Hel10-Web's Stars
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
NaiboWang/EasySpider
A visual no-code/code-free web crawler/spider易采集:一个可视化浏览器自动化测试/数据采集/爬虫软件,可以无代码图形化的设计和执行爬虫任务。别名:ServiceWrapper面向Web应用的智能化服务封装系统。
hellzerg/optimizer
The finest Windows Optimizer
projectdiscovery/katana
A next-generation crawling and spidering framework.
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
shmilylty/OneForAll
OneForAll是一款功能强大的子域收集工具
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
wy876/POC
收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1100多个poc/exp,长期更新。
zan8in/afrog
A Security Tool for Bug Bounty, Pentest and Red Teaming.
amidaware/tacticalrmm
A remote monitoring & management tool, built with Django, Vue and Go.
JaveleyQAQ/WeChatOpenDevTools-Python
WeChatOpenDevTool 微信小程序强制开启开发者工具
White-hua/Apt_t00ls
高危漏洞利用工具
TideSec/TscanPlus
一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
p1g3/JSINFO-SCAN
递归式寻找域名和api。
co01cat/SqlmapXPlus
sqlmap Xplus 基于 sqlmap,对经典的数据库注入漏洞利用工具进行二开!
adysec/nuclei_poc
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有11wPOC,已校验有效性并去重)
MrEmpy/mantra
「🔑」A tool used to hunt down API key leaks in JS files and pages
yhy0/Jie
Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gathering, and exploitation, elevating it to an indispensable toolkit for both security professionals and penetration testers. 挖洞辅助工具(漏洞扫描、信息收集)
EdgeSecurityTeam/Eeyes
Eeyes(棱眼)-快速筛选真实IP并整理为C段
qiwentaidi/Slack
安服集成化工具平台,希望能让你少开几个应用测试
DeEpinGh0st/WindowsBaselineAssistant
Windows安全基线核查加固助手
l4yton/RegHex
A collection of regexes for every possbile use
chaitin/xapp
MInggongK/dahuaExploitGUI
dahua综合漏洞利用工具
Rvn0xsy/useful-code
useful-code
chaitin/xray-plugins
tauh33dkhan/Hacking-Insecure-Firebase-Database
Insecure Firebase | Bugbounty | Hacking Insecure Firbase
yutianqaq/x1Ldr
XOR 加密 分离免杀
MasterSumCloud/DecompilerTools
DecompilerTools for developer
huyifu777/urlsalive
多线程批量检测url存活工具,支持POST和GET请求,并生成csv结果文件,扫描时展示进度条