sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool

bee-san / Ciphey

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

stamparm / maltrail

Malicious traffic detection system

lintsinghua / DeepAudit

DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。​让安全不再昂贵,让审计不再复杂。

Threekiii / Awesome-Redteam

一个攻防知识库。A knowledge base for red teaming and offensive security.

JaveleyQAQ / WeChatOpenDevTools-Python

WeChatOpenDevTool 微信小程序强制开启开发者工具

r0oth3x49 / ghauri

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

zhzyker / vulmap

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

t3l3machus / hoaxshell

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

awake1t / HackReport

渗透测试报告/资料文档/渗透经验文档/安全书籍

christophetd / CloudFlair

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

blackorbird / APT_REPORT

Interesting APT Report Collection And Some Special IOCs

tr0uble-mAker / POC-bomber

利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点

jorhelp / Ingram

网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool

MrWQ / vulnerability-paper

收集的文章 https://mrwq.github.io/tools/paper/

EASY233 / Finger

一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具

ahmedkhlief / APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...

XiaoliChan / wmiexec-Pro

New generation of wmiexec.py

W01fh4cker / Serein

【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。

lemono0 / FastJsonParty

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

shimmeris / SCFProxy

A proxy tool based on cloud function.

vulmon / Vulmap

Vulmap Online Local Vulnerability Scanners Project

adysec / ARL

ARL 资产侦察灯塔系统(可运行,添加指纹,提高并发,升级工具及系统,无限制修改版) | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。

amchii / tg-signer

电报自动执行(签到、发送消息、点击键盘、AI回复等);个人、群组、频道消息监控、转发与自动回复。Automated Telegram tasks (check-ins, sending messages, keyboard clicks, AI replies, etc.); monitoring, forwarding, and auto-replying to private, grou...

assume-breach / Home-Grown-Red-Team

co01cat / SqlmapXPlus

sqlmap Xplus 基于 sqlmap,对经典的数据库注入漏洞利用工具进行二开!

ChinaRan0 / DeepSeekSelfTool

首个由DeepSeek独立开发的AI网络安全工具箱

CuriousLearnerDev / TrafficEye

This tool is designed to help penetration testers and network administrators identify potential security threats, especially those targeting web applications such as SQL injection, XSS, and WebShe...

SourByte05 / Vulnerability-Wiki-PoC

🚀 2024-至今 1Day 漏洞 PoC 深度研究与复现归档。涵盖 OA、ERP、安防、数通、大模型及容器等 高价值资产漏洞,实战导向,助力安全研究与合规检测。

pureqh / bypasswaf

关于安全狗和云锁的自动化绕过脚本