XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts

Automatically brute force all services running on a target.

Multithreaded HTTP scanner

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Brute force dection for finding hidden files and folders on remote servers.

Automated Security Testing For REST API's

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Impacket is a collection of Python classes for working with network protocols.

A comprehensive penetration testing toolkit based python

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Enumerate a target Based off of Nmap Results

Automatic SSRF fuzzer and exploitation tool

SvnExploit支持SVN源代码泄露全版本Dump源码

Crack the shared secret of a HS256-signed JWT

Tool for advanced mining for content on Github

Web path scanner

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued

Automated Tool for Testing Header Based Blind SQL Injection

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。