算术魔法）
SukkaW/DisqusJS - :speech_balloon: Render Disqus comments in Mainland China using Disqus API
magicdawn/yun-playlist-downloader - 网易云音乐 - 歌单/专辑/电台 - 下载器
CopyTranslator/CopyTranslator - Foreign language reading and translation assistant based on copy and translate.
NaoTu/DesktopNaotu - 桌面版脑图 (百度脑图离线版，思维导图) 跨平台支持 Windows/Linux/Mac OS. (A cross-platform multilingual Mind Map Tool)
Molunerfinn/PicGo - :rocket:A simple & beautiful tool for pictures uploading built by vue-cli-electron-builder
meowtec/Imagine - 🖼️ PNG/JPEG optimization app for macOS, Windows and Linux.
Srar/node-tap - 基于TypeScript实现的开源SSTap
Jigsaw-Code/outline-client - Outline clients, developed by Jigsaw. The Outline clients use the popular Shadowsocks protocol, and lean on the Cordova and Electron frameworks to support Windows, Android / ChromeOS, Linux, iOS and m
Jigsaw-Code/outline-server - Outline Manager, developed by Jigsaw. The Outline Manager application creates and manages Outline servers, powered by Shadowsocks. It uses the Electron framework to offer support for Windows, macOS an
Srar/MemcacheDos - Memcache 反射DDOS攻击脚本经供学习参考使用
kmvan/x-prober - 🐘 A probe program for PHP environment (一款精美的 PHP 探針, 又名X探針、劉海探針)
HandsomeOne/Scout - 可能是东半球最灵活的 URL 监控系统
fingerprintjs/fingerprintjs - Browser fingerprinting library. Compared to Fingerprint Pro has limited accuracy (40 - 60%), but is fully open source.
xfoxfu/clover - Shadowsocks and v2ray User Interface
geekape/geek-navigation - ❤️ 极客猿导航－独立开发者的导航站！
oldj/SwitchHosts - Switch hosts quickly!
eyebluecn/tank-front - 蓝眼系列软件之《蓝眼云盘》前端项目
egoist/docup - The easiest way to write beautiful docs.
solobat/Steward - A command launcher for Chrome
CoNETProject/QTGate-Desktop-Client - A revolutionary internet infrastructure enabling a truly free Network, that offers Stability, Trust, Privacy, and Security
tympanix/Electorrent - A remote control client for µTorrent, qBittorrent, rTorrent, Transmission, Synology & Deluge
onivim/oni - Oni: Modern Modal Editing - powered by Neovim
star-history/star-history - The missing star history graph of GitHub repos - https://star-history.com
UWNetworksLab/uProxy-p2p - Internet without borders
WebThingsIO/gateway - WebThings Gateway
yangshun/tech-interview-handbook - 💯 Curated coding interview preparation materials for busy software engineers
learn-anything/learn-anything - Organize world's knowledge, explore connections and curate learning paths
trufflesuite/truffle - A tool for developing smart contracts. Crafted with the finest cacaos.
pd4d10/octohint - The missing IntelliSense hint for GitHub and GitLab
google/tamperchrome - Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).

VBA

S3cur3Th1sSh1t/Excel-Phish - Phish password protected Excel-Files
S3cur3Th1sSh1t/OffensiveVBA - This repo covers some code execution and AV Evasion methods for Macros in Office documents
itm4n/VBA-RunPE - A VBA implementation of the RunPE technique or how to bypass application whitelisting.
JohnWoodman/VBA-Macro-Projects - This repository is a collection of my malicious VBA projects.
rmdavy/HeapsOfFun - AMSI Bypass Via the Heap
christophetd/spoofing-office-macro - :fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

VBScript

z1un/Z1-AggressorScripts - 适用于Cobalt Strike的插件
superbeyone/JetBrainsActiveCode - Jetbrains Active
rootclay/WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool
sailay1996/awesome_windows_logical_bugs - collect for learning cases
pyenv-win/pyenv-win - pyenv for Windows. pyenv is a simple python version management tool. It lets you easily switch between multiple versions of Python. It's simple, unobtrusive, and follows the UNIX tradition of single-p
xcanwin/XBurpCrack - 绕过burp破解版的截止日期限制. This is a tool to bypass the cracked version of the burpsuite_pro(Larry_Lau) certification deadline through time reversal.

