Truly independent web browser

CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

PoC of CVE-2022-20474

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

secator - the pentester's swiss knife

FastGPT is a knowledge-based platform built on the LLMs, offers a comprehensive suite of out-of-the-box capabilities such as data processing, RAG retrieval, and visual AI workflow orchestration, le…

Turn (almost) any Python command line program into a full GUI application with one line

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

PoC and writeup for bypassing the initial patch of CVE-2024-0044, Android run-as any app vulnerability allowing privilege escalation from adb to installed app

⚓️ Easily test HTTP webhooks with this handy tool that displays requests instantly.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

利用 Docker 打造自动化家庭影院，开箱即用

Conquer Any Code in VSCode: One-Click Comments, Conversions, UI-to-Code, and AI Batch Processing of Files! 在 VSCode 中征服任何代码：一键注释、转换、UI 图生成代码、AI 批量处理文件！💪

经济学人(含音频)、纽约客、卫报、连线、大西洋月刊等英语杂志免费下载,支持epub、mobi、pdf格式, 每周更新

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

LC（List Cloud）是一个多云攻击面资产梳理工具

JNDIExploit or a ysoserial.

Property extractor for Android apps

我的电视 电视直播软件，安装即可使用

收集各大AndroidTV的apk应用，可免费看vip和国外电影电视。如大家有也可以贡献一下。

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows

Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation

SQLCipher is a standalone fork of SQLite that adds 256 bit AES encryption of database files and other security features.

Mass bruteforce authentication of common services with common credentials.

《安卓逆向这档事》