C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示

A fork and successor of the Sulley Fuzzing Framework

RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。

RetDec is a retargetable machine-code decompiler based on LLVM.

A frida tool to dump dex in memory to support security engineers analyzing malware.

面向开发人员梳理的代码安全指南

傻瓜式漏洞PoC测试框架

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Randomized testing for Go

Go security checker

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb-bin-sploits

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

Port Scanner & Banner Identify From TianXiang

Google Protocol Buffers message generator

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Beta versions of my software

nodejsscan is a static security code scanner for Node.js applications.

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

List of Awesome Red Teaming Resources

Sudo Baron Samedit Exploit

恶意脚本检测分类工具

The world's simplest facial recognition api for Python and the command line

边界打点后的自动化渗透工具

Karta - source code assisted fast binary matching plugin for IDA

JPF is an extensible software analysis framework for Java bytecode. jpf-core is the basis for all JPF projects; you always need to install it. It contains the basic VM and model checking infrastruc…