Homemade Aggressor scripts kit for Cobalt Strike

一款部署于云端或本地的隧道代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

这是一个全面的Web应用安全扫描工具，专注于检测XSS（跨站脚本）漏洞，同时也能够发现其他类型的Web安全漏洞。该工具支持多种扫描模式、不同级别的有效载荷和详细的漏洞报告。

A helpful Java Deserialization exploit framework.

A Bypass Anti-virus Software Lateral Movement Command Execution Tool

XSS漏洞与SSRF漏洞的联合攻击及其综合防范机制实验平台

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

首个由DeepSeek独立开发的AI网络安全工具箱

一些弱口令、fuzz字典

Data extraction tool for Docker Registry API

微信机器人，可接入DeepSeek、Gemini、ChatGPT、ChatGLM、讯飞星火、Tigerbot等大模型。微信 hook WeChat Robot Hook.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

一款便捷、实用的Nuclei POC 管理工具。A convenient and practical Nuclei POC management tool.

Check if phone numbers are connected to Telegram accounts.

A PoC exploit for CVE-2021-4191 - GitLab User Enumeration.

GitLab-Graphql-CVE-2020-26413 POC

Exploits GitLab authenticated RCE vulnerability known as CVE-2022-2884.

Authenticated Remote Command Execution in Gitlab via GitHub import

The pattern matching swiss knife

A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises fr…

一款红队在信息收集时规避IP封禁的傻瓜式一键代理池，通过大量代理节点轮询的代理池工具

让"WAF绕过"变得简单

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新

基于Go编写的windows日志分析工具

pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.

P001water二开的fscan

Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575