GitHub Star 仓库分类

这是一个使用AI对GitHub Star的仓库进行分类和总结的工具。

统计信息

总仓库数：864个分类数：17个

逆向破解: 65个仓库
开发工具&框架: 162个仓库
取证溯源: 11个仓库
信息搜集: 82个仓库
LLM安全: 12个仓库
Web安全: 65个仓库
漏洞扫描: 55个仓库
红队&渗透测试: 179个仓库
AI应用: 63个仓库
burpsuite插件: 25个仓库
CTF相关: 29个仓库
DevOps: 39个仓库
云安全: 14个仓库
扫描字典: 10个仓库
代码审计: 32个仓库
其他: 7个仓库
bugbounty: 14个仓库

分类详情

AI应用

1Panel-dev/MaxKB - 💬 MaxKB is an open-source AI assistant for enterprise. It seamlessly integrates RAG pipelines, supports robust workflows, and provides MCP tool-use capabilities.
Acmesec/PromptJailbreakManual - Prompt越狱手册
Acmesec/theAIMythbook - Ai迷思录（应用与安全指南）
ageitgey/face_recognition - The world's simplest facial recognition api for Python and the command line
AIGeniusInstitute/AI-Agent-In-Action - AI Agent 开发实战
aliasrobotics/cai - Cybersecurity AI (CAI), an open Bug Bounty-ready Artificial Intelligence
AUTOMATIC1111/stable-diffusion-webui - Stable Diffusion web UI
b1ank1108/LLM-Star-Classifier - 这是一个使用 🤖 AI 对 GitHub Star 的仓库进行分类和总结的工具。
binary-husky/gpt_academic - 为GPT/GLM等LLM大语言模型提供实用化交互接口，特别优化论文阅读/润色/写作体验，模块化设计，支持自定义快捷按钮&函数插件，支持Python和C++等项目剖析&自译解功能，PDF/LaTex论文翻译&总结功能，支持并行问询多种LLM模型，支持chatglm3等本地模型。接入通义千问, deepseekcoder, 讯飞星火, 文心一言, llama2, rwkv, claude2, moss等。
browser-use/browser-use - 🌐 Make websites accessible for AI agents. Automate tasks online with ease.
bytedance/UI-TARS-desktop - A GUI Agent application based on UI-TARS(Vision-Language Model) that allows you to control your computer using natural language.
chaitin/PandaWiki - PandaWiki 是一款 AI 大模型驱动的开源知识库搭建系统，帮助你快速构建智能化的产品文档、技术文档、FAQ、博客系统，借助大模型的力量为你提供 AI 创作、AI 问答、AI 搜索等能力。
Chanzhaoyu/chatgpt-web - 用 Express 和 Vue3 搭建的 ChatGPT 演示网页
ChatAnyTeam/ChatAny - 🌻 一键拥有你自己的 ChatGPT+众多AI 网页服务 | One click access to your own ChatGPT+Many AI web services
chenfei-wu/TaskMatrix -
CherryHQ/cherry-studio - 🍒 Cherry Studio is a desktop client that supports for multiple LLM providers.
cncsnet1/jadx-gui-ai - jadx-gui反编译工具二次开发，接入AI赋能。
code-scan/AutoSubtitles -
CrazyBoyM/llama3-Chinese-chat - Llama3、Llama3.1 中文后训练版仓库 - 微调、魔改版本有趣权重 & 训练、推理、评测、部署教程视频 & 文档。
datawhalechina/self-llm - 《开源大模型食用指南》针对中国宝宝量身打造的基于Linux环境快速微调（全参数/Lora）、部署国内外开源大模型（LLM）/多模态大模型（MLLM）教程
DmTomHL/Google-AI-Red-Team-Tutorial-ZH_CN -
eryajf/chatgpt-dingtalk - 🎒 钉钉 & 🤖 GPT-3.5 让你的工作效率直接起飞 🚀 私聊群聊方式、单聊串聊模式、角色扮演、图片创作 🚀
harry0703/MoneyPrinterTurbo - 利用AI大模型，一键生成高清短视频 Generate short videos with one click using AI LLM.
HqWu-HITCS/Awesome-Chinese-LLM - 整理开源的中文大语言模型，以规模较小、可私有化部署、训练成本较低的模型为主，包括底座模型，垂直领域微调及应用，数据集与教程等。
hua1995116/awesome-ai-painting - AI绘画资料合集（包含国内外可使用平台、使用教程、参数教程、部署教程、业界新闻等等） Stable diffusion、AnimateDiff、Stable Cascade 、Stable SDXL Turbo
JiauZhang/DragGAN - Implementation of DragGAN: Interactive Point-based Manipulation on the Generative Image Manifold
kaixindelele/ChatPaper - Use ChatGPT to summarize the arXiv papers. 全流程加速科研，利用chatgpt进行论文全文总结+专业翻译+润色+审稿+审稿回复
langchain-ai/langchain - 🦜🔗 Build context-aware reasoning applications
langgenius/dify - Production-ready platform for agentic workflow development.
lich0821/WeChatFerry - 微信机器人，可接入DeepSeek、Gemini、ChatGPT、ChatGLM、讯飞星火、Tigerbot等大模型。微信 hook WeChat Robot Hook.
linyiLYi/pose-monitor - “让爷康康”是一款手机 AI 应用程序，可以监测不良坐姿并进行语音提示
linyiLYi/street-fighter-ai - This is an AI agent for Street Fighter II Champion Edition.
microsoft/ai-agents-for-beginners - 11 Lessons to Get Started Building AI Agents
Mintplex-Labs/anything-llm - The all-in-one Desktop & Docker AI application with built-in RAG, AI agents, No-code agent builder, MCP compatibility, and more.
modelcontextprotocol/servers - Model Context Protocol Servers
NanSsye/xxx-on-wechat - dow新协议接口
netease-youdao/QAnything - Question and Answer based on Anything.
ollama/ollama - Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 3, Mistral Small 3.1 and other large language models.
open-webui/open-webui - User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
OpenInterpreter/open-interpreter - A natural language interface for computers
pandolia/qqbot - QQBot: A conversation robot base on Tencent's SmartQQ
pengxiao-song/LaWGPT - 🎉 Repo for LaWGPT, Chinese-Llama tuned with Chinese Legal knowledge. 基于中文法律知识的大语言模型
phishai/phish-protect - Chrome extension to alert and possibly block IDN/Unicode websites and zero-day phishing websites using AI and Computer Vision.
PlexPt/awesome-chatgpt-prompts-zh - ChatGPT 中文调教指南。各种场景使用指南。学习怎么让它听你的话。
RVC-Boss/GPT-SoVITS - 1 min voice data can also be used to train a good TTS model! (few shot voice cloning)
s0md3v/roop - one-click face swap
sczhou/CodeFormer - [NeurIPS 2022] Towards Robust Blind Face Restoration with Codebook Lookup Transformer
Significant-Gravitas/AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
sml2h3/ddddocr - 带带弟弟通用验证码识别OCR pypi版
svc-develop-team/so-vits-svc - SoftVC VITS Singing Voice Conversion
TencentARC/GFPGAN - GFPGAN aims at developing Practical Algorithms for Real-world Face Restoration.
TencentARC/PhotoMaker - PhotoMaker [CVPR 2024]
UFund-Me/Qbot - [🔥updating ...] AI 自动量化交易机器人(完全本地部署) AI-powered Quantitative Investment Research Platform. 📃 online docs: https://ufund-me.github.io/Qbot ✨ :news: qbot-mini: https://github.com/Charmve/iQuant
upstash/context7 - Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors
voicepaw/so-vits-svc-fork - so-vits-svc fork with realtime support, improved interface and more features.
wong2/chatgpt-google-extension - This project is deprecated. Check my new project ChatHub:
XingangPan/DragGAN - Official Code for DragGAN (SIGGRAPH 2023)
xyTom/snippai - Snip Anything Solve Everything
yuanzhoulvpi2017/zero_nlp - 中文nlp解决方案(大模型、数据、模型、训练、推理)
Yue-Yang/ChatGPT-Siri - Shortcuts for Siri using ChatGPT API gpt-3.5-turbo & gpt-4 model, supports continuous conversations, configure the API key & save chat records. 由 ChatGPT API gpt-3.5-turbo & gpt-4 模型驱动的智能 Siri，支持连续对话，配置API key，配置系统prompt，保存聊天记录。
yzfly/Awesome-MCP-ZH - MCP 资源精选， MCP指南，Claude MCP，MCP Servers, MCP Clients
Zeyi-Lin/HivisionIDPhotos - ⚡️HivisionIDPhotos: a lightweight and efficient AI ID photos tools. 一个轻量级的AI证件照制作算法。
zylon-ai/private-gpt - Interact with your documents using the power of GPT, 100% privately, no data leaks

CTF相关

AabyssZG/AWD-Guide - 从零学习AWD比赛指导手册以及AWD脚本整理
BeichenDream/ISC2022Code -
bet4it/hyperpwn - A hyper plugin to provide a flexible GDB GUI frontend with the help of GEF, pwndbg or peda
bfengj/CTF - 关于我在CTF中的所有东西
Bronya-Rayi/auto-misc-pic - 自动检测ctf中的图片隐写
DasSecurity-HatLab/AoiAWD - AoiAWD-专为比赛设计，便携性好，低权限运行的EDR系统。
datouo/CTF-Java-Gadget - CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段
ErodedElk/BinaryAbyss - 二进制安全系列课程。以 CTF(Capture The Flag) 为导向，预计将会包括 Basic(基础知识)、 Pwn(二进制漏洞利用) 与 Reverse(逆向工程) 三部分主要内容以及 Other(其他内容)。
giantbranch/pwn_deploy_chroot - 可以方便地部署一个或者多个pwn题到一个docker容器中（使用chroot，并可以设置是否使用我自己写的catflag程序替换默认的/bin/sh程序，以增加安全性）
Hakumarachi/Bropper - An automatic Blind ROP exploitation tool
isee15/ctf-tools - 网鼎杯培训用到的一些ctf工具(javafx)，编解码，键盘和鼠标抓包解密，维吉尼亚暴力破解，zip crc暴力破解，曼彻斯特解码等。
lexsd6/LibcSearcher_plus - Libsearcher improved according to my personal habits.LibcSearcher所启发优化而来的项目优化代码部分逻辑，使在使用更便捷的基础上，添加one_gatge查询功能。
livz/cloacked-pixel - LSB steganography and detection
Marven11/Fenjing - 专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF
Panagiotis-INS/Cyber-Defenders - This repo is all about Blue teamming and CyberDefenders Write-up for their DFIR challenges
Paradoxis/Flask-Unsign - Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
playGitboy/bruteHASH - 为CTF而生，随机或穷举指定格式HASH值，支持Fuzz MD系列、SHA系列等常见HASH类型
ProbiusOfficial/bashFuck - exec BashCommand with only ! # $ ' ( ) < \ { } just 10 charset used in Bypass or CTF
ProbiusOfficial/CTF-OS - 【Hello CTF】专为CTF比赛封装的虚拟机，基于工具集封装多个版本和系统，更多选择，开箱即用。比赛愉快！
ProbiusOfficial/CTFtools-wiki - 【Hello CTF】录常用 / 优秀的CTF工具项目及其文档,一个对各阶段CTFer都很友好的工具仓库,让所有的工具都发挥作用！
ProbiusOfficial/Hello-CTF - 【Hello CTF】题目配套，免费开源的CTF入门教程，针对0基础新手编写，同时兼顾信息差的填补，对各阶段的CTFer都友好的开源教程，致力于CTF和网络安全的开源生态！
ProbiusOfficial/Nodejs-labs - 【Hello-CTF labs】从0开始的原型链污染系列题目
RoderickChan/pwncli - Do pwn by command line
RsaCtfTool/RsaCtfTool - RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
shellphish/how2heap - A repository for learning various heap exploitation techniques.
skyf0l/RsaCracker - Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH in PEM and DER formats.
sourcekris/RsaCtfTool - RSA CTF Tool - Tool to attack RSA public keys and ciphertexts in common ways
yulate/CtfAgent - ctf awd比赛快速hook java题，提供一键流量转发，无痛修复
Zeecka/AperiSolve - Steganalysis web platform

