loveshell

ngx_lua_waf

ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙

atexec-pro

Fileless atexec, no more need for port 445

jumpserver

开源跳板机/堡垒机:认证,授权,审计,自动化运维(Open source springboard machine / machine fortress: authentication, authorization, auditing, operation and maintenance of automation).http://www.jumpserver.org

vulfocus

🚀Vulfocus 是一个漏洞集成平台，将漏洞环境 docker 镜像，放入即可使用，开箱即用。

acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

cep

complex event processing code

ChatGPTScan-SAST

一个基于 ChatGPT 的开源代码审计平台。

datasploit

A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

detux

The Multiplatform Linux Sandbox

django-DefectDojo

DefectDojo is an open source defect tracker

dnscat2

elastalert

Easy & Flexible Alerting With ElasticSearch

graylog2-server

Graylog2 is an open source syslog implementation that stores your logs in ElasticSearch. It consists of a server written in Java that accepts your syslog messages via TCP or UDP and stores it in the database. The second part is a Ruby on Rails web interface that allows you to view the log messages.

jmet

Java Message Exploitation Tool

jxotp

企业SSH登陆双因素认证系统

kunpeng

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

ldap_shell

AD ACL abuse

malcom

Malcom - Malware Communications Analyzer

Mobile-Security-Framework-MobSF

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

pocassist

pocassist是一款全新的开源漏洞测试框架，无需代码知识也可实现对poc的在线编辑、管理、测试。 使用之前请先阅读文档。

rails3book-code

Red-Teaming-TTPs

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

RedTeam-Tools

Tools and Techniques for Red Team / Penetration Testing

repoguard

Repoguard is a simple tool to check and alert on interesting changes in a git repository.

sleepy-puppy

Sleepy Puppy XSS Payload Management Framework

SQLiScanner

Automatic SQL injection with Charles and sqlmapapi

test

test tool example project

webzmap

Zmap on Web

wetty

Terminal in browser over http/https. (Ajaxterm/Anyterm alternative, but much better)