安全服务集成化工具平台，希望能帮助你少开几个应用测试

Accurately Locate Smartphones using Social Engineering

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

北极熊扫描器（www.im-fox.com）

适用于Cobalt Strike的插件

burp验证码识别接口调用插件

a very fast brute force webshell password tool

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

免杀webshell生成工具

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

哥斯拉

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Chrome extension, very easy to use. Cookies from: JavaScript document.cookie/Wireshark Cookies etc.

A `.git` folder disclosure exploit

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Collection of publicly available IPTV channels from all over the world

A fast sub domain brute tool for pentesters

Passive Security Scanner (被动式安全扫描器)

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

a package of Pentest scripts I have made or commonly use

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

对目标域名进行快速的存活扫描、简单的指纹识别、目录扫描

Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

You Know, For WEB Fuzzing ! 日站用的字典。