DevOps

Aethersailor/Custom_OpenClash_Rules - 分流完善的 OpenClash 订阅转换模板，搭配保姆级 OpenClash 设置教程，无需套娃其他插件即可实现完美分流、DNS无污染无泄漏，且快速的国内外上网体验。
apache/airflow - Apache Airflow - A platform to programmatically author, schedule, and monitor workflows
bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
cider-security-research/cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
comwrg/package-manager-proxy-settings - 记录各个包管理器代理设置坑点。
dani-garcia/vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
deviantony/docker-elk - The Elastic stack (ELK) powered by Docker and Compose.
docker/awesome-compose - Awesome Docker Compose samples
dockur/windows - Windows inside a Docker container.
dromara/domain-admin - 域名SSL证书监测平台、SSL证书申请自动续签。Domain and SSL Cert monitor System.
easzlab/kubeasz - 使用Ansible脚本安装K8S集群，介绍组件交互原理，方便直接，不受国内网络环境影响
eip-work/kuboard-press - Kuboard 是基于 Kubernetes 的微服务管理界面。同时提供 Kubernetes 免费中文教程，入门教程，最新版本的 Kubernetes v1.23.4 安装手册，(k8s install) 在线答疑，持续更新。
emby-keeper/emby-keeper - Embykeeper 是一个用于 Emby 签到和保号的自动执行工具
funkpopo/torture_dev - Push your colleagues
goreleaser/goreleaser - Release engineering, simplified
helm/helm - The Kubernetes Package Manager
isacikgoz/gitbatch - manage your git repositories in one place
jammsen/docker-palworld-dedicated-server - Docker container to easily provision and manage Palworld Dedicated Server
kiddin9/Kwrt - openwrt 软路由固件
kmahyyg/ztncui-aio - Licensed Under AGPL v3
kubernetes/kompose - Convert Compose to Kubernetes
louislam/uptime-kuma - A fancy self-hosted monitoring tool
LuckyPuppy514/automatic-theater - 利用 Docker 打造自动化家庭影院，开箱即用
milanm/DevOps-Roadmap - DevOps Roadmap for 2025. with learning resources
orbstack/orbstack - Fast, light, simple Docker containers & Linux machines
projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
pterodactyl-china/panel - 【翼龙面板汉化版】Pterodactyl®的中文汉化并国内本土化版本，并实时更新主分支的dev内容。
QAX-A-Team/WeblogicEnvironment - Weblogic环境搭建工具
siglens/siglens - 100x Efficient Log Management than Splunk 🚀 Reduce your observability cost by 90%
spiritLHLS/ecs - VPS 融合怪服务器测评项目更推荐使用无环境依赖的Go版本 VPS Fusion Monster Server Test Script – More recommended to use the Go version with no environment dependencies: https://github.com/oneclickvirt/ecs
sqlsec/PVE - 国光的 PVE 生产力环境搭建教程
sqlsec/Vmware-ESXi-OpenCore - Vmware ESXi Hackintosh OpenCore EFI for macOS 12.X/13.X
thijsvanloef/palworld-server-docker - A Docker Container to easily run a Palworld dedicated server.
w5teams/w5 - Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效
wavestone-cdt/DEFCON-CICD-pipelines-workshop -
xubiaolin/docker-zerotier-planet - 一分钟私有部署zerotier-planet服务
yonyoucloud/install_k8s - 一键安装kubernets(k8s)系统，采用RBAC模式运行（证书安全认证模式），既可以单台安装、也可以集群安装，并且完全是生产环境的安装标准。有疑问大家可以加我微信沟通：bsh888
ys1231/MoveCertificate - 支持Android7-15移动证书，兼容magiskv20.4+/kernelsu/APatch, Support Android7-15, compatible with magiskv20.4+/kernelsu/APatch
zq1997/deepin-wine - 【deepin源移植】Debian/Ubuntu上的QQ/微信快速安装方式

LLM安全

agiresearch/ASB - Agent Security Bench (ASB)
ddzipp/AutoAudit - AutoAudit—— the LLM for Cyber Security 网络安全大语言模型
guardrails-ai/guardrails - Adding guardrails to large language models.
meta-llama/PurpleLlama - Set of tools to assess and improve LLM security.
msoedov/agentic_security - Agentic LLM Vulnerability Scanner / AI red teaming kit 🧪
NVIDIA/garak - the LLM vulnerability scanner
NVIDIA/NeMo-Guardrails - NeMo Guardrails is an open-source toolkit for easily adding programmable guardrails to LLM-based conversational systems.
protectai/rebuff - LLM Prompt Injection Detector
SEC-CAFE/handbook - 安全手册，企业安全实践、攻防与安全研究知识库
slowmist/MCP-Security-Checklist - A comprehensive security checklist for MCP-based AI tools. Built by SlowMist to safeguard LLM plugin ecosystems.
thu-coai/Safety-Prompts - Chinese safety prompts for evaluating and improving the safety of LLMs. 中文安全prompts，用于评估和提升大模型的安全性。
utkusen/promptmap - a prompt injection scanner for custom LLM applications

Web安全

4ra1n/shell-analyzer - 通过 JAVA AGENT 查杀内存马，提供简易方便的 GUI 界面，一键反编译目标环境内存马进行分析，支持远程查杀和本地查杀（注意：仅供本地复现分析学习，请勿用于正式和生产环境）
achuna33/Memoryshell-JavaALL - 收集内存马打入方式
amakerlee/javaweb-vuls -
Anthem-whisper/YApi-Exploit - YApi boolean-based injection exploit.
AntSwordProject/antSword - 中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.
ba0gu0/behinder-decryptor - 用于解密Behinder（冰蝎）webshell流量的Python工具。它能够分析pcap文件，解密并格式化Behinder的HTTP请求和响应数据。
Bbdolt/SeeMore - 漏洞挖掘小工具，用于发现页面中的隐藏可点击元素
BeichenDream/Godzilla - 哥斯拉
BishopFox/jsluice - Extract URLs, paths, secrets, and other interesting bits from JavaScript
brosck/mantra - 「🔑」A tool used to hunt down API key leaks in JS files and pages
Brum3ns/firefly - Black box fuzzer for web applications
chaitin/blazehttp - BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.
chaitin/SafeLine - SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
chushuai/wscan - Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.
cokeBeer/go-sec-code - Go-sec-code is a project for learning Go vulnerability code.
cseroad/Webshell_Generate - 用于生成各类免杀webshell
cujanovic/Markdown-XSS-Payloads - XSS payloads for exploiting Markdown syntax
CuriousLearnerDev/TrafficEye - 该工具适用于 HW 蓝队对网络流量的深入分析，帮助安全研究人员、渗透测试人员及网络管理员等专业人士识别潜在的安全威胁，尤其是针对 Web 应用的攻击（如 SQL 注入、XSS、WebShell 等）。其模块化设计使用户能够根据实际需求自由选择并定制各类功能模块。 This tool is designed to help penetration testers and network administrators identify potential security threats, especially those targeting web applications such as SQL injection, XSS, and WebShells. Its modular desig
doyensec/safeurl - A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
Drun1baby/AWD-AWDP_SecFilters - 为了准备 AWD，写了个 Filter 的集合
eddiechu/File-Smuggling - HTML smuggling is not an evil, it can be useful
Edr4/XSS-Bypass-Filters -
emptybottle-null/Godzilla_null - 哥斯拉二开，基于公开的免杀哥斯拉更改的流量特征。请求包改成json请求!
ffuf/ffuf - Fast web fuzzer written in Go
Fly-Playgroud/Boom - Boom 是一款基于无头浏览器的智能 Web 弱口令（后台密码）爆破\检测工具
Ghr07h/Heimdallr - 一款完全被动监听的谷歌插件，用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗
gprime31/WAF-bypass-xss-payloads - XSS payloads for bypassing WAF. This repository is updating continuously.
hackerscrolls/SecurityTips -
Hardw01f/Vulnerability-goapp - Web application build Golang with Vulnerability
irsdl/top10webseclist - Top Ten Web Hacking Techniques List
JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
juanjolmm/java-secure-file-upload - Java library used to upload files following the security steps described by OWASP
Junehck/SQL-injection-bypass - 记录实战中的各种sql注入绕过姿势
key-networks/ztncui - ZeroTier network controller UI
kk12-30/JSSS-Find - 一个自动化js提取、Api接口测试、暴露端点检测工具
LandGrey/spring-boot-upload-file-lead-to-rce-tricks - spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
LandGrey/webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell
LeadroyaL/java-xxe-defense-demo - java xxe defense demo
leveryd/x-waf - 让"WAF绕过"变得简单
lijiejie/swagger-exp - A Swagger API Exploit
liu673cn/bug - TVbox开源版（空壳-自行配置）
m4ll0k/SecretFinder - SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
MInggongK/jeecg- - jeecg综合漏洞利用工具
misaka19008/PerlinPuzzle-Webshell-PHP - 使用分支对抗技术制作的PHP Webshell，截止2024年1月18日，共数十个查杀引擎免杀
mm0r1/exploits - Pwn stuff.
opensec-cn/conote-community - Conote 综合安全测试平台社区版。
OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
pen4uin/java-memshell-generator - 一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
phith0n/collision-webshell - A webshell and a normal file that have the same MD5
Proviesec/xss-payload-list - xss-payload-list
r0oth3x49/ghauri - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
ReaJason/MemShellParty - Java 内存马开聚会 🎉
safe6Sec/Fastjson - Fastjson姿势技巧集合
shanshanerxi/Memory-horse - 关于内存马的学习研究支持新手从0到1，从内存马原理，内存马植入内存马检测到内存马防御与内存马应急以及内存马查杀全系列java内存马/php/.net/c++/python 喜欢可以点个star 后续持续更新
shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
su18/MemoryShell - JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
SummerSec/JavaLearnVulnerability - Java漏洞学习笔记 Deserialization Vulnerability
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
threedr3am/learnjavabug - Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
tomnomnom/qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
TryGOTry/dogxss - dogxss(基于Go-admin框架和ezxss_payload完成):ezxss的Golang版本.
ttstormxx/jjjjjjjjjjjjjs - 爬网站JS文件，自动fuzz api接口，指定api接口（针对前后端分离项目，可指定后端接口地址），回显api响应
veo/wsMemShell - WebSocket 内存马/Webshell，一种新型内存马/WebShell技术
VMsec/ihoneyBakFileScan_Modify - 批量网站备份文件扫描器，增加文件规则，优化内存占用
wupco/PHP_INCLUDE_TO_SHELL_CHAR_DICT -

