A SqlMap GUI

🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP po…

.NET C# Tools

A powerful browser crawler for web vulnerability scanners

哥斯拉

记录自己编写、修改的部分工具

Weblogic环境搭建工具

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

工欲善其事，必先利其器

一个想帮你总结所有类型的上传漏洞的靶场

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exc…

Java RCE 回显测试代码

Shiro550/Shiro721 一键化利用工具，支持多种回显方式

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.

Hand-crafted Frida examples

A frida tool to dump dex in memory to support security engineers analyzing malware.

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Support ALL Windows Version

Hack-the-Box-OSCP-Preparation

远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

2019年红队资源链接，资源不是本人整理出来，来自互联网，因为流传的少，特意在此做个备份，做个分享。

Venom - A Multi-hop Proxy for Penetration Testers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势

中国蚁剑JSP一句话Payload

Apache Tomcat + MongoDB Remote Code Execution