htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intell…

A collection of various awesome lists for hackers, pentesters and security researchers

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

an asynchronous target enumeration tool

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

计算机基础（计算机网络/操作系统/数据库/Git...）面试问题全面总结，包含详细的follow-up question以及答案；没有多余的知识点讲解，都是【问题+追问+答案】的形式，即拿即用，直击面试；可用于模拟面试、面试前复习、短期内快速备战面试...

This repository stores content that can be used to design a Rapid Threat Model Prototyping process for a software development group.

A powerful dynamic crawler for web vulnerability scanners

A curated list of amazingly awesome Burp Extensions

“玄魂工作室--安全圈” 知识星球内资源汇总

从wooyun中提取的payload，以及burp插件

A work-in-progress collection of utilities for creating Burp extensions in Python.

Brute-Forcing from Nmap output - Automatically attempts default creds on found services.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

这是一个使用WPS表格制作甘特图的教程仓库

Web Pentesting Fuzz 字典,一个就够了。

Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Burp被动扫描流量转发插件

Draw.io libraries for threat modeling diagrams

java library for game hacking and an example on "Cube2 Sauerbraten"

超级弱口令检查工具是一款Windows平台的弱口令审计工具，支持批量多线程检查，可快速发现弱密码、弱口令账号，密码支持和用户名结合进行检查，大大提高成功率，支持自定义服务端口和字典。

Everything about database,bussiness.(Most for PostgreSQL).

Network reconnaissance and vulnerability assessment tools.

Seay源代码审计系统

Penetration Testing: A Hands-On Introduction to Hacking (Georgia Weidman)