VCL

detectify/Varnish-H2-Request-Smuggling -

Vim Script

vim-scripts/OIL.vim - A syntax file for the OSEK Implementation Language (OIL).
skywind3000/vim-terminal-help - Small changes make vim/nvim's internal terminal great again !!
sainnhe/everforest - 🌲 Comfortable & Pleasant Color Scheme for Vim
bilibili/vim-vide - Lightest vimrc, while strong enough. 最轻的vim配置，却足够强！
imxiejie/ThinkVim - Vim configuration in the 21st century
jaywcjlove/vim-web - ◈ 搞得像IDE一样的Vim，安装配置自己的Vim。
vhdsih/manjaro-linux-config - configuration for manjaro linux
Karmenzind/dotfiles-and-scripts - :fishing_pole_and_fish: Dotfiles and scripts providing cumbersome configure details and other senseless stuff. 一些无聊的脚本和配置文件
tracyone/neomake-multiprocess - A vim plugin for running multiple process asynchronously base on neomake.
ashfinal/vimrc-config - re-vim: sensible vim configuration
wsdjeg/vim-galore-zh_cn - Vim 从入门到精通
altercation/vim-colors-solarized - precision colorscheme for the vim text editor
int32bit/dotfiles - A set of vim, zsh, git, and tmux configuration files.
wklken/k-vim - vim配置
superkojiman/pwnbox - Docker container with tools for binary reverse engineering and exploitation.

Visual Basic

susam/aes.vbs - AES-256-CBC Encrypt and Decrypt Functions in VBScript
mdsecactivebreach/SharpShooter - Payload Generation Framework
qwerty472123/pakUnpacker - Chrome pak(Chromium Grit 生成文件)解包打包工具，用以修改 Chromium 发行版翻译及资源内容。
bitsadmin/revbshell - ReVBShell - Reverse VBS Shell
malwares/PlasmaRAT - Remote Access Trojan(RAT), Miner, DDoS
Cn33liz/StarFighters - A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.
Cn33liz/VBSMeter - VBS Reversed TCP Meterpreter Stager
meliton/ISPiggy - Decentralized DNS fuzzer to mitigate ISP Snooping

Visual Basic .NET

TheNewAttacker64/youhackerDropper - FakeApexCheatDropper
jaylagorio/Craal - Finding Valuable Needles in Global Source Code Haystacks with Automation
MoscaDotTo/Winapp2 - A database of extended cleaning routines for popular Windows PC based maintenance software.

