Apache Log4j 远程代码执行

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

记录自己写的工具和学习笔记

增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

AntSword is a cross-platform website management toolkit.

Vulnerable Java based Web Application

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Pre-Built Vulnerable Environments Based on Docker-Compose

Nano is a family of PHP web shells which are code golfed for stealth.

Awesome Node.js Security resources

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Remote Java classpath enumeration via deserialization

Lesser Known Web Attack Lab

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

This challenge is Inon Shkedy's 31 days API Security Tips.

Repo for all the OWASP-SKF Docker lab examples

A curated list of amazingly awesome Burp Extensions

OneForAll是一款功能强大的子域收集工具

Custom pentesting tools

Use HTTP Smuggling Lab to learn HTTP Smuggling.

Fast web fuzzer written in Go

Extract endpoints from apk files.

The cheat sheet about Java Deserialization vulnerabilities

Issues with WebSocket reverse proxying allowing to smuggle HTTP requests

Subdomain Takeover tool written in Go

SvnExploit支持SVN源代码泄露全版本Dump源码