Stars
密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集,文件扫描、端口扫描、批量信息权重查询、密码字典等功能
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
TideFinger——指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确。
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms、OA漏洞利用工具,爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全攻防资料。
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
Fast and customizable vulnerability scanner based on simple YAML based DSL.
基于ARL v2.6.2版本源码,生成docker镜像进行快速部署,同时提供七千多条指纹
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
A fast sub domain brute tool for pentesters
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Powerful yet simple to use screenshot software 🖥️ 📸
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Web vulnerability scanner written in Python3
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
A Security Tool for Bug Bounty, Pentest and Red Teaming.