lanbainan

LOOBins

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

ffuf

Fast web fuzzer written in Go

Afuzz

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

vagent

多功能 java agent 内存马

oss-browser-decrypt-auth

解密oss-browser里面sqlite加密存放的数据

WatchAD2.0

WatchAD2.0是一款针对域威胁的日志分析与监控系统

SecurityList

A list for Web Security and Code Audit

suo5

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

JNDIEXP

JNDI在java高版本的利用工具,FUZZ利用链

VcenterKiller

一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接

mp-unpack

fofa_viewer

A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.

fofa_view

FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件，目前兼容 Chrome、Firefox、Opera。

Packer-Fuzzer

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

Arsenal

Cobalt Strike 3.13 Arsenal Kit

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

J2ExpSuite

一个以python3编写的的漏洞检测框架，可自定义，添加poc，exp，，不需要修改其他内容，只需要编写POC自动执行检测

Silent_Pass

A cross-platform password harvester for known softwares (Chrome / Chromium, Firefox, Internet Explorer / MS Edge, FileZilla)

exphub

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Watchdog

Watchdog是bayonet修改版，重新优化了数据库及web及扫描程序,加入多节点

LaZagne

Credentials recovery project

java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

WebGoat

WebGoat is a deliberately insecure application

BurpSuite-collections

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

linbing

本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫描.前端采用vue技术,后端采用python fastapi.

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

bayonet

bayonet是一款src资产管理系统，从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统

crawlergo

A powerful browser crawler for web vulnerability scanners

Penetration_Testing_Case

用于记录分享一些有趣的案例

w12scan

🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)