bugbounty

0xPugal/One-Liners - A collection of one-liners for bug bounty hunting.
antoinet/swiss-bugbounty-programs - List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
arkadiyt/bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Azathothas/Arsenal - Hastly written Tools & Scripts for Personal Use Cases & Bug Bounties
dwisiswant0/awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
ItsIgnacioPortal/Hacker-Scoper - CLI tool for filtering URLs/IPs with automatically-updated Bug Bounty program scope rules.
KathanP19/JSFScan.sh - Automation for javascript recon in bug bounty.
projectdiscovery/public-bugbounty-programs - Community curated list of public bug bounty and responsible disclosure programs.
RapidDNS/Afuzz - Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
supr4s/WebHackingTools - Automatically install some web hacking/bug bounty tools.
sw33tLie/bbscope - Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
topscoder/subgomain - A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.
twseptian/oneliner-bugbounty - oneliner commands for bug bounties
utkusen/socialhunter - crawls the website and finds broken social media links that can be hijacked

burpsuite插件

API-Security/APIKit - APIKit：Discovery, Scan and Audit APIs Toolkit All In One.
bit4woo/burp-api-common - common methods that used by my burp extension projects
bit4woo/burp-api-drops - burp插件开发指南
c0r1/BypassPro - AutoBypass403-BurpSuite 插件二开重构，优化执行逻辑
cloud-jie/CloudX - 一个基于规则的加解密破签工具
depycode/burpsuite_hack - 一款代理扫描器
f0ng/captcha-killer-modified - captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite
ffffffff0x/burp_nu_te_gen - nuclei模版生成插件
gh0stkey/CaA - CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
JaveleyQAQ/SQL-Injection-Scout - SQL Injection Scout 是一个用于 Burp Suite 的扩展，专为帮助安全研究人员和开发人员检测和分析 SQL 注入漏洞而设计。该扩展提供了丰富的配置选项和直观的用户界面，便于用户自定义扫描和分析过程。
kN6jq/gatherBurp - 一款强大的 burp 安全测试插件，集成多种安全测试功能，支持自动化扫描和手动测试。
KrystianLi/ExchangeOWA - 一款OutLook信息收集工具
Mr-xn/BurpSuite-collections - 有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
outlaws-bai/Galaxy - 一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.
r1is/Magisk_burpsuite_cert - Magisk burpsuite 证书模块，在安卓10以上通过magisk模块快速安装burpsuite证书
saoshao/DetSql - Burp插件，快速探测可能存在SQL注入的请求并标记，提高测试效率
shuanx/BurpAPIFinder - 攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
sleeyax/burp-awesome-tls - Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
smxiazi/NEW_xp_CAPTCHA - xp_CAPTCHA(瞎跑白嫖版) burp 验证码识别 burp插件
smxiazi/xp_CAPTCHA - xp_CAPTCHA_api burp 验证码识别插件调用接口准确率更高
T3nk0/Upload_Auto_Fuzz - 本Burp Suite插件专为文件上传漏洞检测设计，提供自动化Fuzz测试，共500+条payload。
vaycore/OneScan - OneScan 是一款用于递归目录扫描的 BurpSuite 插件
weishen250/npscrack - 蓝队利器、溯源反制、NPS 漏洞利用、NPS exp、NPS poc、Burp插件、一键利用
winezer0/APIFinderPlus - 目标是成为当下最完善的API挖掘工具，实现自动提取响应敏感信息、URI信息，并且对URI进行自动|手动递归检查
yuyan-sec/Doraemon - 渗透辅助 BurpSuite 小插件

云安全

bytedance/Elkeid - Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
cyberark/KubiScan - A tool to scan Kubernetes cluster for risky permissions
duplicati/duplicati - Store securely encrypted backups in the cloud!
Esonhugh/k8spider - Powerful+Fast+Low Privilege Kubernetes discovery tools
Esonhugh/My-Cloud-Security - [ALL IN ONE] Everything that I shared to public about Cloud Security is here.
EvilAnne/lzCloudSecurity - 《云安全攻防入门》教材
honmashironeko/ProxyCat - 一款部署于云端或本地的隧道代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用
houtianze/bypy - Python client for Baidu Yun (Personal Cloud Storage) 百度云/百度网盘Python客户端
HXSecurity/TerraformGoat - TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.
kvesta/vesta - A static analysis of vulnerabilities, Docker and Kubernetes cluster configuration detect toolkit based on the real penetration of cloud computing
longhorn/longhorn - Cloud-Native distributed storage built on and for Kubernetes
RhinoSecurityLabs/cloudgoat - CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
teamssix/awesome-cloud-security - awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员
wgpsec/cloudsword - 一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具

代码审计

AfterSnows/ApricusFindEvil - 检测查杀java内存马
alipay/ant-application-security-testing-benchmark - xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
ASTTeam/CodeQL - 《深入理解CodeQL》Finding vulnerabilities with CodeQL.
ASTTeam/SAST - 《深入理解SAST静态应用安全测试》Static Application Security Testing.
burak0x01/findsecret - Find secret keys from JS file
codefuse-ai/CodeFuse-Query - Query-Based Code Analysis Engine
davincifans101/pinduoduo_backdoor_detailed_report - Maybe the most detailed analysis of pdd backdoors
dota-st/JavaSec - 个人学习Java安全的笔记
Firebasky/CodeqlLearn - 记录学习codeql的过程
Firebasky/Java - 关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
github/codeql - CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
HackJava/HackJava - 《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.
j3ers3/Hello-Java-Sec - ☕️ Java Security，安全编码和代码审计
KimJun1010/inspector - IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）
l3yx/Choccy - GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)
lcark/Tai-e-demo - 用来将Tai-e改造为开箱即用的静态代码安全分析框架的一些demo
Maskhe/javasec - 自己学习java安全的一些总结，主要是安全审计相关
novysodope/javaeasyscan - javaeasyscanner - 富婆系列，代码审计辅助工具，致力于解放大脑，方便双手
one-iast/practice - 手把手教你写IAST系列
pascal-lab/Tai-e - An easy-to-learn/use static analysis framework for Java
proudwind/javasec_study - java代码审计学习笔记
safe6Sec/CodeqlNote - Codeql学习笔记
SpringKill-team/CodeAuditAssistant - 🔍 CodeAuditAssistant - IDEA代码审计插件（公测中） ⚡ 精准追踪复杂调用链 | 🚀 毫秒级方法搜索 | 🔥 内置高危漏洞检测原生集成 | 反编译/路径分析 | 内存优化 | 安全审计利器 🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sinks Native Integration | Decompiler/Path Finder | Memory Optimized
Tencent/secguide - 面向开发人员梳理的代码安全指南
wa1ki0g/NoAuth - java-web 自动化鉴权绕过
waderwu/extractor-java - CodeQL extractor for java, which don't need to compile java source
webraybtl/CodeQLpy - CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。
Xsw6/JavaSec -
Y4tacker/JavaSec - a rep for documenting my study, may be from 0 to 0.1
YulinSec/ChatGPTScan-SAST - 一个基于 ChatGPT 的开源代码审计平台。
YulinSec/ChatGPTScanner - A white box code scan powered by ChatGPT
ZhuriLab/Yi - 项目监控工具以及 Codeql 自动运行

