Awesome Stars

A curated list of my GitHub stars! Generated by starred.

ASL
ActionScript
Ada
Arduino
AsciiDoc
Assembly
AutoHotkey
Batchfile
BitBake
Blade
BlitzBasic
Boo
C
C#
C++
CMake
CSS
Classic ASP
Clojure
CodeQL
ColdFusion
Dart
Dockerfile
Emacs Lisp
Erlang
F#
FreeMarker
Go
Groovy
HCL
HTML
Hack
Haskell
Inno Setup
Java
JavaScript
Jinja
Jupyter Notebook
KiCad Layout
Kotlin
LLVM
Less
Logos
Lua
MATLAB
Makefile
Markdown
Mask
Max
Mercury
Mustache
Nginx
Nim
Nunjucks
OCaml
Objective-C
Objective-C++
Open Policy Agent
Others
PHP
PLpgSQL
Pascal
Perl
PostScript
PowerShell
Propeller Spin
Pug
Python
REXX
Rascal
Rich Text Format
Roff
Ruby
Rust
SCSS
Sage
SaltStack
Sass
Scala
Scheme
Shell
Smali
Smarty
Solidity
SourcePawn
Svelte
Swift
TSQL
Tcl
TeX
TypeScript
VBA
VBScript
VCL
Vim script
Visual Basic
Visual Basic .NET
Vue
XSLT
YAML
YARA
Zeek
Zig
nesC

ASL

postgres-cn/pgdoc-cn - PostgreSQL manual Chinese translation by China PostgreSQL Users Group

ActionScript

appsecco/json-flash-csrf-poc - This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.

Ada

PatrikFehrenbach/amass-tools -

Arduino

UnicycleDumpTruck/MissionControl - This kids' homework desk has top that flips up to reveal a space-themed control panel.
spacehuhn/wifi_keylogger - DIY Arduino Wi-Fi Keylogger (Proof of Concept)

AsciiDoc

bitcoinbook/bitcoinbook - Mastering Bitcoin 2nd Edition - Programming the Open Blockchain

Assembly

enkomio/AlanFramework - A C2 post-exploitation framework
MortenSchenk/Token-Stealing-Shellcode -
timwhitez/Doge-Direct-Syscall - Golang Direct Syscall
klezVirus/inceptor - Template-Driven AV/EDR Evasion Framework
guitmz/memrun - Small tool to run ELF binaries from memory with a given process name
DownWithUp/DynamicKernelShellcode - An example of how x64 kernel shellcode can dynamically find and use APIs
mai1zhi2/SysWhispers2_x86 - X86 version of syswhispers2 / x86 direct system call
jthuraisamy/SysWhispers2 - AV/EDR evasion via direct system calls.
Cybereason/siofra -
mytechnotalent/Reverse-Engineering - A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
jjyr/jonesforth_riscv - Jonesforth RISC-V port.
vxunderground/MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
antonioCoco/Mapping-Injection - Just another Windows Process Injection
jthuraisamy/SysWhispers - AV/EDR evasion via direct system calls.
tinysec/windows-syscall-table - windows syscall table from xp ~ 10 rs4

AutoHotkey

xianyukang/MyKeymap - MyKeymap: 我的按键映射工具
goreliu/runz - RunZ，专业的快速启动工具
kookob/smpic - Windows下面的SM.MS图床上传工具

Batchfile

lxgw/LxgwWenKai - An open-source Chinese font derived from Fontworks' Klee One. 一款开源中文字体，基于 FONTWORKS 出品字体 Klee One 衍生。
gsuberland/lbfo_win10 - Re-enable NIC teaming (LBFO) in Windows 10 using components from Windows Server.
SkyBlueEternal/jdk-change - 支持windows\linux\macOS | jdk一键切换版本\一键切换jdk版本\jdk版本更换
0xbinibini/emergency_response_batch - 应急响应，应急响应脚本，应急响应批处理；将Windows查看日志用户端口等命令集成在批处理脚本中。让熟练的应急人员能省去多次重复的敲击和记忆，并通过读取配置文件来调用Windows自带的命令结束进程服务等，本批处理尽量不调用任何外部的工具。任何调用的外部工具都将会存放在plugin目录下可按需使用，力图使用最原生的命令行来完成工作。
Rdimo/Defender-disabler - a simple but destructive batch script that will disable windows defender, task manager, registerytools, cmd, bypass tamper protection and alot more
SoraShu/easyconn-socks5-for-HITsz - 在服务器上运行easyconnect并建立socks5代理，实现win电脑上免安装easyconnect访问校园内网。
r00t4dm/CVE-2020-27955 -
swagkarna/Defeat-Defender-V1.2 - Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
wafinfo/cobaltstrike - cobaltstrike插件
chroblert/JC-jEnv - windows java environ manage
kkzzhizhou/scoop-apps - 使用Github Action每天自动合并其他scoop仓库的更新，仓库地址：https://github.com/kkzzhizhou/scoop-apps
massgravel/Microsoft-Activation-Scripts - A collection of scripts for activating Microsoft products using HWID / KMS38 / Online KMS activation methods with a focus on open-source code, fewer antivirus detection and user-friendliness.
sagishahar/lpeworkshop - Windows / Linux Local Privilege Escalation Workshop
maguowei/k8s-docker-desktop-for-mac - Docker Desktop for Mac 开启并使用 Kubernetes
ihacku/winhardening - windows 加固脚本
frizb/Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts
acgbfull/IBM_Appscan_Batch_Scan_Script - IBM AppScan批量扫描脚本
crazywifi/RDP_SessionHijacking - Passwordless RDP Session Hijacking
chawyehsu/dorado - 🐟 Yet Another bucket for lovely Scoop
so87/CISSP-Study-Guide - study material used for the 2018 CISSP exam
Tai7sy/fuckcdn - CDN真实IP扫描，易语言开发
NextronSystems/APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
auspbro/domain-admin-crack - :cactus: 入域电脑用户本地提权
bartblaze/Disable-Intel-AMT - Tool to disable Intel AMT on Windows
Phoenix1747/fake-sandbox - 👁‍🗨 This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid.
wzulfikar/ngrok-caddy - Script to run ngrok with (optional) caddy server

BitBake

xer0days/BugBounty - Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...

Blade

dbarzin/mercator - Cartographie du systeme d'information / Mapping the information system

BlitzBasic

Sy3Omda/burp-bounty - Burp Bounty profiles
wagiro/BurpBounty - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through
six2dez/burp-bounty-profiles - Burp Bounty profiles compilation, feel free to contribute!
PortSwigger/scan-check-builder - Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
1N3/IntruderPayloads - A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
ghsec/BBProfiles - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.

