Top disclosed reports from HackerOne

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

Empire is a PowerShell and Python post-exploitation agent.

整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术，并搜集汇总了一些资料和工具。

免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总

哥斯拉

多种技术集成在一起乱拳打死老师傅

ShellCode在线免杀处理平台

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

Collection of Windows Privilege Escalation (Analyse/PoC/Exploit)

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A Tool for Domain Flyovers

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

递归式寻找域名和api。

🕵️ Pinkerton is an JavaScript file crawler and secret finder tool developed in Python

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

✂️ Removing CDN IPs from the list of IP addresses

A utility to detect various technology for a given IP address.

A tool to detect CDN for given domains

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

LC（List Cloud）是一个多云攻击面资产梳理工具

T Wiki 云安全知识文库，可能是国内首个云安全知识文库？

阿里云ECS、策略组辅助小工具

云安全利用工具-云平台AK/SK-WEB利用工具，添加AK/SK自动检测资源，无需手动执行，支持云服务器、存储桶、数据库操作

Fast passive subdomain enumeration tool.

The recursive internet scanner for hackers. 🧡