Vue

Chanzhaoyu/chatgpt-web - 用 Express 和 Vue3 搭建的 ChatGPT 演示网页
moeakwak/chatgpt-web-share - 共享 ChatGPT 账号给多用户同时使用！A web application that allows multiple users to share one ChatGPT account at the same time, developed using fastapi & vue3. Supports GPT-4! 用于朋友之间共享或合租 ChatGPT 账号。使用 FastAPI + Vu
Zerx0r/Kage - Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler
JDArmy/BREAK - 业务风险枚举与规避知识框架（Business Risk Enumeration & Avoidance Kownledge）
AbelChe/cola_dnslog - Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探测辅助平台完全开源 dnslog httplog ldaplog rmilog 支持dns http ldap rmi等协议提供API调用方式便于与其他工具结合支持钉钉机器人、Bark等提醒支持docker一键部署后端完全使用python实现前端基于vue-element-admin二开
cars10/elasticvue - Elasticsearch gui for the browser
vbenjs/vue-vben-admin - A modern vue admin. It is based on Vue3, vite and TypeScript. It's fast！
SelfhostedPro/Yacht - A web interface for managing docker containers with an emphasis on templating to provide 1 click deployments. Think of it like a decentralized app store for servers that anyone can make packages for.
honghuangdc/soybean-admin - A fresh and elegant admin template, based on Vue3,Vite3,TypeScript,NaiveUI and UnoCSS [一个基于Vue3、Vite3、TypeScript、NaiveUI 和 UnoCSS的清新优雅的中后台模版]
fuzui/RuoYi-Antdv - RuoYi-Vue版本+Ant Design Vue，将持续适配RuoYi-Vue
sscfaith/avue-form-design - 本项目是一款基于 Avue 的表单设计器，拖拽式操作让你快速构建一个表单。
Hunlongyu/ReadMe - Github star manager
ysk2014/webshell - 基于node-pty、xterm和vue的web terminal服务
qier222/YesPlayMusic - 高颜值的第三方网易云播放器，支持 Windows / macOS / Linux :electron:
L-noodle/vue-big-screen - 一个基于 vue、datav、Echart 框架的大数据可视化（大屏展示）模板，实现大数据可视化。通过 vue 组件实现数据动态刷新渲染，内部图表可自由替换。部分图表使用 DataV 自带组件，可自由进行更改（ps：最新的更新请前往码云查看，下面有链接）。
Secur1ty0/P2note - Penetration testing payload note
tsg-ut/ctfd-theme-tsgctf - Custom CTFd theme made for TSG CTF
huangwei9527/Ink-wash-docs - 水墨文档，一款基于egg+vue开发的在线文档管理平台，支持markdown文档， excel文档，原型托管等功能. http://47.104.247.183:7001/
JakHuang/form-generator - :sparkles:Element UI表单设计及代码生成器
hinesboy/mavonEditor - mavonEditor - A markdown editor based on Vue that supports a variety of personalized features
KeziahMoselle/export-github-stars - View / Sort / Export your Starred repositories.
china-bin/vdesjs-drag - 基于vue的可视化拖拽，代码生成工具。
parrot409/Parmy - A extension for collecting parameters
0xdekster/ReconNote - Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
momosecurity/bombus - 合规审计平台
DeimosC2/DeimosC2 - DeimosC2 is a Golang command and control framework for post-exploitation.
a54552239/pearProject - pear，梨子，轻量级的在线项目/任务协作系统，远程办公协作
yeswehack/pwn-machine - The Pwning Machine
zglz/vue-component-inspector - This is vue development tool which works only with Vue 2.0.
faloker/purify - All-in-one tool for managing vulnerability reports from AppSec pipelines
Hunlongyu/ZY-Player - ▶️ 跨平台桌面端视频资源播放器.简洁无广告.免费高颜值. 🎞
tldrrun/tools.tldr.run - A curated list of security tools for Hackers & Builders!
beekeeper-studio/beekeeper-studio - Modern and easy to use SQL client for MySQL, Postgres, SQLite, SQL Server, and more. Linux, MacOS, and Windows.
ChiChou/grapefruit - (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
BC-SECURITY/Starkiller - Starkiller is a Frontend for PowerShell Empire.
cckuailong/InformationGather - SRC Assets Information Gather Website(SRC资产信息聚合网站)
fofapro/vulfocus - 🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。
NBHH711/guimetasploit - Best Graphical Hacking Platform Online
DataV-Team/DataV - Vue数据可视化组件库（类似阿里DataV，大屏数据展示），提供SVG的边框及装饰、图表、水位图、飞线图等组件，简单易用，长期更新(React版已发布)
chaitin/passionfruit - [WIP] Crappy iOS app analyzer
xusenlin/vue-element-ui-admin - :maple_leaf: 一个基于Vue 3(ScriptSetup) + TS + Vite + ElementPlus + Pinia + VueRouter + Axios的后台模板，做了目录结构的整理和常用方法的封装，开箱即用 :)
yucccc/vue-mall - 🔨 基于 vue+node+mongodb 实现一个锤子商城
mlogclub/bbs-go - 基于Golang的开源社区系统。
chaitin/xray - 一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
tenweek/LiveEducation - 南开大学&计蒜客2017夏季实训光宗耀组小组项目——教育直播平台
inoutcode/ethereum_book - 精通以太坊（中文版）
fengzifz/GantTask - 甘特图任务管理器 - 适合新手学习的 Vue 完整案例
bestony/logoly - A Pornhub Flavour Logo Generator
lsgwr/spring-boot-online-exam - 基于Spring Boot的在线考试系统(预览地址 http://129.211.88.191 ，账户分别是admin、teacher、student，密码是admin123)，也有Python实现
lxrmido/WordCards -
loveRandy/vue-cli3.0-vueadmin - 基于vue-cli3.0+vue+elementUI+vuex+axios+权限管理的后台管理系统
uriver/DNS-Analysis - 非法域名挖掘与画像系统。
GitHub-Laziji/VBlog - 使用GitHub API 搭建一个可动态发布文章的博客
xinali/penework - Penetration Test Framwork
0xbug/Hawkeye - GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
jinzhe/zee.kim_v4 - 个人网站之 <幸福彼岸 />（此版本已废弃）
luyilin/Aoba - Create a lovely resume just with a config file.
nluedtke/linux_kernel_cves - Tracking CVEs for the linux Kernel
dj940212/last-blog - 仿GitHub风格个人博客, vue+vuex+koa+mongodb
AT-UI/at-ui - A fresh and flat UI-Kit specially for desktop application, made with ♥ by Vue.js 2.0 (DEPRECATED)
iview/iview - A high quality UI Toolkit built on Vue.js 2.0
hieeyh/tong2-family - 基于vue、vuex、vue-router、echarts的数据可视化展示平台