信息搜集

0x727/FingerprintHub - 侦查守卫(ObserverWard)的指纹库
AabyssZG/Open-Source-Information-Leakage - 开源项目信息泄露笔记
Adminisme/SharpRDPLog - Windows rdp相关的登录记录导出工具，可用于后渗透中Windows服务器的信息收集阶段。输出内容包括：本地rdp端口、mstsc缓存、cmdkey缓存、登录成功、失败日志事件。
al-sultani/url-tracker - Change monitoring app that checks the content of web pages in different periods.
AlephNullSK/dnsgen - DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.
Autumn-27/ScopeSentry - ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes
b3nguang/Ollama-Scan - 助你实现Ollama自由，配合FOFA等搜索引擎体验更佳
baiyies/CppWeixinHunter - 微信解密 c++实现。可获取自己电脑上已登录微信的微信号，wxid，手机号，sqlite解密密钥。Search information of Wechat from memory.
bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
blacklanternsecurity/bbot - The recursive internet scanner for hackers. 🧡
burpheart/koko-moni - 一个基于网络空间搜索引擎的攻击面管理平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗
burpheart/yuque-crawl - 语雀爬虫可以保存整个语雀知识库为Markdown格式 (包含完整目录结构和索引)
Byxs20/FlowAnalyzer - FlowAnalyzer是一个流量分析器，用于解析和处理tshark导出的JSON数据文件
chasingboy/dirsx - dirsx 是一款能够自动化过滤扫描结果的目录扫描工具
Ciyfly/Argo - Argo is an automated general crawler for automatically obtaining website URLs . Argo 是一个自动化扫描器爬虫用于自动化获取网站的URL 基于go-rod实现了静态和动态结合的方式来实现
damit5/gitdorks_go - 一款在github上发现敏感信息的自动化收集工具
dark-kingA/superSearchPlus - superSearchPlus是聚合型信息收集插件，支持综合查询，资产测绘查询，信息收集敏感信息提取 js资源扫描目录扫描 vue组件扫描整合了目前常见的资产测绘平台专为白帽子提供快速侦测目标。
DSO-Lab/passets - Passets 是一套开源的被动资产识别框架。
edoardottt/cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
edoardottt/csprecon - Discover new target domains using Content Security Policy
eeeeeeeeee-code/e0e1-abroad - e0e1-abroad 国外项目范围收集
Ernket/ARL-Finger-ADD-Go - ARL(灯塔)批量添加指纹，支持新版(&&)和旧版(仅支持|| 或逻辑)
Fheidt12/Windows_Memory_Search - 基于Go开发检索windows进程字符串工具
Funsiooo/chunsou - Chunsou（春蒐），Python3编写的多线程Web指纹识别工具,适用于安全测试人员前期的资产识别、风险收敛以及企业互联网资产风险摸查。
goclone-dev/goclone - Website Cloner - Utilizes powerful Go routines to clone websites to your computer within seconds.
hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
hanc00l/nemo_go - Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率。
hisxo/gitGraber - gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
honmashironeko/ARL-docker - 基于ARL v2.6.2版本源码，生成docker镜像进行快速部署，同时提供七千多条指纹
hoochanlon/fq-book - 📖《网络代理与VPN应用详解》详细阐述代理、隧道、VPN运作过程，并对GFW策略如：地址端口封锁、服务器缓存投毒、数字验证攻击、SSL连接阻断做相关的原理说明
JDArmy/RPCSCAN - RPC远程主机信息匿名扫描工具
knownsec/LSpider - LSpider 一个为被动扫描器定制的前端爬虫
komomon/Komo - 🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。
lanceliao/china-holiday-calender - 2023-2025中国节假日、调休、补班日历，ICS格式，可供IPhone、Google Calendar、Outlook等客户端订阅，包含节假日API
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
lemonlove7/dirsearch_bypass403 - 目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
loecho-sec/ARL-Finger-ADD - 灯塔（最新版）指纹添加脚本！
MetaCubeX/mihomo - A simple Python Pydantic model for Honkai: Star Rail parsed data from the Mihomo API.
mhmdiaa/second-order - Second-order subdomain takeover scanner
MrWQ/vulnerability-paper - 收集的文章 https://mrwq.github.io/tools/paper/
musana/fuzzuli - fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
musana/mx-takeover - mx-takeover focuses DNS MX records and detects misconfigured MX records.
n0mi1k/apk2url - An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
Naturehi666/searchall - 强大的敏感信息搜索工具
obheda12/GitDorker - A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
oshi/oshi - Native Operating System and Hardware Information
owasp-amass/amass - In-depth attack surface mapping and asset discovery
p1g3/JSINFO-SCAN - 递归式寻找域名和api。
phith0n/vueinfo - Extract website information from Vue
piaolin/DetectDee - DetectDee: Hunt down social media accounts by username, email or phone across social networks.
pingc0y/URLFinder - 一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。
praetorian-inc/fingerprintx - Standalone utility for service discovery on open ports!
projectdiscovery/cdncheck - A utility to detect various technology for a given IP address.
projectdiscovery/chaos-client - Go client to communicate with Chaos DB API.
projectdiscovery/katana - A next-generation crawling and spidering framework.
projectdiscovery/uncover - Quickly discover exposed hosts on the internet using multiple search engines.
projectdiscovery/urlfinder - A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
Ridter/Intranet_Penetration_Tips - 2018年初整理的一些内网渗透TIPS，后面更新的慢，所以整理出来希望跟小伙伴们一起更新维护~
s0md3v/Arjun - HTTP parameter discovery suite.
Sh1Yo/x8 - Hidden parameters discovery suite
shengcaishizhan/kkndme_tianya - 天涯 kkndme 神贴聊房价
sherlock-project/sherlock - Hunt down social media accounts by username across social networks
SiJiDo/H - H是一款强大的资产收集管理平台
SiJiDo/IEyes - icp备案查询
SocialSisterYi/OpenSTD_Spider - 国家标准全文公开系统下载工具
superzhang21/ghostwriter - 影子作家（ghostwriter），一些人的写作或语言特征。
Taonn/EmailAll - EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
TapXWorld/ChinaTextbook - 所有小初高、大学PDF教材。
thinkoaa/Deadpool - deadpool代理池工具，可从hunter、quake、fofa等网络空间测绘平台取高质量socks5代理，或本地导入socks5代理，轮询使用代理进行流量转发。
Threezh1/JSFinder - JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
TideSec/TideFinger_Go - 一个Go版(更强大)的TideFinger指纹识别工具，可对web和主机指纹进行识别探测，整合梳理互联网指纹2.3W余条，在效率和指纹覆盖面方面进行了平衡和优化。
tomnomnom/unfurl - Pull out bits of URLs provided on stdin
tomnomnom/waybackurls - Fetch all the URLs that the Wayback Machine knows about for a domain
vvmdx/Sec-Interview-4-2023 - 一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
wgpsec/ENScan_GO - 一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
xgit01/sgkrank - 2024最新免费社工库排行
xiangyuecn/AreaCity-JsSpider-StatsGov - 省市区县乡镇三级或四级城市数据，带拼音标注、坐标、行政区域边界范围；2025年01月14日最新采集，提供csv格式文件，支持在线转成多级联动js代码、通用json格式，提供软件转成shp、geojson、sql、导入数据库；带浏览器里面运行的js采集源码，综合了中华人民共和国民政部、国家统计局、高德地图、腾讯地图行政区划数据
XinRoom/go-portScan - High-performance port scanner. 高性能端口扫描器. syn scanner
xnl-h4ck3r/waymore - Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
YouChenJun/Keydd - 从流量包匹配敏感信息的工具-可用作bp、浏览器的下游代理。0感知、无卡顿，支持https。
zema1/watchvuln - 一个高价值漏洞采集与推送服务 | Collect valueable vulnerabilities and push them to various services
zer0yu/CyberSecurityRSS - CyberSecurityRSS: A collection of cybersecurity rss to make you better!

其他

b1ank1108/b1ank1108 -
CHERWING/CHERWIN_SCRIPTS - 永辉生活脚本 | 顺丰速运脚本 | 朴朴超市脚本 | 统一茄皇脚本 | 海底捞小程序脚本 | 口味王会员中心小程序脚本 | 霸王茶姬小程序脚本 | 奈雪点单小程序脚本 | 卡夫亨氏新厨艺公众号脚本 | 韵达快递小程序脚本 | 中通快递小程序脚本 | 德邦快递小程序脚本 | 极兔速递小程序脚本 | 夸克云盘 | 网易生活研究社小程序脚本 | 顾家家居小程序脚本 | 宽哥之家小程序脚本 | 特步会员中心小程序脚本 | 乐事心动社小程序脚本 | EMS邮惠中心小程序脚本 | hotwind热风微商城小程序脚本 | 统一快乐星球小程序脚本 |老板电器服务微商城小程序
coder2gwy/coder2gwy - 互联网首份程序员考公指南，由3位已经进入体制内的前大厂程序员联合献上。
The-Run-Philosophy-Organization/run - 润学全球官方指定GITHUB，整理润学宗旨、纲领、理论和各类润之实例；解决为什么润，润去哪里，怎么润三大问题；并成为新中国人的核心宗教，核心信念。
tomnomnom/hacks - A collection of hacks and one-off scripts
yuanninesuns/AutoHS - 炉石传说脚本（经典模式）
zijie0/HumanSystemOptimization - 健康学习到150岁 - 人体系统调优不完全指南

取证溯源

A-poc/BlueTeam-Tools - Tools and Techniques for Blue Team / Incident Response
Fheidt12/Windows_Log - 基于Go编写的windows日志分析工具
goodlunatic/Docker-ProfileMaker-vol2 - 使用Docker一键制作Vol2取证需要的Profile
keydet89/RegRipper3.0 - RegRipper3.0
keydet89/RegRipper4.0 - RegRipper4.0
mir1ce/Hawkeye - Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析，进程扫描，主机信息于一体的综合应急响应分析工具
Ppsoft1991/ChatViewTools - 红队的微信聊天记录取证工具
SpenserCai/GoWxDump - SharpWxDump的Go语言版。微信客户端取证，获取信息(微信号、手机号、昵称)，微信聊天记录分析(Top N聊天的人、统计聊天最频繁的好友排行、关键词列表搜索等)
Tokeii0/LovelyMem - 基于Memprocfs和Volatility的可视化内存取证工具
Tokeii0/VolatilityPro - 一款用于自动化处理内存取证的Python脚本，并提供GUI界面
WangYihang/UsbKeyboardDataHacker - USB键盘流量包取证工具 , 用于恢复用户的击键信息

