Burpsuite存储桶配置不当漏洞检测插件

一款java漏洞集合工具

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

Maltego Transforms for OSINT on Telegram Messenger

this is my tools project ,welcome to start ...

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

Postman汉化中文版

PyInstaller Extractor

KCon is a famous Hacker Con powered by Knownsec Team.

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

手机号字典生成器：可以根据用户需求定制化生成中国各大运营商和指定区域的手机号字典，并输出为CVS文件。

HeapDump敏感信息提取工具

K8S安全攻防思维导图 | Docker安全攻防思维导图

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

httpx cmd输出转xlsx 带色彩

Fast passive subdomain enumeration tool.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

A tool for adding new lines to files, skipping duplicates

Learning Kubernetes, The Chinese Taoist Way

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Interactive roadmaps, guides and other educational content to help developers grow in their careers.

📦 Make security testing of K8s, Docker, and Containerd easier.

轻量级的无害化钓鱼~

Kuboard 是基于 Kubernetes 的微服务管理界面。同时提供 Kubernetes 免费中文教程，入门教程，最新版本的 Kubernetes v1.23.4 安装手册，(k8s install) 在线答疑，持续更新。

存储桶遍历漏洞利用脚本

emergency response toolkit