S9MF

HackBrowserData

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

OneForAll

OneForAll是一款功能强大的子域收集工具

fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

Awesome-WAF

🔥 Web-application firewalls (WAFs) from security standpoint.

Behinder

“冰蝎”动态二进制加密网站管理客户端

Godzilla

哥斯拉

donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Free-VPN-for-Coursera

:key: :unlock:免费开源的科学上网工具

xssor2

XSS'OR - Hack with JavaScript.

php_bugs

PHP代码审计分段讲解

BurpShiroPassiveScan

一款基于BurpSuite的被动式shiro检测插件

SRC-experience

工欲善其事，必先利其器

mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

MYSQL_SQL_BYPASS_WIKI

mysql注入,bypass的一些心得

lxhToolHTTPDecrypt

Simple Android/iOS protocol analysis and utilization tool

Penetration_Testing_Case

用于记录分享一些有趣的案例

wooyun-payload

从wooyun中提取的payload，以及burp插件

App_Security

SiteCopy

sitecopy is a tool that facilitates personal website backup and network data collection

Fake-flash.cn

flash.cn钓鱼页（中文+英文）

fu

fu stands for File to URL, a utility design to help you upload images/files and produce Markdown/HTML snippets with couple of clicks.

PHPFuck

PHPFuck: ([+.^]) / Using only 7 different characters to write and execute php.

JNDIExploit-1

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

cmd.jsp

A super small jsp webshell with file upload capabilities.

NetDeserializeTool

.net反序列化课程中提到的漏洞检测工具

smpic

Windows下面的SM.MS图床上传工具

Charset_encoding-Burp

利用字符集编码绕过waf的burpsuite插件

2TuBi

t00ls每日签到

mywordlist

SomeTools

自己使用的一些脚本和工具