A platform for building proxies to bypass network restrictions.

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find, verify, and analyze leaked credentials

A fast TCP/UDP tunnel over HTTP

Open-Source Phishing Toolkit

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

Go security checker

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

GO Simple Tunnel - a simple tunnel written in golang

Cameradar hacks its way into RTSP videosurveillance cameras

📦 Make security testing of K8s, Docker, and Containerd easier.

EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具

一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。

无状态子域名爆破工具

A tool to abuse Exchange services

netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）

一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示

kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。

Fetch many paths for many hosts - without killing the hosts

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

🔨 A modern multiple reverse shell sessions manager written in go

veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集

一款适用于红蓝对抗中的仿真钓鱼系统

安全、快捷、高交互、企业级的蜜罐管理系统，护网；支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functi…

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Serv…

A tool to capture all the git secrets by leveraging multiple open source git searching tools

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover