kmustriver

jadx

Dex to Java decompiler

twint

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

seafile

High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.

WTF-Solidity

我最近在重新学solidity，巩固一下细节，也写一个“WTF Solidity极简入门”，供小白们使用，每周更新1-3讲。Now supports English! 官网: https://wtf.academy

yakit

Cyber Security ALL-IN-ONE Platform

ARL

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

wesng

Windows Exploit Suggester - Next Generation

dzzoffice

dzzoffice

WechatMomentScreenshot

朋友圈转发截图生成工具（⚠️Fork 不是收藏，请勿在贡献代码以外的情况下 Fork！）

pentest_study

从零开始内网渗透学习

RedTeam_BlueTeam_HW

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

domain_hunter_pro

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

linux-exploit-suggester-2

Next-Generation Linux Kernel Exploit Suggester

WebCrack

WebCrack是一款web后台弱口令/万能密码批量检测工具，在工具中导入后台地址即可进行自动化检测。

JNDIExploit

对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改

DongTai

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.

JNDI-Exploit-Kit

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

woodpecker-framwork-release

高危漏洞精准检测与深度利用框架

Unix-Privilege-Escalation-Exploits-Pack

Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.

iMonitor

iMonitor（冰镜 - 终端行为分析系统）

EasyPen

EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation

Artillery

JAVA 插件化漏洞扫描器，Gui基于javafx。POC 目前集成 Weblogic、Tomcat、Shiro、Spring等。

log4jScanner

log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services

JNDIEXP

JNDI在java高版本的利用工具,FUZZ利用链

log4j-payload-generator

Log4j jndi injects the Payload generator

bombus

合规审计平台

insight2

selenium_metamask_auto_testing

使用selenium实现对测试网项目的自动化测试

livemonitor

定时检测youtube、twitter、twitcast、fanbox、bilibili、lol、steam、osu的信息更新并进行关键字匹配后推送到指定qq、喵提醒、discord、telegram

snarkOS

A Decentralized Operating System for ZK Applications