GPT4All: Run Local LLMs on Any Device. Open-source and available for commercial use.

面向红队的, 高度可控可拓展的自动化引擎

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Open-Source Phishing Toolkit

绕过AV/EDR的代码例子（Code example to bypass AV/EDR）

适用于Cobalt Strike的插件

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

E-mails, subdomains and names Harvester - OSINT

thinkphp v5.x 远程代码执行漏洞-POC集合

Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势

shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

Scapy: the Python-based interactive packet manipulation program & library.

This is a webshell open source project

Cyber Security ALL-IN-ONE Platform

windows-kernel-exploits Windows平台提权漏洞集合

CyberSecurityRSS: A collection of cybersecurity rss to make you better!

基于chrome、firefox插件的被动式信息泄漏检测工具

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exc…

掩日 - 免杀执行器生成工具

[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-312…

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

内网穿透，c++实现，无需公网IP，小巧，易用，快速，安全，最好的多链路聚合（p2p+proxy）模式，不做之一...这才是你真正想要的内网穿透工具！

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能