Awesome Stars

A curated list of my GitHub stars! Generated by starred.

ASL (1)
ActionScript (1)
Ada (1)
Arduino (2)
AsciiDoc (1)
Assembly (13)
AutoHotkey (2)
Batchfile (24)
BitBake (2)
Blade (1)
BlitzBasic (4)
Boo (1)
C (419)
C# (352)
C++ (338)
CMake (3)
CSS (78)
Classic ASP (2)
Clojure (1)
CodeQL (3)
ColdFusion (1)
Dart (3)
Dockerfile (47)
Emacs Lisp (1)
Erlang (1)
F# (2)
Go (809)
HCL (8)
HTML (209)
Haskell (4)
Inno Setup (1)
Java (643)
JavaScript (580)
Jinja (9)
Jupyter Notebook (31)
KiCad (1)
Kotlin (30)
LLVM (1)
Less (1)
Logos (3)
Lua (30)
MATLAB (1)
Makefile (6)
Markdown (1)
Mask (1)
Max (1)
Mercury (1)
Mustache (2)
Nginx (1)
Nim (18)
Nunjucks (2)
OCaml (1)
Objective-C (43)
Objective-C++ (6)
Open Policy Agent (5)
Others (1308)
PHP (210)
PLpgSQL (1)
Pascal (6)
Perl (29)
PostScript (1)
PowerShell (206)
Propeller Spin (1)
Pug (3)
Python (2505)
REXX (1)
Rascal (1)
Rich Text Format (6)
Roff (5)
Ruby (109)
Rust (75)
SCSS (5)
SaltStack (1)
Sass (1)
Scala (6)
Scheme (1)
Shell (606)
Smali (8)
Smarty (4)
Solidity (3)
SourcePawn (1)
Svelte (1)
Swift (27)
TSQL (5)
Tcl (2)
TeX (14)
TypeScript (91)
VBA (5)
VBScript (5)
VCL (1)
Vim script (13)
VimL (2)
Visual Basic (9)
Visual Basic .NET (2)
Vue (53)
XSLT (5)
YARA (10)
Zeek (1)
Zig (1)
nesC (1)

ASL (1)

pgdoc-cn - PostgreSQL manual Chinese translation by China PostgreSQL Users Group

ActionScript (1)

json-flash-csrf-poc - This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.

Ada (1)

amass-tools -

Arduino (2)

MissionControl - This kids' homework desk has top that flips up to reveal a space-themed control panel.
wifi_keylogger - DIY Arduino Wi-Fi Keylogger (Proof of Concept)

AsciiDoc (1)

bitcoinbook - Mastering Bitcoin 2nd Edition - Programming the Open Blockchain

Assembly (13)

Doge-Direct-Syscall - Golang Direct Syscall
inceptor - Template-Driven AV/EDR Evasion Framework
memrun - Small tool to run ELF binaries from memory with a given process name
DynamicKernelShellcode - An example of how x64 kernel shellcode can dynamically find and use APIs
SysWhispers2_x86 - X86 version of syswhispers2 / x86 direct system call
SysWhispers2 - AV/EDR evasion via direct system calls.
siofra -
Reverse-Engineering - A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
jonesforth_riscv - Jonesforth RISC-V port.
MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
Mapping-Injection - Just another Windows Process Injection
SysWhispers - AV/EDR evasion via direct system calls.
windows-syscall-table - windows syscall table from xp ~ 10 rs4

AutoHotkey (2)

runz - RunZ，专业的快速启动工具
smpic - Windows下面的SM.MS图床上传工具

Batchfile (24)

easyconn-socks5-for-HITsz - 在服务器上运行easyconnect并建立socks5代理，实现win电脑上免安装easyconnect访问校园内网。
RedTeam_BlueTeam_HW - 红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）查杀工具
CVE-2020-27955 -
Defeat-Defender-V1.2 - Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
cobaltstrike - cobaltstrike插件
JC-jEnv - windows java environ manage
scoop-apps - 合并多个Scoop仓库，使用Github Action自动更新，仓库地址：https://github.com/kkzzhizhou/scoop-apps
Microsoft-Activation-Scripts - A collection of scripts for activating Microsoft products using HWID / KMS38 / Online KMS activation methods with a focus on open-source code, less antivirus detection and user-friendliness.
lpeworkshop - Windows / Linux Local Privilege Escalation Workshop
k8s-docker-desktop-for-mac - Docker Desktop for Mac 开启并使用 Kubernetes
winhardening - windows 加固脚本
Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts
IBM_Appscan_Batch_Scan_Script - IBM AppScan批量扫描脚本
RDP_SessionHijacking - Passwordless RDP Session Hijacking
dorado - 🐟 Yet Another bucket for lovely Scoop
CISSP-Study-Guide - study material used for the 2018 CISSP exam
auto-add-routes - China Route for VPN
fuckcdn - CDN真实IP扫描，易语言开发
APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
domain-admin-crack - 🌵 入域电脑用户本地提权
Disable-Intel-AMT - Tool to disable Intel AMT on Windows
WSL - Issues found on WSL
fake-sandbox - 👁‍🗨 This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid.
ngrok-caddy - Script to run ngrok with (optional) caddy server

BitBake (2)

BBProfiles - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
BugBounty - Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...

Blade (1)

mercator - Cartographie du systeme d'information / Mapping the information system

BlitzBasic (4)

BurpBounty - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
burp-bounty-profiles - Burp Bounty profiles compilation, feel free to contribute!
scan-check-builder - Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Boo (1)

SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

C (419)

Visual-Studio-BOF-template - A Visual Studio template used to create Cobalt Strike BOFs
USBFuzz - A Framework for fuzzing USB Drivers by Device Emulation
nanodump - Dumping LSASS has never been so stealthy
RedisModules-ExecuteCommand-for-Windows - 可在Windows下执行系统命令的Redis模块，可用于Redis主从复制攻击。
Decrypter - An easy way to decrypt UIKit app.
xmap - XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
nids - 基于网络的入侵检测系统
ImprovedReflectiveDLLInjection - An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security
mdk4 - MDK4
injectEtwBypass - CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
HandleKatz - PIC lsass dumper using cloned handles
kekeo - A little toolbox to play with Microsoft Kerberos in C
cobaltstrike-bof-toolset - 在cobaltstrike中使用的bof工具集，收集整理验证好用的bof。
PPLDump_BOF - A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
omi - Open Management Infrastructure
seL4 - The seL4 microkernel
PrintNightmare -
SharpSystemTriggers - Collection of remote authentication triggers in C#
PIC-Get-Privileges - Building and Executing Position Independent Shellcode from Object Files in Memory
SleepyCrypt - A shellcode function to encrypt a running process image when sleeping.
NginxExecute - The NginxExecute module executes the shell command through GET POST and HEAD to display the result.
GoWebSSH - 功能强大，Go 实现的一个WebSSH，支持文件上传下载
azureOutlookC2 - Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
rdpfuzz - Tools for fuzzing RDP
NFStash - NFS client CLI toolkit
PR0CESS - some gadgets about windows process and ready to use :)
TGPuttyLib - An SFTP client shared library (dll/so/dylib) with bindings and classes for C++, Delphi and Free Pascal based on PuTTY
EarlyBird - injecting cobalt strike shellcode to powershell.exe using EarlyBird Tech
fpicker - fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
ElusiveMice - Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
whereami - Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
Huan - Encrypted PE Loader Generator
yubico-c - YubiKey C low-level library (libyubikey)
Nyx - USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
Process-Dump - Windows tool for dumping malware PE files from memory back to disk for analysis.
BOF-ForeignLsass -
ProcessGhosting -
Beacon.dll - Beacon.dll reverse
CobaltStrikeReflectiveLoader - Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
advanceapp - 《Android App开发进阶与项目实战》随书源码
ebpfkit - ebpfkit is a rootkit powered by eBPF
ban2fail - Simple & efficient log file scanning and iptable filtering
NELphase - Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel)
StochFuzz - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
cThreadHijack - Beacon Object File (BOF) for remote process injection via thread hijacking
injectAmsiBypass - Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
process-enumeration-stealth -
process_ghosting - Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Il2CppInspector - Powerful automated tool for reverse engineering Unity IL2CPP binaries
rtl_433 - Program to decode radio transmissions from devices on the ISM bands (and other frequencies)
Beacon - Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
COFFLoader -
Alaris - A protective and Low Level Shellcode Loader that defeats modern EDR systems.
IoTGoat - IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
uacme - ACMEv2 client written in plain C with minimal dependencies
libinjection - SQL / SQLI tokenizer parser analyzer
ios-malicious-bithunter - iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime. If you are interested in other programs of the author, please visit https://github.com/SecurityLife
TiEtwAgent - PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
RemotePotato0 - Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.
gvmd - Greenbone Vulnerability Manager - The database backend for the Greenbone Vulnerability Management (GVM) framework
PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
BOF.NET - A .NET Runtime for Cobalt Strike's Beacon Object Files
dlink-decrypt - D-Link firmware decryption PoC
spawn - Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
CVE-2021-3493 - CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)
injdrv - proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
SylantStrike - Simple EDR implementation to demonstrate bypass
jattach - JVM Dynamic Attach utility
Apollo - A .NET Framework 4.0 Windows Agent
InlineExecute-Assembly - InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
PortBender - TCP Port Redirection Utility
CVE-2021-1675-LPE - Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
qnsm - QNSM is network security monitoring framework based on DPDK.
Backstab - A tool to kill antimalware protected processes
rdpscan - RDP password verification tool - No external libraries required ;-P
go-packer - golang打包二进制进行免杀
cve-2020-14386 -
Owfuzz - Owfuzz: a WiFi protocol fuzzing tool
hook-integrity-checks -
win_battery_log - command line battery stats for MS Windows
hiding-your-syscalls - Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.
iodine - Official git repo for iodine dns tunnel
afl_ghidra_emu -
PolarDB-for-PostgreSQL - The default branch of PolarDB switched to “main” on 20210901, which supports compute-storage separation architecture. The “POLARDB_11_STABLE” is the stable branch which is based on PostgreSQL 11.9. The “master” branch in the past switched to “distributed” branch, which supports distributed architecture.
fuzzolic - fuzzing + concolic = fuzzolic :)
macos_shell_memory - Execute MachO binaries in memory using CGo
Judge-Jury-and-Executable - A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
loganalyzer - LogAnalyzer is a tool that helps you analyzing your log files by reducing the content with patterns you define.
hev-socks5-core - A simple, lightweight socks5 library. (IPv4/IPv6/TCP/UDP/Client/Server)
tsh - Tiny SHell is an open-source UNIX backdoor.
CVE-2021-21551 - Exploit to SYSTEM for CVE-2021-21551
SilentLsassDump - VisualStudio port of https://github.com/guervild/BOFs/tree/dev/SilentLsassDump
memory-module-loader - An implementation of a Windows loader that can load dynamic-linked libraries (DLLs) directly from memory
rwProcMem33 - Linux read & write process memory module.
pdig - ptrace-based event producer for udig
xcubebase_riru - 基于magisk 和riru的frida持久化方案
LinuxEelvation - Linux Eelvation(持续更新)
WindowsElevation - Windows Elevation(持续更新)
iodine - iodine - HTTP / WebSockets Server for Ruby with Pub/Sub support
Lazy-RDP - Script for automatic scanning & brute-force RDP
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
kjackal - Linux Rootkit Scanner
ZeroLogon-BOF -
inMemoryShellcode - A Collection of In-Memory Shellcode Execution Techniques for Windows
TQ-pre-jailbreak - Hello from pattern-f.
AntiDebugandMemoryDump - Anti-Debug and Anti-Memory Dump for Android
juicy_2 - juicypotato for win10 > 1803 & win server 2019
exe2shellcode - Remote Download and Memory Execute for shellcode framework
COFFLoader -
sysbench - Scriptable database and system performance benchmark
osslsigncode - OpenSSL based Authenticode signing for PE/MSI/Java CAB files
medusa - Medusa is a speedy, parallel, and modular, login brute-forcer.
OSCPRepo - A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
sakeInject - Windows PE - TLS (Thread Local Storage) Injector in C/C++
CVE-2021-3156-plus - CVE-2021-3156非交互式执行命令
CVE-2021-3156 -
RedTeamCCode - Red Team C code repo
CVE-Exploits - PoC exploits for software vulnerabilities
ShellCodeFramework - 绕3环的shellcode免杀框架
bosch_headunit_root - Documentation and code for rooting and extending a Bosch car head unit (lcn2kai)
Windows-API-Hashing - This is a simple example and explanation of obfuscating API resolution via hashing
delete-self-poc - A way to delete a locked file, or current running executable, on disk.
0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
drow - Injects code into ELF executables post-build
FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
CatFrida - CatFrida is a macOS tool for inspecting a running iOS app.
xnuspy - an iOS kernel function hooking framework for checkra1n'able devices
unhook-bof - Remove API hooks from a Beacon process.
tools - some tools
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Persistence - Recreating and reviewing the Windows persistence methods
Android_Security - This repository is a suplimentary material for Android Training's done by Anant Shrivastava
WdToggle - A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
BOFs - Collection of Beacon Object Files
BOF-DLL-Inject - Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
Fully-Undetectable-Techniques -
DetectCobaltStomp - Detects Module Stomping as implemented by Cobalt Strike
JC-AntiPtrace - 安卓绕过ptrace反调试
M2Crypto - OpenSSL for Python (both 2.x and 3.x) (generated by SWIG)
patchelf - A small utility to modify the dynamic linker and RPATH of ELF executables
AntiMSHookFunction - AntiMSHookFunction (make MSHookFunction doesn't work)
n2n - Peer-to-peer VPN
linux-inject - Tool for injecting a shared object into a Linux process
ssh-inject-auto-find-libdl -
yabar - A modern and lightweight status bar for X window managers.
CVE-2019-0708-EXP-Windows - CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell
uafuzz - UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
wsb-detect - wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
linuxStack - Linux技术栈
algorithm-structure - 2021年最新总结 500个常用数据结构，算法，算法导论，面试常用，大厂高级工程师整理总结
Blizzard-Jailbreak - An Open-Source iOS 11.0 -> 11.4.1 (soon iOS 13) Jailbreak, made for teaching purposes.
Ventoy - A new bootable USB solution.
domainTools - 内网域渗透小工具
heap_exploit_2.31 -
netelf - Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
weizz-fuzzer -
gsocket - Connect like there is no firewall. Securely.
PEzor - Open-Source Shellcode & PE Packer
ish - Linux shell for iOS
inspektor-gadget - Collection of gadgets for debugging and introspecting Kubernetes applications using BPF
CrossC2 - generate CobaltStrike's cross-platform payload
Cobalt-Strike-Aggressor-Scripts - Cobalt Strike Aggressor 插件包
c-jwt-cracker - JWT brute force cracker written in C
whoisscanme -
bypass4netns - Accelerates slirp4netns using SECCOMP_IOCTL_NOTIF_ADDFD. As fast as --net=host.
rtl8188eus - RealTek RTL8188eus WiFi driver with monitor mode & frame injection support
fakehostname - Run a command and fake your hostname.
learn-kvm - Qemu KVM(Kernel Virtual Machine)学习笔记
3snake - Tool for extracting information from newly spawned processes
sic - Enumerate user mode shared memory mappings on Windows.
upx - UPX - the Ultimate Packer for eXecutables
ReflectiveDLLRefresher - Universal Unhooking
wspe - Windows System Programming Experiments
acwj - A Compiler Writing Journey
LogServiceCrash - POC code to crash Windows Event Logger Service
duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
wacker - A WPA3 dictionary cracker
CVE-2020-17382 - PoC exploits for CVE-2020-17382
libinjection - SQL / SQLI tokenizer parser analyzer
redteam-research - Collection of PoC and offensive techniques used by the BlackArrow Red Team
s8_2019_2215_poc - PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass
yacd - Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required
knock - A port-knocking daemon
UAC-TokenDuplication -
Kernelhub - 🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (Windows提权漏洞合集)
MemoryModule - Library to load a DLL from memory.
reactos - A free Windows-compatible Operating System
mem - Tool used for dumping memory from Android devices
CSAL - Coresight Access Library
webview - Tiny cross-platform webview library for C/C++/Golang. Uses WebKit (Gtk/Cocoa) and Edge (Windows)
Damn_Vulnerable_C_Program - a c program containing vulnerable code for common types of vulnerabilities, can be used to show fuzzing concepts.
awesome-php-ffi - PHP FFI examples and use cases
EternalBlueC - EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
firewalker -
VmwareHardenedLoader - Vmware Hardened VM detection mitigation loader (anti anti-vm)
neatcc - A small arm/x86(-64) C compiler
opencl_brute - MD5,SHA1,SHA256,SHA512,HMAC,PBKDF2,SCrypt Bruteforcing tools using OpenCL (GPU, yay!) and Python
littl_tools -
RedisModules-ExecuteCommand - Tools, utilities and scripts to help you write redis modules!
redis-rogue-getshell - redis 4.x/5.x master/slave getshell module
donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
ant_php_extension - PHP 扩展, 用于 PHP-FPM、FastCGI、LD_PRELOAD等模式下突破 disabled_functions
cobaltstrike_bofs - My CobaltStrike BOFS
C_Shot -
UAC_Bypass_In_The_Wild - Windows 10 UAC bypass for all executable files which are autoelevate true .
pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
hihttps - hihttps是一款完整源码的高性能web应用防火墙，既支持传统WAF的所有功能如SQL注入、XSS、恶意漏洞扫描、密码暴力破解、CC、DDOS等ModSecurity正则规则，又支持无监督机器学习，自主对抗未知攻击。
smbdoor - Windows kernel backdoor via registering a malicious SMB handler
BOF_Collection - Various Cobalt Strike BOFs
RpcSsImpersonator - Privilege Escalation Via RpcSs svc
liblnk - Library and tools to access the Windows Shortcut File (LNK) format
NINA - NINA: No Injection, No Allocation x64 Process Injection Technique
peafowl - High performance Deep Packet Inspection (DPI) framework to identify L7 protocols and extract and process data and metadata from network traffic.
libelfmaster - Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
ftrace - POSIX Function tracing
dsym_obfuscate - Obfuscates dynamic symbol table
nDPI - Open Source Deep Packet Inspection Software Toolkit
armpatched - clone of armadillo patched for windows
CreateFile_based_rootkit -
Shellcode-In-Memory-Decoder - A simple C implementation to decoded your shellcode and writes it directly to memory
hotwax - Coverage-guided binary fuzzing powered by Frida Stalker
Nougat_dlfunctions -
byopen - 🎉A dlopen library that bypasses mobile system limitation
OpenWAF - Web security protection system based on openresty
faxhell - A Bind Shell Using the Fax Service and a DLL Hijack
Impost3r - 👻Impost3r -- A linux password thief
Gh0st - 远控源码
bypass_disablefunc_via_LD_PRELOAD - bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
mimikatz - A little tool to play with Windows security
PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
sandboxie - The Sandboxie application
NtLua - Lua in kernel-mode because why not.
MailJack -
bline - Naver LINE VoIP reversing stuff
WindTerm - A quicker and better cross-platform SSH/Sftp/Shell/Telnet/Serial client.
nccfsas - Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.
checkm8-a5 - checkm8 port for S5L8940X/S5L8942X/S5L8945X
ctftool - Interactive CTF Exploration Tool
ipftrace2 - A packet oriented Linux kernel function call tracer
hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
spoolsystem - Print Spooler Named Pipe Impersonation for Cobalt Strike
KatroLogger - KeyLogger for Linux Systems
shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
HyperDbg - The HyperDbg project is a hypervisor-based, kernel-mode, and user-mode debugger that aims to bring innovative ideas to the debuggers world!
gatekeeper - First open-source DDoS protection system
PoC - PoC of CVE/Exploit
robotgo - RobotGo, Go Native cross-platform GUI automation @vcaesar
thc-hydra - hydra
enumy - Linux post exploitation privilege escalation enumeration
ios-inject-custom - Example showing how to use Frida for standalone injection of a custom payload
AUTO-EARN - 一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
Android_InlineHook - Android内联hook框架
keychaindump - A proof-of-concept tool for reading OS X keychain passwords
tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
snoopy - Snoopy is a small library that logs all program executions on your Linux/BSD system (a.k.a. Snoopy Logger).
kirandomtpm - Get random bytes from the TPM (tool + BCrypt RNG provider)
CTFENV - 为应对CTF比赛而搭建的各种环境
RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
SystemToken - Steal privileged token to obtain SYSTEM shell
getSystem - webshell下提权执行命令 Reference:https://github.com/yusufqk/SystemToken
ldns - LDNS is a DNS library that facilitates DNS tool programming
lulzbuster - A very fast and smart web directory and file enumeration tool written in C.
CVE-2020-0796 - CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
passcat - Passwords Recovery Tool
domainWeakPasswdCheck - 内网安全·域账号弱口令审计
AssetManage -
Shuriken - Offensive Android Kernel on Steroids - Shuriken is an Android kernel for Oneplus 5/5T which supports multiple features for pentesting.
adduser - Programmatically create an administrative user under Windows
ssocks - build static ssocks by cmake,cross build ssocks
rdp2tcp - rdp2tcp: open tcp tunnel through remote desktop connection.
ptrace-burrito - a friendly wrapper around ptrace
SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
Headshot - NGINX module to allow for RCE through a specific header
scrcpy - Display and control your Android device
ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
smartdns - A local DNS server to obtain the fastest website IP for the best Internet experience，一个本地DNS服务器，获取最快的网站IP，获得最佳上网体验。
Dumpert - LSASS memory dumper using direct system calls and API unhooking.
wasm-fuzzing-demo - Demos of and walkthroughs on in-browser fuzzing using WebAssembly
FastHook - Android ART Hook
Keylogger - A simple keylogger for Windows, Linux and Mac
antispy - AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.
tracee - Linux Runtime Security and Forensics using eBPF
igoat - OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
graftcp - A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
xmake - 🔥 A cross-platform build utility based on Lua
massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
rifiuti2 - Windows Recycle Bin analyser
kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
rdpscan - A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.
cve-2019-5736-poc - Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)
HashCheck - HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org
zju-icicles - 浙江大学课程攻略共享计划
endlessh - SSH tarpit that slowly sends an endless banner
netfilter-full-cone-nat - A kernel module to turn MASQUERADE into full cone SNAT
HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Windows Driver
BlockRDPBrute - [HIPS]RDP(3389)爆破防护
getshell - 各大平台提权工具
wazuh - Wazuh - The Open Source Security Platform
Introduction-to-Computer-Systems - Course : Introduction to Computer Systems
sway - i3-compatible Wayland compositor
badvpn - NCD scripting language, tun2socks proxifier, P2P VPN
UnixTools - 一些处理数据的Unix小工具，支持管道操作。
n2n - A development branch of the n2n p2p vpn software
p0f-mtu - p0f with patches to save MTU value and export it via API (for VPN detection)
BinExp - Linux Binary Exploitation
fi6s - IPv6 network scanner designed to be fast
MacType-Patch - MacType Patch for DirectWrite Hook
RaspberryPiPkg - DEPRECATED - DO NOT USE | Go here instead ->
https_dns_proxy - A lightweight DNS-over-HTTPS proxy.
tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
axeldown-core - 基于axel-webm的优化项目. 通过webui调用axel进行下载
snort-rules - An UNOFFICIAL Git Repository of Snort Rules(IDS rules) Releases.
process-inject - 在Windows环境下的进程注入方法：远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
sumatrapdf - SumatraPDF reader
zogvm - zogna video manager
virgo - ♍💻💻💻💻 Virtual desktops for Windows
netdata - Real-time performance monitoring, done right! https://www.netdata.cloud
MBE - Course materials for Modern Binary Exploitation by RPISEC
execve_exploit - Hardcore corruption of my execve() vulnerability in WSL
Linux-NetSpeed - BBR+BBR魔改+Lotsever(锐速)一键脚本 for Centos/Debian/Ubuntu
ProcDump-for-Linux - A Linux version of the ProcDump Sysinternals tool
eoip - EoIP/EoIPv6 for *nix.
general - general mode via module loading
3proxy - 3proxy - tiny free proxy server
electra - Electra iOS 11.0 - 11.1.2 jailbreak toolkit based on async_awake
dnscrypt-proxy - DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)
awesome-nginx - A curated list of awesome Nginx distributions, 3rd party modules, Active developers, etc.
AppProtect - 整理一些app常见的加固方法，包括java层、native层和资源文件加固等
CTF-All-In-One - CTF竞赛权威指南
vlmcsd - KMS Emulator in C (currently runs on Linux including Android, FreeBSD, Solaris, Minix, Mac OS, iOS, Windows with or without Cygwin)
motion - Motion, a software motion detector. Home page: https://motion-project.github.io/
mpv - 🎥 Command line video player
tinc - a VPN daemon
linux-exploit-development-tutorial - a series tutorial for linux exploit development to newbie.
krackattacks-test -
UACME - Defeating Windows User Account Control
tinyproxy - tinyproxy - a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
krackattacks-scripts -
icmp-backdoor - Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.
KernelPCC - PCC is a new approach for TCP congestion control base on real-time performance analysis. This is a kernel implementation of it.
tcp_china - TCP China congestion control algorithm
AderXCoding - 介绍各类语言，库，系统编程以及算法的学习
tcpcopy - An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc
Web-Application-Firewall - Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.
dsptunnel - IP over audio tunnel
unit - Unit 中文文档源，每 24 小时与官方同步。中文文档请点README_CN.md。
Pentest - tools
ngrok-c - ngrok client for c language,Due to the use of GO ngrok language development, porting to embedded devices some inconvenience, such as openwrt, so use C language rewrite a client. Very mini, the need to support polarssl library.
sniproxy - Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
wireguard-monolithic-historical - Historical monolithic WireGuard repository, split into wireguard-tools, wireguard-linux, and wireguard-linux-compat.
tcpkit - the tcpkit was designed to make network packets programable with Lua script
LocateIP - 高效的IP数据库解析库
net-speeder - net-speeder 在高延迟不稳定链路上优化单线程下载速度
vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5
axel - Lightweight CLI download accelerator
kcp - ⚡ KCP - A Fast and Reliable ARQ Protocol
gps-sdr-sim - Software-Defined GPS Signal Simulator
keepassxc-debian - Debian source package for the KeePassXC password manager.
Android_Kernel_CVE_POCs - A list of my CVE's with POCs
ios-kexec-utils - boot LLB/iBoot/iBSS/iBEC image from a jailbroken iOS kernel
filewatcher - A simple auditing utility for macOS
HSEVD-ArbitraryOverwrite - HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit
sudo-CVE-2017-1000367 -
kcptun-raw - Kcptun with raw socket and fake TCP headers.
Invoke-Vnc - Powershell VNC injector
icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.
shujit - Java Just-in-Time Compiler for x86 processors
exploit-CVE-2017-7494 - SambaCry exploit and vulnerable container (CVE-2017-7494)
linux-4.8.0-netfilter_icmp - Anatomy of a linux kernel development
heap-exploitation - This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
AD-control-paths - Active Directory Control Paths auditing and graphing tools
GoodbyeDPI - GoodbyeDPI—Passive Deep Packet Inspection blocker and Active DPI circumvention utility (for Windows)
pcileech - Direct Memory Access (DMA) Attack Software
DoubleAgent - Zero-Day Code Injection and Persistence Technique
wanakiwi - Automated wanadecrypt with key recovery if lucky
ssh-mitm - SSH man-in-the-middle tool
linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
Adafruit-GPIO-Halt - Press-to-halt program for headless Raspberry Pi. Similar functionality to the rpi_power_switch kernel module from the fbtft project, but easier to compile (no kernel headers needed).
mptunnel - MPUDP Tunnel (User space MultiPath UDP)
Rhme-2016 - Rhme2 challenge (2016)
UnmanagedPowerShell - Executes PowerShell from an unmanaged process
injectopi - A set of tutorials about code injection for Windows.
demos - Demos of various injection techniques found in malware
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
post-exploitation - Post Exploitation Collection
smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)
esp8266_deauther - Affordable WiFi hacking platform for testing and learning
eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
scap - Network Sniffer (Scan and Capture Incoming Packets)
StringBleed-CVE-2017-5135 - Stringbleed The CVE 2017-5135 SNMP authentication bypass, created and reserved for this issue, vulnerability type: Incorrect Access Control.
ncrack - Ncrack network authentication tool
windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
Android-Inline-Hook - thumb16 thumb32 arm32 inlineHook in Android
cve-2015-6639 - QSEE Privilege Escalation Exploit using PRDiag* commands (CVE-2015-6639)
inetutils - the copy of https://git.savannah.gnu.org/cgit/inetutils.git/ with knali support
mtr - Official repository for mtr, a network diagnostic tool
libproofofwork - Simple hash-mining c library and its python binding.
wifi_crack_windows - wifi crack project for windows
NTDSDumpEx - NTDS.dit offline dumper with non-elevated
android_security - Public Android Vulnerability Information (CVE PoCs etc)
winafl - A fork of AFL for fuzzing Windows binaries
f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API.
pentestkoala - Modified dropbear server which acts as a client and allows authless login
john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
firejail - Linux namespaces and seccomp-bpf sandbox
SE315-OperatingSystem - SJTU-SE315 Operating System labs from MIT 6.828, by a SE12er.
passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
android_kernel_crash_poc -
USG - The USG is Good, not Bad
ossec-hids - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
mimipenguin - A tool to dump the login password from the current linux user
How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++
Learn-Algorithms - 算法学习笔记
wrk - Modern HTTP benchmarking tool

C# (352)

