Daybr4ak

Sa-Token

一个轻量级 Java 权限认证框架，让鉴权变得简单、优雅！—— 登录认证、权限认证、分布式Session会话、微服务网关鉴权、单点登录、OAuth2.0

ZY-Player

▶️ 跨平台桌面端视频资源播放器.简洁无广告.免费高颜值. 🎞

secguide

面向开发人员梳理的代码安全指南

semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

EHole

EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具

book

个人认为对技术提升很不错的书

Inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

vulstudy

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Dictionary-Of-Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

taowu-cobalt_strike

Fastjson

Fastjson姿势技巧集合

woodpecker-framework-release

高危漏洞精准检测与深度利用框架

Hello-Java-Sec

☕️ Java Security，安全编码和代码审计

CSAgent

CobaltStrike 4.x通用白嫖及汉化加载器

RoguePotato

Another Windows Local Privilege Escalation from Service Account to System

FindSomething

基于chrome、firefox插件的被动式信息泄漏检测工具

redress

Redress - A tool for analyzing stripped Go binaries

blind-ssrf-chains

An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability

jwt-hack

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

learning-codeql

CodeQL Java 全网最全的中文学习资料

DNSStager

Hide your payload in DNS

HopLa

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

jenkins-attack-framework

ssrf-king

SSRF plugin for burp Automates SSRF Detection in all of the Request

WechatDecrypt

微信消息解密工具

itstack-demo-bytecode

本专栏主要针对字节码编程系列知识栈进行编写文章学习。在字节码编程方便有三个比较常见的框架；ASM、Javassit、Byte-buddy，他们都可以使用自己的API方式进行字节码的插装，通过这样增强方法的方式就可以和Javaagent结合起来开发非入侵的全链路监控服务，以及做反射、中间件和混淆代码等

RabR

Redis-Attack By Replication (通过主从复制攻击Redis)

multiplexing_port_socks5

一款golang写的支持http与socks5的端口复用小工具，并且可以开启socks5代理。

HackingTools-2

A collection of awesome lists for hackers, pentesters & security researchers.

MySootScript

oh my soot !