目标是成为当下最完善的API挖掘工具，实现自动提取响应敏感信息、URI信息，并且对URI进行自动|手动递归检查

【Hello-CTF labs】新手向的ssrf靶场，从协议，场景，绕过等多个ssrf攻击的基础维度展开。

对shellcode进行xor、aes加解密来绕过杀毒软件的静态查杀

CoreDNS is a DNS server that chains plugins

CVE-2022-41678: Dangerous MBeans Accessible via Jolokia API in Apache ActiveMQ

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Proof of concept & details for CVE-2025-21298

This repo offers a tool to reveal password encrypted by MobaXterm.

AV/EDR Evasion Lab for Training & Learning Purposes

针对JWT渗透开发的漏洞验证/密钥爆破工具，针对CVE-2015-9235/空白密钥/未验证签名攻击/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042的结果生成用于FUZZ，也可使用字典/字符枚举(包括JJWT)的方式进行爆破(JWT Crack)

🌐 Modern, lightweight WireGuard VPN web ui panel with a beautiful UI.

Fileless attack with persistence

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

CVS is a powerful comprehensive attack surface management platform. 森罗万象-强大的网络空间测绘、资产管理、漏洞扫描等全生命漏洞周期的综合攻击面管理平台，化繁为简，以一御百。

WgpSec 公开POC WIKI文库 @PeiQi0 师傅

备份的漏洞库，3月开始我们来维护

一款用于网页敏感信息检测，指纹识别的chrome插件

一款针对Spring框架的漏洞扫描及漏洞利用图形化工具

FastjsonScan4Burp 一款基于burp被动扫描的fastjson漏洞探测插件，可针对数据包中存在json的参数或请求体进行payload测试。旨在帮助安全人员更加便捷的发现、探测、深入利用fastjson漏洞，目前已实现fastjson探测、版本、依赖探测、出网及不出网利用和简易的bypass waf功能

SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

Docker Remote API Scanner and Exploit

jeecgBoot漏洞利用工具

FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.

Topic: The Swiss Army Knife of Java Exploitation

DISKSPD is a storage load generator / performance test tool from the Windows/Windows Server and Cloud Server Infrastructure Engineering teams

Windows Kernel Rootkit in Rust

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.