Stars
WeChatOpenDevTool 微信小程序强制开启开发者工具
A little tool to play with Windows security
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Disable/Enable Windows update with a lightweight batch tool.
Detect and respond to Cobalt Strike beacons using ETW.
KCon is a famous Hacker Con powered by Knownsec Team.
Demo code for post <Restrictions of JNDI Manipulation RCE & Bypass>
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets from ysoserial.
A tool to scan Kubernetes cluster for risky permissions
Reverse engineering JavaScript and CSS sources from sourcemaps
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控,并多渠道推送通知
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests