Sample SSL client code for correct endpoint validation.

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities

mPaas请求包加密frida hook解决方案

mpass移动开发框架ios端抓包hook脚本

Cordova Client Certificate for both iOS and Android.

Companion repository of the "Dancer in the Dark" paper.

基于Frida的脱壳工具

强大的 Frida 重打包工具，用于 iOS 和 Android。轻松修改 Frida 特征，增强隐蔽性，绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Strea…

Enable WebView remote inspector for every app

CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.

Frida scripts to directly MitM all HTTPS traffic from a target mobile application

Frida hook some jni functions

安卓应用安全学习

安卓应用层抓包通杀脚本

Scan for React performance issues and eliminate slow renders in your app

A tool to dump Java serialization streams in a more human readable form.

社会工程学密码生成器，是一个利用个人信息生成密码的工具

PDF Reader in JavaScript

Generates permutations, alterations and mutations of subdomains and then resolves them

互联网公司子域名收集

HTTP redirection service designed to help bypass SSRF filters. Integrated with Burp Suite.

A fast TCP/UDP tunnel over HTTP

🎯 Open Redirect Payload List

VulWiki

declutters url lists for crawling/pentesting

Java web common vulnerabilities and security code which is base on springboot and spring security

亿赛通电子文档安全管理系统XStream反序列化漏洞任意文件上传利用

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。