Boo

byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

C

Libraggbond/EventViewerBypassUacBof - EventViewer Bypass Uac Bof
randorisec/CVE-2022-34918-LPE-PoC -
h3xduck/TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
pytorch/cpuinfo - CPU INFOrmation library (x86/x86-64/ARM/ARM64, Linux/Windows/Android/macOS/iOS)
byt3bl33d3r/BOF-Zig - Cobalt Strike BOF with Zig!
crisprss/PetitPotam - 替代PrintBug用于本地提权的新方式，主要利用MS-EFSR协议中的接口函数借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized
Cracked5pider/Ekko - Sleep Obfuscation
helloexp/0day - 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
tr3ee/CVE-2022-23222 - CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
synacktiv/ica2tcp - A SOCKS proxy for Citrix.
thefLink/DeepSleep - A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
q77190858/CVE-2021-3156 - sudo提权漏洞CVE-2021-3156复现代码
nsacyber/Hardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as gene
nemo-wq/PrintNightmare-CVE-2021-34527 - PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits
LDrakura/Remote_ShellcodeLoader - 远程shellcode加载&权限维持+小功能
JDArmy/RPCSCAN - RPC远程主机信息匿名扫描工具
jituo666/AndroidEventRecorder - A recorder used for recording user actions on Android platforms.
liudf0716/xfrpc - c 语言实现的内网穿透客户端，配合frp服务端使用。主要用于基于openwrt的路由器上，对路由器的硬件配置要求极低。
Mr-Un1k0d3r/WindowsDllsExport - A list of all the DLLs export in C:\windows\system32\
TUGOhost/anti_Android - Is a protect Android App anti any attacks and environments.
trustedsec/CS-Remote-OPs-BOF -
CoolerVoid/spock_slaf - Spock SLAF is a Shared Library Application Firewall "SLAF".
Threekiii/Awesome-Exploit - 一个漏洞利用工具仓库
DataDog/security-labs-pocs - Proof of concept code for Datadog Security Labs referenced exploits.
outflanknl/C2-Tool-Collection - A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
grigoritchy/pocs -
chicharitomu14/AndScanner - This is the project for the paper “Large-scale Security Measurements on the Android Firmware Ecosystem” in ICSE2022
rbsec/sslscan - sslscan tests SSL/TLS enabled services to discover supported cipher suites
kris-nova/boopkit - Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
bytedance/bhook - :fire: ByteHook is an Android PLT hook library which supports armeabi-v7a, arm64-v8a, x86 and x86_64.
r0ysue/AndroidFridaBeginnersBook - 《安卓Frida逆向与抓包实战》随书附件
easychen/pushdeer - 开放源码的无App推送服务，iOS14+扫码即用。亦支持快应用/iOS和Mac客户端、Android客户端、自制设备
CoolerVoid/casper-fs - Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
emptymonkey/revsh - A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities.
Bonfee/CVE-2022-0995 - CVE-2022-0995 exploit
RfidResearchGroup/proxmark3 - The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator
xenoscr/SysWhispers2 - AV/EDR evasion via direct system calls.
ehids/ecapture - capture SSL/TLS text content without CA cert using eBPF. supports Linux x86_64/Aarch64, Android(GKI) Aarch64.
ly4k/PwnKit - Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
crisprss/PrintSpoofer - PrintSpoofer的反射dll实现，结合Cobalt Strike使用
AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits - A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
mponcet/subversive - x86_64 linux rootkit using debug registers
therealdreg/lsrootkit - Rootkit Detector for UNIX
Arinerron/CVE-2022-0847-DirtyPipe-Exploit - A root exploit for CVE-2022-0847 (Dirty Pipe)
Bonfee/CVE-2022-25636 - CVE-2022-25636
Lojii/Knot - 一款iOS端基于MITM(中间人攻击技术)实现的HTTPS抓包工具，完整的App，核心代码使用SwiftNIO实现
SentryPeer/SentryPeer - A distributed peer to peer list of bad actor IP addresses and phone numbers collected via a SIP Honeypot.
b1n4r1b01/n-days -
linux-lock/bpflock - bpflock - eBPF driven security for locking and auditing Linux machines
Rvn0xsy/CVE-2021-4034 - CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation
0verSp4ce/CVE-2021-4034 - CVE-2021-4034, For Webshell Version.
MichaelDim02/Narthex - Modular personalized dictionary generator.
FlamingSpork/iptable_evil - An evil bit backdoor for iptables
kyleavery/inject-assembly - Inject .NET assemblies into an existing process
spieglt/whatfiles - Log what files are accessed by any Linux process
berdav/CVE-2021-4034 - CVE-2021-4034 1day
arthepsy/CVE-2021-4034 - PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
Ayrx/CVE-2021-4034 - Exploit for CVE-2021-4034
CoolerVoid/OctopusWAF - OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent.
xbyl1234/android_analysis - android analysis tools, jni trace by native hook, libc hook, write log with caller's addr in file or AndroidLog
aaaddress1/Skrull - Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting te
thefLink/Hunt-Sleeping-Beacons - Aims to identify sleeping beacons
Rvn0xsy/linux_dirty - 更改后的脏牛提权代码，可以往任意文件写入任意内容，去除交互过程
revng/pagebuster - PageBuster - dump all executable pages of packed processes.
screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
mycve/bypassAV - 免杀 defender 360 cobalstrike shellcode
f0rb1dd3n/Reptile - LKM Linux rootkit
lcatro/qemu-fuzzer - Qemu Fuzzer.针对Qemu模拟设备的模糊测试工具,主要思路是Host生成种子Data,然后传递给Guest中转程序,由中转程序访问MMIO,以达到和模拟设备的交互,不同于qtest自带的fuzzer.
chriskaliX/Hades - Hades is a Host-Based Intrusion Detection System based on both eBPF(kernel) and netlink/cn_proc(userspace).
n0b0dyCN/redis-rogue-server - Redis(<=5.0.5) RCE
wavestone-cdt/EDRSandblast -
OALabs/BlobRunner - Quickly debug shellcode extracted during malware analysis
SweetIceLolly/Huorong_Vulnerabilities - Huorong Internet Security vulnerabilities 火绒安全软件漏洞
scareing/cmd2shellcode - cmd2shellcode
securifybv/Visual-Studio-BOF-template - A Visual Studio template used to create Cobalt Strike BOFs
HexHive/USBFuzz - A Framework for fuzzing USB Drivers by Device Emulation
helpsystems/nanodump - A crappy LSASS dumper with no ASCII art
0671/RedisModules-ExecuteCommand-for-Windows - 可在Windows下执行系统命令的Redis模块，可用于Redis主从复制攻击。
Lakr233/Decrypter - An easy way to decrypt UIKit app.
idealeer/xmap - XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
wolfpython/nids - 基于网络的入侵检测系统
dismantl/ImprovedReflectiveDLLInjection - An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security
aircrack-ng/mdk4 - MDK4
boku7/injectEtwBypass - CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
codewhitesec/HandleKatz - PIC lsass dumper using cloned handles
gentilkiwi/kekeo - A little toolbox to play with Microsoft Kerberos in C
EspressoCake/PPLDump_BOF - A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
microsoft/omi - Open Management Infrastructure
seL4/seL4 - The seL4 microkernel
outflanknl/PrintNightmare -
cube0x0/SharpSystemTriggers - Collection of remote authentication triggers in C#
paranoidninja/PIC-Get-Privileges - Building and Executing Position Independent Shellcode from Object Files in Memory
SolomonSklash/SleepyCrypt - A shellcode function to encrypt a running process image when sleeping.
limithit/NginxExecute - The NginxExecute module executes the shell command through GET POST and HEAD to display the result.
o8oo8o/GoWebSSH - 功能强大，Go 实现的一个WebSSH，支持文件上传下载
boku7/azureOutlookC2 - Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Micro
cyberark/rdpfuzz - Tools for fuzzing RDP
mprovost/NFStash - NFS client CLI toolkit
aaaddress1/PR0CESS - some gadgets about windows process and ready to use :)
superflexible/TGPuttyLib - An SFTP client shared library (dll/so/dylib) with bindings and classes for C++, Delphi and Free Pascal based on PuTTY
ttdennis/fpicker - fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
mgeeky/ElusiveMice - Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
boku7/whereami - Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
frkngksl/Huan - Encrypted PE Loader Generator
Yubico/yubico-c - YubiKey C low-level library (libyubikey)
RUB-SysSec/Nyx - USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
glmcdona/Process-Dump - Windows tool for dumping malware PE files from memory back to disk for analysis.
alfarom256/BOF-ForeignLsass -
knightswd/ProcessGhosting -
NoOne-hub/Beacon.dll - Beacon.dll reverse
boku7/BokuLoader - Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p
aqi00/advanceapp - 《Android App开发进阶与项目实战》随书源码
horsicq/PDBRipper - PDBRipper is a utility for extract an information from PDB-files.
Gui774ume/ebpfkit - ebpfkit is a rootkit powered by eBPF
jrbrtsn/ban2fail - Simple & efficient log file scanning and iptable filtering
cdpxe/NELphase - Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel)
ZhangZhuoSJTU/StochFuzz - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
connormcgarr/cThreadHijack - Beacon Object File (BOF) for remote process injection via thread hijacking
boku7/injectAmsiBypass - Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
LloydLabs/process-enumeration-stealth -
hasherezade/process_ghosting - Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
djkaty/Il2CppInspector - Powerful automated tool for reverse engineering Unity IL2CPP binaries
merbanan/rtl_433 - Program to decode radio transmissions from devices on the ISM bands (and other frequencies)
killvxk/Beacon - Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
sliverarmory/COFFLoader -
cribdragg3r/Alaris - A protective and Low Level Shellcode Loader that defeats modern EDR systems.
OWASP/IoTGoat - IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
ndilieto/uacme - ACMEv2 client written in plain C with minimal dependencies
client9/libinjection - SQL / SQLI tokenizer parser analyzer
alipay/ios-malicious-bithunter - iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime. If you are inte
xuanxuan0/TiEtwAgent - PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
antonioCoco/RemotePotato0 - Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.
greenbone/gvmd - Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
topotam/PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
CCob/BOF.NET - A .NET Runtime for Cobalt Strike's Beacon Object Files
0xricksanchez/dlink-decrypt - D-Link firmware decryption PoC
boku7/spawn - Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG),
xforcered/InlineExecute-Assembly - InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional f
inspiringz/CVE-2021-3493 - CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)
wbenny/injdrv - proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
CCob/SylantStrike - Simple EDR implementation to demonstrate bypass
apangin/jattach - JVM Dynamic Attach utility
anthemtotheego/InlineExecute-Assembly - InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional f
praetorian-inc/PortBender - TCP Port Redirection Utility
hlldz/CVE-2021-1675-LPE - Local Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
blackorbird/PrintNightmare -
iqiyi/qnsm - QNSM is network security monitoring framework based on DPDK.
Yaxser/Backstab - A tool to kill antimalware protected processes
CaledoniaProject/rdpscan - RDP password verification tool - No external libraries required ;-P
wonderkun/go-packer - golang打包二进制进行免杀
cgwalters/cve-2020-14386 -
alipay/Owfuzz - Owfuzz: a WiFi protocol fuzzing tool
passthehashbrowns/hook-integrity-checks -
kevmitch/win_battery_log - command line battery stats for MS Windows
passthehashbrowns/hiding-your-syscalls - Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.
yarrick/iodine - Official git repo for iodine dns tunnel
airbus-cyber/afl_ghidra_emu -
ApsaraDB/PolarDB-for-PostgreSQL - A cloud-native database based on PostgreSQL developed by Alibaba Cloud.
season-lab/fuzzolic - fuzzing + concolic = fuzzolic :)
djhohnstein/macos_shell_memory - Execute MachO binaries in memory using CGo
ASkyeye/Zipper - Zipper, a CobaltStrike file and folder compression utility.
