Stars
The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.
MDUT - Multiple Database Utilization Tools
针对JWT渗透开发的漏洞验证/密钥爆破工具,针对CVE-2015-9235/空白密钥/未验证签名攻击/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042的结果生成用于FUZZ,也可使用字典/字符枚举(包括JJWT)的方式进行爆破(JWT Crack)
A library for detecting known secrets across many web frameworks
Version 8 and above. Browser extension source code for Firefox, Chrome, and other Chromium-based browsers
A new WAF that uses machine learning to combat some unknown 0Days. Currently, it does not support deployment in actual environments and is awaiting further testing and development in the future. We…
蓝队分析研判工具箱,功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端口连接分析、各种编码/解码功能、蓝队分析常用网址、java反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索等。
纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Time Based SQL Injection in Zabbix Server Audit Log --> RCE
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
exec BashCommand with only ! # $ ' ( ) < \ { } just 10 charset used in Bypass or CTF
🍪 Flask Session Cookie Decoder/Encoder
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
Scripted Local Linux Enumeration & Privilege Escalation Checks
KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities (Best Practical Paper Award of RAID 2024)