Asset inventory of over 800 public bug bounty programs.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Collection of Facebook Bug Bounty Writeups

Obtain GraphQL API schema even if the introspection is disabled

高版本Fastjson在Java原生反序列化中的利用演示

在spring-aop中新发现的反序列化gadget-chain

AIPromptJailbreakPractice - AI Prompt 越狱实例

Prompt越狱手册

An open project to list all publicly known cloud vulnerabilities and CSP security issues

A blazingly fast LSP client for Emacs

A software attempt to address the "double key press" issue on Apple's butterfly keyboard [not actively maintained]

TCP connection hijacker, Rust rewrite of shijack

Nuclei AI - Browser Extension for Rapid Nuclei Template Generation

MASA CMS is an Enterprise Content Management platform based on open source technology.

DSL engine

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Adversary Emulation Framework

一个漏洞POC知识库 目前数量 1000+

Comfortably monitor your Internet traffic 🕵️‍♂️

Node.js 资源大全中文版。An awesome Node.js packages and resources

node.js command-line interfaces made easy

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

Cyber Security ALL-IN-ONE Platform

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.