AdamWhiteHat/Judge-Jury-and-Executable - A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power
pbek/loganalyzer - LogAnalyzer is a tool that helps you analyzing your log files by reducing the content with patterns you define.
heiher/hev-socks5-core - A simple, lightweight socks5 library. (IPv4/IPv6/TCP/UDP/Client/Server)
orangetw/tsh - Tiny SHell is an open-source UNIX backdoor.
waldo-irc/CVE-2021-21551 - Exploit to SYSTEM for CVE-2021-21551
Iansus/SilentLsassDump - VisualStudio port of https://github.com/guervild/BOFs/tree/dev/SilentLsassDump
scythe-io/memory-module-loader - An implementation of a Windows loader that can load dynamic-linked libraries (DLLs) directly from memory
abcz316/rwProcMem33 - Linux read & write process memory module.
falcosecurity/pdig - ptrace-based event producer for udig
svengong/xcubebase_riru - 基于magisk 和riru的frida持久化方案
Al1ex/WindowsElevation - Windows Elevation(持续更新)
Al1ex/LinuxEelvation - Linux Eelvation(持续更新)
boazsegev/iodine - iodine - HTTP / WebSockets Server for Ruby with Pub/Sub support
getdrive/Lazy-RDP - Script for automatic scanning & brute-force RDP
xforcered/CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel
dgoulet/kjackal - Linux Rootkit Scanner
rsmudge/ZeroLogon-BOF -
csandker/inMemoryShellcode - A Collection of In-Memory Shellcode Execution Techniques for Windows
pattern-f/TQ-pre-jailbreak - Hello from pattern-f.
darvincisec/AntiDebugandMemoryDump - Anti-Debug and Anti-Memory Dump for Android
decoder-it/juicy_2 - juicypotato for win10 > 1803 & win server 2019
9bie/exe2shellcode - Remote Download and Memory Execute for shellcode framework
trustedsec/COFFLoader -
akopytov/sysbench - Scriptable database and system performance benchmark
mtrojnar/osslsigncode - OpenSSL based Authenticode signing for PE/MSI/Java CAB files
jmk-foofus/medusa - Medusa is a speedy, parallel, and modular, login brute-forcer.
rewardone/OSCPRepo - A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and readi
aaaddress1/sakeInject - Windows PE - TLS (Thread Local Storage) Injector in C/C++
Rvn0xsy/CVE-2021-3156-plus - CVE-2021-3156非交互式执行命令
blasty/CVE-2021-3156 -
Mr-Un1k0d3r/RedTeamCCode - Red Team C code repo
lockedbyte/CVE-Exploits - PoC exploits for software vulnerabilities
mai1zhi2/ShellCodeFramework - 绕3环的shellcode免杀框架
ea/bosch_headunit_root - Documentation and code for rooting and extending a Bosch car head unit (lcn2kai)
LloydLabs/Windows-API-Hashing - This is a simple example and explanation of obfuscating API resolution via hashing
LloydLabs/delete-self-poc - A way to delete a locked file, or current running executable, on disk.
CoolerVoid/0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
zznop/drow - Injects code into ELF executables post-build
outflanknl/FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
neil-wu/CatFrida - CatFrida is a macOS tool for inspecting a running iOS app.
jsherman212/xnuspy - an iOS kernel function hooking framework for checkra1n'able devices
rsmudge/unhook-bof - Remove API hooks from a Beacon process.
dacade/tools - some tools
lengjibo/FourEye - AV Evasion Tool For Red Team Ops
AFLplusplus/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
ethereal-vx/Persistence - Recreating and reviewing the Windows persistence methods
anantshri/Android_Security - This repository is a suplimentary material for Android Training's done by Anant Shrivastava from 2012-2017
outflanknl/WdToggle - A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
ajpc500/BOFs - Collection of Beacon Object Files
tomcarver16/BOF-DLL-Inject - Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
gnxbr/Fully-Undetectable-Techniques -
slaeryan/DetectCobaltStomp - Detects Module Stomping as implemented by Cobalt Strike
chroblert/JC-AntiPtrace - 安卓绕过ptrace反调试
mcepl/M2Crypto - OpenSSL for Python (both 2.x and 3.x) (generated by SWIG)
NixOS/patchelf - A small utility to modify the dynamic linker and RPATH of ELF executables
TannerJin/AntiMSHookFunction - AntiMSHookFunction (make MSHookFunction doesn't work)
ntop/n2n - Peer-to-peer VPN
gaffe23/linux-inject - Tool for injecting a shared object into a Linux process
code-scan/ssh-inject-auto-find-libdl -
geommer/yabar - A modern and lightweight status bar for X window managers.
cbwang505/CVE-2019-0708-EXP-Windows - CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell
strongcourage/uafuzz - UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
LloydLabs/wsb-detect - wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
g0dA/linuxStack - Linux技术栈
0voice/algorithm-structure - 2021年最新总结 500个常用数据结构，算法，算法导论，面试常用，大厂高级工程师整理总结
GeoSn0w/Blizzard-Jailbreak - An Open-Source iOS 11.0 -> 11.4.1 (soon iOS 13) Jailbreak, made for teaching purposes.
ventoy/Ventoy - A new bootable USB solution.
SkewwG/domainTools - 内网域渗透小工具
StarCross-Tech/heap_exploit_2.31 -
XiphosResearch/netelf - Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
andreafioraldi/weizz-fuzzer -
hackerschoice/gsocket - Connect like there is no firewall. Securely.
phra/PEzor - Open-Source Shellcode & PE Packer
ish-app/ish - Linux shell for iOS
kinvolk/inspektor-gadget - Introspecting and debugging Kubernetes applications using BPF "gadgets"
gloxec/CrossC2 - generate CobaltStrike's cross-platform payload
timwhitez/Cobalt-Strike-Aggressor-Scripts - Cobalt Strike Aggressor 插件包
brendan-rius/c-jwt-cracker - JWT brute force cracker written in C
bg6cq/whoisscanme -
aircrack-ng/rtl8188eus - RealTek RTL8188eus WiFi driver with monitor mode & frame injection support
dtcooper/fakehostname - Run a command and fake your hostname.
yifengyou/learn-kvm - Qemu KVM(Kernel Virtual Machine)学习笔记
blendin/3snake - Tool for extracting information from newly spawned processes
0vercl0k/sic - Enumerate user mode shared memory mappings on Windows.
upx/upx - UPX - the Ultimate Packer for eXecutables
CylanceVulnResearch/ReflectiveDLLRefresher - Universal Unhooking
DoctorWkt/acwj - A Compiler Writing Journey
limbenjamin/LogServiceCrash - POC code to crash Windows Event Logger Service
nil0x42/duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
blunderbuss-wctf/wacker - A WPA3 dictionary cracker
uf0o/CVE-2020-17382 - PoC exploits for CVE-2020-17382
libinjection/libinjection - SQL / SQLI tokenizer parser analyzer
blackarrowsec/redteam-research - Collection of PoC and offensive techniques used by the BlackArrow Red Team
chompie1337/s8_2019_2215_poc - PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass
DerekSelander/yacd - Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required
jvinet/knock - A port-knocking daemon
ThunderGunExpress/UAC-TokenDuplication -
Ascotbe/Kernelhub - :palm_tree:Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
fancycode/MemoryModule - Library to load a DLL from memory.
reactos/reactos - A free Windows-compatible Operating System
MobileForensicsResearch/mem - Tool used for dumping memory from Android devices
ARM-software/CSAL - Coresight Access Library
webview/webview_csharp - C# bindings for zserge/webview - Batteries included
webview/webview - Tiny cross-platform webview library for C/C++/Golang. Uses WebKit (Gtk/Cocoa) and Edge (Windows)
gabrielrcouto/awesome-php-ffi - PHP FFI examples and use cases
bhassani/EternalBlueC - EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader
mdsecactivebreach/firewalker -
hzqst/VmwareHardenedLoader - Vmware Hardened VM detection mitigation loader (anti anti-vm)
aligrudi/neatcc - A small arm/x86(-64) C compiler
bkerler/opencl_brute - MD5,SHA1,SHA256,SHA512,HMAC,PBKDF2,SCrypt Bruteforcing tools using OpenCL (GPU, yay!) and Python
marsyy/littl_tools -
n0b0dyCN/RedisModules-ExecuteCommand - Tools, utilities and scripts to help you write redis modules!
vulhub/redis-rogue-getshell - redis 4.x/5.x master/slave getshell module
TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
AntSwordProject/ant_php_extension - PHP 扩展, 用于 PHP-FPM、FastCGI、LD_PRELOAD等模式下突破 disabled_functions
m57/cobaltstrike_bofs - My CobaltStrike BOFS
anthemtotheego/C_Shot -
sailay1996/UAC_Bypass_In_The_Wild - Windows 10 UAC bypass for all executable files which are autoelevate true .
a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
github/securitylab - Resources related to GitHub Security Lab
qq4108863/hihttps - hihttps是一款完整源码的高性能web应用防火墙，既支持传统WAF的所有功能如SQL注入、XSS、恶意漏洞扫描、密码暴力破解、CC、DDOS等ModSecurity正则规则，又支持无监督机器学习，自主对抗未知攻击。
rvrsh3ll/BOF_Collection - Various Cobalt Strike BOFs
sailay1996/RpcSsImpersonator - Privilege Escalation Via RpcSs svc
libyal/liblnk - Library and tools to access the Windows Shortcut File (LNK) format
NtRaiseHardError/NINA - NINA: No Injection, No Allocation x64 Process Injection Technique
DanieleDeSensi/peafowl - High performance Deep Packet Inspection (DPI) framework to identify L7 protocols and extract and process data and metadata from network traffic.
elfmaster/libelfmaster - Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
elfmaster/ftrace - POSIX Function tracing
elfmaster/dsym_obfuscate - Obfuscates dynamic symbol table
ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit
redplait/armpatched - clone of armadillo patched for windows
dalvarezperez/CreateFile_based_rootkit -
mhaskar/Shellcode-In-Memory-Decoder - A simple C implementation to decoded your shellcode and writes it directly to memory
meme/hotwax - Coverage-guided binary fuzzing powered by Frida Stalker
avs333/Nougat_dlfunctions -
hack0z/byopen - 🎉A dlopen library that bypasses mobile system limitation
titansec/OpenWAF - Web security protection system based on openresty
ionescu007/faxhell - A Bind Shell Using the Fax Service and a DLL Hijack
ph4ntonn/Impost3r - 👻Impost3r -- A linux password thief
havocykp/Gh0st - 远控源码
yangyangwithgnu/bypass_disablefunc_via_LD_PRELOAD - bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail)
gentilkiwi/mimikatz - A little tool to play with Windows security
itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
sandboxie/sandboxie - The Sandboxie application
can1357/NtLua - Lua in kernel-mode because why not.
1d8/MailJack -
thebabush/bline - Naver LINE VoIP reversing stuff
kingToolbox/WindTerm - A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.
nccgroup/nccfsas - Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.
a1exdandy/checkm8-a5 - checkm8 port for S5L8940X/S5L8942X/S5L8945X
taviso/ctftool - Interactive CTF Exploration Tool
YutaroHayakawa/ipftrace2 - A packet oriented Linux kernel function call tracer
hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
rxwx/spoolsystem - Print Spooler Named Pipe Impersonation for Cobalt Strike
Katrovisch/KatroLogger - KeyLogger for Linux Systems
bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
HyperDbg/HyperDbg - State-of-the-art native debugging tool
AltraMayor/gatekeeper - The first open-source DDoS protection system
V-E-O/PoC - PoC of CVE/Exploit
vanhauser-thc/thc-hydra - hydra
luke-goddard/enumy - Linux post exploitation privilege escalation enumeration
oleavr/ios-inject-custom - Example showing how to use Frida for standalone injection of a custom payload
Echocipher/AUTO-EARN - 一个利用OneForAll进行子域收集、Shodan API端口扫描、Xray漏洞Fuzz、Server酱的自动化漏洞扫描、即时通知提醒的漏洞挖掘辅助工具
zhuotong/Android_InlineHook - Android内联hook框架
juuso/keychaindump - A proof-of-concept tool for reading OS X keychain passwords
prbinu/tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )
a2o/snoopy - Snoopy is a small library that logs all program executions on your Linux/BSD system (a.k.a. Snoopy Logger).
gentilkiwi/kirandomtpm - Get random bytes from the TPM (tool + BCrypt RNG provider)
wonderkun/CTFENV - 为应对CTF比赛而搭建的各种环境
antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
