A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

A fast sub domain brute tool for pentesters

Web-Security-Learning

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

程序员延寿指南 | A programmer's guide to live longer

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

Awesome Bug bounty builder Project

BurpBounty插件的配置文件收集项目

🛡️ Awesome Cloud Security Resources ⚔️

403/401 Bypass Methods + Bash Automation + Your Support ;)

🤖 The Modern Port Scanner 🤖

A tool for embedding XXE/XML exploits into different filetypes

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

I will share my bug bounty tips here

CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.

A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

Tool is to check for Cache Deception Attack Both For Authenticated and UnAuthenticated Pages

HTTP weak pass scanner

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

A Swagger API Exploit

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

xmind\code\articles for my personal blog 个人博客上的资源备份存储，也是个人分享的汇总

burp插件开发指南

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Handbook of information collection for penetration testing and src

Tools to work with android .dex and java .class files

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.