🔥 Turn entire websites into LLM-ready markdown or structured data. Scrape, crawl and extract with a single API.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Collection of methodology and test case for various web vulnerabilities.

🧡 Follow everything in one place

Find, verify, and analyze leaked credentials

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.

Tool to check for dependency confusion vulnerabilities in multiple package management systems

手动收集各大SRC平台主域名，通过程序自动处理以格式化存入数据库中，便于配合其它信息搜集工具进一步测试。

Lightweight server monitoring hub with historical data, docker stats, and alerts.

IDA plugin which queries language models to speed up reverse-engineering

Python based web automation tool. Powerful and elegant.

AI infrastructure security assessment tool designed to discover and detect potential security risks in AI systems.

ICP 备案批量查询工具

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

Collect some security conference topics

Potentially dangerous files

一款红队在信息收集时规避IP封禁的傻瓜式一键代理池，通过大量代理节点轮询的代理池工具

List of Directory Traversal/LFI Payloads Scraped from the Internet

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

CodeQL extractor for java, which don't need to compile java source

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Sourcetrail - free and open-source interactive source explorer

Open source free capture HTTP(S) traffic software ProxyPin, supporting full platform systems

This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.

一款跨平台小巧的端口爆破工具，支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compact port blasting tool that supports blasting FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD

最强大的密码爆破/喷洒工具 | The most powerful bruteforcer / sprayer Artifact

declutters url lists for crawling/pentesting