yusufqk/SystemToken - Steal privileged token to obtain SYSTEM shell
uknowsec/getSystem - webshell下提权执行命令 Reference:https://github.com/yusufqk/SystemToken
NLnetLabs/ldns - LDNS is a DNS library that facilitates DNS tool programming
noptrix/lulzbuster - A very fast and smart web directory and file enumeration tool written in C.
danigargu/CVE-2020-0796 - CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
twelvesec/passcat - Passwords Recovery Tool
chroblert/domainWeakPasswdCheck - 内网安全·域账号弱口令审计
chroblert/AssetManage -
paranoidninja/Shuriken - Offensive Android Kernel on Steroids - Shuriken is an Android kernel for Oneplus 5/5T which supports multiple features for pentesting.
newsoft/adduser - Programmatically create an administrative user under Windows
david378/ssocks - build static ssocks by cmake,cross build ssocks
V-E-O/rdp2tcp - rdp2tcp: open tcp tunnel through remote desktop connection.
brainsmoke/ptrace-burrito - a friendly wrapper around ptrace
Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
RITRedteam/Headshot - NGINX module to allow for RCE through a specific header
Genymobile/scrcpy - Display and control your Android device
bootleg/ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
pymumu/smartdns - A local DNS server to obtain the fastest website IP for the best Internet experience，一个本地DNS服务器，获取最快的网站IP，获得最佳上网体验。
outflanknl/Dumpert - LSASS memory dumper using direct system calls and API unhooking.
jonathanmetzman/wasm-fuzzing-demo - Demos of and walkthroughs on in-browser fuzzing using WebAssembly
turing-technician/FastHook - Android ART Hook
Aekras1a/darkRat_HVNC - DarkRats Standalone HVNC
SwiftLaTeX/SwiftLaTeX - SwiftLaTeX, a WYSIWYG Browser-based LaTeX Editor
GiacomoLaw/Keylogger - A simple keylogger for Windows, Linux and Mac
mohuihui/antispy - AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its
OWASP/igoat - OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
OWASP/iGoat-Swift - OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
hmgle/graftcp - A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
xmake-io/xmake - 🔥 A cross-platform build utility based on Lua
TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
blechschmidt/massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
abelcheung/rifiuti2 - Windows Recycle Bin analyser
vmonaco/kloak - Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
robertdavidgraham/rdpscan - A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.
q3k/cve-2019-5736-poc - Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)
gurnec/HashCheck - HashCheck Shell Extension for Windows with added SHA2, SHA3, and multithreading; originally from code.kliu.org
skeeto/endlessh - SSH tarpit that slowly sends an endless banner
Chion82/netfilter-full-cone-nat - A kernel module to turn MASQUERADE into full cone SNAT
hacksysteam/HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Windows Driver
y11en/BlockRDPBrute - [HIPS]RDP(3389)爆破防护
klsfct/getshell - 各大平台提权工具
wazuh/wazuh - Wazuh - The Open Source Security Platform
Halbmond/Introduction-to-Computer-Systems - Course : Introduction to Computer Systems
swaywm/sway - i3-compatible Wayland compositor
ambrop72/badvpn - NCD scripting language, tun2socks proxifier, P2P VPN
firebroo/UnixTools - 一些处理数据的Unix小工具，支持管道操作。
meyerd/n2n - A development branch of the n2n p2p vpn software
ValdikSS/p0f-mtu - p0f with patches to save MTU value and export it via API (for VPN detection)
rosehgal/BinExp - Linux Binary Exploitation
sfan5/fi6s - IPv6 network scanner designed to be fast
silight-jp/MacType-Patch - MacType Patch for DirectWrite Hook
andreiw/RaspberryPiPkg - DEPRECATED - DO NOT USE | Go here instead ->
aarond10/https_dns_proxy - A lightweight DNS-over-HTTPS proxy.
telekom-security/tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
lihaoyun6/axeldown-core - 基于axel-webm的优化项目. 通过webui调用axel进行下载
suvllian/process-inject - 在Windows环境下的进程注入方法：远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
sumatrapdfreader/sumatrapdf - SumatraPDF reader
zogvm/zogvm - zogna video manager
henkman/virgo - :virgo::computer::computer::computer::computer: Virtual desktops for Windows
netdata/netdata - Real-time performance monitoring, done right! https://www.netdata.cloud
RPISEC/MBE - Course materials for Modern Binary Exploitation by RPISEC
saaramar/execve_exploit - Hardcore corruption of my execve() vulnerability in WSL
Nat-Lab/eoip - EoIP/EoIPv6 for *nix.
tcp-nanqinlang/general - general mode via module loading
3proxy/3proxy - 3proxy - tiny free proxy server
coolstar/electra - Electra iOS 11.0 - 11.1.2 jailbreak toolkit based on async_awake
dyne/dnscrypt-proxy - DNSCrypt-Proxy repository, frankly maintained for what it does (no new features planned)
agile6v/awesome-nginx - A curated list of awesome Nginx distributions, 3rd party modules, Active developers, etc. :octocat:
guanchao/AppProtect - 整理一些app常见的加固方法，包括java层、native层和资源文件加固等
firmianay/CTF-All-In-One - CTF竞赛权威指南
Wind4/vlmcsd - KMS Emulator in C (currently runs on Linux including Android, FreeBSD, Solaris, Minix, Mac OS, iOS, Windows with or without Cygwin)
Motion-Project/motion - Motion, a software motion detector. Home page: https://motion-project.github.io/
mpv-player/mpv - 🎥 Command line video player
gsliepen/tinc - a VPN daemon
hardenedlinux/linux-exploit-development-tutorial - a series tutorial for linux exploit development to newbie.
NoahhhRyan/krackattacks-test -
hfiref0x/UACME - Defeating Windows User Account Control
tinyproxy/tinyproxy - tinyproxy - a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
mitchellkrogza/apache-ultimate-bad-bot-blocker - Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
vanhoefm/krackattacks-scripts -
droberson/icmp-backdoor - Backdoor that listens for specially crafted ICMP packets and spawns reverse shells.
giltu/KernelPCC - PCC is a new approach for TCP congestion control base on real-time performance analysis. This is a kernel implementation of it.
madeye/tcp_china - TCP China congestion control algorithm
gatieme/AderXCoding - 介绍各类语言，库，系统编程以及算法的学习
session-replay-tools/tcpcopy - An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc
sudeshnapal12/Web-Application-Firewall - Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, X
50m30n3/dsptunnel - IP over audio tunnel
usagiryu/unit - Unit 中文文档源，每 24 小时与官方同步。中文文档请点README_CN.md。
Ridter/Pentest - tools
dosgo/ngrok-c - ngrok client for c language,Due to the use of GO ngrok language development, porting to embedded devices some inconvenience, such as openwrt, so use C language rewrite a client. Very mini, the need to
dlundquist/sniproxy - Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
haiwen/seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.
WireGuard/wireguard-monolithic-historical - Historical monolithic WireGuard repository, split into wireguard-tools, wireguard-linux, and wireguard-linux-compat.
git-hulk/tcpkit - the tcpkit was designed to make network packets programable with Lua script
shuax/LocateIP - 高效的IP数据库解析库
snooda/net-speeder - net-speeder 在高延迟不稳定链路上优化单线程下载速度
unamer/vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5
axel-download-accelerator/axel - Lightweight CLI download accelerator
skywind3000/kcp - :zap: KCP - A Fast and Reliable ARQ Protocol
osqzss/gps-sdr-sim - Software-Defined GPS Signal Simulator
magkopian/keepassxc-debian - Debian source package for the KeePassXC password manager.
ScottyBauer/Android_Kernel_CVE_POCs - A list of my CVE's with POCs
axi0mX/ios-kexec-utils - boot LLB/iBoot/iBSS/iBEC image from a jailbroken iOS kernel
santoru/filewatcher - A simple auditing utility for macOS
Cn33liz/HSEVD-ArbitraryOverwrite - HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit
c0d3z3r0/sudo-CVE-2017-1000367 -
Chion82/kcptun-raw - Kcptun with raw socket and fake TCP headers.
klsecservices/Invoke-Vnc - Powershell VNC injector
DhavalKapil/icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.
shudo/shujit - Java Just-in-Time Compiler for x86 processors
opsxcq/exploit-CVE-2017-7494 - SambaCry exploit and vulnerable container (CVE-2017-7494)
raminfp/linux-4.8.0-netfilter_icmp - Anatomy of a linux kernel development
DhavalKapil/heap-exploitation - This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
ANSSI-FR/AD-control-paths - Active Directory Control Paths auditing and graphing tools
ValdikSS/GoodbyeDPI - GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)
ufrisk/pcileech - Direct Memory Access (DMA) Attack Software
Cybellum/DoubleAgent - Zero-Day Code Injection and Persistence Technique
gentilkiwi/wanakiwi - Automated wanadecrypt with key recovery if lucky
jtesta/ssh-mitm - SSH man-in-the-middle tool
SecWiki/linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合
adafruit/Adafruit-GPIO-Halt - Press-to-halt program for headless Raspberry Pi. Similar functionality to the rpi_power_switch kernel module from the fbtft project, but easier to compile (no kernel headers needed).
greensea/mptunnel - MPUDP Tunnel (User space MultiPath UDP)
Riscure/Rhme-2016 - Rhme2 challenge (2016)
leechristensen/UnmanagedPowerShell - Executes PowerShell from an unmanaged process
peperunas/injectopi - A set of tutorials about code injection for Windows.
hasherezade/demos - Demos of various injection techniques found in malware
google/honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
mubix/post-exploitation - Post Exploitation Collection
hxp2k6/smart7ec-scan-console - 基于Linux c开发的插件式扫描器(Python/lua)
SpacehuhnTech/esp8266_deauther - Affordable WiFi hacking platform for testing and learning
s0lst1c3/eaphammer - Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
LukaSikic/Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
kala13x/scap - Network Sniffer (Scan and Capture Incoming Packets)
nmap/ncrack - Ncrack network authentication tool
SecWiki/windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
ele7enxxh/Android-Inline-Hook - thumb16 thumb32 arm32 inlineHook in Android
laginimaineb/cve-2015-6639 - QSEE Privilege Escalation Exploit using PRDiag* commands (CVE-2015-6639)
deamwork/inetutils - the copy of https://git.savannah.gnu.org/cgit/inetutils.git/ with knali support
traviscross/mtr - Official repository for mtr, a network diagnostic tool
kmyk/libproofofwork - Simple hash-mining c library and its python binding.
boywhp/wifi_crack_windows - wifi crack project for windows
zcgonvh/NTDSDumpEx - NTDS.dit offline dumper with non-elevated
derrekr/android_security - Public Android Vulnerability Information (CVE PoCs etc)
googleprojectzero/winafl - A fork of AFL for fuzzing Windows binaries
F-Stack/f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API.
mrschyte/pentestkoala - Modified dropbear server which acts as a client and allows authless login
openwall/john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
netblue30/firejail - Linux namespaces and seccomp-bpf sandbox
Azard/SE315-OperatingSystem - SJTU-SE315 Operating System labs from MIT 6.828, by a SE12er.
gamelinux/passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
spacehuhn/wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
danieljiang0415/android_kernel_crash_poc -
robertfisk/USG - The USG is Good, not Bad
ossec/ossec-hids - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
iovisor/bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
huntergregal/mimipenguin - A tool to dump the login password from the current linux user
SamyPesse/How-to-Make-a-Computer-Operating-System - How to Make a Computer Operating System in C++
nonstriater/Learn-Algorithms - 算法学习笔记
wg/wrk - Modern HTTP benchmarking tool