开发工具&框架

actiontech/sqle - 一个支持多种不同类型数据库，覆盖事前控制、事后监督、标准发布场景，帮助您建立质量规范的SQL全生命周期质量管理平台
adamchainz/django-cors-headers - Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)
AlistGo/alist - 🗂️A file list/WebDAV program that supports multiple storages, powered by Gin and Solidjs. / 一个支持多存储的文件列表/WebDAV程序，使用 Gin 和 Solidjs。
allenymt/PrivacySentry - Android隐私合规整改检测工具，注解+Asm修改字节码的检测方案
anhkgg/anhkgg-tools - Anhkgg's Tools
AppHouseKitchen/AlDente-Charge-Limiter - Menubar Tool to set Charge Limits and Prolong Battery Lifespan
arco-design/arco-design-pro-vue - An out-of-the-box solution to quickly build enterprise-level applications based on Arco Design.
ArcSurge/Termius-Pro-zh_CN - Termius汉化
aristocratos/btop - A monitor of resources
astral-sh/uv - An extremely fast Python package and project manager, written in Rust.
Autumn-27/ScopeSentry-UI - ScopeSentry工具的前端UI
ayangweb/BongoCat - 🐱 跨平台桌宠 BongoCat，为桌面增添乐趣！
b1ank1108/tg-fwd - Telegram 频道转发工具，支持禁止转发消息的频道
ballcat-projects/ballcat - 😸一个快速开发脚手架，快速搭建企业级后台管理系统，并提供多种便捷starter进行功能扩展。主要功能包括前后台用户分离，菜单权限，数据权限，定时任务，访问日志，操作日志，异常日志，统一异常处理，XSS过滤，SQL防注入，国际化等多种功能
barry-ran/QtScrcpy - Android real-time display control software
beck-8/subs-check - 订阅转换、测速、测活、流媒体检测、重命名、导出为clash.meta/clash/base64/qx等等所有格式的工具
beihaili/Get-Started-with-Web3 - 自学入门Web3不是一件容易的事，作为一个刚刚入门Web3的新人，梳理一下最简单直观的Web3小白入门教程。整合开源社区优质资源，为大家从入门到精通web3指路。每周更新
BeyondDimension/SteamTools - 🛠「Watt Toolkit」是一个开源跨平台的多功能 Steam 工具箱。
bigintpro/csdn_downloader - csdn下载，csdn免积分下载，csdn免会员下载，csdn付费内容下载免费资源体验地址:http://servicedev.tpddns.cn:8181/#/login?c=12
blackmatrix7/ios_rule_script - 分流规则、重写写规则及脚本。
bnb/awesome-hyper - 🖥 Delightful Hyper plugins, themes, and resources
bzsome/idcard_generator - 身份证图片生成工具-仅供学习交流。已打包Maocs app和Windows exe，可直接下载使用
cfour-hi/gitstars - Github Starred Repositories Manager
chabou/hyper-pane - Extension for Hyper.app to enhance pane navigation.
charmbracelet/pop - Send emails from your terminal 📬
chen08209/FlClash - A multi-platform proxy client based on ClashMeta,simple and easy to use, open-source and ad-free.
chengazhen/cursor-auto-free - auto sign cursor
chenyufeng1991/BinaryTree - C语言实现二叉树的基本操作
Cloxl/CursorPool_Client - CursorPool客户端，支持windows系统和mac，支持cursor一键换号、重置机器码、禁用Cursor自动更新
CodePhiliaX/Chat2DB - 🔥🔥🔥AI-driven database tool and SQL client, The hottest GUI client, supporting MySQL, Oracle, PostgreSQL, DB2, SQL Server, DB2, SQLite, H2, ClickHouse, and more.
core-lib/xjar - Spring Boot JAR 安全加密运行工具，支持的原生JAR。
DeEpinGh0st/MDUT-Extend-Release - MDUT-Extend(扩展版本)
dev-coco/Deep-Clean - Deep clean junk files. 深度清理垃圾软件。
duanbiaowu/go-examples-for-beginners - To help you get started quickly and improve in the Go programming language
dunwu/java-tutorial - ☕ 老司机在 Java 技术领域的十年积累。
eatmoreapple/openwechat - golang微信SDK
elastic/go-elasticsearch - The official Go client for Elasticsearch
electron/electron - Build cross-platform desktop apps with JavaScript, HTML, and CSS
elunez/eladmin - eladmin jpa 版本：项目基于 Spring Boot 2.7.18、 Jpa、 Spring Security、Redis、Vue的前后端分离的后台管理系统，项目采用分模块开发方式，权限控制采用 RBAC，支持数据字典与数据权限管理，支持一键生成前后端代码，支持动态路由
elunez/eladmin-web - eladmin jpa版本：前端源码，项目基于 Spring Boot 2.7.18 、 Spring Boot Jpa、 Spring Security、Redis、Vue的前后端分离后台管理系统
encode/django-rest-framework - Web APIs for Django. 🎸
everythingbest/dubbo-postman - DUBBO-POSTMAN: 一个用于通过web-ui页面访问dubbo接口的工具，可以进行dubbo接口测试，dubbo接口集成测试，dubbo接口场景测试
fengyuhetao/shell - Linux命令行与shell脚本编程大全案例
fifty-six/Scarab - An installer for Hollow Knight mods written in Avalonia.
firerpa/lamda - The most powerful Android RPA agent framework, next generation of mobile automation robots.
flipped-aurora/gin-vue-admin - 🚀Vite+Vue3+Gin拥有AI辅助的基础开发平台，支持TS和JS混用。它集成了JWT鉴权、权限管理、动态路由、显隐可控组件、分页封装、多点登录拦截、资源权限、上传下载、代码生成器、表单生成器和可配置的导入导出等开发必备功能。
FloatTech/ZeroBot-Plugin - 基于 ZeroBot 的 OneBot 插件
fossfreedom/indicator-sysmonitor - Ayatana application indicator to show various system parameters - Debian and Ubuntu
frank-bots/cqhttp.Cyan - Yet another C# Wrapper for cqhttp
FreeTubeApp/FreeTube - An Open Source YouTube app for privacy
freqtrade/freqtrade - Free, open source crypto trading bot
gedoor/legado - Legado 3.0 Book Reader with powerful controls & full functions❤️阅读3.0, 阅读是一款可以自定义来源阅读网络内容的工具，为广大网络文学爱好者提供一种方便、快捷舒适的试读体验。
getcursor/cursor - The AI Code Editor
gin-gonic/gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
ginuerzh/gost - GO Simple Tunnel - a simple tunnel written in golang
gitbobobo/StreamMusic - 支持 Android、iOS、macOS、Windows 平台的 Subsonic/Navidrome/Jellyfin/Emby/AudioStation 客户端。
github/github-mcp-server - GitHub's official MCP Server
go-gorm/gorm - The fantastic ORM library for Golang, aims to be developer friendly
go-playground/validator - 💯Go Struct and Field validation, including Cross Field, Cross Struct, Map, Slice and Array diving
go-yaml/yaml - YAML support for the Go language.
google/python-fire - Python Fire is a library for automatically generating command line interfaces (CLIs) from absolutely any Python object.
goplus/llgo - A Go compiler based on LLVM in order to better integrate Go with the C ecosystem including Python
h3h3qaq/JavaDecompiler - 一个基于 Vineflower 引擎的多线程 Java 批量反编译工具，支持快速处理大量的 class 文件和 JAR 文件。
hamibot/hamibot - 安卓平台自动化工具，无需 root。
Helixform/CodeCursor - An extension for using Cursor in Visual Studio Code.
hiddify/hiddify-app - Multi-platform auto-proxy client, supporting Sing-box, X-ray, TUIC, Hysteria, Reality, Trojan, SSH etc. It’s an open-source, secure and ad-free.
hitsz-ids/auto-regex - automatic regex generation tool
hslr-s/sun-panel - A server, NAS navigation panel, Homepage, browser homepage. | 一个服务器、NAS导航面板、Homepage、浏览器首页。
immersive-translate/immersive-translate - 沉浸式双语网页翻译扩展 , 支持输入框翻译，鼠标悬停翻译， PDF, Epub, 字幕文件, TXT 文件翻译 - Immersive Dual Web Page Translation Extension
imroc/req - Simple Go HTTP client with Black Magic
IndustriousSnail/javassist-learn - Javassist官方文档中文翻译
ityouknow/spring-boot-examples - about learning Spring Boot via examples. Spring Boot 教程、技术栈示例代码，快速简单上手教程。
jar-analyzer/jar-analyzer-v1-gui - 建议使用新版：https://github.com/jar-analyzer/jar-analyzer
jar-analyzer/jar-obfuscator - Jar Obfuscator V2 - 一个 JAR 文件保护混淆工具，支持包名/类名/方法名/字段名/参数名引用分析和重命名混淆方式，支持字符串加密/整型异或混淆/垃圾代码花指令混淆/等方式，支持方法和字段的隐藏，支持 SpringBoot 和 war 包，配置简单，文档教程齐全，容易上手
JDArmy/TextWatermark - Watermark For Text
jetify-com/devbox - Instant, easy, and predictable development environments
JingMatrix/LSPosed - LSPosed Framework resuscitated
joshpxyne/gpt-migrate - Easily migrate your codebase from one framework or language to another.
kingparks/cursor-vip - cursor IDE enjoy VIP
kivvi3412/HandWrite - 本项目为解决一些大学无用手写作业
krahets/hello-algo - 《Hello 算法》：动画图解、一键运行的数据结构与算法教程。支持 Python, Java, C++, C, C#, JS, Go, Swift, Rust, Ruby, Kotlin, TS, Dart 代码。简体版和繁体版同步更新，English version in translation
lapce/lapce - Lightning-fast and Powerful Code Editor written in Rust
LearnGolang/LearnGolang - 《Golang学习资源大全-只有Go语言才能改变世界》Only Golang Can Change The World.
liqianglog/django-vue-admin - A complete set of basic development platform for permission control based on RBAC model, with front-end and back-end separation, and the back-end using django+django-rest-framework, while the frontend using Vue+ElementUI+d2admin.
Liubsyy/JarEditor - IDEA plugin for directly editing and modifying files in jar without decompression. （一款无需解压直接编辑修改jar包内文件的IDEA插件）
longbridge/autocorrect - Automatically add whitespace between Chinese and half-width characters (alphabetical letters, numerical digits and symbols).
loov/goda - Go Dependency Analysis toolkit
LubyRuffy/ProxyCraft - ProxyCraft 是一款轻量级、高性能的命令行代理工具，本身为 HTTP 代理协议，支持 HTTPS/HTTP2/SSE 特性，用于进行本地抓包分析。它专为开发人员、安全测试人员和网络管理员设计，提供便捷的流量观察、分析和调试能力。
MichaelXF/js-confuser - JS-Confuser is a JavaScript obfuscation tool to make your programs impossible to read.
momosecurity/rhizobia_J - JAVA安全SDK及编码规范
muzihuaner/all-in-one - All-in-One 搞基手册
n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
Netskao/MacOS-Utils - MacOS-Apps-Utils
noidsirius/SootTutorial - A step-by-step tutorial for Soot (a Java static analysis framework)
NotoChen/Jetbrains-Help - 一个有助于提升Jetbrains服务商相关产品易用性的工具
oae/gnome-shell-pano - Next-gen Clipboard Manager for Gnome Shell
ocrmypdf/OCRmyPDF - OCRmyPDF adds an OCR text layer to scanned PDF files, allowing them to be searched
OdysseusYuan/LKY_OfficeTools - 一键自动化下载、安装、激活 Office 的利器。
OmegaChan/chanHooks -
opendatalab/MinerU - A high-quality tool for convert PDF to Markdown and JSON.一站式开源高质量数据提取工具，将PDF转换成Markdown和JSON格式。
orcaman/concurrent-map - a thread-safe concurrent map for go
oven-sh/bun - Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
polhenarejos/pico-fido - FIDO Passkey for Raspberry Pico and ESP32
pppscn/SmsForwarder - 短信转发器——监控Android手机短信、来电、APP通知，并根据指定规则转发到其他手机：钉钉群自定义机器人、钉钉企业内机器人、企业微信群机器人、飞书机器人、企业微信应用消息、邮箱、bark、webhook、Telegram机器人、Server酱、PushPlus、手机短信等。包括主动控制服务端与客户端，让你轻松远程发短信、查短信、查通话、查话簿、查电量等。（V3.0 新增）PS.这个APK主要是学习与自用，如有BUG请提ISSUE，同时欢迎大家提PR指正
projectdiscovery/retryablehttp-go - Package retryablehttp provides a familiar HTTP client interface with automatic retries and exponential backoff
projectdiscovery/simplehttpserver - Go alternative of python SimpleHTTPServer
projectdiscovery/utils - Helper Libraries
public-apis/public-apis - A collective list of free APIs
PuerkitoBio/goquery - A little like that j-thing, only in Go.
punkpeye/awesome-mcp-servers - A collection of MCP servers.
qax-os/excelize - Go language library for reading and writing Microsoft Excel™ (XLAM / XLSM / XLSX / XLTM / XLTX) spreadsheets
qiwentaidi/Slack - 安全服务集成化工具集
Qv2ray/Qv2ray - ⭐ Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 ⭐
rajnandan1/kener - Stunning status pages, batteries included!
RealKai42/qwerty-learner - 为键盘工作者设计的单词记忆与英语肌肉记忆锻炼软件 / Words learning and English muscle memory training software designed for keyboard workers
renatoathaydes/rawhttp - HTTP library to make it easy to deal with raw HTTP.
roseboy/classfinal - Java Class Encryption Tool
RubyMetric/chsrc - chsrc 全平台通用换源工具与框架. Change Source everywhere for every software
sinamics/ztnet - ZTNET - ZeroTier Web UI for Private Controllers with Multiuser and Organization Support.
sjzar/chatlog - chat log tool, easily use your own chat data. 聊天记录工具，轻松使用自己的聊天数据
smartian1/tgtrader - 量化交易工具集，旨在以低代码的方式，来进行量化投研、回测和交易（微信公众号：天工量化）
sqlsec/GG-Present - 国光自用的 TouchBar MTMR 规则
stagewise-io/stagewise - What if Cursor, Github Copilot and Windsurf could actually interact with your browser? 💬 Comment on any DOM element 🧠 We send the real context to Windsurf ⚡ Save time manually selecting files Setup in 30 seconds, fully open-source, works first prompt. Supports every framework with first party support for React, Next.js, Vue and Nuxt.js
Stengo/DeskPad - A virtual monitor for screen sharing
Stirling-Tools/Stirling-PDF - #1 Locally hosted web application that allows you to perform various operations on PDF files
sub-store-org/Sub-Store - Advanced Subscription Manager for QX, Loon, Surge, Stash, Egern and Shadowrocket!
svcvit/Awesome-Dify-Workflow - 分享一些好用的 Dify DSL 工作流程，自用、学习两相宜。 Sharing some Dify workflows.
swaggo/gin-swagger - gin middleware to automatically generate RESTful API documentation with Swagger 2.0.
tauri-apps/tauri - Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
tisfeng/Easydict - 一个简洁优雅的词典翻译 macOS App。开箱即用，支持离线 OCR 识别，支持有道词典，🍎 苹果系统词典，🍎 苹果系统翻译，OpenAI，Gemini，DeepL，Google，Bing，腾讯，百度，阿里，小牛，彩云和火山翻译。A concise and elegant Dictionary and Translator macOS App for looking up words and translating text.
tjfoc/gmsm - GM SM2/3/4 library based on Golang (基于Go语言的国密SM2/SM3/SM4算法库)
tomnomnom/anew - A tool for adding new lines to files, skipping duplicates
Toxblh/MTMR - 🌟 [My TouchBar My rules]. The Touch Bar Customisation App for your MacBook Pro
tsukinaha/tsukimi - A simple third-party Emby client for Linux
turn1tup/JspEncounter -
twgh/xcgui - 炫彩界面库. Go GUI library. Golang bindings for XCGUI, Windows GUI library, DirectUI design idea.
twtrubiks/django-celery-tutorial - Django Celery Tutorial
uber-go/goleak - Goroutine leak detector
ulisesbocchio/jasypt-spring-boot - Jasypt integration for Spring boot
utmapp/UTM - Virtual machines for iOS and macOS
vannvan/yuque-tools - 🧰 玩转语雀-朴实无华的语雀工具集合，语雀知识库+团队资源批量导出/备份工具(无需Token)｜浏览器插件助手
vercel/next.js - The React Framework
vitalik/django-ninja - 💨 Fast, Async-ready, Openapi, type hints based framework for building APIs
Whisky-App/Whisky - A modern Wine wrapper for macOS built with SwiftUI
wibus-wee/InjectGUI - macOS Integrated Injection Framework (GUI version)
X1a0He/Adobe-Downloader - macOS Adobe apps download & installer
xfangfang/Macast - Macast is a cross-platform application which using mpv as DLNA Media Renderer.
XiaoMi/ha_xiaomi_home - Xiaomi Home Integration for Home Assistant
xiaoyaocz/dart_simple_live - 简简单单的看直播
xitu/gold-miner - 🥇掘金翻译计划，可能是世界最大最好的英译中技术社区，最懂读者和译者的翻译平台：
xNul/palworld-host-save-fix - Fixes the bug which forces a player to create a new character when they already have a save. Useful for migrating maps from co-op to dedicated servers and from one dedicated server to another.
xuchengsheng/wx-dump-4j - 一款基于Java开发的微信数据分析工具。
xushengfeng/eSearch - 截屏离线OCR 搜索翻译以图搜图贴图录屏万向滚动截屏屏幕翻译 Screenshot Offline OCR Search Translate Search for picture Paste the picture on the screen Screen recorder Omnidirectional scrolling screenshot Screen translator 支持Windows Linux macOS
xwk134/gin-vue-blog - 本项目使用Vue3+Gin+Gorm+ElasticSearch+WebSocket实现的前后端分离的个人博客
Y2Z/monolith - ⬛️ CLI tool and library for saving complete web pages as a single HTML file
yaklang/yaklang - A programming language exclusively designed for cybersecurity
ydsuper/Typora_Free_Download - Typora _v0.11.18 最新免费版安装包（后面的v1.0就开始收费了）
YMFE/yapi - YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台
yuaotian/go-cursor-help - 解决Cursor在免费订阅期间出现以下提示的问题: Your request has been blocked as our system has detected suspicious activity / You've reached your trial request limit. / Too many free trial accounts used on this machine.
yuque-helper/yuque2book - export yuque repo to a book 将你的语雀文档导出的工具
zema1/suo5 - 一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
zhuifengshen/DingtalkChatbot - 钉钉群自定义机器人消息Python封装