ProcDumpEx - ProcDumpEx = ProcDump in batch mode
ExternalC2.NET - .NET implementation of Cobalt Strike's External C2 Spec
Masuit.Tools -
ExternalC2 - A library for integrating communication channels with the Cobalt Strike External C2 server
AH2021Workshop - Malware development for red teaming workshop
Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
ImpulsiveDLLHijack - C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
PowerShx - Run Powershell without software restrictions.
SpoolSample - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.
Shellcode-Injection-Techniques - A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV.
Suspended-Thread-Injection - Another meterpreter injection technique using C# that attempts to bypass Defender
SchTask_0x727 - 创建隐藏计划任务，权限维持，Bypass AV
ProxyValidator - 用C#开发的简单的多线程代理验证工具。
SharpView - C# implementation of harmj0y's PowerView
paradox-compress - Paper and Demo Implementation of Paradoxical Compression with VDF
Foxmail-Password-Recovery -
sddl-parser - Security Descriptor Definition Language (SDDL) Parser
Pass-to-hash-EWS -
HellgateLoader_CSharp - Load shelcode via HELLGATE, rewrite hellgate for learning purpose.
SharpDPAPI - SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
Eternalblue - Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
SharpJfmaesWorkshop - things I learned from @jfmaes's .NET reflection workshop - thank you for the great workshop
LiquidSnake - LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
CSharpRepl - A command line C# REPL with syntax highlighting – explore the language, libraries and nuget packages interactively.
Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
SharpADUserIP - 提取DC日志，快速获取域用户对应IP地址
SharpSpray - Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.
RestrictedAdmin - Remotely enables Restricted Admin Mode
xlsxPoison - Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin)
WeaponisingCSharp-Fundamentals - Weaponising C# - Fundamentals Training Content
fakelogonscreen - Fake Windows logon screen to steal passwords
csload.net - 一个cobaltstrike shellcode加载器，过国内主流杀软
UAC-SilentClean - New UAC bypass for Silent Cleanup for CobaltStrike
Reg1c1de - Registry permission scanner written in C# for finding potential privesc avenues within registry
SharpBeacon - CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
Upsilon - Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
EDD - Enumerate Domain Data
HTTPS_CSharp_Server - Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C# xref. https://www.codeproject.com/Articles/93301/Implementing-a-Multithreaded-HTTP-HTTPS-Debugging
OSEP-Code-Snippets - A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
smb2os - Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
SharpStrike - A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
bantam - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
MiniDump - C# Lsass parser
SharpCryptPermute - Crypt/Decrypt Proxyshell Payload
SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
SharpSocks - Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
SigFlip - SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
BeaconEye - Hunts out CobaltStrike beacons and logs operator command output
SharpC2 - Command and Control Framework written in C#.
ForgeCert - "Golden" certificates
Certify - Active Directory certificate abuse.
DeployPrinterNightmare - C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
SharpWMI - SharpWMI is a C# implementation of various WMI functionality.
ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
Bypass - 免杀测试（替换图片链接即可使用）
EfsPotato - Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
subTee-gits-backups - subTee gists code backups
BadAssMacros - BadAssMacros - C# based automated Malicous Macro Generator.
CVE-2021-36934 - C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM
Rubeus - Trying to tame the three-headed dog.
CIMplant - C# port of WMImplant which uses either CIM or WMI to query remote systems
Sharperner - Simple executable generator with encrypted shellcode.
DcRat - A simple remote tool written in C#. 一个简单的c#远控
roslyn - The Roslyn .NET compiler provides C# and Visual Basic languages with rich code analysis APIs.
LittleCorporal - LittleCorporal: A C# Automated Maldoc Generator
LogFactory - 企业日志分析工具
SharpSword - Read the contents of DOCX files using Cobalt Strike's Execute-Assembly
CheeseTools - Self-developed tools for Lateral Movement/Code Execution
SharpExcelibur - Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly
LoGiC.NET - A more advanced free and open .NET obfuscator using dnlib.
ADHuntTool - official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
DInvoke_shellcodeload_CSharp - ShellCodeLoader via DInvoke
SharpProxyLogon - C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
Vanara - A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
FireFox-Thief - 🦊 Decrypt gecko based browsers passwords, cookies, history, bookmarks.
FirePwd.Net - Password reader for Mozilla Firefox and Thunderbird
NET-Obfuscate - Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI
CVE-2021-24085 -
CVE-2021-1675 - C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
FSWatch - File System Watcher via C# (Monitoring File Activity , Create/Delete/Change/Rename events + some Activity like Size/Attribute/Security Changes & LastAccess, LastWrite etc...)
RunPE - C# Reflective loader for unmanaged binaries.
SharpDump - SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
SharpHook - SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
ImproHound - Identify the attack paths in BloodHound breaking your AD tiering
SharpUnhooker - C# Based Universal API Unhooker
AsyncSockets - Example of async client/server sockets in .NET 5
shepard - In progress persistent download/upload/execution tool using Windows BITS.
ManagedInjector - A C# DLL injection library
ad-password-protection - Active Directory password filter featuring breached password checking and custom complexity rules
NtdsAudit - An Active Directory audit utility
SharpRDPDump - Create a minidump of TermService for clear text pw extraction
COMInterop - Example on how to consume a COM server from a .NET client and a .NET server from a COM client. Examples are for both using the Registry and for RegFree.
SyscallAmsiScanBufferBypass - AmsiScanBufferBypass using D/Invoke
SharpShares - Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
DomainBorrowing - Domain Borrowing PoC
DomainBorrowingC2 -
PentestBro - Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration.
SharpNukeEventLog - nuke that event log using some epic dinvoke fu
SharpDetectionNTLMSSP - 利用 NTLMSSP 探测 Windows 信息
inotify - 一个简易消息通知系统，支持企业微信、电报机器人、邮件推送、内置BARK推送、钉钉群机器人、飞书群机器人，类似Server酱，支持私有Docker部署
Evasor - A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
SharpNamedPipePTH - Pass the Hash to a named pipe for token Impersonation
DoUCMe -
SharpNoPSExec - Get file less command execution for lateral movement.
CertStealer - A .NET tool for exporting and importing certificates without touching disk.
JsLoader - js免杀shellcode，绕过杀毒添加自启
InveighZero - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
SharpWebServer - Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
SharpOSS - Quickly upload files to aliyun OSS by aliyun-oss-csharp-sdk
Sharp-SMBExec - SMBExec C# module
STPortScanner - [端口扫描器] 采用.NET开发的端口扫描器支持端口协议探测内置多种类型扫描器 TCP/UDP/SYN/SMB/ICMP 等采用IOCP模型开发性能表现不错可视为轻量级NMAP
TaskScheduler - Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.
SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
Sharp-HackBrowserData - C# binary with embeded golang hack-browser-data
exec - Use current thread token to execute command
RDODecrypt - Remote Desktop Organizer 密码破解
UuidShellcodeExec - PoC for UUID shellcode execution using DInvoke
WMIReg - PoC to interact with local/remote registry hives through WMI
ProxySU - Xray,V2ray，Trojan，NaiveProxy, Trojan-Go, ShadowsocksR(SSR),Shadowsocks-libev及相关插件,MTProto+TLS 一键安装工具，windows下用（一键科学上网）
physmem2profit - Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
BruteShark - Network Analysis Tool
bypass-clm - PowerShell Constrained Language Mode Bypass
MaliciousClickOnceMSBuild - Basic C# Project that will take an MSBuild payload and run it with MSBuild via ClickOnce.
OffensivePipeline - OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
Farmer -
DotNetToJScriptMini - A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
Sharpmad - C# version of Powermad
SharpLAPS - Retrieve LAPS password from LDAP
AzureC2Relay - AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.
Dendrobate - Managed code hooking template.
HttpRquestPlayer - This small utility could help you to find authorization bugs.
SharpSMBSpray - Spray a hash via smb to check for local administrator access
WhetherMysqlSham - 检测目标Mysql数据库是不是蜜罐
ShadowUser - 影子用户克隆
EvtMute - Apply a filter to the events being reported by windows event logging
WPCracker - WordPress pentest tool
CVE-2020-0688 - Exploit and detect tools for CVE-2020-0688
SharpSphere - .NET Project for Attacking vCenter
CovenantTasks - Source for tasks I have used with Covenant
dvta - Damn Vulnerable Thick Client App developed in C# .NET
SharpSQLTools - SharpSQLTools 和@Rcoil一起写的小工具，可上传下载文件，xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。
BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
SharpKatz - Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
SharpTask - SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
Carnivore - Microsoft External Attack Tool
Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
SharpBypassUAC - C# tool for UAC bypasses
WSuspicious - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
nopowershell - PowerShell rebuilt in C# for Red Teaming purposes
Asteroid - 💫 CTF AWD 实时 3D 攻击大屏
EWSToolkit - Abusing Exchange via EWS
solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
CVE-2020-17144 - weaponized tool for CVE-2020-17144
CVE-2020-17144-EXP - Exchange2010 authorized RCE
DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
SharpMapExec -
SSCMS_Decrypt - sscms database decrypt
EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
CSharp-Tools - .NET C# Tools
SharpGetTitle - SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器
SignHackTool - Sign your file with expired certificates
RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
lively - Free and open-source software that allows users to set animated desktop wallpapers and screensavers.
RevokeMsgPatcher - A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁（我已经看到了，撤回也没用了）
SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
DInvisibleRegistry - DInvisibleRegistry
DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
DllExport - .NET DllExport with .NET Core support (aka 3F/DllExport aka DllExport.bat)
DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
OfficePurge -
360SafeBrowsergetpass - 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具，用于节省红队工作量，通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
BLE_HackMe - Bluetooth Low Energy hardware-less HackMe
Fusion - 🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)
ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
StandIn - StandIn is a small .NET35/45 AD post-exploitation toolkit
AggressiveProxy - Project to enumerate proxy configurations and generate shellcode from CobaltStrike
Scan-and-Clean-Macro-Virus - Scan and clean specific Macro Virus, #C Sharp
RedTeamCSharpScripts - C# Script used for Red Team
CMWTAT_Digital_Edition - CloudMoe Windows 10 Activation Toolkit get digital license, the best open source Win 10 activator in GitHub. GitHub 上最棒的开源 Win10 数字权利（数字许可证）激活工具！
xamarin-security-scanner - A tool to find security vulnerabilities in Xamarin.Android apps.
KerberosRun - A little tool to play with Kerberos.
SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments
DotNetToJScript - A tool to create a JScript file which loads a .NET v2 assembly from memory.
AggressiveGadgetToJScript - A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
Gopher - C# tool to discover low hanging fruits
SharpAdidnsdump - c# implementation of Active Directory Integrated DNS dumping (authenticated user)
DecryptRDCManager - .NET 4.0 Remote Desktop Manager Password Gatherer
SharpSQLDump - 内网渗透中快速获取数据库所有库名，表名，列名。具体判断后再去翻数据，节省时间。适用于mysql，mssql。
CobaltStrikeScan - Scan files or process memory for CobaltStrike beacons and parse their configuration
SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation.
Rubeus - Trying to tame the three-headed dog.
Fork-n-Run -
Zolom - C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed
GRAT2 - We developed GRAT2 Command & Control (C2) project for learning purpose.
LOLBITS - C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords..
MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement
SharpBuster - SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and similar tools, when running a similar tool over a SOCKS proxy is not feasible.
APSoft-Web-Scanner-v2 - Powerful dork searcher and vulnerability scanner for windows platform
SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
Chromely - Build HTML Desktop Apps on .NET/.NET Core/.NET 5 using native GUI, HTML5, JavaScript, CSS
webview_csharp - C# bindings for zserge/webview - Batteries included
LNKMod - C# project to create or modify existing LNKs
Open.NAT - Lightweight and easy-to-use class library to allow port forwarding in NAT devices with UPNP and/or PMP
GetPwd - 用CSharp写的一款信息搜集工具，目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密
MysqlT - 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
MiscTools - Miscellaneous Tools
CSharpWinRM - .NET 4.0 WinRM API Command Execution
DirSync-Poc - A PoC that uses the DirSync protocol to poll Active Directory for changes
SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
SharpHound2 - The Old BloodHound C# Ingestor (Deprecated)
CsharpAmsiBypass - C# loader for msfvenom shellcode with AMSI bypass
AduSkin - A Beautiful WPF Control UI
SMBLibrary - Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library
smtp4dev - smtp4dev - the fake smtp email server for development and testing
ProcessInjection - This program is designed to demonstrate various process injection techniques
SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet
pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
ProxyPunch - Finding SSL Blindspots for Red Teams
SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
GG-AESY - Hide cool stuff in images :)
WebSocketRemoteControl - Remote Control With WebSocket
Carbuncle - Tool for interacting with outlook interop during red team engagements
PowerLine -
SharpSearch - Search files for extensions as well as text within.
FunWithAMSI - A repo to hold any bypasses I work on/study/whatever
SharpDllProxy - Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
TrustJack - Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
Costura - Embed references as resources
KsDumper - Dumping processes using the power of kernel space !
ADSearch - A tool to help query AD via the LDAP protocol
SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
git-credential-manager - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
Telemetry - WINDOWS TELEMETRY权限维持
Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
sitrep -
Clippi-B -
Covenant_Alternate - Covenant is a collaborative .NET C2 framework for red teamers.
ShellcodeLoader - 将shellcode用rsa加密并动态编译exe，自带几种反沙箱技术。
SharpCompile - SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing using beacon's 'execute-assembly' in seconds.
ILMerge - ILMerge is a static linker for .NET Assemblies.
SearchOutlook - A C# tool to search through a running instance of Outlook for keywords
BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
sharpwmi - sharpwmi是一个基于rpc的横向移动工具，具有上传文件和执行命令功能。
SharpHellsGate - C# Implementation of the Hell's Gate VX Technique
AMSITrigger - The Hunt for Malicious Strings
BrowserGhost - 这是一个抓取浏览器密码的工具，后续会添加更多功能
ICU - quick 'n dirty poc based on PoC windows auth prompt in c# based on https://gist.githubusercontent.com/mayuki/339952/raw/2c36b735bc51861a37194971a5e944f22c94df7c/CredentialUI.cs
ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
CVE-2020-1206-POC - CVE-2020-1206 Uninitialized Kernel Memory Read POC
Sharp-Suite - Also known by Microsoft as Knifecoat 🌶️
EKFiddle - Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.
AV_Evasion_Tool - 掩日 - 免杀执行器生成工具
reconness - ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
MatryoshkaDollTool - MatryoshkaDollTool-程序加壳/捆绑工具
CVE-2020-3153 - Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal
SweetPotato_CS - 修改的SweetPotato，使之可以用于CobaltStrike v4.0
SharpRDPCheck - Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)
BlockEtw - .Net Assembly to block ETW telemetry in current process
HiveJack - This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM hives and once copied to the attacker machines provides option to delete these files to clear the trace.
SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
BadPotato - Windows 权限提升 BadPotato
SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
SharpeningCobaltStrike - in realtime v35/40 dotnet compiler for your linux Cobalt Strike C2. New fresh compiled and obfuscated binary for each use
ysoserial.net - Deserialization payload generator for a variety of .NET formatters
SweetPotato - Modifying SweetPotato to support load shellcode and webshell
SharpNetCheck -
Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
Elite - Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
zBang - zBang is a risk assessment tool that detects potential privileged account threats
DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
chocoProxy -
SilkETW -
gsudo - A Sudo for Windows - run elevated without spawning a new Console Host Window
Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
Ladon - 大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0
zh-fiddler - Fiddler Web Debugger 中文版
AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
wsManager - Webshell Manager
shellcat - ⚡️ ShellCat is a Reverse Shell Manager
SharpCheckInfo - 收集目标主机信息，包括最近打开文件，系统环境变量和回收站文件等等
p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
netch - A simple proxy client
USBCopyer - 😉 用于在插上U盘后自动按需复制该U盘的文件。”备份&偷U盘文件的神器”（写作USBCopyer，读作USBCopier）
Grouper2 - Find vulnerabilities in AD Group Policy
SharpBox - SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
Destroy-Windows-10-Spying - Destroy Windows Spying tool
EventLogParser - Parse PowerShell and Security event logs for sensitive information.
IISPowershellModule - IIS Handler for *.ps1 files
YaVipCore - Net Core Music Interface
duplicati - Store securely encrypted backups in the cloud!
kcptun-gui-windows - GUI for kcptun (https://github.com/xtaci/kcptun). (Need .NET framework 4.5)
CTFtools - 本项目主要搜集一些关于信息安全攻防相关的知识与工具，便于个人的渗透工作。
TestBaiduPassword - 百度网盘分享文件密码测试器
greenshot - Greenshot for Windows - Report bugs & features go here: https://greenshot.atlassian.net or look for information on:
JCS - Joomla Vulnerability Component Scanner
Locale-Emulator - Yet Another System Region and Language Simulator
WSSAT - WEB SERVICE SECURITY ASSESSMENT TOOL
ShareX - ShareX is a free and open source program that lets you capture or record any area of your screen and share it with a single press of a key. It also allows uploading images, text or other types of files to many supported destinations you can choose from.
SimpleDnsCrypt - A simple management tool for dnscrypt-proxy
Destroy-Windows-10-Spying - Destroy Windows Spying tool
PenCrawLer - An Advanced Web Crawler and DirBuster
WGestures - Modern mouse gestures for Windows. (C#)
knowte-windows - Note taking
MediaPortal-2 - Development of MediaPortal 2
VindicateTool - LLMNR/NBNS/mDNS Spoofing Detection Toolkit
NFCGUI - NFCGUI 一个万恶的无聊的Windows图形界面！ GUI for libnfc
DbgShell - A PowerShell front-end for the Windows debugger engine.
GitHubFolderDownloader - It lets you to download a single folder of a repository without cloning or downloading the whole repository.
adbGUI - Wrapper for Android Debug Bridge (ADB) written in C#
ApkToolBox - ApkTool Box，Apk集成反编译工具箱
mV2RayConfig -
UPnP-Pentest-Toolkit - UPnP Pentest Toolkit for Windows
KeeTrayTOTP - Tray TOTP Plugin for KeePass2.
KeePassQRCodeView - KeePass 2.x plugin which shows QR Codes for entry fields.
ShellLink - A .NET Class Library for processing ShellLink (LNK) files
FangMomFucker - FangMomFucker 原作者代码的备份
SyncTrayzor - Windows tray utility / filesystem watcher / launcher for Syncthing
RunShellcode - .NET GUI program that runs shellcode
ChromeUpdater - :)
Arthas-WPFUI - WPF 控件库，支持 .Net Core 3 + & .Net 4.6.2 +
ChromeAutoUpdate - 一个自动更新chrome的小工具
7Zip4Powershell - Powershell module for creating and extracting 7-Zip archives
PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.
CASCExplorer - CASCExplorer
WopiHost - Office Online Server Wopi Host implement, No need Cobalt. Support DOCX, XLSX, PPTX online editing.
cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
Social-Engineering-Payloads - Collection of social engineering payloads
R10 - Lightweight Ransomware @Choudai
awesome-dotnet-core - 🐝 A collection of awesome .NET core libraries, tools, frameworks and software
Windows-Event-Log-Messages - Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber
Phalanger - PHP 5.4 compiler for .NET/Mono frameworks. Predecessor to the opensource PeachPie project (www.peachpie.io).
cs2php - C# to PHP compiler
SSMSPwd - SQL Server Management Studio(SSMS) saved password dumper
flatpipes - A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.
KeeAnywhere - A cloud storage provider plugin for KeePass Password Safe
sandbox-attacksurface-analysis-tools - Set of tools to analyze Windows sandboxes for exposed attack surface.
SuperSQLInjectionV1 - 超级SQL注入工具（SSQLInjection）是一款基于HTTP协议自组包的SQL注入工具,采用C#开发，直接操作TCP会话来进行HTTP交互，支持出现在HTTP协议任意位置的SQL注入，支持各种类型的SQL注入，支持HTTPS模式注入；支持以盲注、错误显示、Union注入等方式来获取数据；支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite/Informix等数据库；支持手动灵活的进行SQL注入绕过，可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计，需要使用人员对SQL注入有一定了解。
Altman - the cross platform webshell tool in .NET
Altman - the cross platform webshell tool in .NET
ip2region - Ip2region is a offline IP location library with accuracy rate of 99.9% and 0.0x millseconds searching performance. DB file is ONLY a few megabytes with all IP address stored. binding for Java,PHP,C,Python,Nodejs,Golang,C#,lua. Binary,B-tree,Memory searching algorithm
Windows-Hacks - Creative and unusual things that can be done with the Windows API.
Cowboy - Cowboy.Sockets is a C# library for building sockets based services.
MongoCola - A MongoDB Administration Tool

C++ (338)

MultiPotato -
CFB - Canadian Furious Beaver is a tool for monitoring IRP handler in Windows drivers, and facilitating the process of analyzing, replaying and fuzzing Windows drivers for vulnerabilities
fhex - A Full-Featured HexEditor compatible with Linux/Windows/MacOS
hyenae-ng - Hyenae NG is an advanced cross-platform network packet generator and the successor of Hyenae. It features full network layer spoofing, pattern based address randomization and flood detection breaking mechanisms.
nosferatu - Lsass NTLM Authentication Backdoor
ProfSvcLPE -
StopDefender - Stop Windows Defender programmatically
StealAllTokens - This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
lsarelayx - NTLM relaying for Windows made easy
WechatExporter - Wechat Chat History Exporter 微信聊天记录导出程序
iMonitorSDK - 系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）
AntiFrida - 通过内存特征检测frida
ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
aDLL -
160-Crackme - 对160个Crackme的详细分析记录
CallbackHell - Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
networkit - NetworKit is a growing open-source toolkit for large-scale network analysis.
ntfstool - Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
MagnusKatz - Research project for understanding how Mimikatz work and being better at C
Firewall_Walker_BOF - A BOF to interact with COM objects associated with the Windows software firewall.
ShellcodeFluctuation - An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
PyDomainExtractor - Highly optimized domain name extraction library written in C++
btop - A monitor of resources
SyscallNumberFinder -
RemoteDebugView - A DLL that serves OutputDebugString content over a TCP connection
unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
winrmdll - C++ WinRM API via Reflective DLL
Yagi - Yet Another Ghidra Integration for IDA
bypass-BeaconEye - bypass BeaconEye
CloneX_0x727 - 进行克隆用户、添加用户等账户防护安全检测的轻巧工具
evasion - Windows packer
CobaltStrike_CNA - 使用多种WinAPI进行权限维持的CobaltStrike脚本，包含API设置系统服务，设置计划任务，管理用户等。
RemoteMemorymodule - Load the evilDLL from socket connection without touch disk
Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
amsi-tracer - Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
RemCom - Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)
ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
keylogger - Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
PDBRipper - PDBRipper is a utility for extract an information from PDB-files.
microsocks11 - A cross-platform SOCKS5 library and server based on the microsocks project.
rr - Record and Replay Framework
DebugDetector -
ZLMediaKit - WebRTC/RTSP/RTMP/HTTP/HLS/HTTP-FLV/WebSocket-FLV/HTTP-TS/HTTP-fMP4/WebSocket-TS/WebSocket-fMP4/GB28181 server and client framework based on C++11
ShuiYing_0x727 - 检测域环境内，域机器的本地管理组成员是否存在弱口令和通用口令，对域用户的权限分配以及域内委派查询
concealed_position - Bring your own print driver privilege escalation tool
Windows-APT-Warfare - 著作《Windows APT Warfare：惡意程式前線戰術指南》各章節技術實作之原始碼內容
SqlKnife_0x727 - 适合在命令行中使用的轻巧的SQL Server数据库安全检测工具
e9patch - A powerful static binary rewriting tool
osxcross - Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android (Termux)
Hack_For_Intranet - 内网渗透相关总结
WindowsPatchDetector - Experimental: Windows .text section compare - disk versus memory
BlockSci - A high-performance tool for blockchain science and exploration
CobaltStrikeDetected - 40行代码检测到大部分CobaltStrike的shellcode
KernelForge - A library to develop kernel level Windows payloads for post HVCI era
pin_n_sieve - An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
RegExp - Registry Explorer - enhanced Registry editor/viewer
flare-wmi -
byeintegrity-uac - Bypass UAC by hijacking a DLL located in the Native Image Cache
FalconEye -
RdpCacheStitcher - RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
HiveNightmare - Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
lyra - A Very Low-Bitrate Codec for Speech Compression
CVE-2021-1732 - CVE-2021-1732 Microsoft Windows 10 本地提权漏研究及Poc/Exploit开发
Armariris - 孤挺花（Armariris） -- 由上海交通大学密码与计算机安全实验室维护的LLVM混淆框架
WechatDecrypt - 微信消息解密工具
Proxmark3GUI - A cross-platform GUI for Proxmark3 client | 为PM3设计的图形界面
PageTableInjection - Code Injection, Inject malicious payload via pagetables pml4.
TokenPlayer - Manipulating and Abusing Windows Access Tokens.
workflow - C++ Parallel Computing and Asynchronous Networking Engine
EVA - FUD shellcode Injector
JuicyPotato - Modifying JuicyPotato to support load shellcode and webshell
BlackDex - BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.
WeChatPCHook - 微信电脑机器人入门教程基于HOOK
CreateService - 创建服务持久化
forkatz - credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
AMSI-Provider - A fake AMSI Provider which can be used for persistence.
byeintegrity5-uac - Bypass UAC at any level by abusing the Task Scheduler and environment variables
ShellCodeObfuscator - Simple shellcode obfuscator using PYTHON and C / C++
CrossNet-Beta - 红队行动中利用白利用、免杀、自动判断网络环境生成钓鱼可执行文件。
JCTokenUtil - Windows访问令牌查看及利用工具
MicroBackdoor - Small and convenient C2 tool for Windows targets
DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC)
collabfuzz - CollabFuzz: A Framework for Collaborative Fuzzing
AUPK -
PE-Crypter - Simple runtime crypter in C/C++.
kvm-fuzz - PoC of fuzzing closed-source userspace binaries with KVM
herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
DccwBypassUAC - Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
PPLKiller - Tool to bypass LSA Protection (aka Protected Process Light)
samdump -
OpenArk - OpenArk is an open source anti-rookit(ARK) tool for Windows.
Z0FCourse_ReverseEngineering - Reverse engineering focusing on x64 Windows.
LCX - 自修改免杀lcx端口转发工具
ScyllaHide-IDA7.5 - ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool
AlternativeShellcodeExec - Alternative Shellcode Execution Via Callbacks
bearparser - Portable Executable parsing library (from PE-bear)
safetynet-fix - A universal fix for Google SafetyNet on Android devices with hardware attestation and unlocked bootloaders.
ygopro - KoishiPro
LsassSilentProcessExit - Command line interface to dump LSASS memory to disk via SilentProcessExit
Callback_Shellcode_Injection - POCs for Shellcode Injection via Callbacks
DuckMemoryScan - 检测绝大部分所谓的内存免杀马
Keylogger - Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture system screenshot and send to ftp server in given time.
kHypervisor_MsrEpt_Hook - VT Hook
hikvision-decrypter - A simple cross platform program written in C++ used for decrypting the configuration files created by Hikvision Security Cameras. Successor to my hikvision-xor-decrypter
dooked - DNS and Target HTTP History Local Storage and Search
Perfusion - Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
psc - E2E encryption for multi-hop tty sessions or portshells + TCP/UDP port forward
fastonosql - FastoNoSQL is a crossplatform Redis, Memcached, SSDB, LevelDB, RocksDB, UnQLite, LMDB, ForestDB, Pika, Dynomite, KeyDB GUI management tool.
ImHex - 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
Invisi-Shell - Hide your Powershell script in plain sight. Bypass all Powershell security features
CVE-2020-16938 - Bypassing NTFS permissions to read any files as unprivileged user.
openvmi - 鹏城实验室与北弓联合开发的VMI开源版本
vmpdump - A dynamic VMP dumper and import fixer, powered by VTIL.
ChromeTools - A collection of tools to abuse chrome browser
Cooolis-ms - Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking.
vuln_javascript - 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode (a JavaScript Execute Envirment which study browser vuln and how to write Shellcode ) ..
kbd-audio - Tools for capturing and analysing keyboard input paired with microphone capture 🎤⌨️
AggressorCNA - Cobalt Strike Aggressor Scripts
Jackalope - Binary, coverage-guided fuzzer for Windows and macOS
ollvm-tll - Ollvm+Armariris+LLVM 6.0.0
android_nfc_fuzzer -
inspectrum - Radio signal analyser
ShellcodeCompiler - Shellcode Compiler
shellcodeloader - shellcodeloader
C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
CVE-2020-1066-EXP - CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统
CTAP2-test-tool - Test tool for CTAP2 authenticators
CVE-2020-1034 - PoC demonstrating the use of cve-2020-1034 for privilege escalation
OpenCat-Old - A programmable and highly maneuverable robotic cat for STEM education and AI-enhanced services.
r77-rootkit - Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
NetworkExplorer - Windows Network Information
shellcode-to-dll - shellcode 异或加密并生成dll
rehex - Reverse Engineers' Hex Editor
rattler - Automated DLL Enumerator
DingTalk_Assistant - 钉钉助手，主要功能包括：聊天消息防撤回、程序多开、屏蔽频繁升级等。
XAPKDetector - APK/DEX detector for Windows, Linux and MacOS.
pigasus - 100Gbps Intrusion Detection and Prevention System
showstopper - ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
SuperDllHijack - SuperDllHijack：A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术，不再需要手工导出Dll的函数接口了
Shell_Protect - VM一键加壳/脱壳，全压缩，反调试等
dumper2020 - Yet another LSASS dumper
net_user_tools_bypass_hook_net.exe - 绕过net监控小工具集
FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
aqemu - Official AQEMU repository - a GUI for virtual machines using QEMU as the backend
apkstudio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
ProcMonXv2 - Process Monitor X v2
Raccine - A Simple Ransomware Vaccine
fluffi - FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A distributed evolutionary binary fuzzer for pentesters
efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation
netview - Netview enumerates systems using WinAPI calls
naiveproxy - Make a fortune quietly
hermes - A JavaScript engine optimized for running React Native.
DLLSpy - DLL Hijacking Detection Tool
aes-finder - Utility to find AES keys in running processes
linux-wallpaperengine - An attempt to make wallpaper engine wallpapers compatible with Linux
FuZZan - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
Manager - Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
MasterHide - MasterHide x64 Rootkit
KasperskyHook - Hook system calls on Windows by using Kaspersky's hypervisor
iblessing - iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
USO_Info_Leak - two heap address leak bugs in usosvc service
Windows-Setup-EoP -
vmpattack - A VMP to VTIL lifter.
CcRemote - 这是一个基于gh0st远程控制的项目，使自己更深入了解远控的原理，采用VS2017，默认分支hijack还在修改不能执行，master分支的项目可以正常的运行的，你可以切换到该分支查看可以执行的代码
Load_DLL -
NoVmp - A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
openrasp - 🔥Open source RASP solution
CheekyBlinder - Enumerating and removing kernel callbacks using signed vulnerable drivers
spectre - A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
sanitizers - AddressSanitizer, ThreadSanitizer, MemorySanitizer
srcinv - source code audit tool
CVE-2020-1313 - Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
my_vulnerabilities -
dazzleUP - A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
securitylab - Resources related to GitHub Security Lab
Primitives -
cryptoshark - Self-optimizing cross-platform code tracer based on dynamic recompilation
FUPK3-hook_kill - 本分支解决部分爱加密加固应用无法脱壳成功的问题。演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3
OXID_Find - OXID_Find by C++（多线程）通过OXID解析器获取Windows远程主机上网卡地址
CVE-2020-1362 - writeup of CVE-2020-1362
SavvyCAN - QT based cross platform canbus tool
rang - A Minimal, Header only Modern c++ library for terminal goodies 💄✨
RdpThief_tools - 窃取mstsc中的用户明文凭据
anti-debug -
bypass-uac -
Peinject_dll - cs peinject shellcode
snort3 - Snort++
exe_to_dll - Converts a EXE into DLL
deoptfuscator - Deobfuscator for Android Application
subconverter - Utility to convert between various subscription format
Cobaltstrike-atexec - 使得Cobaltstrike支持Atexec
BSF - Botnet Simulation Framework
UsoDllLoader - Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
latte-dock - Replacement dock for Plasma desktops, providing an elegant and intuitive experience for your tasks and plasmoids
juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
tag_converter -
tiny_tracer - A Pin Tool for tracing API calls etc
ksnip - ksnip the cross-platform screenshot and annotation tool
XPEViewer - PE file viewer/editor for Windows, Linux and MacOS.
Get-WeChat-DB - 获取目标机器的微信数据库和密钥，但是有很多bug需要解决，需要继续完善
metasploit-execute-assembly - Custom Metasploit post module to executing a .NET Assembly from Meterpreter session
BitsArbitraryFileMove - Microsoft Windows BITS Arbitrary File Move Local Privilege Escalation
anti-sandbox - Windows对抗沙箱和虚拟机的方法总结
CVE-2020-0787-EXP-ALL-WINDOWS-VERSION - Support ALL Windows Version
HttpInterface - Windows上C++封装的HTTP库，包含三种实现模式（WinInet、WinHttp、socket）
DLLhijack-ShellcodeLoader - DLLhijack winmm.dll
ReflectiveBase64DLL - This is a project to receive Base64 data and decode it in process
Mapping-injection - NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection
GetSystemEarlyBird - 这是一个直接取得系统权限的项目
FuzzGen -
serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
urldedupe - Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
anbox - Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system
RogueWinRM - Windows Local Privilege Escalation from Service Account to System
revp - (This shit doesn't even work properly) Reverse HTTP proxy that works on Linux, Windows, and macOS. Made with C++ and Boost.
WerTrigger - Weaponizing for privileged file writes bugs with windows problem reporting
serenity - The Serenity Operating System 🐞
invoker - Penetration testing utility and antivirus assessment tool.
crack_dexhelper - 梆梆企业加固详细逆向分析过程，包含两种对该加固的脱壳机（直接解密classes0.jar和基于frida hook）
MicroV - A micro hypervisor for running micro VMs
Qv2ray - ⭐ Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 ⭐
Socks5Server - Windows C/C++ Socks5 Server
SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
USTC-CS-Courses-Resource - ❤️**科学技术大学计算机学院课程资源(https://mbinary.xyz/ustc-cs/)
chineseocr_lite - 超轻量级中文ocr，支持竖排文字识别, 支持ncnn、mnn、tnn推理 ( dbnet(1.8M) + crnn(2.5M) + anglenet(378KB)) 总模型仅4.7M
FUPK3 - 演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3
IIS-Raid - A native backdoor module for Microsoft IIS (Internet Information Services)
FunnyMeterpreter - 与反病毒软件老大哥们的打闹日常
trojan - An unidentifiable mechanism that helps you bypass GFW.
Antivirus_R3_bypass_demo - 分别用R3的0day与R0的0day来干掉杀毒软件
NetUser - 使用windows api添加用户，可用于net无法使用时.分为nim版，c++版本，RDI版，BOF版。
lava - LAVA: Large-scale Automated Vulnerability Addition
Spray-AD - A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
lnav - Log file navigator
x64dbg-Plugin-Manager - Plugin manager for x64dbg
XOpcodeCalc - Opcode calculator
1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
binspector - A binary format analysis tool
HyperViper - Toolkit for Hyper-V security research
cutter - Free and Open Source Reverse Engineering Platform powered by rizin
Droidscope - A dynamic analysis platform for Android
lldbg - A lightweight native GUI for LLDB.
ds2 - Debug server for lldb.
ExtractMacho2 - IDA plugin to extract Mach-O binaries located in the disassembly or data
DobbyDrill - hook MachO file based on Dobby (NOT DONE)
veles - Binary data analysis and visualization tool
dumpDex - 💯一款Android脱壳工具，需要xposed支持, 易开发已集成该项目。
SwiftLaTeX - SwiftLaTeX, a WYSIWYG Browser-based LaTeX Editor
CodingInterviewsNotes - 涵盖C++ Primer 5th、 effective C++ 、 STL api和demos C++ 基础知识与理论、智能指针、C++11、 Git教程 Linux命令 Unix操作系统（进程、线程、内存管理、信号）计算机网络、数据结构（排序、查找）、数据库、、C++对象模型、设计模式、算法（《剑指offer》、leetcode、lintcode、hihocoder、《王道程序员求职宝典》）、面试题、嵌入式相关等
iOSREBook - 《iOS应用逆向与安全》随书源码
vnpy - 基于Python的开源量化交易平台开发框架
rssguard - RSS Guard is simple feed reader which supports RSS/ATOM/JSON and many web-based feed services.
raven - CobaltStrike External C2 for Websockets
SimpleRemoter - 基于gh0st的远程控制器：实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能，优化全部代码及整理排版，修复内存泄漏缺陷，程序运行稳定。项目代码仅限于学习和交流用途。
OpenCore-EFI - 我的黑苹果配置列表
srs - SRS is a simple, high efficiency and realtime video server, supports RTMP, WebRTC, HLS, HTTP-FLV, SRT and GB28181.
Dir_Scan_ByQT5 - qt实现仿御剑风格路径扫描工具，增加延时，代理池Bypass功能，同时支持批量扫描，附带简单whois信息搜集与端口扫描模块，界面更加美观。
SdoKeyCrypt-sys-local-privilege-elevation - CVE-2019-9729. Transferred from https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
pbb_crack - PBB视频解密
KikoPlay - KikoPlay - NOT ONLY A Full-Featured Danmu Player 不仅仅是全功能弹幕播放器
Arma-III-Chinese-Localization-Enhanced - 武裝行動3(Arma 3)官方中文潤飾、加強、在地化翻譯模組。
TrafficMonitor - 这是一个用于显示当前网速、CPU及内存利用率的桌面悬浮窗软件，并支持任务栏显示，支持更换皮肤。
TranslucentTB - A lightweight utility that makes the Windows taskbar translucent/transparent.
mactype - Better font rendering for Windows.
fu - fu stands for File to URL, a utility design to help you upload images/files and produce Markdown/HTML snippets with couple of clicks.
PCShare - PCShare是一款强大的远程控制软件，可以监视目标机器屏幕、注册表、文件系统等。
VwFirewall - 微盾®VirtualWall®防火墙整套源代码
gqrx - Software defined radio receiver powered by GNU Radio and Qt.
gnuradio - GNU Radio – the Free and Open Software Radio Ecosystem
MS16-032 - MS16-032(CVE-2016-0099) for SERVICE ONLY
quickviewer - A image/comic viewer application for Windows, Mac and Linux, it can show images very fast
MINT - Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
navicat-keygen - A keygen for Navicat
nysocks - Nysocks binds kcp and libuv to provide an aggressive tcp tunnel in nodejs.
vnote - A pleasant note-taking platform.
BatchRunTrayTool - A tray tool under windows to open any file by system default or any executable program.
CommandTrayHost - A command line program monitor systray for Windows
fatcat - FAT filesystems explore, extract, repair, and forensic tool
DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
tinyfecVPN - A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
UDPspeeder - A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction, possible for All Traffics(TCP/UDP/ICMP)
Exploit-CVE-2017-6008 - Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.
incubator-pagespeed-ngx - Automatic PageSpeed optimization module for Nginx
rtorrent - rTorrent BitTorrent client
qwinff - A Qt4/5 GUI Frontend for FFmpeg
tcpflow - TCP/IP packet demultiplexer. Download from:
SysExec - [Windows] Local Privilege Escalation - WebClient
token-priv - Token Privilege Research
notepad2-mod - LOOKING FOR DEVELOPERS - Notepad2-mod, a Notepad2 fork, a fast and light-weight Notepad-like text editor with syntax highlighting
udp2raw - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
ssf - Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
pipesocks - A pipe-like SOCKS5 tunnel system.
extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
twister-core - twister core / daemon
mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
Beagle_SDR_GPS - KiwiSDR: BeagleBone web-accessible shortwave receiver and software-defined GPS
i2pd - 🛡 I2P: End-to-End encrypted and anonymous Internet
hexed - Windows console-based hex editor
fastnetmon - FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
CodingInterviews - 剑指Offer——名企面试官精讲典型编程题
Stacer - Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web
HackSysDriverExploits -
psi - XMPP client
librime - Rime Input Method Engine, the core library
AV_Kernel_Vulns - Pocs for Antivirus Software‘s Kernel Vulnerabilities
captcha-break - captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.
From-System-authority-to-Medium-authority - Penetration test
ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
InjectProc - InjectProc - Process Injection Techniques [This project is not maintained anymore]
gargoyle - A memory scanning evasion technique
CascLib - An open-source implementation of library for reading CASC storages from Blizzard games since 2014
HElib - HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations for efficient homomorphic evaluation, focusing on effective use of ciphertext packing techniques and on the Gentry-Halevi-Smart optimizations.
wannakey - Wannacry in-memory key recovery
rocksutil - A c++ develop toolkit
security-research-pocs - Proof-of-concept codes created as part of security research done by Google Security Team.
libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
ARMv6m_Simulator - Simple Simulator of ARMv6m instructions
hidviz - A tool for in-depth analysis of USB HID devices communication
x64dbg - An open-source x64/x32 debugger for windows.
HookCase - Tool for reverse engineering macOS/OS X
poc-exp - poc or exp of android vulnerability
ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
OPCDE - OPCDE Cybersecurity Conference Materials
Richkware - Framework for building Windows malware, written in C++
network_backdoor_scanner - This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
InfectPE - InfectPE - Inject custom code into PE file [This project is not maintained anymore]
SISE_Traning_CTF_RE - SNST Traning RE Project .华软网络安全小组逆向工程训练营,尝试以CTF 的形式来使大家可以动手训练快速提升自己的逆向工程水平.CTF 的训练程序又浅到深,没有使用太复杂的算法,在逆向的过程中遇到的难关都是在分析病毒和破解中遇到的实际情况,注重于实用.训练营还包含有源代码文件,训练程序和思路.希望可以帮助小伙伴们入门逆向工程这个神奇的世界..
CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit
PiAUISuite - Raspberry PI AUI Suite
iaito - This project has been moved to:
koalaOS - x86 Microkernel
RpcView - RpcView is a free tool to explore and decompile Microsoft RPC interfaces
RedisStudio - RedisStudio Redis GUI client(tool) for windows
simhash - 中文文档simhash值计算

