⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Web path scanner

Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

OneForAll是一款功能强大的子域收集工具

Automated All-in-One OS Command Injection Exploitation Tool.

A python script that finds endpoints in JavaScript files

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Source Code Security Audit (源代码安全审计)

DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

陌陌风控系统静态规则引擎，零基础简易便捷的配置多种复杂规则，实时高效管控用户异常行为。

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

开源易用的中文离线OCR，识别率媲美大厂，并且提供了易用的web页面及web的接口，方便人类日常工作使用或者其他程序来调用~

WebCrack是一款web后台弱口令/万能密码批量检测工具，在工具中导入后台地址即可进行自动化检测。

一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具

基于Frida的脱壳工具

Bypass firewall for traffic forwarding using webshell 一款使用webshell进行流量转发的出网工具

Toolkit to emulate firmware and analyse it for security vulnerabilities

针对 Acunetix AWVS扫描器开发的批量扫描脚本，支持log4j漏洞、SpringShell、SQL注入、XSS、弱口令等专项，支持联动xray、burp、w13scan等被动批量

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

在渗透测试中快速检测常见中间件、组件的高危漏洞。

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Standalone binaries for Linux/Windows of Impacket's examples

EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具

2021hvv漏洞汇总