扫描字典

asaotomo/makephonedict - 手机号字典生成器：可以根据用户需求定制化生成中国各大运营商和指定区域的手机号字典，并输出为CVS文件。
Bo0oM/fuzz.txt - Potentially dangerous files
cjh0613/tencent-sensitive-words - 腾讯的离线敏感词库
danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
glitchedgitz/cook - A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.
n0kovo/n0kovo_subdomains - An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
projectdiscovery/alterx - Fast and customizable subdomain wordlist generator using DSL
SexyBeast233/SecDictionary - 实战沉淀字典
trickest/mkpath - Make URL path combinations using a wordlist
z-bool/super-password-dict - 泰坦字典生成器-非常全面的密码字典生成器

漏洞扫描

0xKayala/NucleiScanner - NucleiScanner is a Powerful Automation tool for detecting Unknown Vulnerabilities in the Web Applications
a1phaboy/FastjsonScan - Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
abc123info/Struts2VulsScanTools - 1、点击“检测漏洞”，会自动检测该URL是否存在S2-001、S2-005、S2-009、S2-013、S2-016、S2-019、S2-020/021、S2-032、S2-037、DevMode、S2-045/046、S2-052、S2-048、S2-053、S2-057、S2-061、S2相关log4j2十余种漏洞。 2、“批量验证”，（为防止批量geshell，此功能已经删除，并不再开发）。 3、S2-020、S2-021仅提供漏洞扫描功能，因漏洞利用exp很大几率造成网站访问异常，本程序暂不提供。 4、对于需要登录的页面，请勾选“设置全局Cookie值”，并填好相应的Cookie，程序每次发包都会带上Cookie。 5、作者对不同的struts2漏洞测试语句做了大量修改，执行
al0ne/LinuxCheck - Linux应急处置/信息搜集/漏洞检测工具，支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件/内核Rootkit/SSH/Webshell/挖矿文件/挖矿进程/供应链/服务器风险等13类70+项检查
Amulab/CAudit - 集权设施扫描器
Aur0ra-m/APIKiller - API Security DAST & Oprations
Autumn-27/ScopeSentry-Scan - ScopeSentry工具扫描端源码
b1ank1108/BugHunter-Docker -
chaitin/xpoc - 为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergency response tool designed for supply chain vulnerability scanning.
chenjj/CORScanner - 🎯 Fast CORS misconfiguration vulnerabilities scanner
Cl0udG0d/SZhe_Scan - 碎遮SZhe_Scan Web漏洞扫描器，基于python Flask框架，对输入的域名/IP进行全面的信息搜集，漏洞扫描，可自主添加POC
CllmsyK/Thinkphp_Red-Tasselled-Spear - Thinkphp图形化检测工具，仅供学习
CllmsyK/YYBaby-Spring_Scan - 一款针对Spring框架的漏洞扫描及漏洞利用图形化工具
dionach/CMSmap - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
doyensec/regexploit - Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)
dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
Ed1s0nZ/PrivHunterAI - 一款通过被动代理方式，利用主流 AI（如 Kimi、DeepSeek、GPT 等）检测越权漏洞的工具。其核心检测功能依托相关 AI 引擎的开放 API 构建，支持 HTTPS 协议的数据传输与交互。
eeeeeeeeee-code/POC - 备份的漏洞库，3月开始我们来维护
ExpLangcn/NucleiTP - 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC！
expzhizhuo/iotscan-web - 这是一个基于vue3+element-plus+vite4+pinia开发一个资产测绘平台+漏洞扫描的前端项目，提供多种自定义的开发，如果你的扫描器或资产测绘平台不追求UI仅仅是为了快速开发，可以参考此项目。
github/advisory-database - Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
google/osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
honmashironeko/sqlmap-gui - 基于官版本 SQLMAP 进行人工汉化，并提供GUI界面及多个自动化脚本
iamHuFei/HVVault - 梳理【护网高利用率POC】并集成Nuclei模板仓库，针对解决网上同一资产漏洞一键检测工具参次不齐问题。
invariantlabs-ai/mcp-scan - Constrain, log and scan your MCP connections for security vulnerabilities.
jorhelp/Ingram - 网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
jweny/pocassist - 傻瓜式漏洞PoC测试框架
mazen160/secrets-patterns-db - Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
Moopinger/smugglefuzz - A rapid HTTP downgrade smuggling scanner written in Go.
ohnonoyesyes/CVE-2023-25194 -
PentestPad/subzy - Subdomain takeover vulnerability checker
RoomaSec/RmTools - 蓝队应急工具
rtcatc/Packer-Fuzzer - Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
ryandamour/ssrfuzz - SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
shadow1ng/fscan - 一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
smallcham/sec-admin - 分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)
stark0de/nginxpwner - Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
Tencent/AI-Infra-Guard - A comprehensive, intelligent, easy-to-use, and lightweight AI Infrastructure Vulnerability Assessment and MCP Server Security Analysis Tool.
TheKingOfDuck/SinkFinder - 闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
tongcheng-security-team/NextScan - 飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。
TongchengOpenSource/AppScan - 安全隐私卫士（AppScan）一款免费的企业级自动化App隐私合规检测工具。
trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
vi3t1/qq-tim-elevation - CVE-2023-34312
wh1t3zer/SpringBootVul-GUI - 一个半自动化springboot打点工具，内置目前springboot所有漏洞
WindXaa/Android-Vulnerability-Mining - Android APP漏洞之战系列，主要讲述如何快速挖掘APP漏洞
wuba/Antenna - Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。
wudijun/Catcher - Catcher(捕手) 重点系统指纹漏洞验证工具，适用于外网打点，资产梳理漏洞检查。
XiLitter/Tp_Attack_GUI - 自研的利用JavaFX技术编写的针对于Thinkphp框架的图形化漏洞扫描工具，漏洞包括多版本的命令执行和日志泄露
xk11z/unauthorized - 常见的未授权漏洞检测
y1nglamore/IDOR_detect_tool - 一款API水平越权漏洞检测工具
yhy0/ChYing - 承影 - 一款安全工具箱,集成了目录扫描、JWT、Swagger 测试、编/解码、轻量级 BurpSuite、杀软辅助功能
yhy0/Jie - Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)
youki992/VscanPlus - [VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
YYHYlh/Dubbo-Scan - 一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
z-bool/Venom-Crawler - 毒液爬行器：专为捡洞而生的爬虫神器