CMake (3)

ide-exp - ide后门
ModernCppStarter - 🚀 Kick-start your C++! A template for modern C++ projects using CMake, CI, code coverage, clang-format, reproducible dependency management and much more.
PothosSDR - Pothos SDR windows development environment

CSS (78)

deep_ethereum - 电子书：以太坊技术与实现
bazaar - Android security & privacy analysis for the masses
investigator - An online handy-recon tool
nemo_go - Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率，用Go语言完全重构了原Python版本。
Solitude - Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating user privacy within an app accessible for everyone.
PHP - PHP训练靶场
joplin-theme - My Joplin theme files, including userchrome.css and userstyles.css, as well as some markdown templates for my notes.
wazuh-docker - Wazuh - Docker containers
joplin-macos-native-theme - Native looking macOS theme for note taking app Joplin
nweb - web based nmap scan collection and search
clickjackingpoc - A Proof of Concept for Clickjacking Attacks
graphql-ide - ⚡️ GraphQL IDE - An extensive IDE for exploring GraphQL API's
BugBounty - RepoToStoreBugBountyInfo
Xerror - fully automated pentesting tool
CVE-2020-15999 - CVE-2020-15999
container-security-book -
macOS_Big_Sur_icons_replacements - Replacement icons for popular apps in the style of macOS Big Sur
Nessus-EN-2-CN - 将Nessus的英文版报告处理为中文版，能够在网页上预览，并导出为中文版CSV报告。导出的报告格式为“带有BOM的UTF-8编码”，可供测评能手等软件导入。
Typora-Themes - 全部Typora主题+自定义修改
push-to-kindle - 📘 A web-based tool for pushing documents to your lovely kindle.
JS-Scan - a .js scanner, built in php. designed to scrape urls and other info
bugbountytips - bugbountytips
vPrioritizer - vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerability/ties) they should remediate (or can afford not to) and on which (asset/s)
owasp-threat-dragon-desktop - An installable desktop variant of OWASP Threat Dragon
frida-boot - Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
SZhe_Scan - 碎遮SZhe_Scan Web漏洞扫描器，基于python Flask框架，对输入的域名/IP进行全面的信息搜集，漏洞扫描，可自主添加POC
banruo -
Reaper - 一款用于src资产信息收集的工具
LKWA - Lesser Known Web Attack Lab
vali-admin - Free Bootstrap 4 admin/dashboard template
powerauth-docker - Docker images for PowerAuth 2.0 Software
secure-mobile-development - A Collection of Secure Mobile Development Best Practices
repo-to-pdf - repository to pdf
hugo-theme-zozo - 🌟 A simple and beautiful theme for Hugo
vulnhub-writeups - Writeups for Vulnhub's boot2root machines that I've done
Webug4.0-Docker - Docker版本的Webug4.0
hexo-theme-nexmoe - 🔥 一个比较特别的 Hexo 主题
most-frequent-technology-english-words - 程序员工作中常见的英语词汇
iCSS - 不止于 CSS
Django-XSS-Platform -
SocialFish - Phishing Tool & Information Collector
Mojave-gtk-theme - Mojave is a macos Mojave like theme for GTK 3, GTK 2 and Gnome-Shell
using-docker-kubernetes-for-automating-appsec-and-osint-workflows - Repository for all the workshop content delivered at nullcon X on 1st of March 2019
w12scan - 🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
document-library - jsliang 的文档库. 里面包含了个人撰写的所有前端文章，例如 Vue、React,、ECharts、微信小程序、算法、数据结构等……
hugo-theme-even - 🚀 A super concise theme for Hugo https://blog.olowolo.com/example-site/
WebRange - 一个Web版的docker管理程序，可以用来运行各种docker漏洞环境和CTF环境。
pySecurity - Python tutorials
hexo-theme-suka - 🎨Modern, powerful and simple theme for Hexo.
tongleer_for_wordpress - tongleer_for_wordpress是一个Wordpress版本的WeiboForWordPress微博主题，又名TleWeiboForWordPress。
smartping - 综合性网络质量(PING)检测工具，支持正/反向PING绘图、互PING拓扑绘图与报警、全国PING延迟地图与在线检测工具等功能
w11scan - 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
ZVulDrill - Web漏洞演练平台
tintedarc - An XFCE custom arc and tint2 auto-themer, voila you have yourself a nice theme
CloudFlarePartner - CloudFlare partner website with python and flask
vimix-gtk-themes - Vimix is a flat Material Design theme for GTK 3, GTK 2 and Gnome-Shell etc.
ProgrammingFonts - This is a collection of programming fonts,just share this with the programmers.Now there are 103 kinds of fantastic fonts!
V2ray.Fun - 正在开发的全新 V2ray.Fun
hashview - A web front-end for password cracking and analytics
hangzhou_house_knowledge - 2017年买房经历总结出来的买房购房知识分享给大家，希望对大家有所帮助。买房不易，且买且珍惜。Sharing the knowledge of buy an own house that according to the experience at hangzhou in 2017 to all the people. It's not easy to buy a own house, so I hope that it would be useful to everyone.
CrookedStyleSheets - Webpage tracking only using CSS (and no JS)
kotlin-reference-chinese - Kotlin 官方文档（参考部分）中文版
wildfire - 🔥From a little spark may burst a flame.
dvna - Damn Vulnerable NodeJS Application
Apaxy - A simple, customisable theme for your Apache directory listing.
transmission-web-control - 一个 Transmission 浏览器管理界面。Transmission Web Control is a custom web UI.
QQ-Groups-Spider - QQ Groups Spider（QQ 群爬虫）
justdelete.me - A directory of direct links to delete your account from web services.
diy-online-privacy-starter - Chayn's Do It Yourself Online Safety guide helps women keep their online accounts and social profiles secure against harassment, and stalkers. This guide is open source.
Arukas-API - Arukas API 自动获取IP和端口，SSR服务器订阅，Arukas 监测启动
public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
Farbox-NexT - A hexo theme NexT for Farbox.
gitbook-use - 记录GitBook的一些配置及插件信息
cssicon - icon set made with pure css code, no dependencies, "grab and go" icons
tmt-workflow - A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
pd3 - 基于D3 v4+进行二次封装及扩展。示例来源于日常项目及客户提出的需求，转化成数据可视化。
hbase-manager - 可视化hbase数据库

Classic ASP (2)

fancyss - fancyss is a project providing tools to across the GFW on asuswrt/merlin based router.
webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell

Clojure (1)

burp-clj - clojure实现burp插件，提供clj脚本加载环境

CodeQL (3)

LookupInterface - CodeQL 寻找 JNDI利用 Lookup接口
codeql-debug -
github-java-ctf - Winning submission for the GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition

ColdFusion (1)

fixinator - ColdFusion / CFML Code Security Scanner

Dart (3)

flutter_mobile_command_tools - flutter写的桌面可视化操作android和ios的简单命令
cron_dingding - 钉钉自动打卡
bga_issue_blog - Flutter 或 Vue 全家桶（Vue + VueRouter + Vuex + Axios）抓取 GitHub 上的 Issues，结合 GitHub Pages 搭建个人博客站点，支持 GitHub 登录和评论

Dockerfile (47)

Nightingale - It's a Docker Environment of the KALI-linux having all the required tool for VAPT.
essays-on-data-science - In which I put together my thoughts on the practice of data science.
Drozer-Docker -
CTFDocker - This is a docker image for Capture The Flag and many useful and famous tools are on this image.
Dockerfile - Jumpserver all in one Dockerfile
AWDDocker - 标准化AWD靶场Docker
java-decompiler - A Docker image that combines the strength of four popular Java decompilers (CFR, Fernflower, Krakatau, and Procyon) 🚀🔨
phpsrc-debug-docker - Debug environment for PHP inside a Docker container. Document waiting to be completed.
elastdocker - 🐳 Elastic Stack (ELK) on Docker, with preconfigured Security, Tools, Self-Monitoring, and Prometheus Metrics. Up with a Single Command.
chameleon - 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
docker-reconftw - Docker image for reconftw, a simple script intended to perform a full recon on an objective with multiple subdomains
k8s-In-30Mins - Learn how to set up the Kubernetes cluster in 30 mins and deploy the application inside the cluster.
Damn-Vulnerable-WooCommerce-Plugins - This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities.
bento - Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.
docker-kunlun-mirror - 昆仑镜docker镜像
Pentest-In-Docker - Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
Openresty-WAF - Openresty with WAF installed
docker-sbt - Dockerfile for sbt (Scala build tool)
docker-php-workspace - PHP development environment for Docker
dockerized_fuzzing - Run fuzzing experiments in Docker
bheu19-attacking-cloud-builds - Slides, Cheatsheet and Resources from our Blackhat EU talk
BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
crossbuild - 🌍 multiarch cross compiling environments
hacker-container - Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
CVE-2020-9484 -
drozer-docker - Drozer (2.4.4) docker container
awesome-threat-modelling - A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
pentesting-dockerfiles - Pentesting/Bugbounty Dockerfiles.
docker-inurlbr - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. http://blog.inurl.com.br
docker-mara-framework - Unofficial Docker image for MARA Framework
ctf_xinetd - A docker repository for deploying pwnable challenges in CTF
docker-pxe - A virtualized implementation of PXE supported by DNSMasq
laradock - Full PHP development environment for Docker.
rapidscan-docker - Docker image of rapidscan
docker-nps -
CVE-2019-6467 - CVE-2019-6467 (BIND nxdomain-redirect)
Awesome-TTRSS - 🐋 Awesome TTRSS, a powerful Dockerised all-in-one RSS solution.
docker-shadowsocks-with-simple-obfs - shadowsocks-libev with simple-obfs
lnmp - 💻 🐳 🐘 🐬 🐧 🚀 Start Docker LNMP(LEMP) In less than 2 minutes Powered by Docker Compose. 让 PHP 开发者快速（一键）搭建基于容器技术（Docker、Kubernetes）的开发、测试、生产（CI/CD by Drone）环境.
docker-transmission -
rtorrent-rutorrent - Docker container with supervisor/rtorrent/nginx/ruTorrent 64/32 bit
docker-vulnerability-environment - Use the docker to build a vulnerability environment
Dockertools - Some tools based on docker
kms-server - a docker image for kms
docker-hacklab - My personal hacklab, create your own.
vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
openvas-docker - A Docker container for Openvas

Emacs Lisp (1)

configure - My dot files for Emacs, Openbox, XMonad, VIM, Golang, Zsh/Bash, tmux, URXVT, ArchLinux, Git, Ruby/Rails, Xbindkey, Vrome...

Erlang (1)

scannerl - The modular distributed fingerprinting engine

F# (2)

rest-api-fuzz-testing - REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows
Fetters - Port of Seatbelt in F#

Go (809)