C#

BornToBeRoot/NETworkManager - A powerful tool for managing networks and troubleshoot network problems!
vletoux/PingCastleCloud - Audit program for AzureAD
BeichenDream/SharpToken - .NET版本的incognito
ch2sh/Jlaive - Antivirus Evasion Tool for .NET/Native (x64) Executables
casbin-net/redis-adapter - Redis adapter for Casbin.NET
pwn1sher/frostbyte - FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
ch2sh/BatchGuard - Batch file AV evasion and obfuscation solution
CervantesSec/cervantes - Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
xpn/AppProxyC2 -
improsec/SharpEventPersist - Persistence by writing/reading shellcode from Event Log
EricZimmerman/evtx - C# based evtx parser with lots of extras
Ryze-T/CNVD-2022-10270-LPE - 基于向日葵RCE的本地权限提升，无需指定端口
Hagrid29/DuplicateDump - Dumping LSASS with a duplicated handle from custom LSA plugin
fox-it/LDAPFragger -
nettitude/SharpWSUS -
BloodHoundAD/SharpHoundCommon - Common library used by SharpHound.
nettitude/MalSCCM -
Viralmaniar/DDWPasteRecon - DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, password hashes. It also allow member of SOC & Blue Team to gain situational awareness of the organisation's
Dec0ne/KrbRelayUp - KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
whitesquirrell/C0deVari4nt - A variant analysis and visualisation tool that scans codebases for similar vulnerabilities
arsium/EagleMonitorRAT - Remote Access Tool Written In C#
onSec-fr/Http-Asynchronous-Reverse-Shell - [POC] Asynchronous reverse shell using the HTTP protocol.
yck1509/ConfuserEx - An open-source, free protector for .NET applications
daem0nc0re/AtomicSyscall - Tools and PoCs for Windows syscall investigation.
scotty-kdw/ARM-Analyzer - Backward Taint Analysis (GUI) on Desktop : Analyzing trace log to determine exploitability by tracking data propagation
RowTeam/SharpDecryptPwd - SharpDecryptPwd source, To Decrypt Navicat,Xmanager,Filezilla,Foxmail,WinSCP,etc
Gr1mmie/AtlasC2 - C# C2 Framework centered around Stage 1 operations
wwh1004/ExtremeDumper - .NET Assembly Dumper
netero1010/ScheduleRunner - A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
Group3r/Group3r - Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
helviojunior/shellcodetester - An application to test windows and linux shellcodes
JDArmy/SharpXDecrypt - Xshell全版本密码恢复工具
cube0x0/KrbRelay - Framework for Kerberos relaying
0xthirteen/SharpStay - .NET project for installing Persistence
skahwah/SQLRecon - A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
tothi/SharpStay - .NET project for installing Persistence
dqcostin/SharpGetinfo - 关于工作组和域信息收集的工具
Flangvik/CobaltBus - Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
ly4k/SpoolFool - Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
py7hagoras/GetSystem - This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.
mrd0x/EvilSelenium - EvilSelenium is a tool that weaponizes Selenium to attack Chromium based browsers.
jfmaes/AmsiHooker - Hookers are cooler than patches.
VbScrub/Rubeus-GUI - GUI alternative to the Rubeus command line tool, for all your Kerberos exploit requirements
qH0sT/AndroSpy - An Android RAT that written in C# by me
stomakun/WechatExport-iOS - Save iOS WeChat history as HTML or TXT with neat layout and picture & audio support.
snovvcrash/MirrorDump - Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
mandiant/SharPersist -
An0nySec/UserAdd - Bypass AV 用户添加
daem0nc0re/PrivFu - Kernel mode WinDbg extension and PoCs for token privilege investigation.
pwn1sher/WMEye - WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement
bohops/RogueAssemblyHunter - Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
VollRagm/KernelBypassSharp - C# Kernel Mode Driver to read and write memory in protected processes
punk-security/smbeagle - SMBeagle - Fileshare auditing tool.
evi1ox/sharpNetstat -
Jumbo-WJB/SharpAllowedToAct-Modify - resource-based constrained delegation RBCD
Ridter/SharpAddDomainMachine - SharpAddDomainMachine
cube0x0/noPac - CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
snovvcrash/DInjector - Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
matterpreter/FindETWProviderImage - Quickly search for references to a GUID in DLLs, EXEs, and drivers
A-D-Team/SharpMemshell - Memshell
daem0nc0re/SharpWnfSuite - C# Utilities for Windows Notification Facility
hackthedev/teardrop - Open-Source Ransomware Project for learning purpose only written in C# (csharp). Dont use it for bad things.
qH0sT/Ransomware-Builder-v3.0 -
Jhangju/bypass-sandbox-antivirus-detection-using-human-interaction-technique-by-cheking-mouse-movement - This project actually checks for the mouse movement if reach to 100 pixel it will start cmd and open cmd.exe and chrome.exe. Just to give idea that some sandbox does not use mouse movements.
DamonMohammadbagher/NativePayload_ReverseShell - This is Simple C# Source code to Bypass almost "all" AVS, (kaspersky v19, Eset v12 v13 ,Trend-Micro v16, Comodo & Windows Defender Bypassed via this method Very Simple)
Kara-4search/MappingInjection_CSharp - MappingInjection via csharp
tedyyu/ProcDumpEx - ProcDumpEx = ProcDump in batch mode
rasta-mouse/ExternalC2.NET - .NET implementation of Cobalt Strike's External C2 Spec
ldqk/Masuit.Tools - 包含一些常用的操作类，大都是静态类，加密解密，反射操作，权重随机筛选算法，分布式短id，表达式树，linq扩展，文件压缩，多线程下载和FTP客户端，硬件信息，字符串扩展方法，日期时间扩展操作，中国农历，大文件拷贝，图像裁剪，验证码，断点续传，集合扩展、Excel导出等常用封装。诸多功能集一身，代码量不到2MB！
ryhanson/ExternalC2 - A library for integrating communication channels with the Cobalt Strike External C2 server
chr0n1k/AH2021Workshop - Malware development for red teaming workshop
Rices/Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
knight0x07/ImpulsiveDLLHijack - C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
iomoath/PowerShx - Run Powershell without software restrictions.
leechristensen/SpoolSample - PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.
plackyhacker/Shellcode-Injection-Techniques - A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some tec
plackyhacker/Suspended-Thread-Injection - Another meterpreter injection technique using C# that attempts to bypass Defender
0x727/SchTask_0x727 - 创建隐藏计划任务，权限维持，Bypass AV
7hr0wer/ProxyValidator - 用C#开发的简单的多线程代理验证工具。
tevora-threat/SharpView - C# implementation of harmj0y's PowerView
pornin/paradox-compress - Paper and Demo Implementation of Paradoxical Compression with VDF
StarZHF/Foxmail-Password-Recovery -
zacateras/sddl-parser - Security Descriptor Definition Language (SDDL) Parser
pentest-tools-public/Pass-to-hash-EWS -
Kara-4search/HellgateLoader_CSharp - Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
GhostPack/SharpDPAPI - SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
0xFenrik/Eternalblue - Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
ChoiSG/SharpJfmaesWorkshop - things I learned from @jfmaes's .NET reflection workshop - thank you for the great workshop
RiccardoAncarani/LiquidSnake - LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
waf/CSharpRepl - A command line C# REPL with syntax highlighting – explore the language, libraries and nuget packages interactively.
eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
evilashz/SharpADUserIP - 提取DC日志，快速获取域用户对应IP地址
iomoath/SharpSpray - Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.
GhostPack/RestrictedAdmin - Remotely enables Restricted Admin Mode
X-C3LL/xlsxPoison - Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin)
fozavci/WeaponisingCSharp-Fundamentals - Weaponising C# - Fundamentals Training Content
bitsadmin/fakelogonscreen - Fake Windows logon screen to steal passwords
YDHCUI/csload.net - 一个cobaltstrike shellcode加载器，过国内主流杀软
EncodeGroup/UAC-SilentClean - New UAC bypass for Silent Cleanup for CobaltStrike
deadjakk/Reg1c1de - Registry permission scanner written in C# for finding potential privesc avenues within registry
mai1zhi2/SharpBeacon - CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
mobdk/Upsilon - Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
FortyNorthSecurity/EDD - Enumerate Domain Data
chvancooten/OSEP-Code-Snippets - A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
w1u0u1/smb2os - Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
iomoath/SharpStrike - A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
gellin/bantam - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
cube0x0/MiniDump - C# Lsass parser
uknowsec/SharpCryptPermute - Crypt/Decrypt Proxyshell Payload
PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, install
nettitude/SharpSocks - Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
med0x2e/SigFlip - SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
CCob/BeaconEye - Hunts out CobaltStrike beacons and logs operator command output
SharpC2/SharpC2 - Command and Control Framework written in C#.
GhostPack/ForgeCert - "Golden" certificates
GhostPack/Certify - Active Directory certificate abuse.
Flangvik/DeployPrinterNightmare - C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
GhostPack/SharpWMI - SharpWMI is a C# implementation of various WMI functionality.
Flangvik/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
bats3c/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
med0x2e/GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
qwqdanchun/Bypass - 免杀测试（替换图片链接即可使用）
zcgonvh/EfsPotato - Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
tuian/subTee-gits-backups - subTee gists code backups
Inf0secRabbit/BadAssMacros - BadAssMacros - C# based automated Malicous Macro Generator.
cube0x0/CVE-2021-36934 - C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM
GhostPack/Rubeus - Trying to tame the three-headed dog.
FortyNorthSecurity/CIMplant - C# port of WMImplant which uses either CIM or WMI to query remote systems
aniqfakhrul/Sharperner - Simple executable generator with encrypted shellcode.
qwqdanchun/DcRat - A simple remote tool in C#.
dotnet/roslyn - The Roslyn .NET compiler provides C# and Visual Basic languages with rich code analysis APIs.
connormcgarr/LittleCorporal - LittleCorporal: A C# Automated Maldoc Generator
CuteLeon/LogFactory - 企业日志分析工具
OG-Sadpanda/SharpSword - Read the contents of DOCX files using Cobalt Strike's Execute-Assembly
klezVirus/CheeseTools - Self-developed tools for Lateral Movement/Code Execution
OG-Sadpanda/SharpExcelibur - Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly
AnErrupTion/LoGiC.NET - A more advanced free and open .NET obfuscator using dnlib.
Mr-Un1k0d3r/ADHuntTool - official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
MythicAgents/Apollo - A .NET Framework 4.0 Windows Agent
Yaxser/SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
Kara-4search/DInvoke_shellcodeload_CSharp - ShellCodeLoader via DInvoke
Flangvik/SharpProxyLogon - C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
dahall/Vanara - A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
LimerBoy/FireFox-Thief - :fox_face: Decrypt gecko based browsers passwords, cookies, history, bookmarks.
gourk/FirePwd.Net - Password reader for Mozilla Firefox and Thunderbird
BinaryScary/NET-Obfuscate - Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI
sourceincite/CVE-2021-24085 -
cube0x0/CVE-2021-1675 - C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
DamonMohammadbagher/FSWatch - File System Watcher via C# (Monitoring File Activity , Create/Delete/Change/Rename events + some Activity like Size/Attribute/Security Changes & LastAccess, LastWrite etc...)
nettitude/RunPE - C# Reflective loader for unmanaged binaries.
GhostPack/SharpDump - SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
IlanKalendarov/SharpHook - SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
improsec/ImproHound - Identify the attack paths in BloodHound breaking your AD tiering
GetRektBoy724/SharpUnhooker - C# Based Universal API Unhooker
rasta-mouse/AsyncSockets - Example of async client/server sockets in .NET 5
d3adzo/shepard - In progress persistent download/upload/execution tool using Windows BITS.
enkomio/ManagedInjector - A C# DLL injection library
lithnet/ad-password-protection - Active Directory password filter featuring breached password checking and custom complexity rules
dionach/NtdsAudit - An Active Directory audit utility
jfmaes/SharpRDPDump - Create a minidump of TermService for clear text pw extraction
AaronRobinsonMSFT/COMInterop - Example on how to consume a COM server from a .NET client and a .NET server from a COM client. Examples are for both using the Registry and for RegFree.
S3cur3Th1sSh1t/SyscallAmsiScanBufferBypass - AmsiScanBufferBypass using D/Invoke
mitchmoser/SharpShares - Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
Dliv3/DomainBorrowing - Domain Borrowing PoC
Cerbersec/DomainBorrowingC2 -
marius-rothenbuecher/PentestBro - Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes f
jfmaes/SharpNukeEventLog - nuke that event log using some epic dinvoke fu
RowTeam/SharpDetectionNTLMSSP - 利用 NTLMSSP 探测 Windows 信息
xpnas/inotify - 一个简易消息通知系统，支持企业微信、电报机器人、邮件推送、内置BARK推送、钉钉群机器人、飞书群机器人，类似Server酱，支持私有Docker部署
cyberark/Evasor - A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
S3cur3Th1sSh1t/SharpNamedPipePTH - Pass the Hash to a named pipe for token Impersonation
Ben0xA/DoUCMe -
juliourena/SharpNoPSExec - Get file less command execution for lateral movement.
TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk.
Hzllaga/JsLoader - js免杀shellcode，绕过杀毒添加自启
Kevin-Robertson/InveighZero - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
mgeeky/SharpWebServer - Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
uknowsec/SharpOSS - Quickly upload files to aliyun OSS by aliyun-oss-csharp-sdk
checkymander/Sharp-SMBExec - SMBExec C# module
DebugST/STPortScanner - [端口扫描器] 采用.NET开发的端口扫描器支持端口协议探测内置多种类型扫描器 TCP/UDP/SYN/SMB/ICMP 等采用IOCP模型开发性能表现不错可视为轻量级NMAP
dahall/TaskScheduler - Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.
FSecureLABS/SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by th
S3cur3Th1sSh1t/Sharp-HackBrowserData - C# binary with embeded golang hack-browser-data
w1u0u1/exec - Use current thread token to execute command
Hzllaga/RDODecrypt - Remote Desktop Organizer 密码破解
ChoiSG/UuidShellcodeExec - PoC for UUID shellcode execution using DInvoke
airzero24/WMIReg - PoC to interact with local/remote registry hives through WMI
proxysu/ProxySU - Xray,V2ray，Trojan，NaiveProxy, Trojan-Go, ShadowsocksR(SSR),Shadowsocks-libev及相关插件,MTProto+TLS 一键安装工具，windows下用（一键科学上网）
FSecureLABS/physmem2profit - Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
odedshimon/BruteShark - Network Analysis Tool
calebstewart/bypass-clm - PowerShell Constrained Language Mode Bypass
hausec/MaliciousClickOnceMSBuild - Basic C# Project that will take an MSBuild payload and run it with MSBuild via ClickOnce.
Anonymous-ghost/AttackWebFrameworkTools-5.0 - 本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵RCE 等等.
Aetsu/OffensivePipeline - OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
mdsecactivebreach/Farmer -
KINGSABRI/DotNetToJScriptMini - A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
Kevin-Robertson/Sharpmad - C# version of Powermad
swisskyrepo/SharpLAPS - Retrieve LAPS password from LDAP
Flangvik/AzureC2Relay - AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.
FuzzySecurity/Dendrobate - Managed code hooking template.
soufianetahiri/HttpRquestPlayer - This small utility could help you to find authorization bugs.
