分享 GitHub 上有趣、入门级的开源项目。Share interesting, entry-level open source projects on GitHub.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Automatic SQL injection and database takeover tool

😘 让你“爱”上 GitHub，解决访问时图裂、加载慢的问题。（无需安装）

中文独立博客列表

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

Web path scanner

Android in docker solution with noVNC supported and video recording

A command-line productivity tool powered by AI large language models like GPT-4, will help you accomplish your tasks faster and more efficiently.

A swiss army knife for pentesting networks

The recursive internet scanner for hackers. 🧡

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

HTTP parameter discovery suite.

Scanning APK file for URIs, endpoints & secrets.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

A collection of custom security tools for quick needs.

Automatic SSRF fuzzer and exploitation tool

Find leaked secrets via github search

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Tool for Active Directory Certificate Services enumeration and abuse

Low bandwidth DoS tool. Slowloris rewrite in Python.

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

Striker is an offensive information and vulnerability scanner.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Reconnaissance Swiss Army Knife