androidqf - androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.
EXOCET-AV-Evasion - EXOCET - AV-evading, undetectable, payload delivery tool
kube-applier - kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.
monitor - 监控网站目录下的文件变更，通过钉钉机器人发送告警。
k8s-ldap-auth - Kubernetes webhook token authentication plugin implementation using ldap.
mutagen - Fast file synchronization and network forwarding for remote development
trojan-go - Go实现的Trojan代理，支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件，多平台，无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
sliver - Adversary Emulation Framework
soar - SQL Optimizer And Rewriter
frpc_android - frpc_android 最新版本0.35.1
go-mitmproxy - mitmproxy implemented with golang. 用 Golang 实现的中间人攻击（Man-in-the-middle），解析、监测、篡改 HTTP/HTTPS 流量。
NGLite - A major platform RAT Tool based by Blockchain/P2P.Now support Windows/Linux/MacOS
natpass - 新一代主机管理工具
gSigFlip - A SigFlip implement in golang
HTTPUploadExfil - A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
GC2-sheet - GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.
zipcreater - ZipCreater主要应用于跨目录的文件上传漏洞的利用，它能够快速进行压缩包生成。
cloud-native-security-book - 《云原生安全：攻防实践与体系构建》资料仓库
go-mimikatz - A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
hostscan - 自动化Host碰撞工具，帮助红队快速扩展网络边界，获取更多目标点
dorkscout - DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
ZipExec - A unique technique to execute binaries from a password protected zip
rotateproxy - 利用fofa搜索socks5开放代理进行代理池轮切的工具
henggeFish - 自动化批量发送钓鱼邮件（横戈安全团队出品）
EDRHunt - Scan installed EDRs and AVs on Windows
rdap - RDAP command line client
avbypass - 简单go加载器实现免杀360 火绒
cero - Scrape domain names from SSL certificates of arbitrary hosts
elktail - Command line utility to query, search and tail EL (elasticsearch, logstash) logs
chronos - Extract pieces of info from a web page's Wayback Machine history
fave - Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.
screencapture - D3D11 based screen sharing webserver via COM interop and IDXGIOutputDuplication
cDogScan - 多服务口令爆破、内网常见服务未授权访问探测，端口扫描
QueenSono - Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)
GoPurple - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
plution - Prototype pollution scanner using headless chrome
red-tldr - red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel with certain experience.
EvilEye - A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.
emmutaler - A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
caddy-docker-proxy - Caddy as a reverse proxy for Docker
Prox5 - 🧮 SOCKS5/4/4a 🌾 validating proxy pool for 🤽 LOLXDsoRANDum connections 🎋
dufflebag - Search exposed EBS volumes for secrets
degob - Go library/tool for viewing and reversing Go gob data [Moved to GitLab]
blocky - Fast and lightweight DNS proxy as ad-blocker for local network with many features
tun2socks - tun2socks - powered by gVisor TCP/IP stack
goblin - 一款适用于红蓝对抗中的仿真钓鱼系统
GoHead - Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info
knockknock - A simple reverse whois lookup tool which returns a list of domains owned by people or companies
dlevel - A tool get level of subdomain from 1....n
nipejs - Detects JavaScript leaks via regex patterns
dirtywords - A targeted word list generation tool
gojsx - Find juicy information inside javascript files.
fleex - Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.
darlene - This is a tool for fuzzing XSS vulnerabilities. It's based on genetic algorithm.
jsleak - a Go code to detect leaks in JS files via regex patterns
GoFilter - A tool to filter URLs by parameter count or size
fuzznav - parse ffuf & map endpoints to wordlists
fxr - 使用fscan联动Xray
FscanX - A Large killer focused on intranet scanning
Gososerial - 参考著名漏扫XRAY的代码，无需Java环境直接从二进制角度构造Ysoserial的Payload
docker-slim - DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
CVE-2021-26084 - 批量检测
selfhelp-iptables - 通过http api自助添加iptables白名单与黑名单的工具，防止nmap等程序的端口扫描和恶意主动探测，防止ssh、mysql等敏感服务受到攻击，并能对探测进行记录。
DarkGld - A tool for quickly generating fishing Trojan horse.
tprox - TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
apkreport - Generate CSV Reports of MobSF Results
dnstake - DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
http2smugl -
gus-proxy - "打一枪换一个地方" 一个HTTP代理
cdnParse -
allstar - GitHub App to set and enforce security policies
dnsmonster - Passive DNS Capture/Monitoring Framework
goverview - goverview - Get an overview of the list of URLs
cve-2021-34558 -
dismap - Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点
cube - 内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描
siprocket - Fast SIP and SDP Parser
grumble - A powerful modern CLI and SHELL
gokart - A static analysis tool for securing Go code
SourcePoint - SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
doge-getsys - An easy way to getsystem by golang.
replbot - Slack/Discord bot for running interactive REPLs and shells from a chat.
litter - Litter is a pretty printer library for Go data structures to aid in debugging and testing.
ThreatMapper - Identify vulnerabilities in running containers, images, hosts and repositories
andromanifest - AndroidManifest.xml parser written in go
sshpot - A simple ssh honey pot, fake ssh server that lets anyone to connect and monitor their activty
ContainerSSH - ContainerSSH: Launch containers on demand
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
saferwall - ☁️ Collaborative and Streamlined Threat Analysis at Scale
tarian - Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection.
cmon - NIST Information Security Continuous Monitoring (ISCM) and configuration baseline data collector
alpnpass - This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.
gambit - GaMBiT Honeypot
kube-scan - kube-scan: Octarine k8s cluster risk assessment tool
devid - Securely manage your developer personas
icpquery - ICP备案查询库
fiber - ⚡️ Express inspired web framework written in Go
Kalbi - Kalbi - Golang Session Initiated Protocol Framework
webrtc-proxy - 反向代理+webrtc 神不知鬼不觉的获取真实IP
wsh - Web shell generator and command line interface.
pp - Colored pretty printer for Go language
goDomain - Windows活动目录中的LDAP信息收集工具
merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
ChangeTower - ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
go-shellcode - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
sigurlfind3r - A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources.
taskmaster - Windows Task Scheduler Library for Go
golang-ReflectiveDLLInjection - golang ReflectiveDLLInjection
dast-operator - Dynamic Application and API Security Testing
ddns-go - 简单好用的DDNS。自动更新域名解析到公网IP(支持阿里云、腾讯云dnspod、Cloudflare、华为云)
socks5 - A golang library about socks5, supports all socks5 commands. That Provides server and client and easy to use. Compatible with socks4 and socks4a.
frpmgr - Windows平台的 FRP GUI 客户端
Git-Secret - Go scripts for finding sensitive data like API key / some keywords in the github repository
goworker - goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.
grpcurl - Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
esbulk - Bulk indexing command line tool for elasticsearch
MS17-010 - An EternalBlue exploit implementation in pure go
pebble - RocksDB/LevelDB inspired key-value database in Go
delve - Delve is a debugger for the Go programming language.
octovy - Package vulnerability scanner of GitHub repository for organization
fofa - 一款 Go 语言编写的小巧、简洁、快速采集 fofa 数据导出到 Excel 表单的小工具。
revsuit - RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
bypass_go - bypass_go cs免杀
shellcodeloading - shellcode加载器 golang 分离免杀
go-shellcode-webimg-load - golang shellcode loader 远程图片隐写加载执行无文件落地
simplehttpserver - Go alternative of python SimpleHTTPServer
roboxtractor - Extract endpoints marked as disallow in robots files to generate wordlists.
Key-Checker - Go scripts for checking API key / access token validity
adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin?
ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
dnsobserver - A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack.
Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs
Neurax - A framework for constructing self-spreading binaries
ipa-medit - Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
TeamsUserEnum - User enumeration with Microsoft Teams API
hershell - Multiplatform reverse shell generator
ipio - tun2socks5, tun2brookserver, tun2brookwsserver, tun2brookwssserver. IPv4 and IPv6, TCP and UDP. 让系统所有流量全部走socks5, brook server, brook wsserver, brook wssserver.
watermill - Building event-driven applications the easy way in Go.
cel-spec - Common Expression Language -- specification and binary representation
reverse-ssh - Statically-linked ssh server with reverse shell functionality for CTFs and such
goShellCodeByPassVT - 通过线程注入及-race参数免杀全部VT
bypass-403 - Go script for bypassing 403 forbidden
Faygo - A major platforms RAT Tools .High scalability.Now support Windows/Linux/MacOS
cent - Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
MeetC2 - Modular C2 framework aiming to ease post exploitation for red teamers.
gcp-dhcp-takeover-code-exec - Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
erebus - Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
scour -
cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more...
ByPassAVAddUser -
Ehoney - 安全、快捷、高交互、企业级的蜜罐管理系统，支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions.
KubeOperator - KubeOperator 是一个开源的轻量级 Kubernetes 发行版，专注于帮助企业规划、部署和运营生产级别的 K8s 集群。
viper - Go configuration with fangs
nightingale - 💡 A Distributed and High-Performance Monitoring System. The next generation of Open-Falcon
hmap - Hybrid memory/disk map
mqtts - MQTT安全测试工具 (MQTT Security Tools)
purl -
rconn - rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.
UnChain - A tool to find redirection chains in multiple URLs
golangFamily - 【超全golang面试题合集+golang学习指南+golang知识图谱+入门成长路线】一份涵盖大部分golang程序员所需要掌握的核心知识。常用第三方库(mysql,mq,es,redis等)+机器学习库+算法库+游戏库+开源框架+自然语言处理nlp库+网络库+视频库+微服务框架+视频教程+音频音乐库+图形图片库+物联网库+地理位置信息+嵌入式脚本库+编译器库+数据库+金融库+电子邮件库+电子书籍+分词+数据结构+设计模式+去html tag标签等+go学习+go面试+计算机网络基础+图解网络+操作系统面试题+数据库面试题+面试题合集
DNSLog-Platform-Golang - DNSLOG平台 golang 一键启动版
Coldfire - Golang malware development library
cosign - Container Signing
proxypool - 自动抓取tg频道、订阅地址、公开互联网上的ss、ssr、vmess、trojan节点信息，聚合去重后提供节点列表。欢迎star
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
CTFProxy - Your ultimate infrastructure to run a CTF, with a BeyondCorp-like zero-trust network and simple infrastructure-as-code configuration.
hackenv - Comfortably manage and access a virtual machine running Kali Linux or Parrot Security from the terminal (with support for SSH and file sharing, which is especially convenient during CTFs, Hack The Box, etc.) 🚀🔧
super-signature - 🌌 iOS 签名分发内测服务
paragon - Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
go-spyse - The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
C2ReverseProxy - 一款可以在不出网的环境下进行反向代理及cs上线的工具
GoWebBanner - Go语言web指纹识别
fofaSearch-go - go实现的fofa搜索批量工具需要高级会员
judas - 轻便的恶意反代
Reflective-HackBrowserData - HackBrowserData的反射模块
iam - 企业级的 Go 语言实战项目（可作为Go项目开发脚手架）
lit-bb-hack-tools - Little Bug Bounty & Hacking Tools⚔️
kubectl-cost - CLI for determining the cost of Kubernetes workloads
radar - Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish, OpenVAS etc.
fofadump - A small utility that calls fofa api to download data.
zadig - Zadig is a cloud native, distributed, developer-oriented continuous delivery product.
AnalyticsRelationships - Get related domains / subdomains by looking at Google Analytics IDs
reproxy - Simple edge server / reverse proxy
cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
scf-proxy - 云函数代理服务
rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
command-search-alfred - alfred命令搜索workflow
rsrc - Tool for embedding .ico & manifest resources in Go programs for Windows.
ligolo - Ligolo : 用于内网渗透的反向隧道
pocassist - 全新的开源漏洞测试框架，实现poc在线编辑、运行、批量测试。使用文档：
Dent - A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
multiplexing_port_socks5 - 一款golang写的支持http与socks5的端口复用小工具，并且可以开启socks5代理。
pwnlib - A Go rewrite of pwntools.
scf-proxy -
install_k8s - 一键安装kubernets(k8s)系统，采用RBAC模式运行（证书安全认证模式），既可以单台安装、也可以集群安装，并且完全是生产环境的安装标准。有疑问大家可以加我微信沟通：bsh888
interactsh - An OOB interaction gathering server and client library
TXPortMap - Port Scanner & Banner Identify From TianXiang
TXPortMap - Port Scanner & Banner Identify From TianXiang
p2ptunnel - 一个基于p2p的tcp、udp内网穿透隧道工具
vugu - Vugu: A modern UI library for Go+WebAssembly (experimental)
ElasticView - 这是一个轻便的ElasticSearch可视化客户端
sec -
GodSpeed - Fast and intuitive manager for multiple reverse shells
whids - Open Source EDR for Windows
kine - Run Kubernetes on MySQL, Postgres, sqlite, dqlite, not etcd.
dnsub - dnsub一款好用且强大的子域名扫描工具
flowdownloader - Simple software to download HLS encrypted files used by FlowPlayer video player
glow - Render markdown on the CLI, with pizzazz! 💅🏻
InScan - 边界打点后的自动化渗透工具
kiterunner - Contextual Content Discovery Tool
SerpScan - Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.
kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
SNOWCRASH - A polyglot payload generator
goop - Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
cook - An overpower wordlist generator, splitter, merger, finder & creator. Also frustration and crunch killer. Customizable!
snowball - fofa+xray vul scan golang
puredns - Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
cert - Cert is the Go tool to get TLS certificate information.
ldsview -
Limelighter - A tool for generating fake code signing certificates or signing real ones
cve-2021-3449 - CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻
sealos - 一条命令离线安装高可用kubernetes，3min装完，700M，100年证书，生产环境稳如老狗
bbscope - Scope gathering tool for HackerOne, Bugcrowd, and Intigriti!
evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
haktrails - Golang client for querying SecurityTrails API data
XrayR - A Xray backend framework that can easily support many panels. 一个基于Xray的后端框架，支持V2ay,Trojan,Shadowsocks协议，极易扩展，支持多面板对接
stork - A small utility that aims to automate and simplify some tasks related to software release cycles.
mildew - Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
cIPR - 将域名转为ip段权重
turner - SOCKS5 and HTTP over TURN/STUN proxy
gap - Google Maps API checker
dnsproxy - Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
cSubsidiary - 利用天眼查查询企业子公司
kube-image-bouncer - Simple endpoint for the ImagePolicyWebhook and the GenericAdmissionWebhook Kubernetes admission controllers
cDomain - 利用天眼查查询企业备案
amber - Reflective PE packer.
horusec - Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
mubeng - An incredibly fast proxy checker & IP rotator with ease.
hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom
Struts2Scanner - 一款Golang编写的Struts2漏洞检测和利用工具，支持并发批量检测
DirDar - DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
kscan - Kscan是一款轻量级的资产发现工具，可针对IP/IP段或资产列表进行端口扫描以及TCP指纹识别和Banner抓取，在不发送更多的数据包的情况下尽可能的获取端口更多信息。并且针对扫描结果进行自动化暴力破解，且是go平台首款开源的RDP暴力破解工具。
gcs -
CVE-2020-15931 - Netwrix Account Lockout Examiner 4.1 Domain Admin Account Credential Disclosure Vulnerability
revsocks - Reverse SOCKS5 implementation in Go
civil-service-exam - 公务员考试知识思维导图，我们岸上见！
traitor - ⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
SecretScanner - Find secrets and passwords in container images and file systems
backbomb - 💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
gee - 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
ssrfuzz - SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
goshock - SonicWall VPN-SSL Exploit* using Golang ( * and other targets vulnerable to shellshock ).
faker - 🚀 Ultimate fake data generator for Go with zero dependencies
tcpdog - eBPF based TCP observability.
ssrf-tool - An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
recog-go - Recog-Go: Pattern Recognition using Rapid7 Recog
DictGenerate - 使用Go语言编写的社工字典生成器(The social engineering dictionary generator written by Go)
uroboros - A GNU/Linux monitoring and profiling tool focused on single processes.
host_scan - 这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。https://github.com/fofapro/Hosts_scan implement in Go
ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
ditto - A tool for IDN homograph attacks and detection.
http-fuzzer -
k8s-mon - 滴滴夜莺Kubernetes monitor
EHole - EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
filestash - 🦄 A modern web client for SFTP, S3, FTP, WebDAV, Git, Minio, LDAP, CalDAV, CardDAV, Mysql, Backblaze, ...
juicefs - JuiceFS is a distributed POSIX file system built on top of Redis and S3.
kubeip - Assign static external IPs from predefined pool of external IP addresses to Google GKE nodes so your customers could whitelist them
go-volumio-mqtt-proxy -
ipdiscover - 🔍 A simple tool to obtain long lists of ips from domains using goroutines
wprecon - The official wprecon repository
Elkeid - Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
MobileHackersWeapons - Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
FBI-Analyzer - A Flexible Log Analysis System Based on Golang and Lua-Plugins. 插件化的准实时日志分析系统。
denim - Automated compiler obfuscation for nim
dirgui - turn a directory into a GUI, slash example of VNC-based GUI
notify - Send notification via Email, SMS, Chat etc.
fuzzparam -
nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
acme-dns-client - A client software for https://github.com/joohoi/acme-dns
redress - Redress - A tool for analyzing stripped Go binaries
gigger - Git folder digger, I'm sure it's worthwhile stuff.
mosint - An automated e-mail OSINT tool
deduplicate - Remove duplicate urls from input
scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
querycsv - QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file
meg - Fetch many paths for many hosts - without killing the hosts
Amass - In-depth Attack Surface Mapping and Asset Discovery
gf-vue-admin - 基于goframe+vite+vue3搭建的开发基础平台，集成jwt鉴权，权限管理，动态路由，分页封装，多点登录拦截，资源权限，上传下载，代码生成器，表单生成器等开发必备功能，五分钟一套CURD前后端代码，欢迎issue和pr~
emp3r0r - linux post-exploitation framework made by linux user
commonspeak2 - Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
GoScan - GoScan是采用Golang语言编写的一款分布式综合资产管理系统，适合红队、SRC等使用
h2conn - HTTP2 client-server full-duplex connection
p12tool - A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
sayBruh - its a rebuild of saycheese with golang
headi - Customisable and automated HTTP header injection
linkz -
sec-dev-in-action-src - 《白帽子安全开发实战》配套代码
postMessageFinder -
GoGitDumper - Dump exposed HTTP .git fast
knary - A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark & Pushover support
qsfuzz - qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
mzap - ⚡️ Multiple target ZAP Scanning
git-hound - Git plugin that prevents sensitive data from being committed.
rescope - A scope-generator-tool for Burp Suite and ZAP
madns - DNS server for pentesters
gfz -
url2img - HTTP server with API for capturing screenshots of websites
v2sub - 用于 linux 下订阅 v2ray 的小工具。
casbin-auth0-rbac-backend - Example RBAC implementation with Casbin and Auth0
GeoIP2-CN - 最小巧、最准确、最全面、最实用的**大陆 GeoIP2 数据库及 IP 地址段
dmut - A tool to perform permutations, mutations and alteration of subdomains in golang.
rsdl - Subdomain Scan With Ping Method.
proxify - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
rogue_mysql_server - 一个支持 go, php, python, java, 原生命令行等多种语言下客户端的 mysql 恶意服务器
dnsfaster - Test the speed and reliability of a list of DNS servers
cloudlist - Cloudlist is a tool for listing Assets from multiple Cloud Providers.
tcpprobe - Modern TCP tool and service for network performance observability.
urlbrute - Directory/Subdomain scanner developed in GoLang.
autopatchelf -
sourcemapper - Extract JavaScript source trees from Sourcemap files
cloudquery - The open-source cloud asset inventory powered by SQL.
nova - Find outdated or deprecated Helm charts running in your cluster.
xbar - Put the output from any script or program into your macOS Menu Bar (the BitBar reboot)
gorse - An open source recommender system service written in Go
ssl_exporter - Exports Prometheus metrics for TLS certificates
chashell - Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
urlhunter - a recon tool that allows searching on URLs that are exposed via shortener services
exclude-cdn - Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin
ipdb-go - IPIP.net officially supported IP database ipdb format parsing library
goz - A fantastic HTTP request libarary used in Golang.
BurpSuite-MacOS-Crack -
collaborator - BurpSuite Standard/Private Collaborator Library
GitHunter - A tool for searching a Git repository for interesting content
k0s - k0s - Zero Friction Kubernetes
CDK - CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
RendezvousRAT - Self-healing RAT utilizing libp2p
fscan - 一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
xo - Command line tool to generate idiomatic Go code for SQL databases supporting PostgreSQL, MySQL, SQLite, Oracle, and Microsoft SQL Server
gron - Make JSON greppable!
keylogger - 键盘记录，支持定时回传
starboard - Kubernetes-native security toolkit
scorecard - Security Scorecards - Security health metrics for Open Source
LadonGo - Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。
Prometheus-Basics - A beginner friendly introduction to prometheus 🔥
CVE-2020-13935 - Exploit for WebSocket Vulnerability in Apache Tomcat
notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
git-lfs-RCE-exploit-CVE-2020-27955-Go -
teler - Real-time HTTP Intrusion Detection
alicloud-tools - 阿里云ECS、策略组辅助小工具
grype - A vulnerability scanner for container images and filesystems
DomainHiding - external c2 use domainhiding.
Doge-Loader - 🐶Cobalt Strike Shellcode Loader by Golang
jsubfinder - jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
BountyIt - A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures
gophercap - Accurate, modular, scalable PCAP manipulation tool written in Go.
recursebuster - rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
nvdtools - A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
waypoint - A tool to build, deploy, and release any application on any platform.
fdnssearch - Swiftly search FDNS datasets from Rapid7 Open Data
fdns - Concurrent Rapid7 FDNS dataset parser
takeover - A tool for testing subdomain takeover possibilities at a mass scale.
ferry - 本系统是集工单统计、任务钩子、权限管理、灵活配置流程与模版等等于一身的开源工单系统，当然也可以称之为工作流引擎。致力于减少跨部门之间的沟通，自动任务的执行，提升工作效率与工作质量，减少不必要的工作量与人为出错率。
urlive - Check url is live (HTTP status code "200 ok" only).
fasthttp - Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
github-subdomains - Find subdomains on GitHub
DarkEye - 渗透测试情报收集工具
tfsec - Security scanner for your Terraform code
webshell-analyzer - Web shell scanner and analyzer.
kilt - Kilt is a project that defines how to inject foreign apps into containers.
gosecretsdump - Dump ntds.dit really fast
kpt - A Git-native, schema-aware, extensible client-side tool for packaging, customizing, validating, and applying Kubernetes resources.
berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
subzy - Subdomain takeover vulnerability checker
scout - 🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
Go-SCP - Go programming language secure coding practices guide
wurl - A tool to test working urls.
askgit - Query git repositories with SQL. Generate reports, perform status checks, analyze codebases. 🔍 📊
yarr - yet another rss reader
bcscope - Get the scope of your bugcrowd programs
hetty - Hetty is an HTTP toolkit for security research.
gitjacker - 🔪 Leak git repositories from misconfigured websites
s5_server -
crowdsec - CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
quickpress - Small tool to automate SSRF wordpress and XMLRPC finder
monsoon - Fast HTTP enumerator
asnip - ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
mapcidr - Small utility program to perform multiple operations for a given subnet/CIDR ranges.
goxygen - Generate a modern Web project with Go and Angular, React or Vue in seconds 🚀
gld - Go shellcode LoaDer
wildcheck - A simple tool to detect wildcards domain based on Amass's wildcards detector.
unew - A tool for append URLs, skipping duplicates/paths & combine parameters.
CloudBrute - Awesome cloud enumerator
iconhash - fofa shodan favicon.ico hash icon ico 计算器
rush - A cross-platform command-line tool for executing jobs in parallel
linglong - 一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
go-web-framework-stars - ⭐ Web frameworks for Go, most starred on GitHub
req - a golang http request library for humans
clair-scanner - Docker containers vulnerability scan
age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
croc - Easily and securely send things from one computer to another 🐊 📦
kubectl-rolesum - Summarize Kubernetes RBAC roles for the specified subjects.
kalm - Kalm | Kubernetes AppLication Manager
gonkey - Gonkey - a testing automation tool
gqm - Go quick message
dnslog - dnslog reverse vul-verify 反连平台漏洞验证
godnslog - An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
TukTuk - Tool for catching and logging different types of requests.
wordlistgen - Generates target specific word lists for Fuzzing with fuff
smogcloud - Find cloud assets that no one wants exposed 🔎 ☁️
stargz-snapshotter - Fast container image distribution plugin with lazy pulling
ssrf-tool -
JCRandomProxy - 随机代理
jwt-hack - 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
dorkX - Pipe different tools with google dork Scanner
linkJS -
Gxss - A tool to check a bunch of URLs that contain reflecting params.
vermin - The smart virtual machines manager. A modern CLI for Vagrant Boxes.
wadl-dumper - Dump all available paths and/or endpoints on WADL file.
ExternalC2Go -
TFirewall - 防火墙出网探测工具,内网穿透型socks5代理
gox - A dead simple, no frills Go cross compile tool
PortBrute - 一款跨平台小巧的端口爆破工具，支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compact port blasting tool that supports blasting FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD
yet-another-cloudwatch-exporter - AWS cloudwatch to prometheus exporter - Discovers services through AWS tags, gets cloudwatch data and provides them as prometheus metrics with AWS tags as labels.
bbr - An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
slackcat - A simple way of sending messages from the CLI output to your Slack with webhook.
registry-creds - Replicate Kubernetes ImagePullSecrets to all namespaces
threagile - Agile Threat Modeling Toolkit
ksubdomain - 无状态子域名爆破工具
dumproid - Android process memory dump tool without ndk.
goloader - load and run golang code at runtime.
peirates - Peirates - Kubernetes Penetration Testing tool
go-smb2 - SMB2/3 client library written in Go.
rose -
garble - Obfuscate Go builds
NaviPassRead - Read Navicat 12 Password
dracon - Security scanning & static analysis tool
Go365 - An Office365 User Attack Tool
LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
whoxyrm - A reverse whois tool based on Whoxy API.
wordlistgen - Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
osm - Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.
sprig - Useful template functions for Go templates.
Juggler - A system that may trick hackers. 一个也许能骗到黑客的系统。
nali - An offline tool for querying IP geographic information and CDN provider.一个查询IP地理信息和CDN服务提供商的离线终端工具.
gitkube - Build and deploy docker images to Kubernetes using git push
xc - A small reverse shell for Linux & Windows
Misc-Tools - Miscellaneous tools I've developed over the years for help in infosec.
commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
reflect-pe - Reflectively load PE
octant - Highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
jet - Jet template engine
HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
usercorn - dynamic binary analysis via platform emulation
cve-db - 一个用于生成cve数据库的程序并提供简单的http协议查询接口
sourcegraph - Universal code search (self-hosted)
chisel - A fast TCP/UDP tunnel over HTTP
Boomerang - Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks
over-golang - Golang相关：[审稿进度80%]Go语法、Go并发**、Go与web开发、Go微服务设施等
kerbrute - A tool to perform Kerberos pre-auth bruteforcing
go-dork - The fastest dork scanner written in Go.
hakq - A basic golang server/client for distributing tasks over multiple systems.
ponieproxy - Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.
algorithm-pattern - 算法模板，最科学的刷题方式，最快速的刷题路径，你值得拥有~
Talon - A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.
NmapTools - Go语言练习，第一个小工具，nmaptools解析xml导出xlsx结果、进行web服务探测、进行socket数据探测等
interview-go - golang面试题集合
httpdump - Capture and parse http traffics
leakdb - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
kitphishr - A tool designed to hunt for Phishing Kit source code
gokrazy - a native Go userland for your Raspberry Pi 3 or 4 appliances (or amd64 PCs!)
apk-medit - memory search and patch tool on debuggable apk without root & ndk
ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
kustomize - Customization of kubernetes YAML configurations
gofingerprint - GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Go4aRun - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
medusa - Fastest recursive HTTP fuzzer, like a Ferrari.
go-sword - 【Go-sword】可视化CRUD管理后台生成工具
awsls - A list command for AWS resources
rod - A Devtools driver for web automation and scraping
MailHog - Web and API based SMTP testing
lokomotive - Lokomotive is a 100% open-source, easy to use and secure Kubernetes distribution from the volks at Kinvolk
dirstalk - Modern alternative to dirbuster/dirb
go-envconfig - A Go library for parsing struct tags from environment variables.
seata-golang - A Distributed Transaction Framework, like SEATA, support TCC mode and AT mode. DingTalk: seata-golang 社区
feedpushr - A simple feed aggregator daemon with sugar on top.
ChopChop - ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
v2ray-poseidon - An Enhanced V2Ray(based on v2ray-core) for VNetPanel, SSRPanel, V2board and SSPanel-v3-Uim to sync users from database to v2ray, to log traffics/system info
go-execute-assembly - Allow a Go process to dynamically load .NET assemblies
iox - Tool for port forwarding & intranet proxy
addSome - Simple Go script to check if found domains in a file are already saved in your Findomain database
fuzzit - CLI to integrate continuous fuzzing with Fuzzit (no longer available)
BlueShell - 红蓝对抗跨平台远控工具
1ndiList - Recon Custom WordList Ganerator
autocert - ⚓ A kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers
panther - [DEPRECATED] Detect threats with log data and improve cloud security posture
whoareyou - whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)
Zin - A Payload Injector for bugbounties written in go
haktldextract - Extract domains/subdomains from URLs en masse
sqlmw - Interceptors for database/sql
gid - Golang 分布式ID生成系统，高性能、高可用、易扩展的id生成服务
sliver - Adversary Emulation Framework
chaos-client - Go client to communicate with Chaos DNS API.
mos-chinadns - 一个开箱即用的 DNS 分流器。
naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
cf-check - CloudFlare Checker written in Go
Cardinal - CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD platform - 欢迎 Star~ ✨
KoiPhish - A simple yet beautiful phishing proxy.
forwardproxy - Forward proxy plugin for the Caddy web server
backdoorfactory - A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire.
DNSGrep - Quickly Search Large DNS Datasets
ssrf-finder - Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
1ndi-hacks - Bug Bounty Tools
GobyVuls - Vulnerabilities of Goby supported with exploitation.
phonedata - 手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新：2021年08月
fff - The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
slack-c2bot - Slack C2bot that executes commands and returns the output.
pingtunnel - ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.
subgen - A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
waybackcollector - Fetch wayback machine historical content for a given url
rbacsync - Automatically sync groups into Kubernetes RBAC
ratelimit - A Golang blocking leaky-bucket rate limit implementation
CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
sharingan - Offensive Security recon tool
rate-limit-checker - Check whether the domain has a rate limit enabled.
wuzz - Interactive cli tool for HTTP inspection
zgrab2 - Fast Go Application Scanner
apkurlgrep - Extract endpoints from APK files
TcpRoute2 - TcpRoute , TCP 层的路由器。对于 TCP 连接自动从多个线路(电信、联通、移动)、多个域名解析结果中选择最优线路。
terrier - Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
intercept - INTERCEPT / Policy as Code Static Analysis Auditing
go-ast-book - 📚 《Go语法树入门——开启自制编程语言和编译器之旅》(开源免费图书/Go语言进阶/掌握抽象语法树/Go语言AST/凹语言)
git-hound - Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
sudis - Sudis !! Distributed supervisor process control system
tailscale - The easiest, most secure way to use WireGuard and 2FA.
whoisyou - Take a list of domains and output the hostname and ip.
xray-weblisten-ui - Xray 被动扫描管理
Venom - Venom - A Multi-hop Proxy for Penetration Testers
gopoc - 用cel-go重现了长亭xray的poc检测功能的轮子
go-admin - 基于Gin + Vue + Element UI的前后端分离权限管理系统脚手架（包含了：多租户的支持，基础用户管理功能，jwt鉴权，代码生成器，RBAC资源控制，表单构建，定时任务等）3分钟构建自己的中后台项目；文档：https://doc.go-admin.dev Demo： https://www.go-admin.dev Antd beta版本：https://preview.go-admin.dev
ohmybackup - Scan Victim Backup Directories & Backup Files
Modlishka - Modlishka. Reverse Proxy.
Gurp - Burp Commander written in Go
dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
zdns - Fast CLI DNS Lookup Tool
jaeles - The Swiss Army knife for automated Web Application Testing
dalfox - 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
go-interview - Collection of Technical Interview Questions solved with Go
gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
yunSpider - 百度云网盘爬虫
v2ray-web-manager - v2ray-web-manager 是一个v2ray的面板，也是一个集群的解决方案；同时增加了流量控制/账号管理/限速等功能。key: admin , panel ,web,cluster,集群,proxy
docker-image-generator - Customized docker images generation toolkit
WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
argo-workflows - Workflow engine for Kubernetes
fprobe - Take a list of domains/subdomains and probe for working http/https server.
gshark - Scan for sensitive information easily and effectively.
asset-scan - asset-scan是一款适用甲方企业的外网资产周期性扫描监控系统
lazydocker - The lazier way to manage everything docker
Hacking-with-Go - Golang for Security Professionals
shuffledns - MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
broxy - An HTTP/HTTPS intercept proxy written in Go.
ReverseGoShell - A Golang Reverse Shell Tool With AES Dynamic Encryption
geacon - Practice Go programming and implement CobaltStrike's Beacon in Go
slack-webm-sentinel - A bot that tracks .webm links and converts them to .mp4
tour - Go 语言官方教程中文版
gophish - Open-Source Phishing Toolkit
gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
STS2G - Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
SakuraFrp - 基于 Frp 二次开发定制的版本，可实现多用户管理、限速等商业化功能
goWeakPass - 使用golang编写的服务弱口令检测
Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
geph2 - (ARCHIVED) Geph (迷霧通) is a modular Internet censorship circumvention system designed specifically to deal with national filtering.
hacks - A collection of hacks and one-off scripts
iploc - Fastest IP To Country Library
Hyuga - Hyuga 一个用来记录DNS查询和HTTP请求的监控工具。
hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.
rumble-tools - Open source tools, libraries, and datasets related to the Rumble Network Discovery product and associated research
hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
gohtran - 反向socks5代理, 关键词: go htran 重复造轮子 ssocks ew
phoneinfoga - Information gathering & OSINT framework for phone numbers
go-sniffer - 🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。
trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
gowp - golang worker pool , Concurrency limiting goroutine pool
crawlergo - A powerful browser crawler for web vulnerability scanners
syncd - syncd是一款开源的代码部署工具，它具有简单、高效、易用等特点，可以提高团队的工作效率.
insider - Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
verifier - A minimal, customizable Go package for Email & Mobile number verification
nmap-to-netscan - A helper utility for turning nmap xml files into target lists for go-netscan
kruise - Automate application management on Kubernetes (project under CNCF)
gout - gout to become the Swiss Army Knife of the http client @^^@---> gout 是http client领域的瑞士军刀，小巧，强大，犀利。具体用法可看文档，如使用迷惑或者API用得不爽都可提issues
video-srt-windows - 这是一个可以识别视频语音自动生成字幕SRT文件的开源 Windows-GUI 软件工具。
haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education
crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台，支持任何语言和框架
alkaid - Alkaid is a BaaS(Blockchan as a Service) service based on Hyperledger Fabric.
golang-notes - Go source code analysis(zh-cn)
gortal - 🚪A super lightweight jumpserver service developed using the Go language. 一个使用 Go 语言开发的，超级轻量的跳板机服务。
goLazagne - Go library for credentials recovery
kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
filebrowser - 📂 Web File Browser
k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!
gin-vue-admin - 基于vite+vue3+gin搭建的开发基础平台，集成jwt鉴权，权限管理，动态路由，分页封装，多点登录拦截，资源权限，上传下载，代码生成器，表单生成器等开发必备功能，五分钟一套CURD前后端代码。
Cloak - A censorship circumvention tool to evade detection against state adversaries
gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
iris - The fastest HTTP/2 Go Web Framework. AWS Lambda, gRPC, MVC, Unique Router, Websockets, Sessions, Test suite, Dependency Injection and more. A true successor of expressjs and laravel | 谢谢 kataras/iris#1329 |
gh-ost - GitHub's Online Schema Migrations for MySQL
radvpn - Decentralized VPN
gin-admin - RBAC scaffolding based on Gin + Gorm 2.0 + Casbin + Wire
RedisGo - 为更好的管理/监控Redis而倾心打造~
BookStack - BookStack，基于MinDoc，使用Beego开发的在线文档管理系统，功能类似Gitbook和看云。
go-extend - go语言扩展包，收集一些常用的操作函数，辅助更快的完成开发工作，并减少重复代码
goribot - [Crawler/Scraper for Golang]🕷A lightweight distributed friendly Golang crawler framework.一个轻量的分布式友好的 Golang 爬虫框架。
go-gin-api - 基于 Gin 进行模块化设计的 API 框架，封装了常用功能，使用简单，致力于进行快速的业务研发。比如，支持 cors 跨域、jwt 签名验证、zap 日志收集、panic 异常捕获、trace 链路追踪、prometheus 监控指标、swagger 文档生成、viper 配置文件解析、gorm 数据库组件、gormgen 代码生成工具、graphql 查询语言、errno 统一定义错误码、gRPC 的使用、cron 定时任务等等。
goku_lite - A Powerful HTTP API Gateway in pure golang！Goku API Gateway （中文名：悟空 API 网关）是一个基于 Golang开发的微服务网关，能够实现高性能 HTTP API 转发、服务编排、多租户管理、API 访问权限控制等目的，拥有强大的自定义插件系统可以自行扩展，并且提供友好的图形化配置界面，能够快速帮助企业进行 API 服务治理、提高 API 服务的稳定性和安全性。
learning-golang - Go 学习之路：Go 开发者博客、Go 微信公众号、Go 学习资料（文档、书籍、视频）
dsiem - Security event correlation engine for ELK stack
build - TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777
singo - Gin+Gorm开发Golang API快速开发脚手架
goex - Exchange Rest And WebSocket API For Golang Wrapper support okcoin,okex,huobi,hbdm,bitmex,coinex,poloniex,bitfinex,bitstamp,binance,kraken,bithumb,zb,hitbtc,fcoin, coinbene
sampler - Tool for shell commands execution, visualization and alerting. Configured with a simple YAML file.
o365-attack-toolkit - A toolkit to attack Office365
gobuster - Directory/File, DNS and VHost busting tool written in Go
delator - Golang-based subdomain miner leveraging certificate transparency logs
assetfinder - Find domains and subdomains related to a given domain
bbs-go - 基于Golang的开源社区系统。
build-web-application-with-golang - A golang ebook intro how to build a web with golang
mixin-network-snapshot-golang - crypto currency gateway plugin for web store
zinx - 基于Golang轻量级TCP并发服务器框架
lemonade - Lemonade is a remote utility tool. (copy, paste and open browser) over TCP.
mr2 - mr2 can help you expose local server to external network. Support both TCP/UDP, of course support HTTP. Zero-Configuration. mr2 帮助你将本地端口暴露在外网.支持TCP/UDP, 当然也支持HTTP.
Finder - 一款Go语言实现的端口扫描器.
goSkylar - 基于Golang开发的企业级外网端口资产扫描
arpZebra - ARP+DNS欺骗工具，网络安全第三次实验，课堂演示用，严禁非法用途。ARPSpoof，wifi hijack，dns spoof
k3os - Purpose-built OS for Kubernetes, fully managed by Kubernetes.
termshark - A terminal UI for tshark, inspired by Wireshark
vscan-go - golang version for nmap service and application version detection (without nmap installation)
ffuf - Fast web fuzzer written in Go
CapOS - 等级保护测评windows工具源码
x-crack - x-crack - Weak password scanner, Support: FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
dnstunnel - dns tunnel backdoor DNS隧道后门
vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
pathbrute - Pathbrute
whatweb - 更快速的进行Web应用指纹识别
goWhatweb - [学习GO] go语言写的web指纹识别 - Identify websites by go language
livego - live video streaming server in golang
Go42 - 《Go语言四十二章经》详细讲述Go语言规范与语法细节及开发中常见的误区，通过研读标准库等经典代码设计模式，启发读者深刻理解Go语言的核心思维，进入Go语言开发的更高阶段。
meshbird - Distributed private networking
dnsbrute - a fast domain brute tool
goscan - Interactive Network Scanner
RedisShake - redis-shake is a tool for synchronizing data between two redis databases. Redis-shake 是一个用于在两个 redis之间同步数据的工具，满足用户非常灵活的同步、迁移需求。
gsm - 使用树莓派配合硬件来进行短信转发
Platypus - 🔨 A modern multiple reverse shell sessions manager written in go
goscan - golang的扫描框架, 支持协程池和自动调节协程个数.
coyim - coyim - a safe and secure chat client
awesome-go-zh - 📚 Go资源精选中文版(含中文图书大全)
gosec - Golang security checker
nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
kunpeng - kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。
cmus-lyric - cmus lyric viewer
webtty - Share a terminal session over WebRTC
auxpi - 🍭 集合多家 API 的新一代图床
plik - Plik is a scalable & friendly temporary file upload system ( wetransfer like ) in golang.
godoh - 🕳 godoh - A DNS-over-HTTPS C2
fac - Easy-to-use CUI for fixing git conflicts
gogs - Gogs is a painless self-hosted Git service
jiacrontab - 简单可信赖的任务管理工具
Blind-SQL-Injector - 手工盲注辅助注入工具
docker_ssh_honeypot - 安全开发教学 - 用Docker制作一个高交互ssh蜜罐
lazygit - simple terminal UI for git commands
gitea - Git with a cup of tea, painless self-hosted git service
shuttle - A web proxy in Golang with amazing features.
dnsutil - dns dig for golang
DocHub - 参考百度文库，使用Beego（Golang）开发的开源文库系统
godns - A dynamic DNS client tool supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS & DreamHost, etc, written in Go.
tcping - ping over a tcp connection
subcommands - Go subcommand library.
torsniff - torsniff - a sniffer that sniffs torrents from BitTorrent network
merge-nmap-masscan - Merge results from NMAP and Masscan into one CSV file
BAT_Check_DomainName -
tmux-themepack - A pack of various Tmux themes.
usql - Universal command-line interface for SQL databases
v2 - Minimalist and opinionated feed reader
DNSSniffer - DNSQuery Sniffer in Golang
go-onion-transport - Tor onion transport for IPFS
goproxy - 🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
overture - A customized DNS relay server
gosu - Simple Go-based setuid+setgid+setgroups+exec
subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
app-env-docker - 基于 Docker 的真实应用测试环境
qrcp - ⚡ Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.
rfd-checker - RFD Checker - security CLI tool to test Reflected File Download issues
duplicacy - A new generation cloud backup tool
CHAOS - 🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
cointop - A fast and lightweight interactive terminal based UI application for tracking cryptocurrencies 🚀
godht -
shadowsocks-go - go port of shadowsocks (Deprecated)
idgen - 一个使用 golang 编写的大陆身份证生成器
GoQuiet - A Shadowsocks obfuscation plugin utilising domain fronting to evade deep packet inspection
subjack - Subdomain Takeover tool written in Go
lightsocks - ⚡️一个轻巧的网络混淆代理🌏
ElasticHD - Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索，Index template快捷替换修改，索引列表信息查看， SQL converts to DSL等
gitleaks - Scan git repos (or files) for secrets using regex and entropy 🔑
Cloudreve - 🌩支持多家云存储的云盘系统 (Self-deployed file management and sharing system, supports multiple storage providers)
SubOver - A Powerful Subdomain Takeover Tool
x-patrol - github泄露扫描系统
gost - GO Simple Tunnel - a simple tunnel written in golang
apkverifier - APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.
goWAPT - Go Web Application Penetration Test
grv - GRV is a terminal interface for viewing git repositories
guard - NOT MAINTAINED! A generic high performance circuit breaker & proxy server written in Go
ProxyClient - golang 代理库，和net一致的API。支持 socks4、socks4a、socks5、http、https 等代理协议。
AWS-Scanner - Scans a list of websites for Cloudfront or S3 Buckets
dnscrypt-proxy - dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
hyperfox - HTTP/HTTPS MITM proxy and recorder.
tcptunnel - 将本地内网服务器映射到公网。
ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
go-http-tunnel - Fast and secure tunnels over HTTP/2
ft - File Transferer
go-ethereum - Official Go implementation of the Ethereum protocol
Yearning - 🐳 A most popular sql audit platform for mysql
switcher - 一个多功能的端口转发/端口复用工具，支持转发本地或远程地址的端口，支持正则表达式转发（实现端口复用）。
secureoperator - A DNS-protocol proxy for DNS-over-HTTPS providers, such as Google and Cloudflare
ben - Your benchmark assistant, written in Go.
gOSINT - OSINT Swiss Army Knife
NATBypass - 一款lcx在golang下的实现
xsec-proxy-scanner - xsec-proxy-scanner是一款速度超快、小巧的代理扫描器
ignite - A SS(R) panel for managing multiple users, powered by Go & Docker.
gsnova - Private proxy solution & network troubleshooting tool.
goscan - goscan is a simple and efficient IPv4 network scanner that discovers all active devices on local subnet.
hpkp - golang hpkp client library
subnet - Simple, auditable & elegant VPN, built with TLS mutual authentication and TUN.
goHackTools - Hacker tools on Go (Golang)
rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files
assh - 💻 make your ssh client smarter
docker-image -
searchscan - Search Nmap and Metasploit scanning scripts.
xsec-ip-database - xsec-ip-database为一个恶意IP和域名库（Malicious ip database）
sov2ex - A site search for V2EX
goflyway - An encrypted HTTP server
fzf - 🌸 A command-line fuzzy finder
kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing
slt - A TLS reverse proxy with SNI multiplexing in Go
frp -
ngrok - Introspected tunnels to localhost
moby - Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
hugo - The world’s fastest framework for building websites.
cloud-torrent - ☁️ Cloud Torrent: a self-hosted remote torrent client
docker_practice - Learn and understand Docker technologies, with real DevOps practice!
kubesec - Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
xsec-dns-proxy - DNS代理服务器，可以记录log到数据库中
dht - BitTorrent DHT Protocol && DHT Spider.
btcd - An alternative full node bitcoin implementation written in Go (golang)
dnsproxy - 防 DNS 缓存污染，兼顾查询质量与速度
firefly-proxy - A proxy software to help circumventing the Great Firewall.
gscan_quic - Google Quic 扫描工具
fetchserver - phuslu删掉了fetchserver，我重新传一个
glider - glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
brook - Brook is a cross-platform strong encryption and not detectable proxy. Zero-Configuration. Brook 是一个跨平台的强加密无特征的代理软件. 零配置.
awesome-go - A curated list of awesome Go frameworks, libraries and software
caddy - Fast, multi-platform web server with automatic HTTPS
xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
hound - Lightning fast code searching made easy
flora-kit - 💐 基于 shadowsocks-go 做的完善实现，自动网络分流，完全兼容 Surge 的配置文件。
gh-polls - Polls for user feedback in GitHub issues
fibratus - A modern tool for the Windows kernel exploration and tracing
WindowsSpyBlocker - Block spying and tracking on Windows
dnssearch - A subdomain enumeration tool.
zgrab - DEPRECATED This project has been replaced by https://github.com/zmap/zgrab2
brutemachine - A Go library which main purpose is giving an interface to loop over a dictionary and use those words/lines as input for some custom logic such as HTTP file bruteforcing, DNS bruteforcing, etc.
rqlite - The lightweight, distributed relational database built on SQLite
aquatone - A Tool for Domain Flyovers
git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
clair - Vulnerability Static Analysis for Containers
tap0901 - Go语言虚拟网卡库，可用于制作对战平台、加速器、防火墙、VPN等
repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
crack_ssh - go写的协程版的ssh\redis\mongodb弱口令破解工具
cronsun - A Distributed, Fault-Tolerant Cron-Style Job System.
fsql - Find files with SQL.
blockchain_guide - Introduce blockchain related technologies, from theory to practice with bitcoin, ethereum and hyperledger.
node - Mysterium Network Node - official implementation of distributed VPN network (dVPN) protocol
ebreader - 一个让你可以在浏览器中阅读Epub电子书的CLI程序，使用Golang编写
pilosa - Pilosa is an open source, distributed bitmap index that dramatically accelerates queries across multiple, massive data sets.
kr - A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
go-mbf - MongoDB Login Brute Forcer
nvm-windows - A node.js version management utility for Windows. Ironically written in Go.
toxiproxy - ⏰ 🔥 A TCP proxy to simulate network and system conditions for chaos and resiliency testing
xapimanager - XAPI MANAGER -专业实用的开源接口管理平台，为程序开发者提供一个灵活，方便，快捷的API管理工具，让API管理变的更加清晰、明朗。如果你觉得xApi对你有用的话，别忘了给我们点个赞哦^_^ ！
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
cilium - eBPF-based Networking, Security, and Observability
linuxkit - A toolkit for building secure, portable and lean operating systems for containers
scope - Monitoring, visualisation & management for Docker & Kubernetes
gdrive - Google Drive CLI Client
dnscontrol - Synchronize your DNS to multiple providers from a simple DSL
ruler - A tool to abuse Exchange services
honeybits - A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
qshell - Shell Tools for Qiniu Cloud
geoip - query geo-locations of ips
gitrob - Reconnaissance tool for GitHub organizations
wukong - 高度可定制的全文搜索引擎
beego - beego is an open-source, high-performance web framework for the Go programming language.
kcptun - A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。
the-way-to-go_ZH_CN - 《The Way to Go》中文译本，中文正式名《Go 入门指南》
negroni - Idiomatic HTTP Middleware for Golang
jvm-mon - Console-based JVM monitoring tool
kingshard - A high-performance MySQL proxy