rvrsh3ll/SharpSMBSpray - Spray a hash via smb to check for local administrator access
BeichenDream/WhetherMysqlSham - 检测目标Mysql数据库是不是蜜罐
An0nySec/ShadowUser - 影子用户克隆
bats3c/EvtMute - Apply a filter to the events being reported by windows event logging
JoniRinta-Kahila/WPCracker - WordPress pentest tool
zcgonvh/CVE-2020-0688 - Exploit and detect tools for CVE-2020-0688
JamesCooteUK/SharpSphere - .NET Project for Attacking vCenter
py7hagoras/CovenantTasks - Source for tasks I have used with Covenant
srini0x00/dvta - Damn Vulnerable Thick Client App developed in C# .NET
uknowsec/SharpSQLTools - SharpSQLTools 和@Rcoil一起写的小工具，可上传下载文件，xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。
Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
b4rtik/SharpKatz - Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
jnqpblc/SharpTask - SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
ReverendThing/Carnivore - Microsoft External Attack Tool
FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
FatRodzianko/SharpBypassUAC - C# tool for UAC bypasses
GoSecure/WSuspicious - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
bitsadmin/nopowershell - PowerShell rebuilt in C# for Red Teaming purposes
wuhan005/Asteroid - 💫 CTF AWD 实时 3D 攻击大屏
rasta-mouse/EWSToolkit - Abusing Exchange via EWS
mubix/solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
zcgonvh/CVE-2020-17144 - weaponized tool for CVE-2020-17144
Airboi/CVE-2020-17144-EXP - Exchange2010 authorized RCE
securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
cube0x0/SharpMapExec -
jas502n/SSCMS_Decrypt - sscms database decrypt
outflanknl/EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
RcoIl/CSharp-Tools - .NET C# Tools
Ch1ngg/SharpGetTitle - SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器
antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
rocksdanister/lively - Free and open-source software that allows users to set animated desktop wallpapers and screensavers.
huiyadanli/RevokeMsgPatcher - :trollface: A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁（我已经看到了，撤回也没用了）
cobbr/SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
med0x2e/NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
NVISOsecurity/DInvisibleRegistry - DInvisibleRegistry
matterpreter/DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
3F/DllExport - .NET DllExport with .NET Core support (aka 3F/DllExport aka DllExport.bat)
TheWover/DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
mandiant/OfficePurge -
hayasec/360SafeBrowsergetpass - 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具，用于节省红队工作量，通过下载浏览器数据库、记录密钥来离线解密浏览器密码。
smartlockpicking/BLE_HackMe - Bluetooth Low Energy hardware-less HackMe
awaescher/Fusion - 🧰 A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)
rasta-mouse/ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
xforcered/StandIn - StandIn is a small .NET35/45 AD post-exploitation toolkit
EncodeGroup/AggressiveProxy - Project to enumerate proxy configurations and generate shellcode from CobaltStrike
xiaoxiaoleo/Scan-and-Clean-Macro-Virus - Scan and clean specific Macro Virus, #C Sharp
Mr-Un1k0d3r/RedTeamCSharpScripts - C# Script used for Red Team
TGSAN/CMWTAT_Digital_Edition - CloudMoe Windows 10 Activation Toolkit get digital license, the best open source Win 10 activator in GitHub. GitHub 上最棒的开源 Win10 数字权利（数字许可证）激活工具！
wesleydekraker/xamarin-security-scanner - A tool to find security vulnerabilities in Xamarin.Android apps.
dev-2null/KerberosRun - A little tool to play with Kerberos.
ustayready/SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments
tyranid/DotNetToJScript - A tool to create a JScript file which loads a .NET v2 assembly from memory.
EncodeGroup/AggressiveGadgetToJScript - A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
EncodeGroup/Gopher - C# tool to discover low hanging fruits
b4rtik/SharpAdidnsdump - c# implementation of Active Directory Integrated DNS dumping (authenticated user)
mez-0/DecryptRDCManager - .NET 4.0 Remote Desktop Manager Password Gatherer
uknowsec/SharpSQLDump - 内网渗透中快速获取数据库所有库名，表名，列名。具体判断后再去翻数据，节省时间。适用于mysql，mssql。
Apr4h/CobaltStrikeScan - Scan files or process memory for CobaltStrike beacons and parse their configuration
r3nhat/SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation.
CCob/Rubeus - Trying to tame the three-headed dog.
rasta-mouse/Fork-n-Run -
checkymander/Zolom - C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed
r3nhat/GRAT2 - We developed GRAT2 Command & Control (C2) project for learning purpose.
Kudaes/LOLBITS - ** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
vivami/SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords..
mez-0/MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement
passthehashbrowns/SharpBuster - SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and similar tools, when running a similar tool over a SOCKS proxy is
ph09nix/APSoft-Web-Scanner-v2 - Powerful dork searcher and vulnerability scanner for windows platform
G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
chromelyapps/Chromely - Build Cross Platform HTML Desktop Apps on .NET using native GUI, HTML5, JavaScript, CSS, Owin, AspNetCore (MVC, RazorPages, Blazor)
slyd0g/LNKMod - C# project to create or modify existing LNKs
lontivero/Open.NAT - Lightweight and easy-to-use class library to allow port forwarding in NAT devices with UPNP and/or PMP
sf197/GetPwd - 用CSharp写的一款信息搜集工具，目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密
BeichenDream/MysqlT - 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
rasta-mouse/MiscTools - Miscellaneous Tools
mez-0/CSharpWinRM - .NET 4.0 WinRM API Command Execution
RiccardoAncarani/DirSync-Poc - A PoC that uses the DirSync protocol to poll Active Directory for changes
BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
BloodHoundAD/SharpHound2 - The Old BloodHound C# Ingestor (Deprecated)
WayneJLee/CsharpAmsiBypass - C# loader for msfvenom shellcode with AMSI bypass
aduskin/AduSkin - A Beautiful WPF Control UI
TalAloni/SMBLibrary - Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library
rnwood/smtp4dev - smtp4dev - the fake smtp email server for development and testing
3xpl01tc0d3r/ProcessInjection - This program is designed to demonstrate various process injection techniques
Flangvik/SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet
vletoux/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
RythmStick/ProxyPunch - Finding SSL Blindspots for Red Teams
Mr-B0b/SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
jfmaes/GG-AESY - Hide cool stuff in images :)
MrFooL137/WebSocketRemoteControl - Remote Control With WebSocket
checkymander/Carbuncle - Tool for interacting with outlook interop during red team engagements
fullmetalcache/PowerLine -
djhohnstein/SharpSearch - Search files for extensions as well as text within.
crawl3r/FunWithAMSI - A repo to hold any bypasses I work on/study/whatever
Flangvik/SharpDllProxy - Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
jfmaes/TrustJack - Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
Fody/Costura - Embed references as resources
EquiFox/KsDumper - Dumping processes using the power of kernel space !
tomcarver16/ADSearch - A tool to help query AD via the LDAP protocol
bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
mvelazc0/PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
GitCredentialManager/git-credential-manager - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
360-Linton-Lab/Telemetry - WINDOWS TELEMETRY权限维持
GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
mdsecactivebreach/sitrep -
jfmaes/Clippi-B -
thiagomayllart/Covenant_Alternate - Covenant is a collaborative .NET C2 framework for red teamers.
Hzllaga/ShellcodeLoader - 将shellcode用rsa加密并动态编译exe，自带几种反沙箱技术。
SpiderLabs/SharpCompile - SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into
dotnet/ILMerge - ILMerge is a static linker for .NET Assemblies.
RedLectroid/SearchOutlook - A C# tool to search through a running instance of Outlook for keywords
Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into me
QAX-A-Team/sharpwmi - sharpwmi是一个基于rpc的横向移动工具，具有上传文件和执行命令功能。
am0nsec/SharpHellsGate - C# Implementation of the Hell's Gate VX Technique
RythmStick/AMSITrigger - The Hunt for Malicious Strings
QAX-A-Team/BrowserGhost - 这是一个抓取浏览器密码的工具，后续会添加更多功能
WingsOfDoom/ICU - quick 'n dirty poc based on PoC windows auth prompt in c# based on https://gist.githubusercontent.com/mayuki/339952/raw/2c36b735bc51861a37194971a5e944f22c94df7c/CredentialUI.cs
dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
ZecOps/CVE-2020-1206-POC - CVE-2020-1206 Uninitialized Kernel Memory Read POC
FuzzySecurity/Sharp-Suite - Also known by Microsoft as Knifecoat :hot_pepper:
malwareinfosec/EKFiddle - Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.
1y0n/AV_Evasion_Tool - 掩日 - 免杀执行器生成工具
reconness/reconness - ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
TheKingOfDuck/MatryoshkaDollTool - MatryoshkaDollTool-程序加壳/捆绑工具
goichot/CVE-2020-3153 - Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal
Tycx2ry/SweetPotato_CS - 修改的SweetPotato，使之可以用于CobaltStrike v4.0
3gstudent/SharpRDPCheck - Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)
Soledge/BlockEtw - .Net Assembly to block ETW telemetry in current process
Viralmaniar/HiveJack - This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM hives and once copied to the atta
CCob/SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
djhohnstein/SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
BeichenDream/BadPotato - Windows 权限提升 BadPotato
infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
cube0x0/SharpeningCobaltStrike - in realtime v35/40 dotnet compiler for your linux Cobalt Strike C2. New fresh compiled and obfuscated binary for each use
pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
uknowsec/SweetPotato - Modifying SweetPotato to support load shellcode and webshell
uknowsec/SharpNetCheck -
cobbr/Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
cobbr/Elite - Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraf
cyberark/zBang - zBang is a risk assessment tool that detects potential privileged account threats
MichaelGrafnetter/DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
rveldhoven/chocoProxy -
mandiant/SilkETW -
gerardog/gsudo - A Sudo for Windows
rasta-mouse/Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
k8gege/Ladon - 大型内网渗透扫描器&Cobalt Strike，Ladon9.1.8内置160个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB
gabrielxvx/zh-fiddler - Fiddler Web Debugger 中文版
harleyQu1nn/AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
guillaC/wsManager - Webshell Manager
restran/shellcat - ⚡️ ShellCat is a Reverse Shell Manager
uknowsec/SharpCheckInfo - 收集目标主机信息，包括最近打开文件，系统环境变量和回收站文件等等
Cn33liz/p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
netchx/netch - A simple proxy client
kenvix/USBCopyer - 😉 用于在插上U盘后自动按需复制该U盘的文件。”备份&偷U盘文件的神器”（写作USBCopyer，读作USBCopier）
P1CKLES/SharpBox - SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
Wohlstand/Destroy-Windows-10-Spying - !!!UNMAINTAINED!!! Destroy Windows Spying tool
djhohnstein/EventLogParser - Parse PowerShell and Security event logs for sensitive information.
samk1/IISPowershellModule - IIS Handler for *.ps1 files
AnyListen/YaVipCore - Net Core Music Interface
duplicati/duplicati - Store securely encrypted backups in the cloud!
Kevin-Robertson/Inveigh - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
GangZhuo/kcptun-gui-windows - GUI for kcptun (https://github.com/xtaci/kcptun). (Need .NET framework 4.5)
mo-xiaoxi/CTFtools - 本项目主要搜集一些关于信息安全攻防相关的知识与工具，便于个人的渗透工作。
zgcwkj/TestBaiduPassword - 百度网盘分享文件密码测试器
greenshot/greenshot - Greenshot for Windows - Report bugs & features go here: https://greenshot.atlassian.net or look for information on:
TheM4hd1/JCS - Joomla Vulnerability Component Scanner
xupefei/Locale-Emulator - Yet Another System Region and Language Simulator
YalcinYolalan/WSSAT - WEB SERVICE SECURITY ASSESSMENT TOOL
ShareX/ShareX - ShareX is a free and open source program that lets you capture or record any area of your screen and share it with a single press of a key. It also allows uploading images, text or other types of file
bitbeans/SimpleDnsCrypt - A simple management tool for dnscrypt-proxy
TheM4hd1/PenCrawLer - An Advanced Web Crawler and DirBuster
yingDev/WGestures - Modern mouse gestures for Windows. (C#)
digimezzo/knowte-windows - Note taking
MediaPortal/MediaPortal-2 - Development of MediaPortal 2
Rushyo/VindicateTool - LLMNR/NBNS/mDNS Spoofing Detection Toolkit
RadioWar/NFCGUI - NFCGUI 一个万恶的无聊的Windows图形界面！ GUI for libnfc
microsoft/DbgShell - A PowerShell front-end for the Windows debugger engine.
VahidN/GitHubFolderDownloader - It lets you to download a single folder of a repository without cloning or downloading the whole repository.
hexadezi/adbGUI - Wrapper for Android Debug Bridge (ADB) written in C#
mili-tan/mV2RayConfig -
nccgroup/UPnP-Pentest-Toolkit - UPnP Pentest Toolkit for Windows
KeeTrayTOTP/KeeTrayTOTP - Tray TOTP Plugin for KeePass2.
JanisEst/KeePassQRCodeView - KeePass 2.x plugin which shows QR Codes for entry fields.
securifybv/ShellLink - A .NET Class Library for processing ShellLink (LNK) files
canton7/SyncTrayzor - Windows tray utility / filesystem watcher / launcher for Syncthing
TkYu/ChromeUpdater - :)
1217950746/Arthas-WPFUI - WPF 控件库，支持 .Net Core 3 + & .Net 4.6.2 +
chenjia404/ChromeAutoUpdate - 一个自动更新chrome的小工具
thoemmi/7Zip4Powershell - Powershell module for creating and extracting 7-Zip archives
p3nt4/PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.
tomrus88/CASCExplorer - CASCExplorer
marx-yu/WopiHost - Office Online Server Wopi Host implement, No need Cobalt. Support DOCX, XLSX, PPTX online editing.
zcgonvh/cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
t3ntman/Social-Engineering-Payloads - Collection of social engineering payloads
Choudai/R10 - Lightweight Ransomware @Choudai
thangchung/awesome-dotnet-core - :honeybee: A collection of awesome .NET core libraries, tools, frameworks and software
nsacyber/Windows-Event-Log-Messages - Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber
DEVSENSE/Phalanger - PHP 5.4 compiler for .NET/Mono frameworks. Predecessor to the opensource PeachPie project (www.peachpie.io).
isukces/cs2php - C# to PHP compiler
zcgonvh/SSMSPwd - SQL Server Management Studio(SSMS) saved password dumper
dxflatline/flatpipes - A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.
Kyrodan/KeeAnywhere - A cloud storage provider plugin for KeePass Password Safe
googleprojectzero/sandbox-attacksurface-analysis-tools - Set of tools to analyze Windows sandboxes for exposed attack surface.
shack2/SuperSQLInjectionV1 - 超级SQL注入工具（SSQLInjection）是一款基于HTTP协议自组包的SQL注入工具,采用C#开发，直接操作TCP会话来进行HTTP交互，支持出现在HTTP协议任意位置的SQL注入，支持各种类型的SQL注入，支持HTTPS模式注入；支持以盲注、错误显示、Union注入等方式来获取数据；支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite
sacwtv/Altman - the cross platform webshell tool in .NET
keepwn/Altman - the cross platform webshell tool in .NET
LazoCoder/Windows-Hacks - Creative and unusual things that can be done with the Windows API.
gaochundong/Cowboy - Cowboy.Sockets is a C# library for building sockets based services.
magicdict/MongoCola - A MongoDB Administration Tool

