Ma1tobiose

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

ios_rule_script

分流规则、重写写规则及脚本。

gophish

Open-Source Phishing Toolkit

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

xiaogpt

Play ChatGPT and other LLM with Xiaomi AI Speaker

cloud-custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

All-Defense-Tool

本项目集成了全网优秀的攻防武器工具项目，包含自动化利用，子域名、目录扫描、端口扫描等信息收集工具，各大中间件、cms、OA漏洞利用工具，爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全攻防资料。

ARL

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

terraform-cdk

Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform

GOAD

game of active directory

POC-bomber

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

burpgpt

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

Pentest-Windows

Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境

appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

tabby

A CAT called tabby ( Code Analysis Tool )

riskscanner

RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。

NextScan

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

SecurityProduct

开源安全产品源码，IDS、IPS、WAF、蜜罐等

java-object-searcher

java内存对象搜索辅助工具

CodeQLpy

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

APKHunt

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

funboost

pip install funboost，python全功能分布式函数调度框架,。支持python所有类型的并发模式和一切知名消息队列中间件，支持如 celery dramatiq等框架整体作为funboost中间件，python函数加速器，框架包罗万象，用户能想到的控制功能全都有。一统编程思维，兼容50% python业务场景，适用范围广。只需要一行代码即可分布式执行python一切函数，99%用过funboost的pythoner 感受是　简易 方便 强劲 强大，相见恨晚 。

selefra

The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

react-carplay

AppScan

安全隐私卫士（AppScan）一款免费的企业级自动化隐私检测工具。

WaterDragon

WaterDragon:用GithubAction实现代理功能。红队,cve,代理池,隐匿,攻防,对抗，hackone,src,proxy,CVE-2020,CVE-2021,CVE-2022

ARL-NPoC

集漏洞验证和任务运行的一个框架

xray-poc-scan-engine

xray poc 扫描器