红队&渗透测试

0range-x/Domain-penetration_one-stop - 域渗透一条龙
0x783kb/Threat-Analysis-Handbook - 常见的攻击行为监测特征及方法，涵盖端点和流量，未包含PowerShell和Sysmon。预祝运营生活愉快！
0xsyr0/OSCP - OSCP Cheat Sheet
4ra1n/mysql-fake-server - 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用
A0WaQ4/HexDnsEchoT - 命令执行不回显但DNS协议出网的命令回显场景解决方案（修改为使用ceye接收请求，添加自定义DNS服务器）
AabyssZG/NavicatPwn - 针对Navicat的后渗透利用框架
AabyssZG/SpringBoot-Scan - 针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具
airman604/jdbc-backdoor - A fake JDBC driver that allows OS command execution.
AlessandroZ/LaZagne - Credentials recovery project
arch3rPro/Pentest-Windows - ⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips
austinsonger/Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
b1-team/superman - 🤖 Kill The Protected Process 🤖
b1ank1108/bypassAV - 破产版免杀
bee-san/RustScan - 🤖 The Modern Port Scanner 🤖
berryalen02/PECracker - 针对PE文件的分离的攻防对抗工具，红队、研究者的好帮手。目前支持文件头伪装、证书区段感染。A no-kill confrontation tool for the separation of PE files, a good helper for red teams and researchers. Currently, file header spoofing and certificate segment infection are supported.
bewhale/thinkphp_gui_tools - ThinkPHP漏洞综合利用工具, 图形化界面, 命令执行, 一键getshell, 批量检测, 日志遍历, session包含,宝塔绕过
burpheart/hachimi - 哈基米一个分布式蜜网系统 | hachimi A Distributed Honeypot System
c1y2m3/FileSearch - C++枚举磁盘列表、遍历指定盘搜索特定类型文件/微信导出密钥,文件回传等功能
carl1l/f403 - 用于渗透测试中对40x页面进行bypass并发扫描,采用go编写
carlospolop/CloudPEASS -
cckuailong/JNDI-Injection-Exploit-Plus - 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
chainreactors/spray - 最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.
charonlight/NacosExploitGUI - Nacos漏洞综合利用GUI工具，集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用
Cherno-x/dataBrawl - 一键生成免杀木马的 shellcode 免杀框架
chriskaliX/AD-Pentest-Notes - 用于记录内网渗透(域渗透)学习 :-)
co01cat/SqlmapXPlus - sqlmap Xplus 基于 sqlmap，对经典的数据库注入漏洞利用工具进行二开！
commixproject/commix - Automated All-in-One OS Command Injection Exploitation Tool.
Conan924/GodInfo - GodInfo 是一个功能全面的后渗透信息和凭据收集工具，旨在帮助安全测试人员在获得授权访问权限后，快速收集目标系统的信息和凭据。
corener/JavaPassDump - JavaPassDump
CreeperKong/zipbomb-generator - A simple zipbomb generator 压缩包炸弹生成器
cseroad/Exp-Tools - 一款集成高危漏洞exp的实用性工具
cube0x0/YubiKey-Relay -
dahezhiquan/CharcoalFire - 炭火，渗透测试全流程工具
Dec0ne/ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
decoder-it/LocalPotato -
DeEpinGh0st/WindowsBaselineAssistant - Windows安全基线核查加固助手
devanshbatham/rayder - A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
Dliv3/redis-rogue-server - Redis 4.x/5.x RCE
eeeeeeeeee-code/e0e1-config - 综合后渗透方面的杂烩
eeeeeeeeee-code/e0e1-wx - 微信小程序辅助渗透-自动化
ekkoo-z/Z-Godzilla_ekp - 哥斯拉webshell管理工具二次开发规避流量检测设备
epinna/tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Esonhugh/Gopherus3 - Python3 Based gopherus, completely refactored and added more feature.
Esonhugh/KubernetesCS - Kubernetes has its “ADCS” -- How To Backdoor a Kubernetes in silence and more persistent?
Esonhugh/sshd_backdoor - /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
euphrat1ca/Security-List - If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中，如果有什么好的意见或建议，请在Issues反馈，感谢您的参与。
EvilAnne/Violation_Pnetest - 渗透红线Checklist
evilashz/PigScheduleTask - 添加计划任务方法集合
fdx-xdf/darkPulse - darkPulse是一个用go编写的shellcode Packer，用于生成各种各样的shellcode loader，免杀火绒，360核晶等国内常见杀软。
feihong-cs/Java-Rce-Echo - Java RCE 回显测试代码
ffffffff0x/1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
fin3ss3g0d/evilgophish - evilginx3 + gophish
Forgo7ten/VulnerableApp - 移动安全_漏洞靶场_Android应用层漏洞
freedomofpress/dangerzone - Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs
G-Security-Team/JS-Forward - 前端参数加密渗透测试通用解决方案
gabriellandau/PPLFault -
Garck3h/cve-2023-38831 - 一款用于生成winrar程序RCE（即cve-2023-38831）的POC的工具。
Getshell/CobaltStrike - CobaltStrike资源大全
Getshell/Fanzhi - 《FanZhi-攻击与反制的艺术》
GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
hackerai-tech/PentestGPT - AI-Powered Penetration Testing Assistant for offensive security testing, focused on web applications and network penetration testing.
hayasec/360SafeBrowsergetpass - 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具，用于节省红队工作量，通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
Hel10-Web/Databasetools - 一款用Go语言编写的数据库自动化提权工具，支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接
HotBoy-java/PotatoTool - 这款工具是一款功能强大的网络安全综合工具，旨在为安全从业者、红蓝对抗人员和网络安全爱好者提供全面的网络安全解决方案。它集成了多种实用功能，包括解密、分析、扫描、溯源等，为用户提供了便捷的操作界面和丰富的功能选择。This tool offers robust network security solutions for professionals and enthusiasts. With features like decryption, analysis, scanning, and traceability, it provides a user-friendly interface and diverse functionality.
intbjw/bimg-shellcode-loader -
JDArmy/BREAK - 业务风险枚举与规避知识框架（Business Risk Enumeration & Avoidance Kownledge）
JerryLinLinLin/Huorong-ATP-Rules - 一款火绒增强HIPS自定义规则
JiaoSuInfoSec/JiaoSuInfoSec_T00ls_Win11 - 角宿武器库官方发布页面
Joe1sn/S-inject - 支持x86/x64的DLL和Shellcode 的Windows注入的免杀工具，支持图形化界面
jpillora/chisel - A fast TCP/UDP tunnel over HTTP
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
KimJun1010/WeblogicTool - WeblogicTool，GUI漏洞利用工具，支持漏洞检测、命令执行、内存马注入、密码解密等（深信服深蓝实验室天威战队强力驱动）
l3yx/jdwp-codeifier - 基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本（动态执行Java/Js代码并获得回显）
LandGrey/SpringBootVulExploit - SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
lemono0/FastJsonParty - FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
liamg/traitor - ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
lijiaxing1997/MpaasPentestTool - mpass移动开发框架ios端抓包hook脚本
linshaoSec/WaterExp - WaterExp:面向安服仔的水报告模板和工具
lintstar/About-Attack - 一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集，降低红队技术门槛的手册【持续更新】
lintstar/CS-AutoPostChain - 基于 OPSEC 的 CobaltStrike 后渗透自动化链
Lotus6/ConfluenceMemshell - Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎内存马注入
Lotus6/ysoserial - ysoserial 图形化，探测 Gadget，探测 Class，命令执行，注入哥斯拉冰蝎内存马，加载字节码等
lz520520/railgun -
m0rtem/CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
makoto56/penetration-suite-toolkit - 本项目制作的初衷是帮助师傅们快速搭建工作环境，工欲善其事，必先利其器。
MaximeBeasse/KeyDecoder - KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.
Meckazin/ChromeKatz - Dump cookies and credentials directly from Chrome/Edge process memory
metlo-labs/metlo - Metlo is an open-source API security platform.
mez-0/offensive-groovy - Groovy Post Exploitation
MInggongK/Penetration-mining-src - 一款集成了H3C,致远，泛微，万户，帆软，海康威视，金蝶云星空，畅捷通，Struts等多个RCE漏洞利用工具
moonD4rk/HackBrowserData - Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
Mr-xn/BLACKHAT_Asia2023 - Black Hat Asia 2023 PDF Public
Mr-xn/Penetration_Testing_POC - 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Mr-xn/RedTeam_BlueTeam_HW - 红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具
neargle/my-re0-k8s-security - [WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐
noctiro/stormin - 通用盗号网站注册轰炸机适用于针对QQ、Steam等平台的各类盗号网站
nxenon/grpc-pentest-suite - gRPC-Web Pentesting Suite + Burp Suite Extension / Hack gRPC-Web Applications
onewinner/VulToolsKit - 红队武器库漏洞利用工具合集整理
p0dalirius/pyFindUncommonShares - FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
peass-ng/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
pen4uin/java-echo-generator - 一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
piiperxyz/AniYa - 免杀框架
Pizz33/GobypassAV-shellcode - shellcode免杀加载器，使用go实现，免杀bypass火绒、360、核晶、def等主流杀软
Potato-py/csIntruder - 本项目包含CobaltStrike密码爆破、伪造上线以及DDos功能。其中伪造上线支持常见魔改版CS。This project includes CobaltStrike password blasting, fake online and DDos functions. Among them, fake online supports common secondary development version CS.
projectdiscovery/proxify - A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.
pykiller/API-T00L - 互联网厂商API利用工具。
QAX-A-Team/BrowserGhost - 这是一个抓取浏览器密码的工具，后续会添加更多功能
QAX-Anti-Virus/QDoctor - The first Computer Emergency Response (ARK) Tools for young people ;) 　　　　　　　　　　　　　　　　　　　　　　年轻人的第一款应急响应(ARK)工具；）
Qihoo360/WatchAD2.0 - WatchAD2.0是一款针对域威胁的日志分析与监控系统
R4gd0ll/I-Wanna-Get-All - OA漏洞利用工具
rebeyond/Behinder - “冰蝎”动态二进制加密网站管理客户端
rebeyond/JNDInjector - 一个高度可定制化的JNDI和Java反序列化利用工具
rootclay/Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
RowTeam/SharpExchangeKing - Exchange 服务器安全性的辅助测试工具
RuoJi6/HackerPermKeeper - Linux权限维持
RuoJi6/xxl-job-FLM - xxl-job内存马
rzte/pdf-exploit - pdf exploit 集成
s0md3v/uro - declutters url lists for crawling/pentesting
SaadAhla/FilelessPELoader - Loading Remote AES Encrypted PE in memory , Decrypted it and run it
safe6Sec/PentestDB - 各种数据库的利用姿势
savior-only/Spring_All_Reachable - Spring漏洞综合利用工具
Schira4396/VcenterKiller - 一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接
selinuxG/Golin - 弱口令检测、漏洞扫描、端口扫描（协议识别，组件识别）、web目录扫描、等保模拟定级、自动化运维、等保工具（网络安全等级保护现场测评工具）内置3级等保核查命令、基线核查工具、键盘记录器
shack2/SuperSQLInjectionV1 - 超级SQL注入工具（SSQLInjection）是一款基于HTTP协议自组包的SQL注入工具,采用C#开发，直接操作TCP会话来进行HTTP交互，支持出现在HTTP协议任意位置的SQL注入，支持各种类型的SQL注入，支持HTTPS模式注入；支持以盲注、错误显示、Union注入等方式来获取数据；支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite/Informix等数据库；支持手动灵活的进行SQL注入绕过，可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计，需要使用人员对SQL注入有一定了解。
shmilylty/netspy - netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）
suizhibo/MemShellGene - 一款Java内存马生成、测试工具，搭配@ax1sX的MemShell食用。
Suq3rm4n/java-impacket-gui - java-impacket-gui
sv3nbeast/DnslogCmdEcho - 命令执行不回显但DNS协议出网的命令回显场景解决方案
swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool
Symph0nia/CyberEdge - 互联网资产综合扫描/攻击面测绘
szdyg/HRSword - 火绒剑独立版
t0thkr1s/gpp-decrypt - Tool to parse the Group Policy Preferences XML file which extracts the username and decrypts the cpassword attribute.
T4y1oR/RingQ - 一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader
TangGolang/TangGo - TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台，为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境，主要用于Web站点的功能测试、安全测试和安全评估。
tangjie1/-Baseline-check - windows和linux基线检查，配套自动化检查脚本。纯手打。
Tas9er/ByPassBehinder4J - 冰蝎Java WebShell自动化免杀生成
teamssix/container-escape-check - docker container escape check || Docker 容器逃逸检测
TheBeastofwar/JenkinsExploit-GUI - 一款Jenkins的综合漏洞利用工具
TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
tide-emergency/yingji - 应急相关内容积累
TideSec/BypassAntiVirus - 远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。
TideSec/GoBypassAV - 整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术，并搜集汇总了一些资料和工具。
timwhitez/Cobalt-Strike-Aggressor-Scripts - Cobalt Strike Aggressor 插件包
Tokeii0/FakeLinuxBaseLineCheck -
TophantTechnology/Daybreak - DayBreak（破晓）是斗象推出的一款社区化安全渗透工具，以企业安全人员&白帽子作为主要使用对象，通过持续不断的测试去度量和提升企业网络安全防护效果。DayBreak通过为企业网络环境提供常见/专属的“攻击”手段，进行重复性的无害化“入侵”测试，达到持续性验证企业纵深防御体系下安全产品在当前阶段策略有效性的目的。
TryGOTry/AutoGeaconC2 - AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike
TryGOTry/CobaltStrike_Cat_4.5 - 猫猫Cs:基于Cobalt Strike[4.5]二开 (原dogcs二开移植)
ttstormxx/lineadd - lineadd 渗透测试字典管理工具, 让字典管理生活轻松一点。Penetration test dictionary management tool, make dictionary management life a little easier.
veo/vagent - 多功能 java agent 内存马
vladko312/SSTImap - Automatic SSTI detection tool with interactive interface
vulhub/java-chains - Vulhub Vulnerability Reproduction Designated Platform
vxCrypt0r/Voidgate - A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
W01fh4cker/LearnJavaMemshellFromZero - 【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安
W0r1d-Pr1nt/RCEmap - 一个类似sqlmap的RCE自动化工具
wafinfo/DecryptTools - DecryptTools-综合解密
wangfly-me/LoaderFly - 助力每一位RT队员，快速生成免杀木马
WangYihang/Platypus - 🔨 A modern multiple reverse shell sessions manager written in go
We5ter/Scanners-Box - A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
whocansee/FilelessAgentMemShell - 无需文件落地Agent内存马生成器
Whoopsunix/JavaRce - Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
Whoopsunix/PPPYSO - proof-of-concept for generating Java deserialization payload | Proxy MemShell
whwlsfb/JDumpSpider - HeapDump敏感信息提取工具
wolf0x/WechatShield -
wyzxxz/jndi_tool - JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
xiaogang000/XG_NTAI - 用于Webshell木马免杀、流量加密传输，多多支持star
xiaoy-sec/Pentest_Note - 渗透测试常规操作记录
xkaneiki/CVE-2023-0386 - CVE-2023-0386在ubuntu22.04上的提权
xm1k3/cent - Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
ybdt/evasion-hub - 免杀对抗
yinsel/BypassAV - 一款基于PE Patch技术的后渗透免杀工具，主要支持x64
yutianqaq/AVEvasionCraftOnline - An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
yuyan-sec/druid_sessions - 获取 alibaba druid 一些 sessions , sql , urls
yzddmr6/As-Exploits - 中国蚁剑后渗透框架
z-bool/Venom-Transponder - 毒液流量转发器：自动化捡洞/打点/跳板必备神器，支持联动URL爬虫、各种被动扫描器。
ZeroMemoryEx/APT38-0day-Stealer - APT38 Tactic PoC for Stealing 0days from security researchers
ZeroMemoryEx/Blackout - kill anti-malware protected processes ( BYOVD) ( Microsoft Won)
zyylhn/redis_rce - Redis primary/secondary replication RCE

