攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

Helper script for spawning a minimal Ubuntu 16.04 container ready for building kernel exploits (~4.x)

Pico is a stupidly simple, blazing fast, flat file CMS.

A tool to dump a git repository from a website

Monitor linux processes without root permissions

Deserialization payload generator for a variety of .NET formatters

A tool to perform Kerberos pre-auth bruteforcing

最好用的 V2Ray 一键安装脚本 & 管理脚本

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

The ultimate WinRM shell for hacking/pentesting

A fast TCP/UDP tunnel over HTTP

not a reverse-engineered version of the Cobalt Strike Beacon

Lnk Explorer Command line edition!!

Compiled Binaries for Ghostpack

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Build your own second brain with supermemory. It's a ChatGPT for your bookmarks. Import tweets or save websites and content using the chrome extension.

Automatic bypass (brute force) waf

Check your WAF before an attacker does

用于记录企业安全规划，建设，运营，攻防的相关资源

burp验证码识别接口调用插件

带带弟弟 通用验证码识别OCR pypi版

SecGPT网络安全大模型

use cnn recognize captcha by tensorflow. 本项目针对字符型图片验证码，使用tensorflow实现卷积神经网络，进行验证码识别。

Burp Plugin to Bypass WAFs through the insertion of Junk Data

OWASP Web Application Security Testing Checklist

A tool for enumerating usernames from text, files, or websites

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。