Tazkimi

Aceberg_Pro

Yporaject

Ypora 最新版激发教程

XiebroC2

支持多人协作的渗透测试C2、Lua插件扩展、域前置/CDN上线、自定义多个模块、自定义sRDI、文件管理、进程管理、内存加载、截图、反向代理

PInvoke

Slack

安服集成化工具平台，帮助测试人员减少测试脚本多，使用繁琐问题

xss-receiver

简单易用的 xss 接收平台 + payload 管理平台

docem

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

HackJava

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

clibparser

General LR Parser(CMake,C++)

Microsoft-Activation-Scripts

A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.

IDA_Go_Recovery

IDA7.6/IDA7.7 + Python3 下，Go 可执行文件的符号恢复脚本。已适配 Go1.2/Go1.16/Go1.18/Go1.20

webshell

This is a webshell open source project

BeRoot

Privilege Escalation Project - Windows / Linux / Mac

Pillager

Pillager是一个适用于后渗透期间的信息收集工具

404StarLink

404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目

AttackTomcat

Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含

Sn1per

Attack Surface Management Platform

watchvuln

一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it

codeshell-vscode

An intelligent coding assistant plugin for Visual Studio Code, developed based on CodeShell

java-echo-generator

一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.

Awesome-Hardware-and-IoT-Hacking

OffensiveGo

Golang weaponization for red teamers.

VcenterKit

Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

HAC_Bored_Writing

各种漏洞批量扫描poc、exp，涵盖未授权、RCE、文件上传、sql注入、信息泄露等

Scada-LTS

Scada-LTS is an Open Source, web-based, multi-platform solution for building your own SCADA (Supervisory Control and Data Acquisition) system.

OLa

Linux-Kernel-Exploitation

Linux kernel module implementation & exploitation (pwn) labs.

NSMusicS

NSMusicS，Multi platform Multi mode Music Software ，Electron(Vue3+Vite+TypeScript)+.net core+AI

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

captcha-killer-modified

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite