Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

The security tool(project) Set from github。github安全项目工具集合

nodejsscan is a static security code scanner for Node.js applications.

记录自己对《代码审计》的理解和总结，对危险函数的深入分析以及在p牛的博客和代码审计圈的收获

Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

GoJump is a bastion server inspired by KoKo

《深入理解SAST静态应用安全测试》Static Application Security Testing.

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

扫描常见未授权访问（redis、mongodb、memcached、elasticsearch、zookeeper、ftp、CouchDB、docker、Hadoop）

Static Code Analysis - 静态代码分析

DoraBox - Basic Web Vulnerability Training

Automatic SQL injection and database takeover tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Damn Vulnerable Web Application (DVWA)

HeapDump敏感信息提取工具

This is a webshell open source project

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

🔍 Search anyone's digital footprint across 300+ websites