CandyYQ's Stars
huiyadanli/RevokeMsgPatcher
:trollface: A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁(我已经看到了,撤回也没用了)
bsmali4/xssfork
gh0stkey/JSONandHTTPP
Burp Suite Plugin: Convert the json text that returns the body into HTTP request parameters.
lijiejie/GitHack
A `.git` folder disclosure exploit
admintony/svnExploit
SvnExploit支持SVN源代码泄露全版本Dump源码
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
China-Eugene/SupCha
轻量级的信息收集脚本
tgianko/deemon
Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs" by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.
NewBee119/IP-location
batch query IP location information,批量查询IP地理位置信息,解析pcap包中IP地址的地理信息
k8gege/PasswordDic
2011-2019年Top100弱口令密码字典 Top1000密码字典 服务器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域名字典
GerbenJavado/LinkFinder
A python script that finds endpoints in JavaScript files
xmendez/wfuzz
Web application fuzzer
TEag1e/BurpCollector
通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。
TheKingOfDuck/fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
0verSp4ce/PoCBox
PoCBox - Vulnerability Test Aid Platform
c0ny1/captcha-killer
burp验证码识别接口调用插件
Chora10/FuzzDomain
FuzzDomain
guimaizi/get_domain
shmilylty/OneForAll
OneForAll是一款功能强大的子域收集工具