C++

Tatsu-syo/noMeiryoUI - No!! MeiryoUI is Windows system font setting tool on Windows 8.1/10/11.
ReversingID/Shellcode-Loader - Open repository for learning dynamic shellcode loading (sample in many programming languages)
NtQuerySystemInformation/NlsCodeInjectionThroughRegistry - Dll injection through code page id modification in registry. Based on jonas lykk research
wanttobeno/AntiDebuggers - 30种方法检测程序是否被调试
hasherezade/process_overwriting - Yet another variant of Process Hollowing
yanghaoi/LaunchSystemCmd - 在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。
lab52io/LeakedHandlesFinder - Leaked Windows processes handles identification tool
3nock/sub3suite - a free, open source, cross platform Intelligence gathering tool.
webraybtl/CVE-2022-25943 - CVE-2022-25943
ZeroMemoryEx/U-Boat - Russia Wipers Dropper (REvil Ransomware included) (educational-purposes )
trailofbits/maat - Open-source symbolic execution framework: https://maat.re
VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution - This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)
qiang/Riru-ModuleFridaGadget - 一个magisk 的模块，简化版，依赖 riru，能够简单的hook，并且加载动态库，目前用来加载 frida 的gadget 库，从而使hook脱离命令行和server，并且能够在多进程中加载
FULLSHADE/Auto-Elevate - Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
midisec/BypassAnti-Virus - 免杀姿势学习、记录、复现。
44670/p7zip-wasm -
LuxNoBulIshit/Smug_Fu3k -
thiagoralves/OpenPLC_v3 - OpenPLC Runtime version 3
zeek/zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
blackbox114/Captive_Portal_Gofishing - level:Copper 连接上就会强制弹出钓鱼页面的热点
NtQuerySystemInformation/CustomKeyboardLayoutPersistence - Achieve execution using a custom keyboard layout
Fortiphyd/GRFICSv2 - Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)
djformby/GRFICS - Graphical Realism Framework for Industrial Control Simulations
riverar/mach2 - Windows Feature Control Multi-tool
nielsolie/ICSUnitSim - Simulation of Industrial process unit on ESP32 board with ModbusTCP interface
RedSection/printjacker - Hijack Printconfig.dll to execute shellcode
thesecretclub/ArbitraryDirectoryDeletion - From directory deletion to SYSTEM shell
KaLendsi/CVE-2022-21882 - win32k LPE
notdodo/adduser-dll - Simple DLL that add a user to the local Administrators group
cmu-sei/pharos - Automated static analysis tools for binary programs
ytk2128/dll-merger - Merging DLLs with a PE32 EXE without LoadLibrary
pwn1sher/KillDefender - A small POC to make defender useless by removing its token privileges and lowering the token integrity
lcatro/Source-and-Fuzzing - 一些阅读源码和Fuzzing 的经验,涵盖黑盒与白盒测试..
APTortellini/DefenderSwitch - Stop Windows Defender using the Win32 API
hlldz/RefleXXion - RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCrea
StarCrossPortal/bug-hunting-101 -
klinix5/ReverseRDP_RCE -
y35uishere/Antivirus_R3_bypass_demo - 分别用R3的0day与R0的0day来干掉杀毒软件
crisprss/BypassUserAdd - 通过反射DLL注入、Win API、C#、以及底层实现NetUserAdd方式实现BypassAV进行增加用户的功能,实现Cobalt Strike插件化
Rvn0xsy/PDacl - Play Doh Windows ACL Tools
FULLSHADE/Jektor - A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses
theSecHunter/Hades-Windows - Purity toolsHades A HIDS is designed run on Windows
NyaMisty/fouldecrypt - A lightweight and simpling iOS binary decryptor
Ghost2097221/selfMimikatz - 自不量力的mimikatz分离计划
abcz316/linuxKernelRoot - 新一代root，跟面具完全不同思路，摆脱面具被检测的弱点，完美隐藏root功能，挑战全网root检测手段，兼容安卓APP直接JNI调用，稳定、流畅、不闪退。
NtRaiseHardError/Antimalware-Research - Research on Anti-malware and other related security solutions
klinix5/InstallerFileTakeOver -
S3cur3Th1sSh1t/MultiPotato -
hugsy/CFB - Canadian Furious Beaver is a tool for monitoring IRP handler in Windows drivers, and facilitating the process of analyzing, replaying and fuzzing Windows drivers for vulnerabilities
echo-devim/fhex - A Full-Featured HexEditor compatible with Linux/Windows/MacOS
r-richter/hyenae-ng - Hyenae NG is an advanced cross-platform network packet generator and the successor of Hyenae. It features full network layer spoofing, pattern based address randomization and flood detection breaking
kindtime/nosferatu - Windows NTLM Authentication Backdoor
klinix5/ProfSvcLPE -
lab52io/StopDefender - Stop Windows Defender programmatically
lab52io/StealAllTokens - This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
CCob/lsarelayx - NTLM relaying for Windows made easy
BlueMatthew/WechatExporter - Wechat Chat History Exporter 微信聊天记录导出备份程序
wecooperate/iMonitorSDK - 系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）
qtfreet00/AntiFrida - 通过内存特征检测frida
mgeeky/ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
ideaslocas/aDLL -
TonyChen56/160-Crackme - 对160个Crackme的详细分析记录
ly4k/CallbackHell - Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
networkit/networkit - NetworKit is a growing open-source toolkit for large-scale network analysis.
thewhiteninja/ntfstool - Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
magnusstubman/MagnusKatz - Research project for understanding how Mimikatz work and become better at C
EspressoCake/Firewall_Walker_BOF - A BOF to interact with COM objects associated with the Windows software firewall.
mgeeky/ShellcodeFluctuation - An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
aristocratos/btop - A monitor of resources
waleedassar/SyscallNumberFinder -
hotnops/RemoteDebugView - A DLL that serves OutputDebugString content over a TCP connection
APTortellini/unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
mez-0/winrmdll - C++ WinRM API via Reflective DLL
airbus-cert/Yagi - Yet Another Ghidra Integration for IDA
NoOne-hub/bypass-BeaconEye - bypass BeaconEye
0x727/CloneX_0x727 - 进行克隆用户、添加用户等账户防护安全检测的轻巧工具
danzajork/evasion - Windows packer
evilashz/RemoteMemorymodule - Load the evilDLL from socket connection without touch disk
geemion/Khepri - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
manyfacedllama/amsi-tracer - Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
kavika13/RemCom - Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)
x64dbg/ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
last-byte/unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
ivan-sincek/keylogger - Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
EvanMcBroom/microsocks11 - A cross-platform SOCKS5 library and server based on the microsocks project.
rr-debugger/rr - Record and Replay Framework
zer0fl4g/DebugDetector -
ZLMediaKit/ZLMediaKit - WebRTC/RTSP/RTMP/HTTP/HLS/HTTP-FLV/WebSocket-FLV/HTTP-TS/HTTP-fMP4/WebSocket-TS/WebSocket-fMP4/GB28181/SRT server and client framework based on C++11
0x727/ShuiYing_0x727 - 检测域环境内，域机器的本地管理组成员是否存在弱口令和通用口令，对域用户的权限分配以及域内委派查询
jacob-baines/concealed_position - Bring your own print driver privilege escalation tool
aaaddress1/Windows-APT-Warfare - 著作《Windows APT Warfare：惡意程式前線戰術指南》各章節技術實作之原始碼內容
0x727/SqlKnife_0x727 - 适合在命令行中使用的轻巧的SQL Server数据库安全检测工具
GJDuck/e9patch - A powerful static binary rewriting tool
tpoechtrager/osxcross - Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android (Termux)
JohnnyZhouX/Intranet-Hacking - 内网渗透相关总结
olliencc/WindowsPatchDetector - Experimental: Windows .text section compare - disk versus memory
citp/BlockSci - A high-performance tool for blockchain science and exploration
huoji120/CobaltStrikeDetected - 40行代码检测到大部分CobaltStrike的shellcode
Cr4sh/KernelForge - A library to develop kernel level Windows payloads for post HVCI era
hasherezade/pin_n_sieve - An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
zodiacon/TotalRegistry - Total Registry - enhanced Registry editor/viewer
mandiant/flare-wmi -
AzAgarampur/byeintegrity-uac - Bypass UAC by hijacking a DLL located in the Native Image Cache
rajiv2790/FalconEye -
BSI-Bund/RdpCacheStitcher - RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
GossiTheDog/HiveNightmare - Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
google/lyra - A Very Low-Bitrate Codec for Speech Compression
k-k-k-k-k/CVE-2021-1732 - CVE-2021-1732 Microsoft Windows 10 本地提权漏研究及Poc/Exploit开发
GoSSIP-SJTU/Armariris - 孤挺花（Armariris） -- 由上海交通大学密码与计算机安全实验室维护的LLVM混淆框架
HackerDev-Felix/WechatDecrypt - 微信消息解密工具
wh201906/Proxmark3GUI - A cross-platform GUI for Proxmark3 client | 为PM3设计的图形界面
kkent030315/PageTableInjection - Code Injection, Inject malicious payload via pagetables pml4.
S1ckB0y1337/TokenPlayer - Manipulating and Abusing Windows Access Tokens.
sogou/workflow - C++ Parallel Computing and Asynchronous Networking Engine
ORCA666/EVA - FUD shellcode Injector
uknowsec/JuicyPotato - Modifying JuicyPotato to support load shellcode and webshell
CodingGay/BlackDex - BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in sever
KongKong20/WeChatPCHook - 微信电脑机器人入门教程基于HOOK
uknowsec/CreateService - 创建服务持久化
Barbarisch/forkatz - credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
netbiosX/AMSI-Provider - A fake AMSI Provider which can be used for persistence.
AzAgarampur/byeintegrity5-uac - Bypass UAC at any level by abusing the Task Scheduler and environment variables
Paulo-D2000/ShellCodeObfuscator - Simple shellcode obfuscator using PYTHON and C / C++
dr0op/CrossNet-Beta - 红队行动中利用白利用、免杀、自动判断网络环境生成钓鱼可执行文件。
chroblert/JCTokenUtil - Windows访问令牌查看及利用工具
Cr4sh/MicroBackdoor - Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]
xuanxuan0/DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC)
vusec/collabfuzz - CollabFuzz: A Framework for Collaborative Fuzzing
FeJQ/AUPK -
jozemberi/PE-Crypter - Simple runtime crypter in C/C++.
klecko/kvm-fuzz - PoC of fuzzing closed-source userspace binaries with KVM
jxy-s/herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
L3cr0f/DccwBypassUAC - Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
RedCursorSecurityConsulting/PPLKiller - Tool to bypass LSA Protection (aka Protected Process Light)
h4ms1k/samdump -
BlackINT3/OpenArk - OpenArk is an open source anti-rookit(ARK) tool for Windows.
0xZ0F/Z0FCourse_ReverseEngineering - Reverse engineering focusing on x64 Windows.
UndefinedIdentifier/LCX - 自修改免杀lcx端口转发工具
notify-bibi/ScyllaHide-IDA7.5 - ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool
aahmad097/AlternativeShellcodeExec - Alternative Shellcode Execution Via Callbacks
hasherezade/bearparser - Portable Executable parsing library (from PE-bear)
kdrag0n/safetynet-fix - Google SafetyNet attestation workarounds for Magisk
purerosefallen/ygopro - KoishiPro
deepinstinct/LsassSilentProcessExit - Command line interface to dump LSASS memory to disk via SilentProcessExit
ChaitanyaHaritash/Callback_Shellcode_Injection - POCs for Shellcode Injection via Callbacks
huoji120/DuckMemoryScan - 检测绝大部分所谓的内存免杀马
ajayrandhawa/Keylogger - Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continue
TimelifeCzy/kHypervisorBasic - VT Hook
WormChickenWizard/hikvision-decrypter - A simple cross platform program written in C++ used for decrypting the configuration files created by Hikvision Security Cameras. Successor to my hikvision-xor-decrypter
codingo/dooked - DNS and Target HTTP History Local Storage and Search
itm4n/Perfusion - Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
stealth/psc - E2E encryption for multi-hop tty sessions or portshells + TCP/UDP port forward
fastogt/fastonosql - FastoNoSQL is a crossplatform Redis, Memcached, SSDB, LevelDB, RocksDB, UnQLite, LMDB, ForestDB, Pika, Dynomite, KeyDB GUI management tool.
WerWolv/ImHex - 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
OmerYa/Invisi-Shell - Hide your Powershell script in plain sight. Bypass all Powershell security features
ioncodes/CVE-2020-16938 - Bypassing NTFS permissions to read any files as unprivileged user.
DockDroid/openvmi - 鹏城实验室与北弓联合开发的VMI开源版本
0xnobody/vmpdump - A dynamic VMP dumper and import fixer, powered by VTIL.
bats3c/ChromeTools - A collection of tools to abuse chrome browser
Rvn0xsy/Cooolis-ms - Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
0x09AL/RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking.
lcatro/vuln_javascript - 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode (a JavaScript Execute Envirment which study browser vuln and how to write Shellcode ) ..
ggerganov/kbd-audio - 🎤⌨️ Acoustic keyboard eavesdropping
scanfsec/AggressorCNA - Cobalt Strike Aggressor Scripts
googleprojectzero/Jackalope - Binary, coverage-guided fuzzer for Windows and macOS
yazhiwang/ollvm-tll - Ollvm+Armariris+LLVM 6.0.0
m-y-mo/android_nfc_fuzzer -
Alamot/code-snippets - Various code snippets
miek/inspectrum - Radio signal analyser
NytroRST/ShellcodeCompiler - Shellcode Compiler
knownsec/shellcodeloader - shellcodeloader
FSecureLABS/C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
cbwang505/CVE-2020-1066-EXP - CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统
google/CTAP2-test-tool - Test tool for CTAP2 authenticators
yardenshafir/CVE-2020-1034 - PoC demonstrating the use of cve-2020-1034 for privilege escalation
PetoiCamp/OpenCat-Old - A programmable and highly maneuverable robotic cat for STEM education and AI-enhanced services.
bytecode77/r77-rootkit - Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
zodiacon/NetworkExplorer - Windows Network Information
k-fire/shellcode-to-dll - shellcode 异或加密并生成dll
solemnwarning/rehex - Reverse Engineers' Hex Editor
sensepost/rattler - Automated DLL Enumerator
mohuihui/DingTalk_Assistant - 钉钉助手，主要功能包括：聊天消息防撤回、程序多开、屏蔽频繁升级等。
horsicq/XAPKDetector - APK/DEX detector for Windows, Linux and MacOS.
crossroadsfpga/pigasus - 100Gbps Intrusion Detection and Prevention System
CheckPointSW/showstopper - ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
ION28/BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
anhkgg/SuperDllHijack - SuperDllHijack：A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术，不再需要手工导出Dll的函数接口了
TimelifeCzy/Shell_Protect - VM一键加壳/脱壳，全压缩，反调试等
