Stars
爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
SQLMap Studio 是一个现代化的 Web 界面工具,专为生成和配置 SQLMap 命令而设计,帮助安全研究人员和渗透测试人员高效执行 SQL 注入测试。
An even funnier way to disable windows defender. (through WSC api)
Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by t…
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with …
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
一款部署于云端或本地的隧道代理池中间件,可将静态代理IP灵活运用成隧道IP,提供固定请求地址,一次部署终身使用
抖音批量下载工具,去水印,支持视频、图集、合集、音乐(原声)。免费!免费!免费!
爬网站JS文件,自动fuzz api接口,指定api接口(针对前后端分离项目,可指定后端接口地址),回显api响应
A feature-rich command-line audio/video downloader
一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Never ever ever use pixelation as a redaction technique
Easily and securely send things from one computer to another 🐊 📦
攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。