HCL (8)

terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
devops_4_hackers - DevOps for Hackers with Hands-On Labs w/ Ralph May (4-Hour Workshop)
activedirectory-lab - Terraform config to spin up a domain controller and some member servers in azure
aws-incident-response -
Kubernetes_Security_Specialist_Study_Guide -
terraform-burp-collaborator - Terraform configuration to build a Burp Private Collaborator Server
ansible-role-cobalt-strike - An Ansible role for installing Cobalt Strike.
sentinel-attack - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

HTML (209)

Flash-Pop2 - Flash-Pop升级版
bugbountyguide - Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
petereport - PeTeReport is an open-source application vulnerability reporting tool.
TIWAP - Totally Insecure Web Application Project
mobileAudit - Django application that performs SAST and Malware Analysis for Android APKs
weakpass - Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.
CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
Top10 - Official OWASP Top 10 Document Repository
CVE-2021-40444 - CVE-2021-40444 PoC
ReaverAPKTools - 逆向APK工具
vulbase - 各大漏洞文库合集
CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
owasp-zap-historic - Store ZAP reports historically and compare current ZAP results against the most recent for changes in alerts.
zap-sonar-plugin - Integrates OWASP Zed Attack Proxy reports into SonarQube
AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool for Visualizing Python Package Registry Security Audit Data
binary-security-tutorial - Resource assembly of 'Binary Security Tutorial' online course of mine. Video link：https://pan.baidu.com/s/1ltcHIehhLFVFMvru6tGQ8A Passwd：axje
NodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
SecExample - JAVA 漏洞靶场 (Vulnerability Environment For Java)
BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
salus - Security scanner coordinator
DNS-Reset-Checker - Tools to assess the DNS security of web applications
deciduous - App that makes building attack decision trees from the Security Chaos Engineering report easy
M-Scan - Optical Chain Scanner 光链安全扫描器
ctfd-neon-theme -
ctf-challenges -
pppXray - Xray批量化自动扫描
Shomap - Create visualization from Shodan query
schemeflood - schemeflood demo
awesome-cybersecurity-blueteam-cn - 网络安全 · 攻防对抗 · 蓝队清单，中文版
Bug-Bounty-Wordlists -
PeiQi-WIKI-POC - 鹿不在侧，鲸不予游🐋
sWebScanner - 作为一个网络安全从业人员，在测试网站目录时，常用的就是御剑，7kb等几款，使用下来始终觉得缺少了什么东西，于是重复造了一个轮子，此版本支持自定义字典，返回大小，代理IP模式，爆破模式
free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
CVE-2021-21123-PoC-Google-Chrome - 🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
BypassAv-web - nim一键免杀
kubetools - Kubetools - Curated List of Kubernetes Tools
supercookie - ⚠️ Browser fingerprinting via favicon!
file-proxy - 文件代下载服务，github文件加速下载，支持任意文件格式。支持命令行代下，支持子节点权重负载均衡。
WADComs.github.io - WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
wiki - XS-Leaks Wiki
SubNuke - Subdomain Takeover tool with web UI
CSSG - Cobalt Strike Shellcode Generator
Ap0k4L1p5.github.io - Portfolio website.
security-automation-with-ansible-2 - Ansible Playbooks for Security Automation with Ansible2 book
Web-Fuzzing-Box - Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例：https://gh0st.cn/archives/2019-11-11/1
HXnineTails - python3实现的集成了github上多个扫描工具的命令行WEB扫描工具
beijing_house_knowledge - 北京买房攻略
Security_Article - scrapy website Article and link ...
adobe-flash-phishing-page - Adobe Flash Phishing Page(Adobe Flash钓鱼页面)
pup - Parsing HTML at the command line
AboutSecurity - 用于渗透测试和红队基础设施建设的 payload 和 bypass 字典。A list of payload and bypass lists for penetration and red team infrastructure build.
Flash_Xss - Flash最新钓鱼源码对接官方API实现跟随官方升级而升级
Bthub - Bthub最新地址发布页
OneManager-php - An index & manager of Onedrive based on serverless. Can be deployed to Heroku/Glitch/Vercel/SCF/FG/FC/CFC/PHP web hosting/VPS.
ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
bylibrary - 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
CodedMailsFree - Ready to use 50+ responsive HTML email templates - Codedmails Free
django-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
c41n - Automated rogue access point setup tool.
VulnRange - 漏洞靶场-快速搭建Web安全漏洞和第三方组件漏洞环境，用于漏洞复现和研究
EVTX-ATTACK-SAMPLES - Windows Events Attack Samples
Flash-Pop - Flash钓鱼弹窗优化版
js-port-knocking - Web 端口敲门的奇思妙想
JavaLearnVulnerability - Java漏洞学习笔记 Deserialization Vulnerability
apksneeze-lab - Analyze Android APK files from a browser.
www-project-integration-standards - OWASP Foundation Web Respository
calico - Cloud native networking and network security
HatLab_IOT_Wiki - 海特实验室物联网安全知识库
Phlexish - Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
WEB-shiro_rememberMe_encode_decode - shiro rememberMe 在线加解密工具
Windows-GDI-fuzzer - Windows Graphics Device Interface (GDI+) fuzzer
CORS-EXPLOIT -
mihari - A framework for continuous OSINT based threat hunting
turndown - 🛏 An HTML to Markdown converter written in JavaScript
BurpExtend - 基于Burp插件开发打造渗透测试自动化
kubernetes-goat - Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐
keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
Language - Some dirty trick to learn different programming language.
swf_json_csrf -
Needle - Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
BabyShark - Basic C2 Server
Windows-EoP - Windows EoP Bugs
subspace - A fork of the simple WireGuard VPN server GUI community maintained
post-exploitation-wiki - Post Exploitation Wiki
autochrome - This tool downloads, installs, and configures a shiny new copy of Chromium.
hacking-lab - Small Vulnerable Web App
xss_flash - Xss之Flash钓鱼
inception - A highly configurable Framework for easy automated web scanning
bugbountytip.com - Flask powered website to display tweets with a hashtag #bugbountytip
Information-Security-Tasks - This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Subra - A Web-UI for subdomain enumeration (subfinder)
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
Windows10Exploits - Microsoft » Windows 10 : Security Vulnerabilities
chromium_for_spider - dynamic crawler for web vulnerability scanner
SharedCourses - 大学课程共享计划整理
SF-zh - 《软件基础》中译版 Software Foundations Chinese Translation
hugo-theme-echo - A super concise theme for Hugo
ATTACK-Tools - Utilities for MITRE™ ATT&CK
Crawler_Illegal_Cases_In_China - Collection of China illegal cases about web crawler 本项目用来整理所有**大陆爬虫开发者涉诉与违规相关的新闻、资料与法律法规。致力于帮助在**大陆工作的爬虫行业从业者了解我国相关法律，避免触碰数据合规红线。 [AD]中文知识图谱门户
DumpTheGit - DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.
Airplay-SDK - Airplay Receiver SDK supports Airplay Mirroring and AirPlay Casting to a receiver device.
APubPlat - Devops自动化部署、堡垒机开源项目、Web Terminal
gentelella - Free Bootstrap 4 Admin Dashboard Template
werdlists - ⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
morpheus - Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)
androwarn - Yet another static code analyzer for malicious Android applications
Fake-flash.cn - flash.cn钓鱼页（中文+英文）
APT_Sample-Weapoon - Pull some collected APT group related samples, ransomware, remote control and other malicious programs for security researchers to use.
awesome-modern-cpp - A collection of resources on modern C++
Nessus_Map - Parse .nessus file(s) and shows output in interactive UI
iot-security-wiki - IOT security wiki
LangNetworkTopologys - 端口扫描，指纹识别，网站探测，结果整理
RGPerson - RGPerson - Randomly generate identity information
CobaltStrikeForensic - Toolset for research malware and Cobalt Strike beacons
nsfocus-rsas-knowledge-base - 绿盟科技漏洞扫描器(RSAS)漏洞库
ccaa - Linux一键安装Aria2 + AriaNg + FileBrowse实现离线下载、文件管理。
HTML5 - HTML5学习、总结、实践
win10-secure-baseline-gpo - Windows 10 and Server 2016 Secure Baseline Group Policy
go101 - An online book focusing on Go syntax/semantics and runtime related things
web-log-parser - An open source analysis web log tool
nmap-bootstrap-xsl - A Nmap XSL implementation with Bootstrap.
Real-timeDetectionAD_ver2 -
sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
mall - ssm小商城
springboot-manage - 基于SpringBoot + Mybatis + Thymeleaf + Redis + MongoDB + MySQL开发的商品管理系统
frida-all-in-one - 《FRIDA操作手册》by @hluwa @r0ysue
live - 完整搭建直播平台实例
xssgun - xss payloads generator
cs_custom_404 - Cobalt strike custom 404 page
BabySploit - 👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
SecurityMind - share experience towards for information management, brainstorming and so on.
sec_profile - 安全行业信息趋势分析
springboot-penguin - 🐧Online Examination System 基于SpringBoot+Mybatis+Thymeleaf+SemanticUI+Bootstrap的在线考试系统(低仿牛客网)
yan-demo - 本项目是基于 SpringMVC+Spring+MyBatis （SSM）架构的高效率便捷开发框架
ChineseDarkWebCrawler - 中文暗网爬虫
flask_multi_uploader - flask+webuploader实现多文件上传
programthink - for 热心读者
awesome-piracy - A curated list of awesome warez and piracy links
Weak-password - 字典大全 dictionary
zfaka - 免费、安全、稳定、高效的发卡系统，值得拥有!
Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
proxylist - proxylist, generate by fate0/getproxy project in every 15 minute
dvxte - Damn Vulnerable Xebia Training Environment
vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
pentraining - 一个网络安全基础知识的教程。内容比较杂，好在都是实验视频和工具提供，可以自行动手完成实验。
SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods
JavaWiki - 不定期收集与JAVA有关书籍或文章
shiro-example - 跟我学Shiro（我的公众号：kaitao-1234567，我的新书：《亿级流量网站架构核心技术》）
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
wordpress-vulscan - WordPress vulnerability scanner
linux-explorer - Easy-to-use live forensics toolbox for Linux endpoints
Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
CV - 🙈Front End Engineer Curriculum Vitae - 简历生成器 &《切图仔面试宝典》
HadoopAndSparkDataStudy - 这是一本关于大数据学习记录的手册,主要针对初学者.做为一个老IT工作者,学习是一件很辛苦的事情.希望这本手册对帮助大家快速的学习与认识大数据(特指Hadoop Spark),为了不让初学者一下接触爆炸式的新概念,我们会以实验先行,概念跟进的方式进行课程学习,这样有利于大家快速进入状态,而不至于一直深陷逻辑概念出不来,但是每个人的学习方式不一样,仁者见仁智者见智吧.大家如果有意见请给我发邮件chu888chu888@qq.com — 楚广明
security-txt - A proposed standard that allows websites to define security policies.
Campus-FakeAP - 针对校园网的wifi钓鱼工具
Awesome-CTF-Book - Study CTF, study security
WAF-Bypass - WAF Bypass Cheatsheet
js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
TranslatorX - JetBrains 系列软件汉化包关键字: Android Studio 3.5 汉化包 CLion 2019.3 汉化包 DataGrip 2019.3 汉化包 GoLand 2019.3 汉化包 IntelliJ IDEA 2019.3 汉化包 PhpStorm 2019.3 汉化包 PyCharm 2019.3 汉化包 Rider 2019.3 汉化包 RubyMine 2019.3 汉化包 WebStorm 2019.3 汉化包
PyCharm-Chinese - PyCharm Chinese Language Pack（中文语言包）
Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
krackattacks -
seedbox-manager - [UNMAINTAINED] Web app for manage your seedbox
docker-armhf-torrentbox - Docker image with nginx + php5-fpm + rtorrent + rutorrent(web ui) started with supervisord
CVE-2017-7092-PoC - This is the Pwn2Own 2017 Safari backup vul's exploit.
dorm-system - Dorm System
Software-Security-Learning - Software-Security-Learning
Web-Security-Learning - Web-Security-Learning
linuxtools_rst - Linux工具快速教程
bitaddress.org - JavaScript Client-Side Bitcoin Wallet Generator
DIY-Cybersecurity-For-Domestic-Violence - Abuse adapts to technology. You deserve privacy and compassion.
privacytools-zh - privacytool.io -Traditional Chinese version
privacytools.io - 🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
wooyun-wiki - wiki.wooyun.org的部分快照网页
skills - Linux、WAF、正则、web安全等一些知识点的总结
Manual -
Music-Downloader - Download any music from web
drek - A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
angryFuzzer - Tools for information gathering
domxsswiki - Automatically exported from code.google.com/p/domxsswiki
ipot - Honeypot Research Blog 蜜罐技术研究小组
visualize_logs - A Python library and command line tools to provide interactive log visualization.
ICS-Security-Tools - Tools, tips, tricks, and more for exploring ICS Security.
WamaCry - a fake WannaCry
HTTPLeaks - HTTPLeaks - All possible ways, a website can leak HTTP requests
droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
WooyunDrops - Wooyun知识库，乌云知识库，https://wooyun.kieran.top
fluxion - Fluxion is a remake of linset by vk496 with enhanced functionality.
OldMirrorsFrontend - mirrors.zju.edu.cn
Broadlink-RM-SmartThings-Alexa - Control RF and Ir devices using SmartThings and Alexa.
sleepy-puppy - Deprecated please use https://github.com/Netflix/sleepy-puppy
fe - 《我的职业是前端工程师》 - Ebook：I'm a FrontEnd Developer
Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
badssl.com - 🔒 Memorable site for testing clients against bad SSL configs.
solid - Solid - Re-decentralizing the web (project directory)
ThreatPinchLookup - Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
ElvisProjs -
material-blog -
ubuntu-make - Easy setup of common tools for developers on Ubuntu.
elasticsearch-definitive-guide - 欢迎加QQ群：109764489，贡献力量！
d3-v4-whats-new -
WebFundamentals - Best practices for modern web development
learning-react - materials about learning react
500LineorLess_CN - 500 line or less 中文翻译计划。
php_webDataMining - php_webDataMining，PHP网络数据挖掘，第一个应用是爬取并分析和（草）谐（榴）论坛的一个版块数据并作可视化分析
Zhihu_bigdata - 使用scrapy和pandas完成对知乎300w用户的数据分析。首先使用scrapy爬取知乎网的300w，用户资料，最后使用pandas对数据进行过滤，找出想要的知乎大牛，并用图表的形式可视化。

Haskell (4)

semantic - Parsing, analyzing, and comparing source code across many languages
ihp - 🔥 The fastest way to build type safe web apps. IHP is a new batteries-included web framework optimized for longterm productivity and programmer happiness
FuncShell - Improve your shell by making it functional through Haskell! (An update to Awkward)
real-world-haskell-cn - 《Real World Haskell》中文翻译项目

Inno Setup (1)

retoolkit - Reverse Engineer's Toolkit

Java (643)

