lucyxss

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

lowcode-engine

An enterprise-class low-code technology stack with scale-out design / 一套面向扩展设计的企业级低代码技术体系

MHDDoS

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods

ddosify

Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud

sliver

Adversary Emulation Framework

lamda

⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化取证框架，你的工作从未如此简单快捷。

naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

kscan

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

tabby

A CAT called tabby ( Code Analysis Tool )

watchvuln

一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it

ysomap

A helpful Java Deserialization exploit framework.

gogo

面向红队的, 高度可控可拓展的自动化引擎

Fiora

Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。

topaz

Cloud-native authorization for modern applications and APIs

twiki

T Wiki 云安全知识文库，可能是国内首个云安全知识文库？

ultimaste-nuclei-templates

极致攻防实验室 nuclei 检测 POC

uuWAF

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

heralding

Credentials catching honeypot

14Finger

功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构，并集成了长亭出品的rad爬虫的功能，内置了一万多条互联网开源的指纹信息。

ParallelsDesktopCrack

LSMS

Linux Security and Monitoring Scripts

u2c

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】

CVE-2019-12409

Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true")

cdnChecker

A tool to detect CDN for given domains

pyxis

pyxis can automatically identify http and https requests, and get response headers, status codes, response size, response time, tools for fingerprinting (favicon has, service, CMS, framework, etc.)

Apache-Dubbo-Hessian2-CVE-2021-43297

Apache Dubbo Hessian2 CVE-2021-43297 demo

gogo-templates

gogo-templates

go-webRDP-demo