#
Starred repositories
基于ARL v2.6.2版本源码,生成docker镜像进行快速部署,同时提供七千多条指纹
2025年6月更新,目前国内可用Docker镜像源汇总,DockerHub国内镜像加速列表,🚀DockerHub镜像加速器
An insane list of all dorks taken from everywhere from various different sources.
【AI漏洞扫描器】【多功能Web扫描器】Scan-X是一款基于mitmproxy高效的被动扫描器,专注于快速识别常见Web漏洞,包括SQL注入、越权访问、未授权访问等,支持AI漏洞扫描。通过代理模式自动分析HTTP流量,实现被动扫描,适合大规模资产安全评估与渗透测试场景。
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v…
CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications
Collection of Facebook Bug Bounty Writeups
🐛 A list of writeups from the Google VRP Bug Bounty program
A powerful flow control component enabling reliability, resilience and monitoring for microservices. (面向云原生微服务的高可用流控防护组件)
GitLab CE/EE Preauth RCE using ExifTool
.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
SSRF_Detector是一款基于Burpsuite MontoyaAPI的黑盒SSRF漏洞自动化检测工具,用于检测无回显&全回显SSRF漏洞,提供了多种功能供用户自定义,包括但不限于关键字配置,Payload配置以及检测字符串配置
An integrated BurpSuite vulnerability detection plug-in.
JDumpSpiderGUI 是一个用于 Java 堆转储文件分析的工具,支持命令行和 JavaFX 图形界面两种模式。该工具主要是在原工具上添加了图形化的界面
渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理
Sec-Fork / POC-20250106
Forked from greenberglinken/2023hvv_1收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1400多个poc/exp,长期更新。
本Burp Suite插件专为文件上传漏洞检测设计,提供自动化Fuzz测试,共500+条payload。
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with …
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more