spider-flow - 新一代爬虫平台，以图形化方式定义爬虫流程，不写代码即可完成爬虫。
CasExp - Apereo CAS exploit tool
opscloud4 - 企业级通用运维管理平台（IaC）
yaml-payload - A tiny project for generating SnakeYAML deserialization payloads
hamibot - Android 平台 JavaScript 自动化工具，无需 root。
ApkShelling - 脱Apk使用360加固、梆梆加固、腾讯乐固、百度加固免费版加的壳
AndroidMonitor - Android监控器（Activity异常destroy , 隐私政策合规）
PrivacyPolicyComplianceCheck - 隐私政策合规检查方案
CaA - CaA - BurpSuite Collector and Analyzer
rmi-attack-demo - 在学习Java反序列化漏洞的过程中，用来理解Java RMI程序的执行流程，演示如何攻击Java RMI程序的几个示例。
JSPHorse - 结合反射调用、动态编译、BCEL、defineClass0，ScriptEngine、Expression等技术的一款免杀JSP Webshell生成工具
SPDS - Efficient and Precise Pointer-Tracking Data-Flow Framework
Chunk-Proxy -
CodeInspector - Java自动化代码审计工具半成品，基于Java ASM技术模拟JVM中Operand Stack和Local Variables实现数据流分析
lazyCSRF - A more useful CSRF PoC generator on Burp Suite
JNDIExploit - 一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。
SpringBootExploit - 项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
HostCollision - 用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
ReDoSHunter - ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
Hegui3.0 - 工信部合规检测Xposed模块源码
spring-ENC - sprint encode (plan text) get enc password
EVCache - A distributed in-memory data store for the cloud
PowerScanner - 面向HW的红队半自动扫描器
weweibuy-framework - 基于Springboot 封装的基础组件, 包括: Http请求响应日志,日志脱敏,APM, 加解密,签名(AES,BCrypt,RSA,JWT),数据库脱敏,报文脱敏,下滑线风格URL传参,统一异常处理,feign mock,feign日志,feign报文风格转换,跨应用异常上抛,自动补偿组件,幂等组件,RocketMq客户端
AndResGuard - proguard resource for Android by wechat team
AllatoriCrack - 破解 Java 混淆工具 Allatori
jmockit1 - Advanced Java library for integration testing, mocking, faking, and code coverage
spring-boot-webshell -
BFAC-Burp-Extension - Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
JavaAgentTools - 用Java agent实现内存马等功能
JDBC-Attack - JDBC Connection URL Attack
JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
ExpDemo-JavaFX - 图形化漏洞利用Demo-JavaFX版
drozer-agent - The Android Agent for the Mercury Security Assessment Framework.
XpRoot - 描述
Ecloud - Ecloud是一款基于http/1.1协议传输TCP流量工具，适用于内网不出网时通过web代理脚本转发tcp流量
RepeaterSearch - This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.
learning-note - java开发面试八股文（个人的面试及工作总结）
resolver - ShrinkWrap Resolvers
php-object-injection-check - PHP Unserialize Check - Burp Scanner Extension
HybridTestFramework - End to End testing of Web, API and Security
Hello-Java-Sec - ☕️ Java Security，安全编码和代码审计
dumpclass - Dump classes from running JVM process.
AndroRAT - A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
sqlancer - Detecting Logic Bugs in DBMS
WebStack-Guns - 一个开源的网址导航网站项目，后台基于Guns和Springboot
webdav-aliyundriver - 阿里云盘(https://www.aliyundrive.com/) 的webdav协议开源实现
ScanStation - 一个可以自定规则的动扫描器,支持主动和被动扫描
AndroidLibrary - Android library to reveal or obfuscate strings and assets at runtime
owasp-zap-fileupload-addon - OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
contrast-continuous-application-security-plugin - Jenkins Plugin from Contrast Security
AutoMacroBuilderForZAP - A OWASP ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.
fortify-plugin - Fortify Jenkins plugin
magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
rmi_bypass_jep290 -
InMemoryJavaCompiler - Utility class to compile java source code in memory
WebLogic_Basic_Poc - 用于WebLogic poc及exp测试的基础脚本，后续将集成各版本poc库
byte-buddy - Runtime code generation for the Java virtual machine.
secheguicheck - 工信部APP个人隐私信息安全合规检测
extract-tls-secrets - Decrypt HTTPS/TLS connections on the fly with Wireshark
grpc-java - The Java gRPC implementation. HTTP/2 based RPC
sonar-findbugs - SpotBugs plugin for SonarQube
xmldecoder-payload-generator - Java XMLDecoder payload generator
IPED - IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
kaiju - CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- please file tickets, bug reports, or pull requests at the upstream home in @CERTCC: https://github.com/certcc/kaiju
Arkhota - Arkhota, a web brute forcer for Android.
kroki - Creates diagrams from textual descriptions!
source-code-hunter - 😱 从源码层面，剖析挖掘互联网行业主流技术的底层实现原理，为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶，Mybatis、Netty、Dubbo 框架，及 Redis、Tomcat 中间件等
friday - java runtime decompiler (java实时反编译工具)
beanshooter - JMX enumeration and attacking tool.
algorithm-base - 专门为刚开始刷题的同学准备的算法基地，没有最细只有更细，立志用动画将晦涩难懂的算法说的通俗易懂！
LSPosed - LSPosed Framework
BurpBountyPlus - BurpBounty 魔改版本
riskscanner - RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。
CVE-2021-25641-Proof-of-Concept - Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets
JustTrustMePP -
MemoryShell - JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
openfire_shells - 后台插件getshell
CSAgent - CobaltStrike 4.x通用白嫖及汉化加载器
javaweb_security_handle - web常见漏洞处理,xss,sql注入,跨域,文件上传,接口暴力,限流实现
burp-scripting -
xss-reflector - XSS reflector vulnerabilities exploitation extended.
SmsForwarder - 短信转发器——监控Android手机短信并根据指定规则转发到其他手机：钉钉机器人、企业微信群机器人、飞书机器人、企业微信应用消息、邮箱、bark、webhook、Telegram机器人、Server酱、手机短信等。PS.这个APK主要是学习与自用，如有BUG请提ISSUE，同时欢迎大家提PR指正
gadgetinspector - 利用链、漏洞检测工具
Gadgets - Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
LogiKM - 一站式Apache Kafka集群指标监控与运维管控平台
MemoryShellLearn - 分享几个直接可用的内存马，记录一下学习过程中看过的文章
ysoserial-for-woodpecker - 给woodpecker框架量身定制的ysoserial
fofa_viewer - 一个简单实用的FOFA客户端 By flashine
MemShellDemo - 内存马Demo合集 memshell demo for java / php / python
mobsfscan - mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
rmi-deserialization-vuldb - Java RMI反序列化漏洞插件
mutual-tls-ssl - 🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included
http-methods-discloser -
BCELconvert - bcel转码
HopLa - HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
tabby - A CAT called tabby ( Code Analysis Tool )
graph4code - 超硬核！使用图数据技术发现软件漏洞
deobfuscator-gui - An awesome GUI for an awesome deobfuscator
FakeCert - Burp suite Certificate modification tool
BurpDecoder - This is a Burpsuite Extension that will be able to Auto-Decode intercepted request message by PROXY TOOL before the message was shown in PROXY Panel ,and Auto-Encode request message after it forwarded from ProxyTool.这是一个Burpsuite 插件，通过设置，可以在 Proxy 模块拦截到的数据包被显示之前自动对请求包信息进行解密，在从Proxy Forward 数据包之后，自动按照原来的顺序重新加密。
SRePlay - Burpsuite Plugin to bypass strict RePlay protection
AndroidHiddenApiBypass - Bypass restrictions on non-SDK interfaces
bytecode-viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
yaml-payload - Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg
spring-boot-upload-file-lead-to-rce-tricks - spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
sendMail - 批量发送钓鱼邮箱
Fofa-collect - Fofa采集工具
easyHook - 直接指定hook目标，无需重新编写hook代码
DongTai-agent-java - Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
weblogic_memshell - 适用于weblogic和Tomcat的无shell的内存马
memShell - a webshell resides in the memory of java web server
ZhouYu - （周瑜）Java - SpringBoot 持久化 WebShell 学习demo
kgb_messenger - An Android CTF practice challenge
Hegui2.0 - 检测用户在同意授权前是否有获取隐私信息的Xposed插件
Burp_AES_Plugin - Burpsuite Plugin For AES Crack
radar - 实时风控引擎(Risk Engine)，自定义规则引擎（Rule Script），完美支持中文，适用于反欺诈(Anti-fraud)应用场景，开箱即用！！！移动互联网时代的风险管理利器，你 Get 到了吗？
PrettyZoo - 😉 Pretty nice Zookeeper GUI, Support Win / Mac / Linux Platform
AwesomeScript - AntSword Shell 脚本分享/示例
TDOA_RCE - 通达OA综合利用工具
ajpfuzzer - A command-line fuzzer for the Apache JServ Protocol (ajp13)
BcelPayloadGenerator - A fastjson payload generator
JByteMod-Beta - Java bytecode editor
copagent - java memory web shell extracting tool
BurpSuiteAutoCompletion - This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
FakeXposed - Hide xposed, root, file redirection, etc.
domain_hunter_pro - domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等
java-tutorial - ☕ 老司机在 Java 技术领域的十年积累。
Digitalbank - Android Digital Bank Vulnerable Mobile App
remote-method-guesser - Java RMI Vulnerability Scanner
elki - ELKI Data Mining Toolkit
openrasp-testcases - OpenRASP 漏洞测试环境
BurpSuiteSharpener -
DaE - CTFCrackTools 's BurpSuite Plugin - Decode and Encode
Burpsuite-XFFHelper - burpsuite插件：自动添加一系列XFF请求头，绕过身份认证
BerylEnigma - 一个为渗透测试与CTF而制作的工具集，主要实现一些加解密的功能。
BurpMetaFinder - Burp Suite extension for extracting metadata from files
AutoMacroBuilder - A BurpSuite Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information.
shiro-casbin - Apache Shiro's authorization middleware based on Casbin
Loki - 一个轻量级Web蜜罐 - A Little Web Honeypot.🍯🍯🍯🐝🐝🐝
loread - RSS Android client，support Inoreader, Feedly, TinyTinyRSS, Fever。
burpextender-proxyhistory-webui - Burp Extender : Proxy History viewer in Web UI
bradamsa-ng - Burp Suite extension for Radamsa-powered fuzzing with Intruder
burp-wildcard - Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
BitTraversal - Burpsuite Plugin to detect Directory Traversal vulnerabilities
ViewStateDecoder - Burpsuite extension. Supports ASP.NET ViewStateDecoder
auth_analyzer - Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
CodeReviewTools - 通过正则搜索、批量反编译特定Jar包中的class名称
HosTaGe - Low Interaction Mobile Honeypot
ATTCK-Tools-library - TimelineSec ATT&CK 工具库
privacy-friendly-pedometer - Privacy Friendly App that counts your steps on Android devices.
UnicodeDecoder4burp - burpsuite Unicode解码插件
obfuscator - A java obfuscator (GUI)
ssrf-king - SSRF plugin for burp Automates SSRF Detection in all of the Request
BurpCustomizer - Because just a dark theme wasn't enough!
burp-send-to - Adds a customizable "Send to..."-context-menu to your BurpSuite.
MDUT - MDUT - Multiple Database Utilization Tools
java-load - 记录自己从零开始学习Java SE的道路
burpJsEncrypter - More Easier Burp Extension To Solve Javascript Front End Encryption,一款更易使用的解决前端加密问题的Burp插件。
allsafe - Intentionally vulnerable Android application.
LandrayDES - 蓝凌OA的前后台密码的加解密工具
BurpFastJsonScan - 一款基于BurpSuite的被动式FastJson检测插件
OpenFire_Decrypt - OpenFire 管理后台账号密码解密
ysoserial-modified - That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
CVE-2020-26259 - CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
RegexFinder - RegexFinder - Burp Suite extension to passively scan responses for occurrence of regular expression patterns.
swurg - Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
burp-suite-utils - Utilities for creating Burp Suite Extensions.
JNDI-Exploit-Kit - JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）
SandVXposed - Xposed environment without root (OS 5.0 - 12.0)
JavaSecurity - Java web and command line applications demonstrating various security topics
XposedAppium - 基于Xposed自动化框架
XposedOkHttpCat -
Xpatch - 免Root实现app加载Xposed插件工具。This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.
android-emulator-detector - Easy to detect android emulator
publiccms_decrypt - publiccms_decrypt
javaboy-code-samples - 公众号【江南一点雨】文章案例汇总，技术文章请戳这里----->
dexshellerInMemory - android APK一键DEX加固脚本(内存加载DEX)
xk-time - xk-time 是时间转换，时间计算，时间格式化，时间解析，日历，时间cron表达式和时间NLP等的工具，使用Java8，线程安全，简单易用，多达70几种常用日期格式化模板，支持Java8时间类和Date，轻量级，无第三方依赖。
freddy-deserialization-bug-finder -
Burp2Slack - Push notifications to Slack channel or to custom server based on BurpSuite response conditions.
JNDIExploit - A malicious LDAP server for JNDI injection attacks
burp-info-extractor - burpsuite extension for extract information from data
VulnerableApp - OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Burpsuite-UAScan - Burpsuite插件：被动进行未授权访问或越权操作的扫描
Burpsuite-JSScan - burpsuite插件：主动和被动进行JS扫描并分析其中的可利用点
YCAndroidTool - 用于项目测试，崩溃重启操作，崩溃记录日志【可以查看，分享】和重启【多种重启app方式】；网路拦截查看的工具小助手，拦截请求和响应数据，统计接口请求次数，流量消耗，以及统计网络链接/dns解析/request请求/respond响应等时间。提高开发效率……
super-jadx - Add new features for reverse engineering, such as: renaming of classes, fields, methods, variables, reference graphs and more.
frostmourne - frostmourne是基于Elasticsearch, InfluxDB，Mysql，ClickHouse应用日志的监控，报警，分析系统. Monitor & alert & alarm & analyze for Elasticsearch && InfluxDB Log Data。主要使用springboot2 + vue-element-admin。 https://frostmourne-demo.github.io/
xmind - The most popular mind mapping software
IntelliJDashPlugin - A smart and simple plugin that provides keyboard shortcut access for Dash, Velocity or Zeal in IntelliJ IDEA, RubyMine, WebStorm, PhpStorm, PyCharm and Android Studio.
Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
jgraphx - jgraphx 4.0.4 build for cs project
proxyee - HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
CobaltStrike - CobaltStrike's source code
hello-algorithm - 🌍 针对小白的算法训练 | 包括四部分：①.算法基础 ②.力扣图解 ③.大厂面经 ④.CS_汇总 | 附：1、千本开源电子书 2、百张技术思维导图（项目花了上百小时，希望可以点 star 支持，🌹感谢~）
BurpSuite-Exclude-From-Scope -
ApkSignatureKiller - 一键破解APK签名校验
XxlJob-Hessian-RCE - XxlJob<=2.1.2配置不当情况下反序列化RCE
lnk2pwn - Malicious Shortcut(.lnk) Generator
WeChatAssist - 一款基于Android AccessibilityService（辅助服务）的自动操作微信的app，实现的功能有，附近的人自动打招呼，通讯录自动发消息，自动加好友，自动点赞评论，自定发漂流瓶，自动加群好友，自动推广公众号等等，同时，使用hook模块进行了微信的模拟定位，附近的人位置随意切换。
Burp-Auto-Do-Intercept - Burp Suite Extender can auto intercept response for specify URL.
FakerAndroid - A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.
AnLinux-App - AnLinux allow you to run Linux on Android without root access.
burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
DexRepair - android dex文件修复程序
burp-api-drops - burp插件开发指南
JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
Lokiboard-Mod - Just Mod Version of lokiboard with remote reporting via Gmail
burp-multiplayer - Burp with Friends
java-memshell-scanner - 通过jsp脚本扫描java web Filter/Servlet型内存马
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
CVE-2020-5398 - 💣 CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
momo-code-sec-inspector-java - IDEA静态代码安全审计及漏洞一键修复插件
OSSTunnel - 基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具
SootTutorial - A step-by-step tutorial for Soot (a Java static analysis framework)
BCELCodeman - BCEL encode/decode manager for fastjson payloads
Richsploit - Exploitation toolkit for RichFaces
MysqlMonitor - Mysql 语句执行记录监控
Mini-Android-Challenges - A small Android CTF challenge
BehinderClientSource - 冰蝎客户端源码-3.0-BETA11.t00ls
CVE-2020-2551 - Weblogic IIOP CVE-2020-2551
attackRmi - attackRmi
memshell - Tomcat 冰蝎内存马。
BCELConverter - BCEL class转换插件
ShiroScan - burp插件 ShiroScan 主要用于框架、无dnslog key检测
passive-scan-client-and-sendto - burp被动扫描自动转发和手动重发插件
HackingSimplified - This is where I share code/material shown in my videos
spring-view-manipulation - When MVC magic turns black
tomcat_nofile_webshell - Tomcat基于动态注册Filter的无文件Webshell
FastjsonScan - 一个简单的Fastjson反序列化检测burp插件
ShiroScanner -
flink-learning - flink learning blog. http://www.54tianzhisheng.cn/ 含 Flink 入门、概念、原理、实战、性能调优、源码解析等内容。涉及 Flink Connector、Metrics、Library、DataStream API、Table API & SQL 等内容的学习案例，还有 Flink 落地应用的大型项目案例（PVUV、日志存储、百亿数据实时去重、监控告警）分享。欢迎大家支持我的专栏《大数据实时计算引擎 Flink 实战与性能优化》
androidx - Development environment for Android Jetpack extension libraries under the androidx namespace. Synchronized with Android Jetpack's primary development branch on AOSP.
fastjson-bypass-autotype-1.2.68 - fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
BurpSuiteLoader - Burp Suite loader version --> ∞
nutz - Nutz -- Web Framework(Mvc/Ioc/Aop/Dao/Json) for ALL Java developer
TSLab-Exploit - One tool of exploit vuln in batch!!!
JWT4B - JWT Support for Burp
shiro-urldns - shiro反序列化检测(只是个玩具23333)
ShiroRce-Burp -
powerauth-push-server - PowerAuth Push Server repository
Struts2-Vuln-Demo - Struts2漏洞实例源码
WebLogic-Shiro-shell - WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
cfr - This is the public repository for the CFR Java decompiler
jvm-sandbox - Real - time non-invasive AOP framework container based on JVM
weblogic_cmd - weblogic t3 deserialization rce
rmi-jndi-ldap-jrmp-jmx-jms - rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
RemoteObjectInvocationHandler - bypass JEP290 RaspHook code
CVE-2020-2555 - Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
security_taint_propagation - Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.
javaparser - Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13
gadgetinspector - A byte code analyzer for finding deserialization gadget chains in Java applications
JavaProbe - A Java runtime information-gathering tool which uses the Java Attach API for information acquisition
soot - Soot - A Java optimization framework
cafecompare - Java code comparison tool (jar / class)
fastjson-blacklist - 打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
R9000 -
log-agent - 利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
Java-Rce-Echo - Java RCE 回显测试代码
libsu - A complete solution for apps using root permissions
Vulnerable_Env_Collect - 一些软件的漏洞复现环境
leetcode-java - 🎓🎓🎓 Leetcode solution in Java - 536/921 Solved. https://leetcode.com/problemset/all/
burp-fofa - 基于BurpSuite的一款FOFA Pro 插件
cve_2020_14644 -
ovaa - Oversecured Vulnerable Android App
Neo-reGeorg - Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
metersphere - MeterSphere is an End-to-End open source continuous testing platform. MeterSphere 是一站式开源持续测试平台，涵盖测试跟踪、接口测试、性能测试、团队协作等功能，全面兼容 JMeter、Postman、Swagger 等开源、主流标准。
Apache-Tomcat-Redis-Remote-Code-Execution - Apache-Tomcat-Redis-Remote-Code-Execution
CAS_Execution_decode - Apereo CAS payload AES解密
Lens - 功能简介：一种开发帮助产品研发的效率工具。主要提供了：页面分析、任务分析、网络分析、DataDump、自定义hook 、Data Explorer 等功能。以帮助开发、测试、UI 等同学更便捷的排查和定位问题，提升开发效率。
BurpShiroPassiveScan - 一款基于BurpSuite的被动式shiro检测插件
oxpecker - oxpecker是一款用于从IDE提取开发项目仓库地址、当前分支、三方组件等信息用于安全分析的JetBrains家族IDE插件。
mosec-maven-plugin - 用于检测maven项目的第三方依赖组件是否存在安全漏洞。
mosec-gradle-plugin - 用于检测gradle项目的第三方依赖组件是否存在安全漏洞。
snyk-maven-plugin - Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
BetterBackdoor - A backdoor with a multitude of features.
AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers
StaticInitializerPayload -
leetcode-editor - Do Leetcode exercises in IDE, support leetcode.com and leetcode-cn.com, to meet the basic needs of doing exercises.Support theoretically: IntelliJ IDEA PhpStorm WebStorm PyCharm RubyMine AppCode CLion GoLand DataGrip Rider MPS Android Studio
threatmodel-sdk - A Java library for parsing and programmatically using threat models
shiroPoc -
ShiroScan - Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)
Fofa-collect - Fofa平台采集工具
ysoserial - forked from frohoff/ysoserial and added my own payloads.
base-admin - Base Admin一套简单通用的后台管理系统，主要功能有：权限管理、菜单管理、用户管理，系统设置、实时日志，实时监控，API加密，以及登录用户修改密码、配置个性菜单等
SerializationDumper - A tool to dump Java serialization streams in a more human readable form.
CVE-2020-14645 - Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
RMIDeserialize - RMI 反序列化环境一步步
JavaThings - Share Things Related to Java - Java安全漫谈笔记相关内容
CAS_EXP - CAS 硬编码远程代码执行漏洞
secscan-authcheck - 越权检测工具
JavaSerialKiller - Burp extension to perform Java Deserialization Attacks
CVE-2020-9547 - CVE-2020-9547：FasterXML/jackson-databind 远程代码执行漏洞
pine - Dynamic java method hook framework on ART.
tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
SCTF2020 - SCTF2020
keycloak - Open Source Identity and Access Management For Modern Applications and Services
rmi-deserialization - Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
WebLogicPasswordDecryptorUi - 解密weblogic AES或DES加密方法
CVE-2020-5902 - CVE-2020-5902 BIG-IP
AndroidWebDoor - A minimalistic android backdoor
xjar - Spring Boot JAR 安全加密运行工具，支持的原生JAR。
PHONK - PHONK is a coding playground for new and old Android devices
jvmxray - Make Java security events of interest visible for analysis
study - 全栈工程师学习笔记；Spring登录、shiro登录、CAS单点登录和Spring boot oauth2单点登录；Spring data cache 缓存，支持Redis和EHcahce; web安全，常见web安全漏洞以及解决思路；常规组件，比如redis、mq等；quartz定时任务，支持持久化数据库，动态维护启动暂停关闭；docker基本用法，常用image镜像使用，Docker-MySQL、docker-Postgres、Docker-nginx、Docker-nexus、Docker-Redis、Docker-RabbitMQ、Docker-zookeeper、Docker-es、Docker-zipkin、Docker-ELK等；mybatis实践、spring实践、spring boot实践等常用集成；基于redis的分布式锁；基于shared-jdbc的分库分表，支持原生jdbc和Spring Boot Mybatis
CronScheduler - An alternative to ScheduledThreadPoolExecutor proof against the clock drift problem
ysomap - A helpful Java Deserialization exploit framework based on ysoserial
tkey - 以材料最全、示例最多为目标的单点登录系统（SSO）
after-deserialization-attack - Java After-Deserialization Attack
ApkCrack - A tool that make your apk debuggable for Charles/Fiddler in Android 7.0
WebViewDebugHook - Use Xposed force all webView to debug on android 4.4+
shiro-check - Shiro反序列化回显利用、内存shell、检查 Burp插件
FridaLoader - A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices
burp-security-headers-checker - Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses
VulnreportForBurp - Burp Suite extension to enable reporting findings directly to VulnReport
Copy-as-JavaScript-Request - Copy as JavaScript Request plugin for Burp Suite
Burp-TCP-and-DNS-Proxy - TCP and DNS Proxy for Burp Suite.
YaguraExtender - Burpsuite extension. Supports CJK (Chinese, Japanese, Korean) encoding.
burp-api-common - common methods that used by my burp extension projects
burp-samesite-reporter - Burp extension that passively reports various SameSite flags
burp-suite-swaggy - Burp Suite extension for parsing Swagger web service definition files
BigIPDiscover - It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
r-forwarder-burp - The burp extension to forward the request
burp-multistep-csrf-poc - Burp extension to generate multi-step CSRF POC.
burp-suite-jsonpath - JSONPath extension for BurpSuite
log-requests-to-sqlite - BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
cstc - CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
TeaBreak - A productivity burp extension which reminds to take break while you are at work!
profiler - A tool to trace java method dynamically for android application.
Apache-Tomcat-MongoDB-Remote-Code-Execution - Apache Tomcat + MongoDB Remote Code Execution
SandVXposed - Xposed environment without root (OS 5.0 - 10.0)
JspMaster-Deprecated - 一款基于webshell命令执行功能实现的GUI webshell管理工具，支持流量加密
fortify-license-crack - fortify-license-crack
JustTrustMe-master - 在JustTrustMe的基础上修改了log日志打印位置，便于追踪hook函数
DVMUnpacker -
fastjson-autotype-bypass-demo - fastjson 1.2.68 版本 autotype bypass
fastjson-blacklist -
Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
freddy - Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
RxAppEncryptionProtocol - frida反特征检测 app协议破解 Frida破解协议 sslping抓包通用逆向破解打印native动态注册函数
dragondance - Binary code coverage visualizer plugin for Ghidra
hack-root - Android APP get root-level permissions without rooted system
Android-GetAPKInfo - 获取Android应用基本信息的工具集
FastJson1.2.62-RCE - 来源于jackson-CVE-2020-8840，需要开autotype
rogue-jndi - A malicious LDAP server for JNDI injection attacks
BurpCrypto - BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
roots_a11y - PoC files for the publication 'How Android's UI Security is Undermined by Accessibility'.
JSP-Webshells - Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
JustTrustMePlus -
SpringBootVulExploit - SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
tomcat-cluster-session-sync-exp - tomcat使用了自带session同步功能时，不安全的配置（没有使用EncryptInterceptor）导致存在的反序列化漏洞，通过精心构造的数据包，可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484，9484是session持久化的洞，这个是session集群同步的洞！
SpringBoot-Labs - 一个涵盖六个专栏：Spring Boot 2.X、Spring Cloud、Spring Cloud Alibaba、Dubbo、分布式消息队列、分布式事务的仓库。希望胖友小手一抖，右上角来个 Star，感恩 1024
behinder_source - Behinder3.0 Beta4 源码（Decompile and Fixed）
CVE-2020-2883 - Weblogic coherence.jar RCE
MyPerf4J - High performance Java APM. Powered by ASM. Try it. Test it. If you feel its better, use it.
threadtear - Multifunctional java deobfuscation tool suite
EdXposedManager - Companion Android application for EdXposed
param-miner -
ShiroExploit-Deprecated - Shiro550/Shiro721 一键化利用工具，支持多种回显方式
JspForAntSword - **蚁剑JSP一句话Payload
headless-burp - Automate security tests using Burp Suite.
CollaboratorPlusPlus -
spring-boot-demo - 该项目已成功集成 actuator(监控)、admin(可视化监控)、logback(日志)、aopLog(通过AOP记录web请求日志)、统一异常处理(json级别和页面级别)、freemarker(模板引擎)、thymeleaf(模板引擎)、Beetl(模板引擎)、Enjoy(模板引擎)、JdbcTemplate(通用JDBC操作数据库)、JPA(强大的ORM框架)、mybatis(强大的ORM框架)、通用Mapper(快速操作Mybatis)、PageHelper(通用的Mybatis分页插件)、mybatis-plus(快速操作Mybatis)、BeetlSQL(强大的ORM框架)、upload(本地文件上传和七牛云文件上传)、redis(缓存)、ehcache(缓存)、email(发送各种类型邮件)、task(基础定时任务)、quartz(动态管理定时任务)、xxl-job(分布式定时任务)、swagger(API接口管理测试)、security(基于RBAC的动态权限认证)、SpringSession(Session共享)、Zookeeper(结合AOP实现分布式锁)、RabbitMQ(消息队列)、Kafka(消息队列)、websocket(服务端推送监控服务器运行信息)、socket.io(聊天室)、ureport2(**式报表)、打包成war文件、集成 ElasticSearch(基本操作和高级查询)、Async(异步任务)、集成Dubbo(采用官方的starter)、MongoDB(文档数据库)、neo4j(图数据库)、docker(容器化)、JPA多数据源、Mybatis多数据源、代码生成器、GrayLog(日志收集)、JustAuth(第三方登录)、LDAP(增删改查)、动态添加/切换数据源、单机限流(AOP + Guava RateLimiter)、分布式限流(AOP + Redis + Lua)、ElasticSearch 7.x(使用官方 Rest High Level Client)、HTTPS、Flyway(数据库初始化)、UReport2(**式复杂报表)。
LoggerPlusPlus - Advanced Burp Suite Logging Extension
firing-range -
JNDI - JNDI 注入利用工具
Bridge - 无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
generator-burp-extension - Everything you need about Burp Extension Generation
Burpy - A plugin that allows you execute python and get return to BurpSuite.
java-object-searcher - java内存对象搜索辅助工具
sonarqube - Continuous Inspection
find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
CryptionTool - 一个CTF+渗透测试工具框架,集成常见加解密，密码、编码转换，端口扫描，字符处理等功能
albedo - Albedo 是一个Java企业应用开源框架，使用经典技术组合（SpringBoot2.x、MyBatis、Vue），包括核心模块如：组织机构、角色用户、权限授权、数据权限、代码生成、定时任务等。
PathLayoutManager - RecyclerView的LayoutManager，轻松实现各种炫酷、特殊效果，再也不怕产品经理为难！
CookBook - 🎉🎉🎉JAVA高级架构师技术栈==任何技能通过 “刻意练习” 都可以达到融会贯通的境界，就像烹饪一样，这里有一份JAVA开发技术手册，只需要增加自己练习的次数。🏃🏃🏃
class-decompile-intellij - decompile .class file
tools-ocr - 树洞 OCR 文字识别（一款跨平台的 OCR 小工具）
frpMgr - Frp快速配置面板
gadgetinspector - 一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
FindClassInJars - 个人用于在自动化挖掘gadget时，方便查找gadget chains中class所在jar包，以助于便捷审计测试gadget有效性的那么一个小工具。
jackson-CVE-2020-8840 - FasterXML/jackson-databind 远程代码执行漏洞
GadgetProbe - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
learnjavabug - Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
GDA-android-reversing-Tool - GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
Decrypt_Weblogic_Password - 搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。
SoloPi - SoloPi 自动化测试工具
dk-fitting - Fitting是一个面向大数据的统一的开发框架，由大快搜索主导并完全开源，克服了大数据技术开发涉及技术面广,各组件间缺乏统一规范等问题，能有效降低大数据的学习难度，并提高大数据项目的开发效率并可与开源项目混用。 Fitting遵循Apache2.0开源协议，采用类黑箱框架模式，将大数据生态圈内各组件底层API根据应用组合封装为Fitting API服务。用户编程时直接引用Fitting框架，即可使用功能丰富的Fitting API，完成过去复杂的编码工作。 Fitting框架由数据处理（dataprocess）、数据源（datasource）、ElasticSQL引擎（elasticsql）、图计算（graphx）、机器学习（ml）、自然语言处理（nlp）、搜索(search)、SQL工具类、（sqlutils）、流计算（stream）九大部分组成，可以单独部署，也可整体部署。 Fitting支持C、C++、C#、Cocoa、Common Lisp、Dlang、Dart、Delphi、Erlang、Go、Haskell、Haxe、Java (SE)、Java (ME)、Lua、node.js、OCaml、Perl、PHP、Python、Ruby、Rust、Smalltalk等二十多种编程语言。
gnirehtet - Gnirehtet provides reverse tethering for Android
opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java
mockserver - MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and SOCKS Proxying (i.e. dynamic port forwarding).
BLCS - 一款集合多个Android开源库的使用工具，可以展示各个开源库的特性。并简单了解其使用方法。包含[★1.1仿微信功能-字体大小★1.2仿微信功能-存储空间★1.3仿微信功能-多语言★1.4仿微信功能-地区选择★2.BottomNavigationView★3.RecyclerView4.DialogFragment★5.toolbar★6.RxToast★7.转盘小游戏★8.跑马灯/水波纹/标签★9.侧滑菜单/悬浮按钮★10.ViewPage指示器★11.ViewPage★12-13.OpenGl★14.常用Dialog★15.进度条★16.蛛网等级及颜色选取★17.Banner轮播图★18.通知NotificationCompat★19.选择器Picker★20.标签列表LabelList★21.声音与震动★22.PopupWindow★23.放大镜★24.刮刮卡★25.腾讯开源UI库《QMUI_Android》★26.开源图表库《MPAndroidChart》★27.条形码/二维码★1.博客★2.版本更新★3.全局异常捕获★4.内存泄漏检测★5.Rxjava+Retrofit封装★6.调用系统功能★7.SQLite ]
proguard - ProGuard, Java optimizer and obfuscator
JNDI-Injection-Exploit - JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
Bastillion - Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
SecMobile - 移动安全检测平台，支持Android和iOS应用辅助分析。
FridaHooker - Android Frida GUI Manager // An advanced version by @icespite :https://github.com/icespite/FridaHooker
akhq - Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
falcon - Falcon: A practical log-based analysis tool for distributed systems
poi-slinger - Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan
rapid - Rapid is a Burp extension that enables you to save HTTP Request & Response data to a single file a lot easier and faster in one go.
burp-cookie-porter - 一个可快速“搬运”cookie的Burp Suite插件
Burpsuite-Plugins-Usage - Burpsuite-Plugins-Usage
sqlmap4burp-plus-plus - sqlmap4burp++是一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件
passive-scan-client - Burp被动扫描流量转发插件
captcha-killer - burp验证码识别接口调用插件
android-backup-extractor - Android backup extractor
adonistrack - Simple Java profiling tool
powerauth-cmd-tool - Command-line utility for PowerAuth Reference Client
rotacsufbo - did u know the name of the repo is obfuscator backwards?
pivaa - Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
VyAPI - VyAPI - A cloud based vulnerable hybrid Android App
Estore - Java 语言实现的苹果网上商城，前端模仿苹果爱否商城的页面，后端运用纯 Servlet + JSP +c3p0 数据库连接池以及web 相关技术，实现的基础功能包括前后台、实现展示首页、管理商品页面、商品分类、添加购物车、购买、提交订单、联系客服等，欢迎 star，谢谢！！！
wgcloud - linux运维监控工具，支持系统信息，内存，cpu，温度，磁盘空间及IO，硬盘smart，系统负载，网络流量等监控，API接口，大屏展示，拓扑图，进程监控，端口监控，docker监控，文件防篡改，日志监控，数据可视化，web ssh，堡垒机，指令下发批量执行，linux面板，探针，故障告警
wooyun-payload - 从wooyun中提取的payload，以及burp插件
automatic-api-attack-tool - Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
MSTG-Hacking-Playground -
diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
shell-plus - 💻Shell Plus 是基于 RMI 的一款服务器管工具，由服务端、注册中心、客户端进行组成。该工具主要用于服务器管理、攻防后门安全测试以及技术研究，禁止用于非法犯罪。
stetho - Stetho is a debug bridge for Android applications, enabling the powerful Chrome Developer Tools and much more.
SwissArmyKnife - android ui调试工具
AndroTickler - Penetration testing and auditing toolkit for Android apps.
uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
VirtualXposed - A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
android-classyshark - Android and Java bytecode viewer
BigData-Notes - 大数据入门指南 ⭐
java_xxe_2019 - 总结了一下2019年在JVM环境中使用XXE攻击的知识
Brida - The new bridge between Burp Suite and Frida!
apk_auto_enforce - APK一键自动化加固脚本
atlassian-agent - Atlassian's productions crack.
sqlhelper - SQL Tools ( Dialect, Pagination, DDL dump, UrlParser, SqlStatementParser, WallFilter, BatchExecutor for Test) based Java. it is easy to integration into any ORM frameworks
FastjsonExploit - Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
fastdep - Fast integration dependencies in spring boot.是一个快速集成依赖的框架，集成了一些常用公共的依赖。例：多数据源，Redis，JWT...
fiction_house - 小说精品屋是一个多平台（web、安卓app、微信小程序）、功能完善的屏幕自适应小说漫画连载系统，包含精品小说专区、轻小说专区和漫画专区。包括小说/漫画分类、小说/漫画搜索、小说/漫画排行、完本小说/漫画、小说/漫画评分、小说/漫画在线阅读、小说/漫画书架、小说/漫画阅读记录、小说下载、小说弹幕、小说/漫画自动采集/更新/纠错、小说内容自动分享到微博、邮件自动推广、链接自动推送到百度搜索引擎等功能。
eshop - 基于Spring Boot +Dubbo微服务商城系统
mmall-kay-Java - SSM电商项目，项目版本由V1.0 单机部署+FTP服务器演进为V2Tomcat集群+Redis分布式模式。技术有点老了，建议学习SpringBoot版本, SpringBoot 版本正在升级中
GitHub-Chinese-Top-Charts - 🇨🇳 GitHub中文排行榜，帮助你发现高分优秀中文项目、更高效地吸收国人的优秀经验成果；榜单每周更新一次，敬请关注！
pingyougou - 使用IDEA版本开发品优购商城项目
JustAuth - 🏆Gitee 最有价值开源项目 🚀:100: 小而全而美的第三方登录开源组件。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐、Gitlab、美团、饿了么、推特、飞书、京东、阿里云、喜马拉雅、Amazon、Slack和 Line 等第三方平台的授权登录。 Login, so easy!
jeepay - Jeepay是一套适合互联网企业使用的开源支付系统，支持多渠道服务商和普通商户模式。已对接微信支付，支付宝，云闪付官方接口，支持聚合码支付。
eladmin - 项目基于 Spring Boot 2.1.0 、 Jpa、 Spring Security、redis、Vue的前后端分离的后台管理系统，项目采用分模块开发方式，权限控制采用 RBAC，支持数据字典与数据权限管理，支持一键生成前后端代码，支持动态路由
SeimiCrawler - 一个简单、敏捷、分布式的支持SpringBoot的Java爬虫框架;An agile, distributed crawler framework.
hope-cloud - 🐳 Hope-Cloud 微服务框架
redtorch - Kotlin(Java)开源量化交易开发框架
quant4j - 火币量化交易指标组合策略简单的数值策略这个项目只是提供一个思路。
zheshiyigeniubidexiangmu - 数字货币量化交易系统，支持多家交易所
hope-boot - 🌱 Hope-Boot 一款现代化的脚手架项目
spring-framework - 对 Spring 源码的解读分析
CobaltStrike-file -
vulnado - Purposely vulnerable Java application to help lead secure coding workshops
mall-learning - mall学习教程，架构、业务、技术要点全方位解析。mall项目（40k+star）是一套电商系统，使用现阶段主流技术实现。涵盖了SpringBoot 2.3.0、MyBatis 3.4.6、Elasticsearch 7.6.2、RabbitMQ 3.7.15、Redis 5.0、MongoDB 4.2.5、Mysql5.7等技术，采用Docker容器化部署。
dolphinscheduler - Apache DolphinScheduler is a distributed and extensible workflow scheduler platform with powerful DAG visual interfaces, dedicated to solving complex job dependencies in the data pipeline and providing various types of jobs available out of box.
FEBS-Shiro - Spring Boot 2.4.2，Shiro1.6.0 & Layui 2.5.6 权限管理系统。预览地址：http://47.104.70.138:8080/login
SpringCloudLearning - 《史上最简单的Spring Cloud教程源码》
authz -
concurrent-programming - 🌵《实战java高并发程序设计》源码整理
JS-Sorting-Algorithm - 一本关于排序算法的 GitBook 在线书籍《十大经典排序算法》，多语言实现。
Java - Java的学习之路，学习JavaEE以及框架时候的一些项目，结合博客和源码，让你受益匪浅，适合Java初学者和刚入门开始学框架者
java-core-learning-example - 关于Java核心技术学习积累的例子，是初学者及核心技术巩固的最佳实践。
burpFakeIP - 服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件
Msgs - 短信群发，支持单卡/双卡，发送短信，Excel导入
jeecg-boot - 「企业级低代码平台」前后端分离架构SpringBoot 2.x，SpringCloud，Ant Design&Vue，Mybatis-plus，Shiro，JWT。强大的代码生成器让前后端代码一键生成，无需写任何代码! 引领新的开发模式OnlineCoding->代码生成->手工MERGE，帮助Java项目解决70%重复工作，让开发更关注业务，既能快速提高效率，帮助公司节省成本，同时又不失灵活性。
RxJavaLearningMaterial - 这是一份详细的RxJava学习攻略 & 指南
Second-hand-mall - 模仿咸鱼的二手交易商城
Shiro-Action - 基于 Shiro 的权限管理系统，支持 restful url 授权，体验地址 :
java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
steady - Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
rhizobia_J - JAVA安全SDK及编码规范
Spring-Boot-In-Action - Spring Boot 系列实战合集
jsEncrypter - 一个用于前端加密Fuzz的Burp Suite插件
answerWeb - 基于SSM在线答题系统
Java_deserialize_vuln_lab - Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
SpringAll - 循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc
Gotrip - 民宿旅游管理系统，SSM框架实现
EStore - 一个基于JavaWeb的网上电子购物城项目，实现展示商品、购买商品、提交订单、持久化保存到数据库等基本功能
hfuu_shop - 原生Jsp和Servlet实现的简单二手物品交易网站
MMall_JAVA - 基于SSM框架的前后端分离设计完整仿天猫网站服务器端源码。项目特点：前后端分离，数据库接口设计，架构设计，功能开发，上线运维
SSM-personnel-management-system - 基于SSM的人事管理系统，适合初学者第一个实战项目
LEMarket - 基于Java SSM框架和layui构建的手机商城系统（包含前后台）
S-mall-servlet - 小小商城系统，JavaWEB项目，基于原生Servlet，仿天猫页面，功能齐全
xxshop - (B2C) 基于Java 的SSM的B2C电商网站
Psychological-counseling-system - 简易心理咨询预约系统Based On SSM
godofwar - GodOfWar - Malicious Java WAR builder with built-in payloads
biubiu - A website like bilibili
SSM-Maven-Heima - 基于SSM(Spring+Springmvc+Mybatis)框架的电商小项目，使用Maven构建项目，MySQL为数据库系统，Redis的缓存服务器（并不是用的很多）。商城分为后台人员管理界面和前台处理服务器两个方面。实现了登录，邮件注册，redis缓存机制，cookie的历史记录浏览，分页浏览商品，加入购物车，提交订单等等功能。最精彩的是，如果你刚刚学完基础的SSM框架，那么你就可以跟着视频一起完成这个很nice的小工程了。话不多说，让我们进入无尽的学习中吧！（光头不再是梦想:) ）
Liudao - “六道”实时业务风控系统
multimarkdown - 破解 IntelliJ IDEA 的 Markdown Navigator 插件，觉着不错的话可以 Start 一下哟！
Images-to-PDF - An app to convert images to PDF file!
CVE-2018-3252 - CVE-2018-3252-PoC
jboss-_CVE-2017-12149 - CVE-2017-12149 jboss反序列化可回显
javacore - ☕ JavaCore 是对 Java 核心技术的经验总结。
OnlineMall - ⬆️ 基于springboot+thymeleaf+spring data jpa+druid+bootstrap+layui等技术的JavaWeb电商项目(项目包含前后台,分为前台商城系统及后台管理系统。前台商城系统包含首页门户、商品推荐、商品分类、商品搜索、商品展示、商品详情、购物车、订单流程、用户中心、评论(有些bug,当时做得不够好,下一个项目的评论模块比这个好)、模拟支付等模块。后台管理系统包含商品管理、订单管理、用户管理等模块。系统介绍及详细功能点、技术点见项目内文档描述)☀️
HackBar - HackBar plugin for Burpsuite
traccar - Traccar GPS Tracking System
XSSBlindInjector - burp插件，实现自动化xss盲打以及xss log
MySQLMonitor - MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)
springboot-ssm - springboot整合mybatis(SSM项目整合)
ProjectTree - 新人熟悉项目必备工具！基于AOP开发的一款方法调用链分析框架，简单到只需要一个注解，异步非阻塞，完美嵌入Spring Cloud、Dubbo项目！再也不用担心搞不懂项目！
chunked-coding-converter - Burp suite 分块传输辅助插件
Nessus_to_report - Nessus中文报告自动化脚本
SpringCloudLesson - SpringCloud从入门到精通系列课程
locker - mybatis乐观锁插件,MyBatis Optimistic Locker Plugin
mytwitter - 一个模仿Twitter的Java Web项目（基于原生的Servlet）
APIJSON - 🚀 零代码、热更新、全自动 ORM 库，后端接口和文档零代码，前端(客户端) 定制返回 JSON 的数据和结构。 🚀 A JSON Transmission Protocol and an ORM Library for automatically providing APIs and Docs.
ghidra - Ghidra is a software reverse engineering (SRE) framework
toBeTopJavaer - To Be Top Javaer - Java工程师成神之路
manong-ssm - 基于SSM框架的Java电商项目
scm-biz-suite - 供应链中台系统基础版，集成零售管理, 电子商务, 供应链管理, 财务管理, 车队管理, 仓库管理, 人员管理, 产品管理, 订单管理, 会员管理, 连锁店管理, 加盟管理, 前端React/Ant Design, 后端Java Spring+自有开源框架，全面支持MySQL, PostgreSQL, 全面支持国产数据库南大通用GBase 8s,通过REST接口调用，前后端完全分离。
S-mall-ssm - 小小商城系统，JavaWEB项目，基于SSM，仿天猫页面，功能齐全，实现了自动处理关联查询的通用Mapper、抽象 BaseService 类、注解鉴权、参数注解校验等
xxl-sso - A distributed single-sign-on framework.（分布式单点登录框架XXL-SSO）
vhr - 微人事是一个前后端分离的人力资源管理系统，项目采用SpringBoot+Vue开发。
spring-boot-examples - about learning Spring Boot via examples. Spring Boot 教程、技术栈示例代码，快速简单上手教程。
mybatis-lite - Mybatis - Plugin Free版
JavaEE - 🔥⭐️👍框架(SSM/SSH)学习笔记
t-io - 解决其它网络框架没有解决的用户痛点，让天下没有难开发的网络程序
Java - All Algorithms implemented in Java
mall - mall项目是一套电商系统，包括前台商城系统及后台管理系统，基于SpringBoot+MyBatis实现，采用Docker容器化部署。前台商城系统包含首页门户、商品推荐、商品搜索、商品展示、购物车、订单流程、会员中心、客户服务、帮助中心等模块。后台管理系统包含商品管理、订单管理、会员管理、促销管理、运营管理、内容管理、统计报表、财务管理、权限管理、设置等模块。
miaosha - ⭐⭐⭐⭐秒杀系统设计与实现.互联网工程师进阶与分析🙋🐓
weixin-bot - 使用微信Api实现微信客户端功能（使用Java开发）可用于监控微信消息、特别关心钉钉提醒功能
advanced-java - 😮 Core Interview Questions & Answers For Experienced Java(Backend) Developers | 互联网 Java 工程师进阶知识完全扫盲：涵盖高并发、分布式、高可用、微服务、海量数据处理等领域知识
JrebelBrainsLicenseServerforJava -
MyBatisCodeHelper-Pro-Crack - Crack for Intellij IDEA plugin: MybatisCodeHelperPro.
Java-Web-Security - Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
LeetCodeAnimation - Demonstrate all the questions on LeetCode in the form of animation.（用动画的形式呈现解LeetCode题目的思路）
jndiat - JNDI Attacking Tool
TrackRay - 溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）
AES-Killer - Burp Plugin to decrypt AES encrypted traffic on the fly
MyTech - Java的基础总结和学习笔记，包括Java核心技术点和常见知识点。同时提供了Java基础原理的代码实现，供大家实践时参考。已补充JVM和JUC的相关内容，欢迎交流。
java-learning - 旨在打造在线最佳的 Java 学习笔记，含博客讲解和源码实例，包括 Java SE 和 Java Web
JavaGuide - 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试，首选 JavaGuide！
greys-anatomy - Java诊断工具
segmentfault-lessons - Segment Fault 在线讲堂代码工程
fullstack-tutorial - 🚀 fullstack tutorial 2021，后台技术栈/架构师之路/全栈开发社区，春招/秋招/校招/面试
HTTPHeadModifer - 一款快速修改HTTP数据包头的Burp Suite插件
redis-manager - Redis 一站式管理平台，支持集群的监控、安装、管理、告警以及基本的数据操作
BurpSuite_Pro_v1.7.32 - BurpSuite_Pro_v1.7.32
JCSprout - 👨‍🎓 Java Core Sprout : basic, concurrent, algorithm
BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
domain_hunter - A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
knife - A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Cknife - Cknife
IIS-ShortName-Scanner - latest version of scanners for IIS short filename (8.3) disclosure vulnerability
CVE-2018-1270 - Spring messaging STOMP protocol RCE
mongodb-file-server - MongoDB File Server is a file server system based on MongoDB. 基于 MongoDB 的文件服务器。
gdns - A Secure DNS Server (forwarder) based on Google DNS over HTTPS Service
mybatis-generator-gui - mybatis-generator界面工具，让你生成代码更简单更快捷
CS-Notes - 📚 技术面试必备基础知识、Leetcode、计算机操作系统、计算机网络、系统设计
mssql-jdbc - The Microsoft JDBC Driver for SQL Server is a Type 4 JDBC driver that provides database connectivity with SQL Server through the standard JDBC application program interfaces (APIs).
ideaagent - IntelliJ IDEA 辅助工具
MybatisPlugin-Crack-Javassist - Javassist实现的破解IDEA MybatisPlugin修改字节码工具，仅供学习用途。
lombok-intellij-plugin - Lombok Plugin for IntelliJ IDEA
PhrackCTF-Platform-Team - CTF platfrom(Team Version) developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
javaide - Code editor, java auto complete, java compiler, aapt, dx, zipsigner for Android
TLS-Scanner - The TLS-Scanner Module from TLS-Attacker
Recaf - The modern Java bytecode editor
proxyee-down - http下载工具，基于http代理，支持多连接分块下载
ANRManager - ANR collector which can collect ANR information（收集ANR相关信息的工具类）
SecQuanCknife - SecQuanCknife
PhrackCTF-Platform-Personal - CTF platfrom developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
VirtualLocation - 利用Hook技术对APP进行虚拟定位，可修改微信、QQ、以及一些打卡APP等软件，随意切换手机所处位置！
from-java-to-kotlin - From Java To Kotlin - Your Cheat Sheet For Java To Kotlin
MemoryMonitor - Memory clean, pss monitor tool, for developer
dexknife-wj - apk加固插件带签名校验、dex加密、资源混淆
haven - Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors
zrlog - ZrLog是使用 Java 开发的博客/CMS程序，具有简约，易用，组件化，内存占用低等特点。自带 Markdown 编辑器，让更多的精力放在写作上，而不是花费大量时间在学习程序的使用上。
S2-055-PoC - S2-055的环境，基于rest-show-case改造
BurpUnlimitedre - This project !replace! BurpUnlimited of depend (BurpSutie version 1.7.27). It is NOT intended to replace them!
study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095 - Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告
probe-android - OONI Probe Android
lanproxy - lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 678776401
OpenRefine - OpenRefine is a free, open source power tool for working with messy data and improving it
BurpUnlimited - This project EXTENDS BurpLoader's license. It is NOT intended to replace BurpLoader.
burp-molly-scanner - Turn your Burp suite into headless active web application vulnerability scanner
sAINT - 👁️ (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
CVE-2017-12149 - CVE-2017-12149 JBOSS as 6.X反序列化(反弹shell版)
Tomcat_weak_password_scan - Tomcat弱口令扫描器
ksql - The database purpose-built for stream processing applications.
BaRMIe - Java RMI enumeration and attack tool.
NSTProxy - 一款存储HTTP请求入库的burpsuite插件
dragonite-java - [DEPRECATED, please check https://github.com/tobyxdd/hysteria]
burp-vulners-scanner - Vulnerability scanner based on vulners.com search API
waf - 🚦Web Application Firewall or API Gateway(应用防火墙/API网关)
NMapGUI - Advanced Graphical User Interface for NMap
xtunnel - An useful TCP/SSL tunnel utility.
blog - SpringBoot + Mybatis + thymeleaf 搭建的个人博客 http://www.54tianzhisheng.cn/
spring-boot-projects - 该仓库中主要是 Spring Boot 的入门学习教程以及一些常用的 Spring Boot 实战项目教程，包括 Spring Boot 使用的各种示例代码，同时也包括一些实战项目的项目源码和效果展示，实战项目包括基本的 web 开发以及目前大家普遍使用的线上博客项目/企业大型商城系统/前后端分离实践项目等，摆脱各种 hello world 入门案例的束缚，真正的掌握 Spring Boot 开发。
ActivityHijacker - Hijack and AntiHijack for Android activity.
jsp -
bypasswaf - Add headers to all Burp requests to bypass some WAF products
sqlmap4burp - sqlmap embed in burpsuite
burp-paramalyzer - Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
SuperSerial-Active - SuperSerial-Active - Java Deserialization Vulnerability Active Identification Burp Extender
PHPUnserializeCheck - PHP Unserialize Check - Burp Scanner Extension
BurpCRLFPlugin - Another plugin for CRLF vulnerability detection
ShakaApktool - ShakaApktool
JKS-private-key-cracker-hashcat - Nail in the JKS coffin - Cracking passwords of private key entries in a JKS file
J2EEScan - J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
JavaRansomware - Simple Ransomware Tool in Pure Java
csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
psychoPATH - psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.
marshalsec -
Burp-Hunter - XSS Hunter Burp Plugin
whois - RIPE Database whois code repository
security - Happy Hacker
EquationExploit - Eternalblue Doublepulsar exploit
tomcat-maven -
WebLogicPasswordDecryptor - PowerShell script and Java code to decrypt WebLogic passwords
jackhammer - Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
hack_sjtu_2017 -
Wsdler - WSDL Parser extension for Burp
Java-Deserialization-Scanner - All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
RxHttpUtils - Rxjava+Retrofit封装，便捷使用
hack-android - Collection tools for hack android, java
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
fastjson-remote-code-execute-poc - fastjson remote code execute poc 直接用intellij IDEA打开即可首先编译得到Test.class，然后运行Poc.java
itchat4j - itchat4j -- 用Java扩展个人微信号的能力
Halcyon-IDE - First IDE for Nmap Script (NSE) Development.
ApkToolPlus - ApkToolPlus 是一个 apk 逆向分析工具（a apk analysis tools）。
SerialKiller - Look-Ahead Java Deserialization Library
binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
burplist -
backslash-powered-scanner - Finds unknown classes of injection vulnerabilities
netty-in-action-cn - Netty In Action 中文版
android-tips-tricks - ☑️ [Cheatsheet] Tips and tricks for Android Development
zhihuWebSpider - https://github.com/QiuMing/zhihuWebSpider.git
zaproxy - The OWASP ZAP core project
shelling - SHELLING - a comprehensive OS command injection payload generator
disconf - Distributed Configuration Management Platform(分布式配置管理平台)
moco - Easy Setup Stub Server
DanmakuFlameMaster - Android开源弹幕引擎·烈焰弹幕使～
AndroidUtilCode - 🔥 Android developers should collect the following utils(updating).
GitClub - An elegent Android Client for Github. 不仅仅是Github客户端，而且是一个发现优秀Github开源项目的app
rocketmq - Mirror of Apache RocketMQ
StockData2Hbase - 股票交易数据处理的整个业务流程数据源--->数据采集--->数据归类--->数据储存--->数据分析--->数据可视化
VisualSocialNetwork - 用图状数据结构表达社交网络中实体、边的关系，以 web 应用形式可视化展示。
bigtable-sql - 分布式大数据SQL查询可视化界面！
Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

