gancc6's Stars
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Ackites/KillWxapkg
自动化反编译微信小程序,小程序安全评估工具,发现小程序安全问题,自动解密,解包,可还原工程目录,支持Hook,小程序修改
chenjj/CORScanner
🎯 Fast CORS misconfiguration vulnerabilities scanner
c0dejump/HExHTTP
Header Exploitation HTTP
coffinxp/BSQLi
timebased blind sqli with 99% success rate
doyensec/Prototype-Pollution-Gadgets-Finder
TideSec/TscanPlus
一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
pmiaowu/BurpHttpForwardRequests
burp-http请求转发至其他模块的插件
Cl0udG0d/Fofa-hack
非付费会员,fofa数据采集工具
xiecat/fofax
FOFAX是一个基于fofa.info的API命令行查询工具
erbbysam/DNSGrep
Quickly Search Large DNS Datasets
NeoTheCapt/PowerScanner
面向HW的红队半自动扫描器
p3n73st3r/Ghazi
Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in "Proxy" or "Repeater" TAB
xer0times/SQLi-Query-Tampering
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
edoardottt/cariddi
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
LittleBear4/Find-SomeThing
红队批量脆弱点搜集工具
CodingGay/BlackDex
BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.
kholia/OSX-KVM
Run macOS on QEMU/KVM. With OpenCore + Monterey + Ventura + Sonoma support now! Only commercial (paid) support is available now to avoid spammy issues. No Mac system is required.
chainreactors/spray
Next Generation HTTP Dir/File Fuzz Tool
c0ny1/upload-labs
一个想帮你总结所有类型的上传漏洞的靶场
digininja/DVWA
Damn Vulnerable Web Application (DVWA)
jiangsir404/Xss-Sql-Fuzz
burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
Y000o/Payloads_xss_sql_bypass
payloadbox/sql-injection-payload-list
🎯 SQL Injection Payload List
r0oth3x49/ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
Giftedboy/ParasCollector
Burp Suite参数收集插件(Python)
adityatelange/bhhb
Burp HTTP history browser (BHHB) - A tool to view HTTP history exported from Burp Suite Community Edition
ZhuriLab/Starmap
一个轮子融合的子域名收集小工具
lutfumertceylan/top25-parameter
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
resyncgg/ripgen
Rust-based high performance domain permutation generator.