逆向破解

0xjiayu/go_parser - Yet Another Golang binary parser for IDAPro
abcz316/SKRoot-linuxKernelRoot - 新一代SKRoot，挑战全网root检测手段，跟面具完全不同思路，摆脱面具被检测的弱点，完美隐藏root功能，实现真正的SELinux 0%触碰，通用性强，通杀所有内核，不需要内核源码，直接patch内核，兼容安卓APP直接JNI调用，稳定、流畅、不闪退。
Ackites/KillWxapkg - 自动化反编译微信小程序，小程序安全评估工具，发现小程序安全问题，自动解密，解包，可还原工程目录，支持Hook，小程序修改
AlphabugX/godzilla_decode - Godzilla java Decode,哥斯拉jsp(内存马)流量解密
anhkgg/SuperDllHijack - SuperDllHijack：A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术，不再需要手工导出Dll的函数接口了
auto-yui-patch/fiddler-everywhere-patch-automated - Want Fiddler Everywhere Enterprise for Free? Then Patch it! Patch any version Automatically!
axcheron/pyvmx-cracker - Simple tool to crack VMware VMX encryption passwords
baihengaead/wifi-crack-tool - WiFi密码暴力破解工具-图形界面，支持WPA/WPA2/WPA3、多开并发、自动破解、自定义密码本、自动生成密码字典
biggerstar/wedecode - 全自动化，微信小程序 wxapkg 包源代码还原工具, 线上代码安全审计
bontchev/pcodedmp - A VBA p-code disassembler
boy-hack/go-strip - 清除Go编译时自带的信息
BreakOnCrash/wxapkg - .wxapkg analysis tool for macOS
burpheart/Gepetto-ChatGPT - IDA plugin which queries OpenAI's ChatGPT model to speed up reverse-engineering
CBLabresearch/Clematis - PE to shellcode
CodingGay/BlackDex - BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.
corkami/collisions - Hash collisions and exploitations
CRONUS-Security/profile-builder - A demo for automatically build dwarf file for volatility2
davinci1010/pinduoduo_backdoor - 拼多多apk内嵌提权代码，及动态下发dex分析
davinci1012/pinduoduo_backdoor_unpacker - Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo
deezertidal/stash-override - Stash覆写脚本规则 override stoverride 磁贴面板分流破解解锁
DERE-ad2001/Frida-Labs - The repo contains a series of challenges for learning Frida for Android Exploitation.
DidierStevens/DidierStevensSuite - Please no pull requests for this repository. Thanks!
eastmountyxz/SystemSecurity-ReverseAnalysis - 该资源为系统安全和逆向分析实验，包括作者从零学习恶意代码分析、病毒逆向分析的工具及样本，基础性文章，希望对您有所帮助~
eeeeeeeeee-code/wx-hook - 用于存取记录以前的基址和小程序文件
EgeBalci/sgn - Shikata ga nai (仕方がない) encoder ported into go with several improvements
ErodedElk/Chaos-me-JavaScript-V8 - 零基础入门V8引擎漏洞挖掘
ezshine/wxapkg-convertor - 一个反编译微信小程序的工具，仓库也收集各种微信小程序/小游戏.wxapkg文件
FiYHer/kernel_window_hide - 内核级别隐藏指定窗口
gh0stkey/Binary-Learning - 二进制安全相关的学习笔记，感谢滴水逆向的所有老师辛苦教学。
h3110w0r1d-y/termius-cracked - Termius Pro
H4ckForJob/kingkong - 解密哥斯拉webshell管理工具流量
HelloHuDi/AndroidReverseNotes - Android逆向笔记---从入门到入土
hexian2001/HRP_Auto_Analyze - 一款基于LLM与IDA pro的高效的对ELF进行危险函数污点追踪分析插件，可生成超炫丽HTML报告，帮助用户快速定位和理解风险函数调用过程。
ice-doom/codeql_compile - 自动反编译闭源应用，创建codeql数据库
ImCoriander/ZeroEye - 自动化找白文件，用于扫描 EXE 文件的导入表，列出导入的DLL文件，并筛选出非系统DLL，符合条件的文件将被复制到特定的 X64 或 X86 文件夹
INotGreen/SharpThief - 一键提取exe的图标、嵌入图标、资源信息、版本信息、修改时间、数字签名，降低程序熵值
J2TEAM/idm-trial-reset - Use IDM forever without cracking
Jlan45/HyperOS-BLBind-Bypass - HyperOS Bypass的Python实现，单文件即可使用
JusticeRage/Gepetto - IDA plugin which queries language models to speed up reverse-engineering
kjfx/AX6000 - 小米 AX6000 科学上网，开启ssh刷机，AX6000 openwrt xiaomi shellclash
lele8/SharpDBeaver - DBeaver数据库密码解密工具
Lil-House/Pyarmor-Static-Unpack-1shot - ✅ No need to run ✅ Pyarmor 8.0 - latest 9.1.7 ✅ Universal ✅ Statically convert obfuscated scripts to disassembly and (experimentally) source code.
milu001/sundeskQ - 向日葵密码提取、todesk密码提取，ID、临时密码，安全密码读取工具
Moli-X/Resources - 基于QuantumultX，Loon，Surge的配置重写，脚本，插件
mrexodia/ida-pro-mcp - MCP Server for IDA Pro.
MxIris-Reverse-Engineering/ida-mcp-server - A Model Context Protocol server for IDA
NUL0x4C/AtomPePacker - A Highly capable Pe Packer
ohnonoyesyes/zsxq_dl - 星球伴侣（无限下载版） - 知识星球助手
ohos-decompiler/abc-decompiler -
P3GLEG/Whaler - Program to reverse Docker images into Dockerfiles
polymorf/findcrypt-yara - IDA pro plugin to find crypto constants (and more)
QiuChenly/InjectLib - 你知道我要说什么
sarperavci/GoogleRecaptchaBypass - Solve Google reCAPTCHA in less than 5 seconds! 🚀
saxpjexck/lsix -
skylot/jadx - Dex to Java decompiler
timwhitez/BinHol - Binary Hollowing
tp7309/TTDeDroid - 一键反编译工具(不需要手动安装Python) One key for quickly decompile apk/aar/dex/jar, support by jadx/dex2jar/enjarify.
unode/firefox_decrypt - Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
Valerian7/AI_JS_DEBUGGER - 基于Chrome开发者协议(CDP)的AI自动化JavaScript逆向分析工具
wINfOG/My_Reverse_Book - 愿我的努力与付出，能成为你向上攀登的基石。要是10年前有人告诉我这些就好了。
wux1an/wxapkg - 微信小程序反编译工具，.wxapkg 文件扫描 + 解密 + 解包工具
yj94/BinarySpy - 一个手动或自动patch shellcode到二进制文件的免杀工具/A tool for manual or automatic patch shellcode into binary file oder to bypass AV.
Yricky/abcde - openHarmony逆向工具包，初步支持反编译
zbezj/HEU_KMS_Activator -
ZJ595/AndroidReverse - 《安卓逆向这档事》

贡献

欢迎提交Issue和Pull Request来帮助改进这个项目。

许可证

MIT License

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
.github/workflows		.github/workflows
data		data
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

GitHub Star 仓库分类

统计信息

目录

分类详情

AI应用

CTF相关

DevOps

LLM安全

Web安全

bugbounty

burpsuite插件

云安全

代码审计

信息搜集

其他

取证溯源

开发工具&框架

扫描字典

漏洞扫描

红队&渗透测试

逆向破解

贡献

许可证

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

b1ank1108/awesome-stars

Folders and files

Latest commit

History

Repository files navigation

GitHub Star 仓库分类

统计信息

目录

分类详情

AI应用

CTF相关

DevOps

LLM安全

Web安全

bugbounty

burpsuite插件

云安全

代码审计

信息搜集

其他

取证溯源

开发工具&框架

扫描字典

漏洞扫描

红队&渗透测试

逆向破解

贡献

许可证

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Packages