JavaScript (580)

cumulus - Cumulus is web application weakness monitoring, it would be working by add just 3 codelines
camille - 基于Frida的Android App隐私合规检测辅助工具
Savior - 渗透测试报告自动生成工具！
ens-xss -
elFinder - 📁 Open-source file manager for web, written in JavaScript using jQuery and jQuery UI
vue-g6-editor - vue+g6 3.0实现的editor 由于g6-editor不开源自己撸了一个
ios_15_rce - Remote Code Execution V1 For iOS 15 sent through airdrop after the device was connected to a trusted host
SerializedPayloadGenerator -
ast-hook-for-js-RE - 浏览器内存漫游解决方案（探索中...）
M3U8-Downloader - M3U8-Downloader 支持多线程、断点续传、加密视频下载缓存。
dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities
TIGMINT - TIGMINT: OSINT (Open Source Intelligence) GUI software framework
nedb - The JavaScript Database, for Node.js, nw.js, electron and the browser
CVE-2021-40346 - CVE-2021-40346 PoC (HAProxy HTTP Smuggling)
wl-explorer - 用于vue框架的文件管理器插件，云盘、网盘。File manager plug-in for vue framework, cloud disk.
xxe-generator - A simple XXE generator.
lel - Visualization layer and helper for relevant IT related documentation and operation
Bugs-feed - Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
FastDork - ⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...
next-terminal - Next Terminal是一个轻量级堡垒机系统，易安装，易使用，支持RDP、SSH、VNC、Telnet、Kubernetes协议。
YesPlayMusic - 高颜值的第三方网易云播放器，支持 Windows / macOS / Linux
rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
fb-ios-pinning-2021 -
MockingBird - 🚀AI拟声: 5秒内克隆您的声音并生成任意语音内容 Clone a voice in 5 seconds to generate arbitrary speech in real-time
eslint-plugin-no-secrets - An eslint plugin to find strings that might be secrets/credentials
OpenProtest - A management base for System Admins and IT professionals. Provides tools for documentation and troubleshooting.
aragraph - Visualize your Aragon DAO Templates
js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Vulnogram - Vulnogram is a tool for creating and editing CVE information in CVE JSON format
secureCodeBox - secureCodeBox (SCB) - continuous secure delivery out of the box
warcannon - High speed/Low cost CommonCrawl RegExp in Node.js
FreeDa - just show app list and run frida with js
notion-zh_CN - 对notion.so的汉化油猴脚本
CVE-2019-13764 -
reconmap - VAPT (vulnerability assessment and penetration testing) automation and reporting platform.
WFH -
vue-cli-plugin-electron-builder - Easily Build Your Vue.js App For Desktop With Electron
prettyjson - Package for formatting JSON data in a coloured YAML-style, perfect for CLI output
ctf-archives - CTF Archives: Collection of CTF Challenges.
FxxkXSS - 将令你眼前一亮的XSS利用工具！
cloudsploit - Cloud Security Posture Management (CSPM)
web-extension-starter - 🖥🔋Web Extension starter to build "Write Once Run on Any Browser" extension
aggressor-scripts - Cobalt Strike Aggressor Scripts
AndroidSec - 记录一些我自己在学习Android逆向过程中的有意思的东西
r0tracer - 安卓Java层多功能追踪脚本
xsshunter-express - An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
rctf - redpwn's CTF platform
FindSomething - 基于chrome、firefox插件的被动式信息泄漏检测工具
qiniuClient - 云存储管理客户端。支持七牛云、腾讯云、青云、阿里云、又拍云、亚马逊S3、京东云，仿文件夹管理、图片预览、拖拽上传、文件夹上传、同步、批量导出URL等功能
wepy - 小程序组件化开发框架
shellbin - The source code of https://rshell.dev
shellshock - Yet another bash-inside-node framework
cloudflare-bypass - Bypass Coudflare bot protection using Cloudflare Workers
shodan - Advanced error monitoring using kibana logs
pwn-my - iOS 14.5 WebKit/Safari based Jailbreak
acumen - A clean UI with a modular structure to enhance security researchers' ability to work with data
AS_Out-of-Network - AntSword 出网探测插件
icp-extensions - icp备案查询谷歌插件
CVE-2021-29447 - WordPress - Authenticated XXE (CVE-2021-29447)
CVE-2021-25735 - Exploit CVE-2021-25735: Kubernetes Validating Admission Webhook Bypass
Moodle-CVE-2019-3810 - Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin)
Browser_Exploits - A collection of browser exploitation codes from Singular Security Lab.
CVE-2021-21315-PoC - CVE 2021-21315 PoC
watermark - canvas图片水印，用于身份证等个人信息添加仅用于XXX等字样保护个人信息
box-js - A tool for studying JavaScript malware.
caronte - A tool to analyze the network flow during attack/defence Capture the Flag competitions
pwnagotchi - (⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.
UnCommenteR - A chrome extension to uncomment hidden stuff in the html
nodejs-websocket-sqli - A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection
hooker - 🔥🔥hooker是一个基于frida实现的逆向工具包。为逆向开发人员提供统一化的脚本包管理方式、通杀脚本、自动化生成hook脚本、内存漫游探测activity和service、firda版JustTrustMe、disable ssl pinning
android-keystore-audit -
eval_villain - A Firefox Web Extension to improve the discovery of DOM XSS.
CVE-2020-10977 - Gitlab v12.4.0-8.1 RCE
swagger-exp - A Swagger API Exploit
DotGit - An extension for checking if .git is exposed in visited websites
egg-jwt - JWT authentication plugin for egg
BrowserWAF - Browser side waf
devtool-snippets-forhacks - Collection of snippets for devtools.
vajra - Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Review_Reverse - 👋2019年末总结下今年做过的逆向，整理代码，复习思路。🙏拼夕夕Web端anti_content参数逆向分析👺 WEB淘宝sign逆向分析；😺努比亚Cookie生成逆向分析；🙌百度指数data加密逆向分析 👣今日头条WEB端_signature、as、cp参数逆向分析🎶知乎登录formdata加密逆向分析 🤡KNN猫眼字体反爬👅Boss直聘Cookie加密字段__zp_stoken__逆向分析
posta - 🐙 Cross-document messaging security research tool powered by https://enso.security
fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
frida-ios-hook - A script that helps you trace classes, functions, and modify the return values of methods on iOS platform
Learn-Frida - Modding Unity app with Frida tutorial.
dns-mobileconfig - A simple website to create DoH and DoT config files for iOS
Pricking - Watering hole attacks Phishing attacks Automated deployment.
Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
setprograms - NodeJS、JDK、Python开发环境设置工具
desktop - an enhancer/customiser for the all-in-one productivity workspace notion.so (app)
XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically
whistle - HTTP, HTTP2, HTTPS, Websocket debugging proxy
gitlogg - 💾 🧮 🤯 Parse the 'git log' of multiple repos to 'JSON'
BlackStone - 一个基于docker，开箱即用的CTF竞赛平台
mud-visualizer - mud-visualizer is a tool to visualize MUD files
docute - 📚 Effortless documentation, done right.
adb-util - Electron app for Android developers, providing a GUI for common ADB operations
wereader - 一个浏览器扩展：主要用于微信读书做笔记，对常使用 Markdown 做笔记的读者比较有帮助。
LeakFinder - LeakFinder（觅露）为s7ck Team 红队云武器库F-Box里的一款信息泄露浏览搜集浏览器插件。
Nuages - A modular C2 framework
XSS-Scanner - XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts
update-check - Minimalistic update notifications for command line interfaces
cabot - Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty
social-analyzer - API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
stargazed - 📋 Creating your own Awesome List of GitHub stars!
fridroid-unpacker - Defeat Java packers via Frida instrumentation
BlueSea - BlueSea，一个有趣的英语学习扩展，支持划词翻译、单词高亮、单词弹幕、记忆曲线复习、词频统计...
Frida-Mobile-Scripts - Collection of useful FRIDA Mobile Scripts
FridaHook - 记录学习Frida Hook时的知识点和小脚本
OkHttpLogger-Frida - Frida 实现拦截okhttp的脚本
element3 - A Vue.js 3.0 UI Toolkit for Web. Build with Javascript
Doge-XSS-Phishing - xss钓鱼，cna插件配合php后端收杆
avList - avList - 杀软进程对应杀软名称
As-Exploits - **蚁剑后渗透框架
r0capture - 安卓应用层抓包通杀脚本
necrobrowser - necromantic session control
bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
diodb - Open-source vulnerability disclosure and bug bounty program database.
JR-scan - 利用python3写的综合扫描工具，可“一键”实现基本信息收集（端口、敏感目录、WAF、服务、操作系统、子域名），支持POC扫描（可自行添加POC，操作简单），支持利用AWVS探测（需使用API接口），未来争取实现xray联动。
arc-electron - Advanced REST Client - Desktop application
VSCodeXssEncode - Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.
nali-cli - ⚓ Parse geoinfo of IP Address without leaving your terminal
jsmind - Javascript version of mind mapping
Fuzzing-Survey - The Art, Science, and Engineering of Fuzzing: A Survey
cpsfy - 🚀 Tiny goodies for Continuation-Passing-Style functions, fully tested
webscan - Browser-based network scanner & local-IP detection
lecture-experience - 📚 Liteboard.io - A lightweight browser-based lecturing platform using WebRTC ✏️
bug-bounty-tools - Collection of HTTP scanners and fuzzers.
LemonBooster-v2 - Reestructured LemonBooster.
github-readme-stats - ⚡ Dynamically generated stats for your github readmes
trilium - Build your personal knowledge base with Trilium Notes
pwndoc - Pentest Report Generator
PPScan - Client Side Prototype Pollution Scanner
MrDoc - online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook.
Mythic - A collaborative, multi-platform, red teaming framework
API-Monitoring - Monitoring Subdomains, improve your recon.
anti-honeypot - 一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api
Luckysheet - Luckysheet is an online spreadsheet like excel that is powerful, simple to configure, and completely open source.
cloudbase-framework - 腾讯云开发云原生一体化部署工具 🚀 CloudBase Framework：一键部署，不限框架语言，云端一体化开发，基于Serverless 架构。A front-end and back-end integrated deployment tool. One-click deploy to serverless architecture. https://docs.cloudbase.net/framework/index
CrackMinApp - (反编译微信小程序)一键获取微信小程序源码(傻瓜式操作), 使用了C#加nodejs制作
safe-regex - Detect possibly catastrophic, exponential-time regular expressions
pdf-to-markdown - A PDF to Markdown converter
cf-warp -
PtestMethod - My knowledge database
app-store-scraper - scrape data from the itunes app store
yapi - YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台
xss-flash-fishing -
darkshot - Lightshot scraper on steroids with OCR.
njsscan - njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
owasp-threat-dragon - An open source, online threat modelling tool from OWASP
swift-frida - Frida library for interacting with Swift programs. Superseded by https://github.com/frida/frida-swift-bridge
netflix-1080p - Chrome extension to play Netflix in 1080p and 5.1
bbtips - BugBountyTips
BugBountyTips - 记录一些国外漏洞赏金猎人的挖洞技巧和一些有意思的东西
r2con2020_r2frida - This repository houses the materials, slides and exercises from the r2con 2020 walkthrough sessions.
content-farm-terminator - 「終結內容農場」瀏覽器套件 / Content Farm Terminator browser extension
markdown-nice - 支持主题设计的 Markdown 编辑器，让排版变 Nice
frider - Dump unpacked dex, trace/intercept Java/native function. Frida + adb + React +Django
about-anti-honeypot - 关于蜜罐的一些微小的统计工作
chinese-independent-blogs - 中文独立博客列表
OS13k - A Tiny OS and Mini Game Engine
anti-honeypot - 一款可以检测WEB蜜罐并阻断请求的Chrome插件
PersistentJXA - Collection of macOS persistence methods and miscellaneous tools in JXA
CVE-2020-6519 -
AntiHoneypot-Chrome-simple - Chrome 蜜罐检测插件
docker-training-psweb - docker-training-psweb
zigbee2mqtt - Zigbee 🐝 to MQTT bridge 🌉, get rid of your proprietary Zigbee bridges 🔨
node-red - Low-code programming for event-driven applications
kuboard-press - Kuboard 是基于 Kubernetes 的微服务管理界面。同时提供 Kubernetes 免费中文教程，入门教程，最新版本的 Kubernetes v1.20 安装手册，(k8s install) 在线答疑，持续更新。
OpenClash - A Clash Client For OpenWrt
wechat_history_export - 从 PC 端 (Windows) 不那么狼狈的阅读或导出微信公众号的历史文章
sensinfor - A chrome extension use to find leak file and backup file.
rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
ast-scope - A JavaScript AST scope analyzer
cwe-sdk - A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
easy-monitor - 企业级 Node.js 应用性能监控与线上故障定位解决方案
singularity - A DNS rebinding attack framework.
mp-unpack - 基于electron-vue开发的跨平台微信小程序自助解包(反编译)客户端
Awesome-Profile-README-templates - A collection of awesome readme templates to display on your profile
extract-relative-url-heapsnapshot - Extract relative urls from a heap snapshot
broken-link-checker - Find broken links, missing images, etc within your HTML.
XposedFridaBridge - A frida script implement XposedBridge & load xposed modules, without installing xposed framwork.
Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Swagger-EZ - A tool geared towards pentesting APIs using OpenAPI definitions.
behave - Behave! A monitoring browser extension for pages acting as "bad boi"
pwndrop - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
js-spark-md5 - Lightning fast normal and incremental md5 for javascript
BlogHelper - 帮助国内用户写作的托盘助手，一键发布本地文章到主流博客平台（知乎、简书、博客园、CSDN、SegmentFault、掘金、开源**），剪贴板图片一键上传至图床（新浪、Github、图壳、腾讯云、阿里云、又拍云、七牛云）
Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
logonTracer - Windows系统安全登录日志分析工具logonTracer汉化修正版
assetnote - Push notifications for passive DNS data
repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets. 🔍
vanscan -
doraemon - Doraemon is a Prometheus based monitor system
simple-middleman - Simple NodeJS server meant to handle logged url information (like with chromer).
gDork - A Mozilla Firefox extension which allows quick access to your google-dorking result
dnsFookup - DNS rebinding toolkit
stegcloak - Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
PwnFox - PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.
noia - [WIP] Simple mobile applications sandbox file browser tool. Powered with frida.re.
friposed - Write java hook with frida
dredd - Language-agnostic HTTP API Testing Tool
SwiftnessX - A cross-platform note-taking & target-tracking app for penetration testers.
fridacov - JS modules for Frida based tools to add code coverage to your instrumentation scripts.
bagbak - Yet another frida based iOS dumpdecrypted, supports decrypting app extensions and no SSH required
Shuffle - Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
reveal.js - The HTML Presentation Framework
XServer - A Xposed Module for Android Penetration Test, with NanoHttpd.
frida_hook_libart - Frida hook some jni functions
frida_dump - frida dump dex, frida dump so
CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
HackVault - A container repository for my public web hacks!
showdoc - ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API文档、技术文档工具
shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
OSINT-JUMP - 开源情报收集导航及快速跳转的油候脚本
tad - A desktop application for viewing and analyzing tabular data
RMS-Runtime-Mobile-Security - Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
XXRF-Shots - XXRF Shots - Useful for testing SSRF vulnerability
transformations -
CrawlerVuln - 一个NodeJS实现的漏扫动态爬虫
CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
postMessage-logger - Simple "postMessage logger" Chrome extension
postMessage-tracker - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
rxeditor - HTML Visual Editor, based in Bootstrap. 基于Bootstrap实现的，HTML可视化编辑工具。
spug - 开源运维平台：面向中小型企业设计的轻量级无Agent的自动化运维平台，整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
github-search - Tools to perform basic search on GitHub.
wxappUnpacker - 小程序反编译(支持分包)
should-i-trust - OSINT tool to evaluate the trustworthiness of a company
githubFind3r -
spy-debugger - 微信调试，各种WebView样式调试、手机浏览器的页面真机调试。便捷的远程调试手机页面、抓包工具，支持：HTTP/HTTPS，无需USB连接设备。
awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
pulsar - Network footprint scanner platform. Discover domains and run your custom checks periodically.
Crown - Based on SpringBoot2, Crown builds a rapidly developed web application scaffolding.
frida-tsplugin - typescript autocomplete plugin for frida's java warpper
pekja - SRC情报收集管理系统
fast-srt-subtitle - Make SRT Caption Fast!!!!
vuln-headers-extension - Firefox extension which parses the headers of all the requests which are being flowing through your firefox browser to detect for vulnerabilities.
Pcap_tools - 网络流量可配置嗅探，流量包解析，漏洞规则扫描，生成报告. ....搞网络安全这块，还凑合着用吧
multi-juicer - Run Capture the Flags and Security Trainings with OWASP Juice Shop
gdb-frontend - ☕ GDBFrontend is an easy, flexible and extensionable gui debugger.
tram - Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
opencti - Open Cyber Threat Intelligence Platform
ClicliPure - ⛄ CliCli Whrite. clicli 纯白
baidu-netdisk-downloaderx - ⚡️ 一款图形界面的百度网盘不限速下载器，支持 Windows、Linux 和 Mac。已于 2020 年 4 月 15 日正式停用，源码仅用于程序员交流学习，细节请查看：关于停用 BND 的说明 https://ld246.com/article/1586956316578
fuck-debugger-extensions - javascript anti-anti debugging
KubeInvaders - Gamified Chaos Engineering Tool for Kubernetes
DVSA - a Damn Vulnerable Serverless Application
weaponised-XSS-payloads - XSS payloads designed to turn alert(1) into P1
domdig - DOM XSS scanner for Single Page Applications
DockerSecurityPlayground - A Microservices-based framework for the study of Network Security and Penetration Test techniques
squatm3gator - Squatm3gator is a complete web solution based on the python tool squatm3, designed to enumerate available domains generated modifying the original domain name through different cybersquatting techniques
DVHMA - Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
Awesome-Design-Tools - The best design tools and plugins for everything 👉
InfoScraper - 一个基于Electron的自动化Web资产探测工具，用于渗透前期的信息搜集工作
frida-fuzzer - This experimetal fuzzer is meant to be used for API in-memory fuzzing.
r2frida - Radare2 and Frida better together.
powerauth-admin - PowerAuth Admin - Admin console for PowerAuth Server
mobile-security - FeedHenry Mobile Security
dexcalibur - [Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
frida-snippets - Hand-crafted Frida examples
StaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
appmon - Documentation:
vegvisir - A browser based GUI for LLDB Debugger.
idascripts - Some IDA Python scripts for auto-analysis and a Hive-plot visualizer.
xss-demo - 👮🏻‍♂️ xss 攻防靶场，issues 有答案
anim - Quick JS program for creating animations
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
tesseract.js - Pure Javascript OCR for more than 100 Languages 📖🎉🖥
smarGate - 内网穿透，c++实现，无需公网IP，小巧，易用，快速，安全，最好的多链路聚合（p2p+proxy）模式，不做之一...这才是你真正想要的内网穿透工具！
seccubus - Easy automated vulnerability scanning, reporting and analysis
Adhrit - Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
massc - Subdomain Scanner Tools with word-lists
SecurityPaper-web - Security Paper
Frida-Scripts - 一些frida脚本
BTPanel-DIY-Template - BTPanel-DIY-Template
DroidSSLUnpinning - Android certificate pinning disable tools
howtodoinjava-zh - 📖 [译] HowToDoInJava 中文系列教程
JavaCodeAudit - Getting started with java code auditing 代码审计入门的小项目
evil-huawei - Evil Huawei - 华为作过的恶
frida-ios-dump - pull decrypted ipa from jailbreak device
aws-serverless-security-workshop - In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.
pdfTranslator - 一个具有划词翻译功能的跨平台pdf阅读器，用着挺好用开源一下造福众科研人员，欢迎star
Awesome--Frida-UI - this tool for beginner , and make easier to use this
aws-fullstack-website - Deploy your fullstack websites without all the hassle on AWS with CloudFront, S3, ACM, Route53, API Gateway and Lambda via Serverless.
CaptfEncoder - Captfencoder is an extensible cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, special coding, miscellaneous tools, and aggregating all kinds of online tools.
codelf - A search tool helps dev to solve the naming things problem.
iptv - Collection of publicly available IPTV channels from all over the world
Quella - Quella是基于SSM+shiro+redis开发的后台脚手架，集成了一些后台通用功能，并集成了一些常用的第三方服务。
layuimini - 后台admin前端模板，基于 layui 编写的最简洁、易用的后台框架模板。只需提供一个接口就直接初始化整个框架，无需复杂操作。
magnetW - 磁力链接聚合搜索
huobi-robot - 火币合约自动交易机器人
to-be-slack - ！！！【接口已停，没有数据】今日热榜，摸鱼神器。支持全平台：Web、PC、Mobile 及 Chrome 插件。
xray-poc-generation - 🧬 辅助生成 XRay YAML POC
duct - Essential tool for finding blind injection attacks.
calc4b-zh - 📖 [译] MIT 18.03 面向初学者的微积分
flutter-in-action - 《Flutter实战》电子书
lit - Lit is a simple library for building fast, lightweight web components.
wappalyzer - Identify technology on websites.
CoCoMusic - a simple music player built by electron and vue
solr-sgk - 大数据社工裤 demo
hexo-theme-matery - A beautiful hexo blog theme with material design and responsive design.一个基于材料设计和响应式设计而成的全面、美观的Hexo主题。国内访问：http://blinkfox.com
boot-chat - 🔖 基于SpringBoot + WebSocket的在线聊天系统，实现单窗口消息推送、群消息推送、上线提醒、Redis会话消息储存
MCSManager - 全中文，轻量级，开箱即用，多实例和支持 Docker 的 Minecraft 服务端管理面板
webug4.0 - webug4.0
Thief-Book - 一款真正的跨平台摸鱼神器
tget - tget is wget for torrents
steam-key - Online activation tool for Steam.
itranswarp - Full-featured CMS including blog, wiki, discussion, etc. powered by SpringBoot.
Kiddy - 被动式扫描器
lxhToolHTTPDecrypt - Simple Android/iOS protocol analysis and utilization tool
ant - 实时上线的 XSS 盲打平台
showdown - A bidirectional Markdown to HTML to Markdown converter written in Javascript
tool - 开发效率提升：Mac生产力工具链推荐
wechat-format - 微信公众号排版编辑器，转换 Markdown 到微信特制的 HTML
as_plugin_godofhacker - 黑客神器，谁用谁知道！
starrtc-edu-demo - web版本在线教育与白板演示示例，更多示例请参见：
linux_rat - LINUX集群控制(LINUX反弹式远控) LINUX反向链接运维 BY:QQ:879301117
ChromeAppHeroes - 🌈谷粒-Chrome插件英雄榜, 为优秀的Chrome插件写一本中文说明书, 让Chrome插件英雄们造福人类~ ChromePluginHeroes, Write a Chinese manual for the excellent Chrome plugin, let the Chrome plugin heroes benefit the human~ 公众号「0加1」同步更新
confluence-export - Export document from confluence with nice style
UnblockNeteaseMusic - Revive unavailable songs for Netease Cloud Music
vsc-netease-music - UNOFFICIAL Netease Music extension for Visual Studio Code
html5-dash-hls-rtmp - 🌻 HTML5播放器、M3U8直播/点播、RTMP直播、低延迟、推流/播流地址鉴权
LiveRoomDemo_Client - 自己动手打造一个直播间（视频直播、聊天室、弹幕、多端适配）
LiveRoomDemo_Server - 自己动手打造一个直播间（视频直播、聊天室、弹幕、多端适配）
reflv - react component wrap flv.js
Security-Baseline - Linux安全基线扫描、报告生成与自动修复程序
CVE-2019-5786 - FileReader Exploit
AwesomeXSS - Awesome XSS stuff
bilibili-helper-o - 哔哩哔哩 (bilibili.com) 辅助工具，可以替换播放器、推送通知并进行一些快捷操作
front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
new-project-checklist - 🥳🥳🥳🥳 a checklist & tool for new project setup for developer. 新项目检查清单及其工具。
Motrix - A full-featured download manager.
lysec - 一个基于docker的安全培训系统
PoCBox - PoCBox - Vulnerability Test Aid Platform
d2-admin - An elegant dashboard
Empire-GUI - Empire client application
cbdyzj.github.io - jianzhao.org
GoogleHackingTool - 在线Google Hacking 小工具
blog-html-to-pdf - [Fun] A sample program to convert blog website to merged pdf.
Github-Monitor - Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
v-region - A simple region cascade selector, provide 4 levels Chinese administrative division data
edex-ui - A cross-platform, customizable science fiction terminal emulator with advanced monitoring & touchscreen support.
pdf-sync - PDF Reader in JavaScript with Sync
note - 萌音云笔记 - 一个高效的在线云笔记、专注技术文档在线创作、阅读、分享和托管
33-js-concepts - 📜 每个 JavaScript 工程师都应懂的33个概念 @leonardomso
webpack-demos - 📦 Demos && Courses for Webpack 4
zresume - 程序员简历生成器（可导出静态页面、支持密码验证访问）
bookmarks-2-markdown - A Chrome extension for exporting bookmarks as markdown
taotao - IDEA版本淘淘商城
amWiki - amWiki 是一款由 JS 开发、依赖 Atom 或 Nodejs-Npm 的 Markdown 轻量级前端化开源文库系统
DisqusJS - 💬 Render Disqus comments in Mainland China using Disqus API
MKOnlineMusicPlayer - ⛔【停止维护】一个在线音乐播放器（仅 UI，无功能）
find-subdomains - Abusing Certificate Transparency logs for getting HTTPS websites subdomains. （通过 HTTPS 证书透明日志，以 非字典爆破 的方式获取网站子域名。）
HackMyResume - Generate polished résumés and CVs in HTML, Markdown, LaTeX, MS Word, PDF, plain text, JSON, XML, YAML, smoke signal, and carrier pigeon.
bookmark2md - Convert chrome bookmarks to md files and push them to GitHub repository.
apachecn-algo-zh - ApacheCN 数据结构与算法译文集
translation-spring-mvc-4-documentation - Spring MVC 4.2.4 RELEASE 中文文档完整翻译稿
gosuv - Deprecated!!! Process managerment writtern by golang, inspired by python-supervisor
hexo-node-admin - A Hexo management tool with responsive UI designed to make it easier for you to compose.
GenShell - AntSword Generate Shell Plugin
filepizza - 🍕 Peer-to-peer file transfers in your browser
thal - 译文：Puppeteer 与 Chrome Headless —— 从入门到爬虫
pxder - 🖼 Download illusts from pixiv.net P站插画批量下载器
font-spider - Smart webfont compression and format conversion tool
Office-Document-Converter - Office Document Convertor (ODC) is an online convertor for office document which runs as a web service. Its aim is to provide the facility of converting almost all office documents into image which make office documents viewable even without any office suite software installed on your machines.
SQLInjectionWiki - 一个专注于聚合和记录各种SQL注入方法的wiki
A_Scan_Framework - Network Security Vulnerability Manage
cve.wang - bug公开平台
zdir - 使用PHP开发的目录索引系统
WebGoat - WebGoat is a deliberately insecure application
electronic-wechat - 💬 A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.
FileChangeMonitor - Continuous monitoring for JavaScript files
github-blog - blog base on Vue.js and Github API
permeate - 一个用于渗透透测试演练的WEB系统,用于提升寻找网站能力,也可以用于web安全教学
Photon - A lightweight multi-threaded downloader based on aria2.
salvia - A minimum-building static blog framework.
Memory - A theme for wordpress.
docker-labs - Docker在线实验室
cfg-explorer - CFG explorer for binaries
cerebro-codelf - ⭐️ 给变量起名的事情上，为你生命省 3s (Save 3 seconds of your life when naming things.)
cerebro - Open-source productivity booster with a brain
FireShodanMap - FireShodanMap is a Realtime map that integrates Firebase, Google Maps and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime.
aliyun-oss-deploy - 🙈 一个 nodejs 命令行工具，用于部署静态资源到 aliyun oss，支持代码方式和 CLI 方式！
sdeploy-cli - A light development tool using SCP,SFTP and RSync
blog - 📖基于Github API 的动态博客
forsaken-mail - a self-hosted disposable mail service
forsaken-mail - a self-hosted disposable mail service
RSSHub - 🍰 Everything is RSSible
RunningCheese-Firefox - A Graceful and Powerful Customized Firefox
Camtd - Chrome multi-threaded download manager extension,based on Aria2 and AriaNg. Chrome多线程下载扩展。
font_compare - Programming font comparison
Sarasa-Gothic - Sarasa Gothic / 更纱黑体 / 更紗黑體 / 更紗ゴシック / 사라사 고딕
oss-browser - OSS Browser 提供类似windows资源管理器功能。用户可以很方便的浏览文件，上传下载文件，支持断点续传等。
baidu-netdisk-downloaderx - ⚡️ 一款图形界面的百度网盘不限速下载器，支持 Windows、Linux 和 Mac。
DeerResume - MarkDown在线简历工具，可在线预览、编辑和生成PDF。[此项目已不再维护，建议使用 cv.ftqq.com 替代 ]
marktext - 📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
userguide - Ubuntu 吧用户指南
V2RayGeoKit -
AWVS11.X-Chinese-Version - AWVS11.X汉化包|AWVS11.X-Chinese-Version
sharelist - 快速分享 GoogleDrive OneDrive
multiple-host - 虚拟host解决方案，轻松实现两套host环境
listen1_chrome_extension - one for all free music in china (chrome extension, also works for firefox)
listen1_desktop - one for all free music in china (Windows, Mac, Linux desktop)
KaTeX - Fast math typesetting for the web.
insight - 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
Yosoro - 🍧Beautiful Markdown NoteBook. 🏖
scan_monitor - ip 域名端口扫描服务刺探单机版
WebRTC-Leak - Check if your VPN leaks your IP address via the WebRTC technology
Crash-Course-Computer-Science-Chinese - 💻 计算机速成课 | Crash Course 字幕组 (全40集 2018-5-1 精校完成)
chinese-poetry - The most comprehensive database of Chinese poetry 🧶最全中华古诗词数据库, 唐宋两朝近一万四千古诗人, 接近5.5万首唐诗加26万宋诗. 两宋时期1564位词人，21050首词。
PS4-5.01-WebKit-Exploit-PoC - PS4 5.01 WebKit Exploit PoC
Surfingkeys - Map your keys for web surfing, expand your browser with javascript and keyboard.
CIDR-in-Proxifier - 🍵 A script for converting CIDRs list to configuration file segment of Proxifier.
carbon - 🖤 Create and share beautiful images of your source code
reverse-shell - Reverse Shell as a Service
win-powerup-exp-index - 🚄 火车上写的，2015年的代码和数据了
awesome-blockchain-cn - 收集所有区块链(BlockChain)技术开发相关资料，包括Fabric和Ethereum开发资料
rotonde-client - Rotonde Base Client
rotonde-client - Rotonde Base Client
HexoEditor - this markdown Editor for hexo blog
cipm - standalone ci-oriented package installer for npm projects (moved)
electron-cn-docs - Electron中文文档! 精心翻译,完美排版,实时同步更新!, 最后同步:2017-05-23(个人比较忙,本项目已经不再维护了)
sosrp - SOSRP Security 安全平台
ClearScript.Manager - Use tern.js in .netcontext 重构原有代码,require dll js等功能
xmr-miner - Web-based Cryptocurrency miner, built with Vue.js
ieaseMusic - 网易云音乐第三方
blinksocks - A framework for building composable proxy protocol stack.
tools - Some useful tools
schoidbot - schoidbot is a twitter bot with rss feeds. 二次元Twitter新闻机器人
Rss2Weibo - 将 rss 流同步到微博. 如 twitter facebook 等
awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
pm2 - Node.js Production Process Manager with a built-in Load Balancer.
patchwork - A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB).
wsproxy - A websocket proxy
gh-feed - Generate RSS feed from GitHub Issues
relationship - Chinese kinship system.**亲戚关系计算器 - 家庭称谓/称呼计算/亲戚关系算法
nba-go - 🏀 💻 The finest NBA CLI.
dnstricker - A simple dns resolver of dns-record and web-record log server for pentesting
Hexo-Theme-Life - Hexo Theme
beaker - Rotonde client with user account combined(deprecated)
ServerStockCheck - 库存检查工具
seedbox-from-scratch - Creating a seedbox on a Linux server
rain - http://rain.mengsky.net
Flarum - Flarum - 优雅自由的 PHP 轻社区
webtorrent-element - WebTorrent HTML element.
Electorrent - A remote control client for µTorrent, qBittorrent, rTorrent, Transmission, Synology & Deluge
seedbox-from-scratch - Creating a seedbox on a Linux server
QB - QuickBox is much more than a ‘seedbox installer script’, it is a simplistic approach to achieving easy seedbox and services management from a beautifully designed dashboard. Allowing users the ability to interact with their seedbox and server on a professional grade level.
RatXaBox - Auto installation de ruTorrent avec rTorrent. Version "Seedbox-Manager Workflow"
mrseedbox - [unmaintained] A Containerized Seedbox with Embedded Media Player
Rtorrent-LXC - A Docker container with Rtorrent + Rutorrent.
cqc - Code Quality Checker - Check your code quality by running one command.
ThunderShell - Python / C# Unmanaged PowerShell based RAT
TeleShellBot - A simple Telegram Bot to run shell commands remotely
awesome-cn-cafe - A curated list of awesome coffee places for work in China.
reblog - A blog system using GitHub Issues, powered by React + Redux.
Dply-Autobuild-Server - Dply.co自动创建服务器
wtfjs - 🤪 A list of funny and tricky JavaScript examples
blog - A super blog lite -- just one page. use vue with github api !
js-ipfs - IPFS implementation in JavaScript
hexo-theme-indigo - 这个只是我修改的别人的，大家fork去原项目啊
WeiboImageReverse - Chrome 插件，反查微博图片po主
KCon - KCon is a famous Hacker Con powered by Knownsec Team.
tale - 🦄 Best beautiful java blog, worth a try
SiteScan - A tool help get the basic information of one site
suo-blog - 🦊技术博客文章、笔记、实战、技术探讨、资源收集等等
noVNC - VNC client web application
hugo-rapid-theme - A hugo theme as
rssify - Convert anything to rss feed
iblog - 基于Gracejs及github issues的全功能博客方案，参考：
gitalk - Gitalk is a modern comment component based on Github Issue and Preact.
gtop - System monitoring dashboard for terminal
gattacker - A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks
GOSINT - The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
Cube-In-Electron - A cross-platform web music player in Electron.
Cube - A cross-platform web music player in nw.js
v2ray-config-gen - V2Ray Configuration generator
WebshellManager - w8ay 一句话WEB端管理工具
CMS-of-Blog - deprecated
VRouter - 一个基于 VirtualBox 和 openwrt 构建的项目, 旨在实现 macOS / Windows 平台的透明代理.
star-history - The missing star history graph of github repos
Google-IPs - 🇺🇸 Google 全球 IP 地址库
apparatus - A graphical security analysis tool for IoT networks
twister-webkit - webkit package for twister
cryptpad - Collaboration suite, end-to-end encrypted and open-source.
cryptpad - Unity is Strength - Collaboration is Key - CryptPad is the zero knowledge realtime collaborative editor.
squid-PAC - 利用国外VPS搭建多协议代理服务，squid PAC代理服务器，25端口翻墙 ....墙已加高，https网站已失效，普通站点仍可代理..建议使用ssr替代
awesome-vscode - 🎨 A curated list of delightful VS Code packages and resources.
elasticsearch-rtf - elasticsearch中文发行版，针对中文集成了相关插件，方便新手学习测试.
squid-with-net-speeder - SQUID Proxy with net speed
shadowsocks-over-websocket - 免费使用 Heroku 部署 shadowsocks
calibre-web - 📚 Web app for browsing, reading and downloading eBooks stored in a Calibre database
auth_proxy - A proxy + UI server for Contiv which handles authentication (local users/LDAP/AD) + authorization (RBAC)
squidproxy - squid 技術部署、客戶端(原創)提供
installer - Anarchy Linux - A simple and intuitive Arch Linux installer. https://anarchyinstaller.org/
openwebrx - Open source, multi-user SDR receiver software with a web interface
beaker - An experimental peer-to-peer Web browser
borgweb - Web UI for Borg Backup
twister-react - proxy-based Twister client written with react-js
SRCMS - SRCMS企业应急响应与缺陷管理系统
anyproxy - A fully configurable http/https proxy in NodeJS
NooBoss - NooBoss is an extension that handles your extensions like a boss!
tech-interview-handbook - 💯 Curated interview preparation materials for busy engineers
link-hijacker - Hijack clicks on and within links, probably for client-side routing
git-visualizer - 👁‍🗨:octocat:Visualizes directory structure of GitHub repos
xssor2 - XSS'OR - Hack with JavaScript.
GenPass - 用Vue.js给健忘的女票写的在线密码生成器。
XSS-Radar -
securelogin - This version won't be maintained!
browser-autofill-phishing - A simple demo of phishing by abusing the browser autofill feature
owtf - Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
debugger-protocol-viewer - DevTools Protocol API docs—its domains, methods, and events
eme - Elegant Markdown Editor.
GeistMap - An experimental personal knowledge base with a focus on connections
wssip - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
hexo-admin-qiniu - 根据hexo-admin@2.2.0进行修改，添加粘贴图片上传至七牛
platformio-atom-ide - PlatformIO IDE for Atom: The next generation integrated development environment for IoT
node.bittrex.api - No longer maintained
Clustered-Single-Value-Map-Visualization - Splunk Custom Visualization
truffle - A tool for developing smart contracts. Crafted with the finest cacaos.
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
git-unsaved - 🔎 Scan your projects directory for dirty git repositories.
How-To-Ask-Questions-The-Smart-Way - 本文原文由知名 Hacker Eric S. Raymond 所撰寫，教你如何正確的提出技術問題並獲得你滿意的答案。
mostly-adequate-guide-chinese - 函数式编程指北中文版
sdu-mirror-website - 山大镜像站首页
LinkedServerPwdDumper - SqlServer Linked Password Dumper.
front-end-collect - 分享自己长期关注的前端开发相关的优秀网站、博客、以及活跃开发者
tinytime - ⏰ A straightforward date and time formatter in <1kb
pcap-analyzer - online pcap forensic
DomainFuzz - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Formstone - Library of modular front end components.
codemirror-anywhere - [Greasemonkey] Use CodeMirror editor instead of textarea in anywhere
frida-java-bridge - Java runtime interop from Frida
gitment - A comment system based on GitHub Issues.
xpath_tester - Demo
APlayer - 🍭 Wow, such a beautiful HTML5 music player
wheels - 笨办法造轮子
h2gb-ui -
My_CTF_Challenges - 🔥☀️
leanote - Not Just A Notepad! (golang + mongodb) http://leanote.org
OSINT-Framework - OSINT Framework
wooyun-node - wooyun.org
portainer - Making Docker and Kubernetes management easy.
ui-for-docker - A web interface for Docker, formerly known as DockerUI. This repo is not maintained
electron-anyproxy - 📢 A http/https proxy client, using to analyze and mock.
awesome-mac -  Now we have become very big, Different from the original idea. Collect premium software in various categories.
magic-mirror-demo - A ⚡Magic Mirror⚡ powered by a UWP Hosted Web App 🚀
webui-aria2 - The aim for this project is to create the worlds best and hottest interface to interact with aria2. Very simple to use, just download and open index.html in any web browser.
web-scraper-chrome-extension - Web data extraction tool implemented as chrome extension
tcp-over-websockets - Tunnel TCP through WebSockets.
e2email - E2EMail is a simple Chrome application - a Gmail client that exchanges OpenPGP mail.
JianshuSpider - Use Node.js,HighChart,BootStrap,Mongo,Cucumber with Gulp to scrapy information from Jianshu.
lib-qqwry - 用NodeJS解析纯真IP库(QQwry.dat) 支持IP段查询
keeweb - Free cross-platform password manager compatible with KeePass
PiBox - PiBox is a web control Interface written to control Embedded Board(Raspberry Pi).
github-hans - [废弃] {官方中文马上就来了} GitHub 汉化插件，GitHub 中文化界面。 (GitHub Translation To Chinese)
calibration-box - 图片标定：一个 Fabric 的小插件，可用于标定图片中车辆、人、交通灯标识、区域等。
weapp-ide-crack - 【应用号】IDE + 破解 + Demo
vue-sui-demo - 用vue 和 SUI-Mobile 写了一个移动端demo，用来反馈学习vue的成果（禁用了SUI自带的路由，使用vue-router, vue-resource, webpack）[a web app written by vue & sui-mobile]
How-To-Ask-Questions-The-Smart-Way - Any update requests plz redirect to original --->
WeFlow - A web developer workflow tool by WeChat team based on tmt-workflow, with cross-platform supported and environment ready.
atrament.js - A small JS library for beautiful drawing and handwriting on the HTML Canvas.
vue-hackernews-2.0 - HackerNews clone built with Vue 2.0, vue-router & vuex, with server-side rendering
500lines - 500 Lines or Less
Scrippy - Scrippy is a browser extension that holds sql statements (think clip board) to aid devlopers in the testing of websites for basic code injections.
xsshunter - The XSS Hunter service - a portable version of XSSHunter.com
xss-scanner - Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.
xsser - xss监控（xss monitor）
back_manager - Paladin是啥？它是一个以JFinal为底层的java基础后台框架。结合了以下第三方组件： Beetl、Druid、Shiro、Ehcache（JFinal自带有工具类）。界面使用的拼图的后台模板，自己做了些优化和更改。最初目的：为了学习jfinal，通过一点点的摸索，把它建立起来了。最终理想：形成一个工作中比较通用的基础后台框架。适用人群刚入门JFinal的同学，可以拿过去做个参考各种大牛，看过、路过，给点指导，求虐求喷部署方式 1、还原数据库文件；在app.properties中修改数据库配置 2、项目导入Eclipse，按照JFinal手册中的方式配置Java Applcation，使用jetty启动项目。 3、默认账号/密码：superadmin/asdasd 交流 QQ群：240452848 欢迎大家前来交流，给予宝贵的建议。希望能在社区的力量下（高人指点、建议；喷子鄙视、虐待）下，逐步完善，让众人受益。现在项目的难度还不是很高，功能、操作、代码都还有很大的提升空间。所以有兴趣的兄弟，可以多多提交Pull Requests。同一个功能，同一个操作，每个人都有自己的解决方案；可以拿出来聊一聊，比一比，哪种更加科学、实用。就当是一场游戏，大家一起打怪，各路神仙，各显神通。让我们一起享受其中的乐趣吧_^ 目前初步已经完成的功能，很多还需要完善、改进基础功能登陆、注销访问页面时，更具ActionKey获取WildcardPermission并进行权限判断开始欢迎使用个人资料修改密码系统系统设置组织机构用户管理角色管理资源管理导航管理开发模型代码模板预览控制器代码模板预览视图代码模板预览为啥要叫它Paladin？ Paladin翻译过来貌似是游侠、圣骑士的意思。感觉这个名字挺酷的，所以它就叫这个吧。
SailsAdmin - 利用nodejs sails框架搭建的权限管理系统和数据可视化界面的B/S
DataVistual - 数字校园项目-大数据可视化平台
The-FlowingData-Guide - 自己整理的《鲜活的数据——数据可视化指南》一书的笔记，还有自己根据书中的讲解，整理出的各章代码。
nodejs-nedb-excel - 基于nodejs+webpack,以nosql轻量级嵌入式数据库nedb作为存储，页面渲染采用react+redux,样式框架为ant design,实现了excel表格上传导出以及可视化
log-date-view - 日志数据可视化
csv2dv - 将csv数据转换成可视化所需的数据格式
lagou-spider-data-handle - 拉勾数据处理，echarts数据可视化
Life-Time-Tracker - 个人时间跟踪，可视化个人活动数据，管理个人生活，利用过去来指导未来，基于柳比歇夫的统计方法
medlog - 数据可视化系统，持续迭代，包括前端采集+数据设计+大数据存储+可视化展示几个大块
data-visualization - 数据可视化
Compiler - 哈工大编译原理实验，使用node语言，实现了基于状态转换机制的词法分析器,以及自顶而下分析的语法分析器，gui基于electron&angular制作，数据可视化使用的是d3.js。
ascii-art - A Node.js library for ansi codes, figlet fonts, ascii art and other ASCII graphics

