hjfacrock's Stars
akr3ch/BugBountyBooks
A collection of PDF/books about the modern web application security and bug bounty.
iiiusky/alicloud-tools
阿里云ECS、策略组辅助小工具
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
swagger-api/swagger-editor
Swagger Editor
2fd/graphdoc
Static page generator for documenting GraphQL Schema
ticarpi/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
jcsec-security/solidity-security-course-resources
Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures
arainho/awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
orangetw/awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
projectdiscovery/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
crmeb/CRMEB
🔥CRMEB开源商城免费开源多语言商城系统,Tp6框架商城,系统可商用;包含小程序商城、H5商城、公众号商城、PC商城、App,支持分销、拼团、砍价、秒杀、优惠券、积分、会员等级、小程序直播、页面DIY,前后端分离,方便二开,更有详细使用文档、接口文档、数据字典、二开文档/视频教程,欢迎大家提出宝贵意见和建议
payloadbox/xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
djadmin/awesome-bug-bounty
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
ElderDrivers/EdXposedManager
Companion Android application for EdXposed
xmendez/wfuzz
Web application fuzzer
swisskyrepo/SSRFmap
Automatic SSRF fuzzer and exploitation tool
TalEliyahu/awesome-security-newsletters
Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks
stefanesser/dumpdecrypted
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
nygard/class-dump
Generate Objective-C headers from Mach-O files.
AloneMonkey/frida-ios-dump
pull decrypted ipa from jailbreak device
r0ysue/AndroidSecurityStudy
安卓应用安全学习
WindXaa/Android-Vulnerability-Mining
Android APP漏洞之战系列,主要讲述如何快速挖掘APP漏洞
learnerLj/geth-analyze
go-ethereum source code analyzation under the perspective of smart contract security
halfrost/Halfrost-Field
✍🏻 这里是写博客的地方 —— Halfrost-Field 冰霜之地
shabarkin/CodeAllTheThings
A list of threat sinks used in the manual security source code review for application security
decentraland/marketplace
🏛️ Decentraland's NFT Marketplace
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
projectdiscovery/dnsx
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.