XuanQiong（玄穹），一款高性能的开源漏洞库平台，中小型团队自建漏洞库的合适之选。支持漏洞提交、漏洞审核、漏洞搜索、漏洞排行榜、消息推送等功能。

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Reflective PE packer.

A curated list of amazingly awesome Burp Extensions

yuque 语雀知识库下载

Cross-platform filesystem notifications for Go.

A memory-based evasion technique which makes shellcode invisible from process start to end.

🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP po…

一个用于web框架、CDN和CMS指纹识别的高性能命令行工具。A high-performance command-line tool for web framework, CDN and CMS fingerprinting.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

针对shiro无cc链下的利用，可探测多个cb组件版本不遗漏

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

Share Things Related to Java - Java安全漫谈笔记相关内容

ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

漏洞文库 wiki.wy876.cn

Simple, powerful and flexible site generation framework with everything you love from Next.js.

分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴

inotify-tools is a C library and a set of command-line programs providing a simple interface to inotify.

A slightly more fun way to disable windows defender + firewall. (through the WSC api)

一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Snyk CLI scans and monitors your projects for security vulnerabilities.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

基于Python3开发的远程唤醒计算机程序，支持PC客户端、命令行和网页。网页端主要为了移动端使用。A remote wake-up computer program developed based on Python3, supporting PC clients, command lines, and web pages. The web end is mainly designed f…

the Network Protocol Fuzzer that we will want to use.

A fork and successor of the Sulley Fuzzing Framework

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

AFLNet: A Greybox Fuzzer for Network Protocols (https://thuanpv.github.io/publications/AFLNet_ICST20.pdf)