Bywalks's Stars
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
ffuf/ffuf
Fast web fuzzer written in Go
BishopFox/sliver
Adversary Emulation Framework
EdOverflow/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
GhostTroops/scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
guchangan1/All-Defense-Tool
本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms、OA漏洞利用工具,爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全攻防资料。
vavkamil/awesome-bugbounty-tools
A curated list of various bug bounty tools
FeeiCN/Security-PPT
Security-related Slide Presentation & Security Research Report(大安全各领域各公司各会议分享的PPT以及各类安全研究报告)
Mr-xn/BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
sensepost/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
rtcatc/Packer-Fuzzer
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
pingc0y/URLFinder
一款快速、全面、易用的页面信息提取工具,可快速发现和提取页面中的JS、URL和敏感信息。
projectdiscovery/uncover
Quickly discover exposed hosts on the internet using multiple search engines.
cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
bytedance/Elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
w-digital-scanner/w13scan
Passive Security Scanner (被动式安全扫描器)
Cyber-Guy1/API-SecurityEmpire
API Security Project aims to present unique attack & defense methods in API Security field
tide-emergency/yingji
应急相关内容积累
jayus0821/swagger-hack
自动化爬取并自动测试所有swagger接口
sh377c0d3/Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
ysrc/GourdScanV2
被动式漏洞扫描系统
Echocipher/AUTO-EARN
一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
Taonn/EmailAll
EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
h33tlit/secret-regex-list
List of regex for scraping secret API keys and juicy information.
grayddq/PublicMonitors
对公网IP列表进行端口服务扫描,发现周期内的端口服务变化情况和弱口令安全风险
Bywalks/DarkAngel
DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。
aufzayed/bugbounty
Bugbounty Resources
GemGeorge/SniperPhish
SniperPhish - The Web-Email Spear Phishing Toolkit
awake1t/Awesome-hacking-tools
收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议,希望对你有帮助
projectdiscovery/fuzzing-templates
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.