githubmaidou

BurpAPIFinder

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

BurpFingerPrint

BurpSuite插件集成Ehole指纹库并进行常见OA弱口令爆破插件

captcha-killer-modified

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

ddddocr

带带弟弟 通用验证码识别OCR pypi版

donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

java-memshell-generator

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

DataMiner

数据库自动取样工具 - The tool used to extract the information from databases quickly.

Fiora

Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。

ui

Beautifully designed components that you can copy and paste into your apps. Accessible. Customizable. Open Source.

cloud-security-guides

Otter

🦦 Otter, a multi-modal model based on OpenFlamingo (open-sourced version of DeepMind's Flamingo), trained on MIMIC-IT and showcasing improved instruction-following and in-context learning ability.

argo-cd

Declarative Continuous Deployment for Kubernetes

gitops-engine

Democratizing GitOps

suo5

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

email_hack

A email bomb/fake email tool, by Python

Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Stowaway

👻Stowaway -- Multi-hop Proxy Tool for pentesters

PrivescCheck

Privilege Escalation Enumeration Script for Windows

malicious-pdf

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

SocialFish

Phishing Tool & Information Collector

Red-Team-Infrastructure-Wiki

Wiki to collect Red Team infrastructure hardening resources

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

MobileApp-Pentest-Cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

HackTools

The all-in-one browser extension for offensive security professionals 🛠

awesome-web-hacking

A list of web application security

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

gobuster

Directory/File, DNS and VHost busting tool written in Go

dirsearch

Web path scanner