WEB安全手册(红队安全技能栈)，漏洞理解，漏洞利用，代码审计和渗透测试总结。【持续更新】

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

A material you designed app for your ADB needs

A collection of PDF/books about the modern web application security and bug bounty.

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

GKD第三方订阅收录名单

基于无障碍，高级选择器，订阅规则的自定义屏幕点击 Android 应用 | An Android APP with custom screen tapping based on Accessibility, Advanced Selectors, and Subscription Rules

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

一款完全被动监听的谷歌插件，用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗

CrackQL is a GraphQL password brute-force and fuzzing utility.

GraphQL Server schema visualizer

Obtain GraphQL API schema even if the introspection is disabled

ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

🤖 The Modern Port Scanner 🤖

一个漏洞POC知识库 目前数量 1000+

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

基于burpsuite的资产分析工具

Tools to work with android .dex and java .class files

A High-Fidelity Web Archiving Extension for Chrome and Chromium based browsers!

微信客户端取证，可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录))；支持获取多用户信息，不定期更新新版本偏移，目前支持所有新版本、正式版本

高危漏洞利用工具

Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件

IP反查域名

对Web渗透项目资产进行快速存活验证

domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

A curated list of amazingly awesome Burp Extensions

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.