chen1sheng

javascript-obfuscator

A powerful obfuscator for JavaScript and Node.js

yakit

Cyber Security ALL-IN-ONE Platform

al-khaser

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Arjun

HTTP parameter discovery suite.

ARL

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

apkleaks

Scanning APK file for URIs, endpoints & secrets.

sql-injection-payload-list

🎯 SQL Injection Payload List

Seatbelt

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

HaE

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

java-tutorial

:coffee: 老司机在 Java 技术领域的十年积累。

APIKit

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

top25-parameter

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

de4js

JavaScript Deobfuscator and Unpacker

Bug-Bounty-Wordlists

A repository that includes all the important wordlists used while bug hunting.

redteam-tips

关于红队方面的学习资料

RW_Password

此项目用来提取收集以往泄露的密码中符合条件的强弱密码

GoBypassAV

整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术，并搜集汇总了一些资料和工具。

sm-crypto

国密算法js版

BeaconEye

Hunts out CobaltStrike beacons and logs operator command output

2022-HW-POC

2022 护网行动 POC 整理

DCSec

域控安全one for all

RDPassSpray

Python3 tool to perform password spraying using RDP

TerraformGoat

TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

hack-fastjson-1.2.80

openrasp-iast

IAST 灰盒扫描工具

cola_dnslog

Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探测辅助平台 完全开源 dnslog httplog ldaplog rmilog 支持dns http ldap rmi等协议 提供API调用方式便于与其他工具结合 支持钉钉机器人、Bark等提醒 支持docker一键部署 后端完全使用python实现 前端基于vue-element-admin二开

K8s-Mind-Map

K8S安全攻防思维导图 | Docker安全攻防思维导图

AgentInjectTool

改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能

winlog

一款基于go的windows信息收集工具，主要收集目标机器rdp端口、mstsc远程连接记录、mstsc密码和安全事件中4624、4625登录事件记录

fastjsonVul

fastjson 80 远程代码执行漏洞复现