baisesecxxx

CodeReview

代码审计总结

ExpDemo-JavaFX

图形化漏洞利用Demo-JavaFX版

vulbase

各大漏洞文库合集

Kunlun-M

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

oFx

漏洞批量扫描框架，0Day/1Day全网概念验证，~~刷洞，刷肉鸡用~~

PyHook

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

seeyon-exploit

致远OA漏洞检测

MetasploitCoop_0x727

基于msf的后渗透协作平台

injectAmsiBypass

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

GSLibrary

轻量级知识库&POC管理平台

CobaltSpam

dumpall

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏

Hello-Java-Sec

☕️ Java Security，安全编码和代码审计

PSBits

Simple (relatively) things allowing you to dig a bit deeper than usual.

PassDecode-jar

帆软/致远密码解密工具

revsuit

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

WechatDecrypt

微信消息解密工具

JuicyPotato

Modifying JuicyPotato to support load shellcode and webshell

EZOfficeGetShell

万户EZOffice批量GetShell / Code By:Tas9er

DerbyCon-2019Files

This is a group of tools that I was planning on releasing During Derbycon 2019 talk if it was accepted or with a blogpost if not.

Exp-collect

Windows_API_Tools

使用WindowsAPI写的一些渗透小工具

AlliN

A flexible scanner

BloodHound

Six Degrees of Domain Admin

BlackDex

BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

FOFA-ICO-Search-Tools

FOFA ICO 搜索工具 (支持语法搜索、ICON_Hash 搜索 和 一键导出) By:08sec&zero-0sec 阳光宅男 && zero-0sec 凯文大叔

alarm-clock

Viper

Viper (炫彩蛇) 开源图形化内网渗透工具

HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。