f4cknet

jadx

Dex to Java decompiler

awesome-osint

:scream: A curated list of amazingly awesome OSINT

GTFOBins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Awesome-CobaltStrike

List of Awesome CobaltStrike Resources

WebHackersWeapons

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

BurpSuite-collections

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Pwdb-Public

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Safety-Project-Collection

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

Pentest-Tools

QingScan

一个漏洞扫描器粘合剂,添加目标后30款工具自动调用；支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、URL爬虫、XRAY扫描、AWVS自动扫描、POC批量验证，SSH批量测试、vulmap。

goblin

一款适用于红蓝对抗中的仿真钓鱼系统

AllThingsSSRF

This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location

CTFTraining

CTF Training 经典赛题复现环境

awvs14-scan

针对 Acunetix AWVS扫描器开发的批量扫描脚本，支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项，支持联动xray、burp、w13scan等被动批量

OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

ApkAnalyser

一键提取安卓应用中可能存在的敏感信息。

findom-xss

A fast DOM based XSS vulnerability scanner with simplicity.

Oralyzer

Open Redirection Analyzer

ssti-payloads

🎯 Server Side Template Injection Payloads

shodan-dojo

Learning Shodan through katas

HawkScan

Security Tool for Reconnaissance and Information Gathering on a website. (python 3.x)

kerbrute

An script to perform kerberos bruteforcing by using impacket

security-scripts

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

enumy

Linux post exploitation privilege escalation enumeration

Mloger

安全测试平台

attacking-cloudgoat2

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

EnumerationList

This Repo contains wordlist for subdomain enumeration , php file path, html file path, and js file path

Log4j2_RCE

log4j2版本漏洞复现