御剑目录扫描专业版，简单实用的命令行网站目录扫描工具，支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫描控速等功能。

《FRIDA操作手册》by @hluwa @r0ysue

Security technique research and some funny work on it !

share experience towards for information management, brainstorming and so on.

面向开发人员梳理的代码安全指南

边界打点后的自动化渗透工具

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

PC客户端（C-S架构）渗透测试checklist / Client side(C-S) penetration checklist

OneForAll是一款功能强大的子域收集工具

这是基于Burp Suite官方文档翻译而来的中文版文档

服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件

You Know, For WEB Fuzzing ! 日站用的字典。

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Windows 权限提升 BadPotato

Open-Source Phishing Toolkit

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

Hunt down social media accounts by username across social networks

windows-kernel-exploits Windows平台提权漏洞集合

Zui is a powerful desktop application for exploring and working with data. The official front-end to the Zed lake.

Golang for Security Professionals

An open source analysis web log tool

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exc…

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Noriben - Portable, Simple, Malware Analysis Sandbox

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

PowerSploit - A PowerShell Post-Exploitation Framework

Simple reverse ICMP shell

TideFinger——指纹识别小工具，汲取整合了多个web指纹库，结合了多种指纹检测方法，让指纹检测更快捷、准确。

远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。