XSLT

LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
ernw/nmap-parse-output - Converts/manipulates/extracts data from a Nmap scan output.
SofianeHamlaoui/Pentest-Notes - Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
TideSec/BypassAntiVirus - 远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。
adon90/pentest_compilation - Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios

YAML

ansible-lockdown/RHEL7-STIG-Audit - Audit configurations for RHEL7 STIG

YARA

RoomaSec/RmTools - 蓝队应急工具
nsacyber/Mitigating-Web-Shells - Guidance for mitigation web shells. #nsacyber
CYB3RMX/Qu1cksc0pe - All-in-One malware analysis tool.
wgpsec/whohk - whohk，linux下一款强大的应急响应工具在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况，有的时候还需要做一些格式处理，这对于linux下命令不是很熟悉的人比较不友好。本工具将linux下应急响应中常用的一些操作给集合了起来，并处理成了较为友好的格式，只需要通过一个参数就能代替繁琐复杂的命令来实现对各个点的检查。
mandiant/red_team_tool_countermeasures -
sbousseaden/YaraHunts - Random hunting ordiented yara rules
ghidraninja/ghidra_scripts - Scripts for the Ghidra software reverse engineering suite.
t4d/PhishingKit-Yara-Rules - Repository of Yara rules dedicated to Phishing Kits Zip files
CyberMonitor/APT_CyberCriminal_Campagin_Collections - APT & CyberCriminal Campaign Collection
Yara-Rules/rules - Repository of yara rules
rednaga/APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Neo23x0/signature-base - YARA signature and IOC database for my scanners and tools

Zeek

kinomakino/Threat-Intelligence-Data - Snort_rules detection bad actors.

Zig

darkr4y/OffensiveZig - Some attempts at using Zig(https://ziglang.org/) in penetration testing.

nesC

LeeHDsniper/TinyOS_IDS - A IDS system for WSN based on CTP and TinyOS

License

To the extent possible under law, udpsec has waived all copyright and related or neighboring rights to this work.

Open Source Agenda is not affiliated with "Taielab Awesome Hacking Lists" Project. README Source: taielab/awesome-hacking-lists

Stars

944

Open Issues

Last Commit

1 year ago

Repository

taielab/awesome-hacking-lists

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/taielab-awesome-hacking-lists"><img src="https://www.opensourceagenda.com/projects/taielab-awesome-hacking-lists/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?