Jinja (9)

Cobalt_Strike_Ansible - A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.
internet-pi - Raspberry Pi config for all things Internet.
ansible-role-cobaltstrike-docker - Ansible Cobalt Strike (Docker)
build_a_phish - Ansible playbook to deploy a phishing engagement in the cloud.
CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
infra - 99.9% less leaked credentials
kubeasz - 使用Ansible脚本安装K8S集群，介绍组件交互原理，方便直接，不受国内网络环境影响
attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
saythanks.io - Spreading Thankfulness in Open Source.

Jupyter Notebook (31)

DeepUFC2 - Now with data scraping and implementation in PyTorch
Adversarial-Threat-Detector -
cveprophet - CVE Prophet
DefaultCreds-cheat-sheet - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
JupyterPen - A Repository dedicated to creating modular and automated penetration testing frameworks utilizing Jupyter Notebooks
subdomainsEnumerator - A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
h4cker - This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Bug-Hunting-Colab - A Colab For Bug Hunting!
colabcat - 😺 Running Hashcat on Google Colab with session backup and restore.
ayu - 🎨🖌 Modern Sublime Text theme
detection-hackathon-apt29 - Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
ABD - Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
tensorflow2_tutorials_chinese - tensorflow2中文教程，持续更新(当前版本:tensorflow2.0)，tag: tensorflow 2.0 tutorials
interesting-python - 有趣的Python爬虫和Python数据分析小项目(Some interesting Python crawlers and data analysis projects)
digital_video_introduction - A hands-on introduction to video technology: image, video, codec (av1, vp9, h265) and more (ffmpeg encoding).
AI-for-Security-Testing-Database - 复现过的AI安全检测的项目集合
the-craft-of-selfteaching - One has no future if one couldn't teach themself.
AdvBox - Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
100-Days-Of-ML-Code - 100-Days-Of-ML-Code中文版
HELK - The Hunting ELK
pydata-notebook - 利用Python进行数据分析第二版 (2017) 中文翻译笔记
data_hacking - Data Hacking Project
python3-cookbook - 《Python Cookbook》 3rd Edition Translation
100days - 100 days of algorithms
Duke-STA-663-CN - A Chinese Translation of the Resources for Duke University STA 663 杜克大学计算机统计学（Python）全部内容的中文翻译
cs231n.github.io - Public facing notes page
pandas-videos - Jupyter notebook and datasets from the pandas Q&A video series
pandas-zh - pandas 0.19.2 文档中文版
pandas-cookbook - Recipes for using Python's pandas library
pycon-pandas-tutorial - PyCon 2015 Pandas tutorial materials
jupyter_hub - 机器学习算法、可视化、数据分析的Python代码

KiCad (1)

growdammit - Garden thing

Kotlin (30)

ToolsFx - 基于kotlin+tornadoFx开发的跨平台密码学工具箱.包含编解码,编码转换,加解密, 哈希,MAC,签名,二维码功能,ctf等实用功能,支持插件
appsweep-gradle - This Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process
pluto - Pluto is a on-device debugger for Android applications, which helps in inspection of HTTP requests/responses, capture Crashes and ANRs and manipulating application data on-the-go.
InsecureShop - An Intentionally designed Vulnerable Android Application built in Kotlin.
SagerNet - The universal proxy toolchain for Android
LibChecker - An app to view libraries used in apps in your device.
VancedManager - Vanced Installer
Umbrella_android - Open source Android, iOS and Web app for learning about and managing digital and physical security. From how to send a secure message to dealing with a kidnap. Umbrella has best practice guides in over 40 topics in multiple languages. Used daily by people working in high risk countries - journalists, activists, diplomats, business travelers etc.
Privacy-Indicator-App - 🔔 Get the famous "Recording Indicators" feature of iOS14 to android. Get notified every time a third-party app or a service uses camera or microphone.
AndroidAutoTrack - Android Asm 插桩教学
Network-Demo - Retrofit + OkHttp3 + coroutines + LiveData打造一款网络请求框架
AndroidDaemonKiller -
lcg - 吾爱破解第三方安卓应用
DataBindingSamples - 包含了 DataBinding 的大部分知识点
cwa-app-android - Native Android app using the Apple/Google exposure notification API.
poetry-pycharm-plugin - A PyCharm plugin for poetry
shipfast-api-protection - Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.
dtd-finder - List DTDs and generate XXE payloads using those local DTDs.
GSYGithubAppKotlin - 超完整的Android Kotlin 项目，功能丰富，适合学习和日常使用。GSYGithubApp系列的优势：目前已经拥有Flutter、Weex、ReactNative、Kotlin四个版本。功能齐全，项目框架内技术涉及面广，完成度高。开源Github客户端App，更好的体验，更丰富的功能，旨在更好的日常管理和维护个人Github，提供更好更方便的驾车体验Σ(￣。￣ﾉ)ﾉ。同款Weex版本： https://github.com/CarGuo/GSYGithubAppWeex 、同款React Native版本： https://github.com/CarGuo/GSYGithubApp 、同款Flutter版本： https://github.com/CarGuo/GSYGithubAppFlutter
Bookmarks - A Burp Suite Extension to take back your repeater tabs
InjuredAndroid - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
DeveloperHelper - 📌易开发是一款帮助开发人员快速开发的工具，功能包括界面分析，页面信息，加固脱壳，支持Android9.0
VPNHotspot - Share your VPN connection over hotspot or repeater! (root required)
gitstar-ranking - GitHub star ranking for users, organizations and repositories
awesome-kotlin - A curated list of awesome Kotlin related stuff Inspired by awesome-java.
p3c - Alibaba Java Coding Guidelines pmd implements and IDE plugin
Kotlin-CN - 【已下线】https://discuss.kotliner.cn 的第一个实验版本，尝试使用Kotlin编写构建的 Kotlin China 论坛，etcd+自研tpc协议RPC
vdm - GUI for command-line video downloader (youtube-dl annie)
fanqiang - 翻墙-科学上网
kotlin-koans - Kotlin workshop

LLVM (1)

llvm-ir-tutorial - LLVM IR入门指南

Less (1)

gridea - ✍️ A static blog writing client (一个静态博客写作客户端)

Logos (3)

LookinLoader - Lookin - iOS UI Debugging Tweak LookinLoader,Compatible with iOS 8~13
Cydia - 🔥🔥🔥我的微信公众号: Cydia 🔥🔥🔥=> Cydia插件 Logos语言开发Tweak.xm Cydia Substrate 注入dylib iOS逆向工程开发越狱Jailbreak deb插件 - fishhook / Frida / iOSOpenDev / Cycript / MachOView / IDA / Hopper Disassembler / MonkeyDev / Class-dump / Theos / Reveal / Dumpdecryptd / FLEX / 汇编Assembly / CaptainHook / lldb/LLVM/XNU/Darwin/iOS Reverse
UIDaemon - An iOS daemon that can show UI /over/ SpringBoard

Lua (30)

ICS-pcap - A collection of ICS/SCADA PCAPs
luasql-adapter - LuaSQL adapter for Casbin
solaredge_monitor - This QuickApp monitors your SolarEdge managed Solar Panels. The QuickApp has (child) devices for current Power, solar Power, lastday, lastmonth, lastyear and lifetime energy.
nlist - An nmap script to produce target lists for use with various tools.
nautilus.nvim - A nice and cobaltish neovim theme
grab_beacon_config -
chromium-ipc-sniffer - A tool to capture communication between Chromium processes on Windows
nmap-scripts -
ICS-Protocol-identify - Using nmap NSE scripts for identifying common ICS protocols[使用nmap的nse脚本对常见工控协议进行识别，附对应nse脚本，并记录pcap流量]
vulscan - Advanced vulnerability scanning with Nmap NSE
luject - 🍹A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)
ngxlua - nginx/openresty lua access limit 限流防爬
remote-adb-scan - pure python remote adb scanner + nmap scan module
nebula - "星云"业务风控系统，主工程
icsmaster - ICS/SCADA Security Resource（整合工控安全相关资源）
nse_vuln - Nmap扫描、漏洞利用脚本
patoolkit - PA Toolkit is a collection of traffic analysis plugins focused on security
freevulnsearch - Free and open NMAP NSE script to query vulnerabilities via the cve-search.org API.
lua-nginx-redis - 🌺 Redis、Lua、Nginx、OpenResty 笔记和资料
jxwaf - JXWAF(锦衣盾)是一款开源web应用防火墙
ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
nmap-vulners - NSE script based on Vulners.com API
nmap_scripts - nmap默认的scripts和自己收集的一些scripts
VeryNginx - A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards.
nginx_waf - 使用nginx和lua构建的waf
nmap-nse-info - Browse and search through nmap's NSE scripts.
nmapii - Automated script for NMAP Scanner with some custom .nse scripts :) for lazy geeks :V
SambaCry - CVE-2017-7494 - Detection Scripts
nmap-nse-scripts - My collection of nmap NSE scripts
drool - DNS Replay Tool

MATLAB (1)

AudioProcessing-toolbox - extract the time domain or frequent domain features from wav format audio

Makefile (6)

license-list-XML - This is the repository for the master files that comprise the SPDX License List
ArchWSL - ArchLinux based WSL Distribution. Supports multiple install.
dircolors-solarized - This is a repository of themes for GNU ls (configured via GNU dircolors) that support Ethan Schoonover’s Solarized color scheme.
h2fuzz - everyone can fuzz h2
reverse-engineering-for-beginners - translate project of Drops
awesome-python-cn - Python资源大全中文版，包括：Web框架、网络爬虫、模板引擎、数据库、数据可视化、图片处理等，由「开源前哨」和「Python开发者」微信公号团队维护更新。

Markdown (1)

rust-book-chinese - rust 程序设计语言中文版

Mask (1)

Fuzzing-ImageMagick - OpenSource My ImageMagick Fuzzer ..

Max (1)

microllaborators - microllaborators 👩‍👦‍👦🔮🔬👩‍🏫 - the revolution in teaching

Mercury (1)

ios-app-signer - This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.

Mustache (2)

aqua-helm - Helm Charts For Installing Aqua Security Components
wazuh-kubernetes-helmchart - Wazuh - Wazuh Kubernetes Helm chart. This repo is not maintained by Wazuh team. This is community project.

Nginx (1)

docker-rtorrent - rTorrent is a BitTorrent client and ruTorrent is a front-end for the popular Bittorrent client rtorrent.

Nim (18)

fsmonitor - Files changes monitor and logger
ShadowSteal - Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation
nim_awsS3 - Amazon Simple Storage Service (AWS S3) basic API support
vaf - very advanced (web) fuzzer
OffensiveNim - My experiments in weaponizing Nim (https://nim-lang.org/)
nim-dnp - Nim 版 domainNamePredictor：一个简单的现代化公司域名使用规律预测及生成工具
wAuto - Windows automation module
nimcrypto - Nim cryptographic library
nim-json-rpc - Nim library for implementing JSON-RPC clients and servers
awesome-nim - A curated list of awesome Nim frameworks, libraries, software and resources.
winim - Nim's Windows API and COM Library
nim-strenc - A tiny library to automatically encrypt string literals in Nim code
nimassets - bundle your assets into single nim file inspired by go-bindata
subhook.nim - subhook wrapper for Nim https://github.com/Zeex/subhook
Nim-SMBExec - SMBExec implementation in Nim - SMBv2 using NTLM Authentication with Pass-The-Hash technique
NimScan - 🚀 Fast Port Scanner 🚀
nlvm - LLVM-based compiler for the Nim language
quickjwt - JWT implementation for nim-lang

Nunjucks (2)

phpstan - PHP Static Analysis Tool - discover bugs in your code without running it!
china-indie-podcasts - 发现与推荐高质量的中文独立播客

OCaml (1)

semgrep - Lightw

sityck/awesome-hacking-lists

Awesome Stars

Contents

ASL (1)

ActionScript (1)

Ada (1)

Arduino (2)

AsciiDoc (1)

Assembly (13)

AutoHotkey (2)

Batchfile (24)

BitBake (2)

Blade (1)

BlitzBasic (4)

Boo (1)

C (419)

C# (352)

C++ (338)

CMake (3)

CSS (78)

Classic ASP (2)

Clojure (1)

CodeQL (3)

ColdFusion (1)

Dart (3)

Dockerfile (47)

Emacs Lisp (1)

Erlang (1)

F# (2)

Go (809)

HCL (8)

HTML (209)

Haskell (4)

Inno Setup (1)

Java (643)

JavaScript (580)

Jinja (9)

Jupyter Notebook (31)

KiCad (1)

Kotlin (30)

LLVM (1)

Less (1)

Logos (3)

Lua (30)

MATLAB (1)

Makefile (6)

Markdown (1)

Mask (1)

Max (1)

Mercury (1)

Mustache (2)

Nginx (1)

Nim (18)

Nunjucks (2)

OCaml (1)