微信小程序商城，微信小程序微店

🌐 Human-friendly and powerful HTTP request library for Node.js

Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming…

Embed the Power of Lua into NGINX HTTP servers

HeapDump敏感信息提取工具

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

fastjson漏洞批量检测工具

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submissio…

Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)

C library for the MaxMind DB file format

A tool to dump Java serialization streams in a more human readable form.

javascript based browser anti debugging techniques resources

阿里云AK泄露利用工具

网络安全、信息安全资讯的RSS订阅，网络安全、信息安全博客的RSS订阅，网络安全、信息安全公众号的RSS订阅

an easy-to-use dynamic service discovery, configuration and service management platform for building cloud native applications.

Fiddler Everywhere is a secure and modern web debugging proxy for macOS, Windows, and Linux.

scalpel是一款命令行漏洞扫描工具，支持深度参数注入，拥有一个强大的数据解析和变异算法，可以将常见的数据格式（json, xml, form等）解析为树结构，然后根据poc中的规则，对树进行变异，包括对叶子节点和树结构 的变异。变异完成之后，将树结构还原为原始的数据格式。

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

An enterprise friendly way of detecting and preventing secrets in code.

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods

An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.

Collection of YARA rules designed for usage through VirusTotal.com.

基于Frida的Android App隐私合规检测辅助工具

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

SMSBoom - Deprecate: Due to judicial reasons, the repository has been suspended!

Java盲水印

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。

(持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行整理，主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等，并且会持续更新。