gitjdm/dumper2020 - Yet another LSASS dumper
bopin2020/net_user_tools_bypass_hook_net.exe - 绕过net监控小工具集
itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
tobimensch/aqemu - Official AQEMU repository - a GUI for virtual machines using QEMU as the backend
vaibhavpandeyvpz/apkstudio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
am0nsec/wspe - Windows System Programming Experiments
zodiacon/ProcMonXv2 - Process Monitor X v2
Neo23x0/Raccine - A Simple Ransomware Vaccine
siemens/fluffi - FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A distributed evolutionary binary fuzzer for pentesters
binarly-io/efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation
mubix/netview - Netview enumerates systems using WinAPI calls
klzgrad/naiveproxy - Make a fortune quietly
facebook/hermes - A JavaScript engine optimized for running React Native.
cyberark/DLLSpy - DLL Hijacking Detection Tool
mmozeiko/aes-finder - Utility to find AES keys in running processes
Almamu/linux-wallpaperengine - An attempt to make wallpaper engine wallpapers compatible with Linux
HexHive/FuZZan - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
illera88/Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
TheWover/Manager - Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
crvvdev/MasterHide - MasterHide x64 Rootkit
iPower/KasperskyHook - Hook system calls on Windows by using Kaspersky's hypervisor
Soulghost/iblessing - iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and
hhlxf/USO_Info_Leak - two heap address leak bugs in usosvc service
klinix5/Windows-Setup-EoP -
0xnobody/vmpattack - A VMP to VTIL lifter.
Cc28256/CcRemote - 这是一个基于gh0st远程控制的项目，使自己更深入了解远控的原理，采用VS2017，默认分支hijack还在修改不能执行，master分支的项目可以正常的运行的，你可以切换到该分支查看可以执行的代码
s1kr10s/Load_DLL -
can1357/NoVmp - A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
baidu/openrasp - 🔥Open source RASP solution
br-sn/CheekyBlinder - Enumerating and removing kernel callbacks using signed vulnerable drivers
D4stiny/spectre - A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
snorez/srcinv - source code audit tool
irsl/CVE-2020-1313 - Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
k0keoyo/my_vulnerabilities -
hlldz/dazzleUP - A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
DimopoulosElias/Primitives -
frida/cryptoshark - Self-optimizing cross-platform code tracer based on dynamic recompilation
yeyiqun/FUPK3-hook_kill - 本分支解决部分爱加密加固应用无法脱壳成功的问题。演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3
uknowsec/OXID_Find - OXID_Find by C++（多线程）通过OXID解析器获取Windows远程主机上网卡地址
Q4n/CVE-2020-1362 - writeup of CVE-2020-1362
collin80/SavvyCAN - QT based cross platform canbus tool
agauniyal/rang - A Minimal, Header only Modern c++ library for terminal goodies 💄✨
hmoytx/RdpThief_tools - 窃取mstsc中的用户明文凭据
alphaSeclab/anti-debug -
alphaSeclab/bypass-uac -
m0ngo0se/Peinject_dll - cs peinject shellcode
snort3/snort3 - Snort++
hasherezade/exe_to_dll - Converts a EXE into DLL
Gyoonus/deoptfuscator - Deobfuscator for Android Application
tindy2013/subconverter - Utility to convert between various subscription format
Rvn0xsy/Cobaltstrike-atexec - 使得Cobaltstrike支持Atexec
tklab-tud/BSF - Botnet Simulation Framework
itm4n/UsoDllLoader - Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
KDE/latte-dock - Replacement dock for Plasma desktops, providing an elegant and intuitive experience for your tasks and plasmoids
ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
hasherezade/tag_converter -
hasherezade/tiny_tracer - A Pin Tool for tracing API calls etc
ksnip/ksnip - ksnip the cross-platform screenshot and annotation tool
horsicq/XPEViewer - PE file viewer/editor for Windows, Linux and MacOS.
A2kaid/Get-WeChat-DB - 获取目标机器的微信数据库和密钥，但是有很多bug需要解决，需要继续完善
b4rtik/metasploit-execute-assembly - Custom Metasploit post module to executing a .NET Assembly from Meterpreter session
itm4n/BitsArbitraryFileMove - Microsoft Windows BITS Arbitrary File Move Local Privilege Escalation
ZanderChang/anti-sandbox - Windows对抗沙箱和虚拟机的方法总结
cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION - Support ALL Windows Version
JelinYao/HttpInterface - Windows上C++封装的HTTP库，包含三种实现模式（WinInet、WinHttp、socket）
LDrakura/DLLhijack-ShellcodeLoader - DLLhijack winmm.dll
idiotc4t/ReflectiveBase64DLL - This is a project to receive Base64 data and decode it in process
idiotc4t/Mapping-injection - NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection
idiotc4t/GetSystemEarlyBird - 这是一个直接取得系统权限的项目
HexHive/FuzzGen -
jafarlihi/serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
ameenmaali/urldedupe - Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
anbox/anbox - Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system
antonioCoco/RogueWinRM - Windows Local Privilege Escalation from Service Account to System
jafarlihi/revp - Reverse HTTP proxy that works on Linux, Windows, and macOS. Made with C++ and Boost.
sailay1996/WerTrigger - Weaponizing for privileged file writes bugs with windows problem reporting
SerenityOS/serenity - The Serenity Operating System 🐞
ivan-sincek/invoker - Penetration testing utility and antivirus assessment tool.
ylcangel/crack_dexhelper - 梆梆企业加固详细逆向分析过程，包含两种对该加固的脱壳机（直接解密classes0.jar和基于frida hook）
Bareflank/MicroV - A micro hypervisor for running micro VMs
Qv2ray/Qv2ray - :star: Linux / Windows / macOS 跨平台 V2Ray 客户端 | 支持 VMess / VLESS / SSR / Trojan / Trojan-Go / NaiveProxy / HTTP / HTTPS / SOCKS5 | 使用 C++ / Qt 开发 | 可拓展插件式设计 :star:
earthquake/Socks5Server - Windows C/C++ Socks5 Server
nccgroup/SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
SongFGH/USTC-CS-Courses-Resource - :heart:中国科学技术大学计算机学院课程资源(https://mbinary.xyz/ustc-cs/)
DayBreak-u/chineseocr_lite - 超轻量级中文ocr，支持竖排文字识别, 支持ncnn、mnn、tnn推理 ( dbnet(1.8M) + crnn(2.5M) + anglenet(378KB)) 总模型仅4.7M
F8LEFT/FUPK3 - 演示视频https://pan.baidu.com/s/1HH_-TQGca1NLoSqzvOPB3Q 密码：izm3
0x09AL/IIS-Raid - A native backdoor module for Microsoft IIS (Internet Information Services)
dothook/FunnyMeterpreter - 与反病毒软件老大哥们的打闹日常
trojan-gfw/trojan - An unidentifiable mechanism that helps you bypass GFW.
huoji120/Antivirus_R3_bypass_demo - 分别用R3的0day与R0的0day来干掉杀毒软件
lengjibo/NetUser - 使用windows api添加用户，可用于net无法使用时.分为nim版，c++版本，RDI版，BOF版。
panda-re/lava - LAVA: Large-scale Automated Vulnerability Addition
outflanknl/Spray-AD - A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
tstack/lnav - Log file navigator
horsicq/x64dbg-Plugin-Manager - Plugin manager for x64dbg
horsicq/XOpcodeCalc - Opcode calculator
ffffffff0x/1earn - ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
binspector/binspector - A binary format analysis tool
JaanusKaapPublic/HyperViper - Toolkit for Hyper-V security research
rizinorg/cutter - Free and Open Source Reverse Engineering Platform powered by rizin
decaf-project/Droidscope - A dynamic analysis platform for Android
zmeadows/lldbg - A lightweight native GUI for LLDB.
facebookarchive/ds2 - Debug server for lldb.
gdbinit/ExtractMacho2 - IDA plugin to extract Mach-O binaries located in the disassembly or data
jmpews/DobbyDrill - hook MachO file based on Dobby (NOT DONE)
codilime/veles - Binary data analysis and visualization tool
WrBug/dumpDex - 💯一款Android脱壳工具，需要xposed支持, 易开发已集成该项目。
AloneMonkey/iOSREBook - 《iOS应用逆向与安全》随书源码
martinrotter/rssguard - Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
xorrior/raven - CobaltStrike External C2 for Websockets
yuanyuanxiang/SimpleRemoter - 基于gh0st的远程控制器：实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能，优化全部代码及整理排版，修复内存泄漏缺陷，程序运行稳定。项目代码仅限于学习和交流用途。
ossrs/srs - SRS is a simple, high efficiency and realtime video server, supports RTMP, WebRTC, HLS, HTTP-FLV and SRT.
saulty4ish/Dir_Scan_ByQT5 - qt实现仿御剑风格路径扫描工具，增加延时，代理池Bypass功能，同时支持批量扫描，附带简单whois信息搜集与端口扫描模块，界面更加美观。
HyperSine/SdoKeyCrypt-sys-local-privilege-elevation - CVE-2019-9729. Transferred from https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
deadash/pbb_crack - PBB视频解密
KikoPlayProject/KikoPlay - KikoPlay - NOT ONLY A Full-Featured Danmu Player 不仅仅是全功能弹幕播放器
GodofMonkeys/Arma-III-Chinese-Localization-Enhanced - 武裝行動3(Arma 3)官方中文潤飾、加強、在地化翻譯模組。
zhongyang219/TrafficMonitor - 这是一个用于显示当前网速、CPU及内存利用率的桌面悬浮窗软件，并支持任务栏显示，支持更换皮肤。
TranslucentTB/TranslucentTB - A lightweight utility that makes the Windows taskbar translucent/transparent.
snowie2000/mactype - Better font rendering for Windows.
klesh/fu - fu stands for File to URL, a utility design to help you upload images/files and produce Markdown/HTML snippets with couple of clicks.
xdnice/PCShare - PCShare是一款强大的远程控制软件，可以监视目标机器屏幕、注册表、文件系统等。
dekuan/VwFirewall - 微盾®VirtualWall®防火墙整套源代码
gqrx-sdr/gqrx - Software defined radio receiver powered by GNU Radio and Qt.
gnuradio/gnuradio - GNU Radio – the Free and Open Software Radio Ecosystem
zcgonvh/MS16-032 - MS16-032(CVE-2016-0099) for SERVICE ONLY
kanryu/quickviewer - A image/comic viewer application for Windows, Mac and Linux, it can show images very fast
Chuyu-Team/MINT - Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
oyyd/nysocks - Nysocks binds kcp and libuv to provide an aggressive tcp tunnel in nodejs.
vnotex/vnote - A pleasant note-taking platform.
guoming0000/BatchRunTrayTool - A tray tool under windows to open any file by system default or any executable program.
rexdf/CommandTrayHost - A command line program monitor systray for Windows
Gregwar/fatcat - FAT filesystems explore, extract, repair, and forensic tool
0x09AL/DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
wangyu-/tinyfecVPN - A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
wangyu-/UDPspeeder - A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction, possible for All Traffics(TCP/UDP/ICMP)
cbayet/Exploit-CVE-2017-6008 - Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.
apache/incubator-pagespeed-ngx - Automatic PageSpeed optimization module for Nginx
rakshasa/rtorrent - rTorrent BitTorrent client
qwinff/qwinff - A Qt4/5 GUI Frontend for FFmpeg
simsong/tcpflow - TCP/IP packet demultiplexer. Download from:
NotGlop/SysExec - [Windows] Local Privilege Escalation - WebClient
hatRiot/token-priv - Token Privilege Research
XhmikosR/notepad2-mod - LOOKING FOR DEVELOPERS - Notepad2-mod, a Notepad2 fork, a fast and light-weight Notepad-like text editor with syntax highlighting
wangyu-/udp2raw - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
securesocketfunneling/ssf - Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
pipesocks/pipesocks - A pipe-like SOCKS5 tunnel system.
vah13/extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
miguelfreitas/twister-core - twister core / daemon
wbenny/mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
jks-prv/Beagle_SDR_GPS - KiwiSDR: BeagleBone web-accessible shortwave receiver and software-defined GPS
PurpleI2P/i2pd - 🛡 I2P: End-to-End encrypted and anonymous Internet
samizzo/hexed - Windows console-based hex editor
pavel-odintsov/fastnetmon - FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
gatieme/CodingInterviews - 剑指Offer——名企面试官精讲典型编程题
oguzhaninan/Stacer - Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web
sam-b/HackSysDriverExploits -
psi-im/psi - XMPP client
rime/librime - Rime Input Method Engine, the core library
bee13oy/AV_Kernel_Vulns - Pocs for Antivirus Software‘s Kernel Vulnerabilities
nladuo/captcha-break - captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.
3gstudent/From-System-authority-to-Medium-authority - Penetration test
SpiderLabs/ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming langu
secrary/InjectProc - InjectProc - Process Injection Techniques [This project is not maintained anymore]
JLospinoso/gargoyle - A memory scanning evasion technique
ladislav-zezula/CascLib - An open-source implementation of library for reading CASC storages from Blizzard games since 2014
homenc/HElib - HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations
aguinet/wannakey - Wannacry in-memory key recovery
KernelMaker/rocksutil - A c++ develop toolkit
google/security-research-pocs - Proof-of-concept codes created as part of security research done by Google Security Team.
Dor1s/libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
whdlgp/ARMv6m_Simulator - Simple Simulator of ARMv6m instructions
ondrejbudai/hidviz - A tool for in-depth analysis of USB HID devices communication
x64dbg/x64dbg - An open-source x64/x32 debugger for windows.
steven-michaud/HookCase - Tool for reverse engineering macOS/OS X
ele7enxxh/poc-exp - poc or exp of android vulnerability
jackullrich/ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
msuiche/OPCDE - OPCDE Cybersecurity Conference Materials
richkmeli/Richkware - Framework for building Windows malware, written in C++
lcatro/network_backdoor_scanner - This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
secrary/InfectPE - InfectPE - Inject custom code into PE file [This project is not maintained anymore]
lcatro/SISE_Traning_CTF_RE - SNST Traning RE Project .华软网络安全小组逆向工程训练营,尝试以CTF 的形式来使大家可以动手训练快速提升自己的逆向工程水平.CTF 的训练程序又浅到深,没有使用太复杂的算法,在逆向的过程中遇到的难关都是在分析病毒和破解中遇到的实际情况,注重于实用.训练营还包含有源代码文件,训练程序和思路.希望可以帮助小伙伴们入门逆向工程这个神奇的世界..
microsoft/CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit
StevenHickson/PiAUISuite - Raspberry PI AUI Suite
hteso/iaito - This project has been moved to:
DimitriFourny/koalaOS - x86 Microkernel
silverf0x/RpcView - RpcView is a free tool to explore and decompile Microsoft RPC interfaces
cinience/RedisStudio - RedisStudio Redis GUI client(tool) for windows
yanyiwu/simhash - 中文文档simhash值计算

CMake

TheLartians/ModernCppStarter - 🚀 Kick-start your C++! A template for modern C++ projects using CMake, CI, code coverage, clang-format, reproducible dependency management and much more.
pothosware/PothosSDR - Pothos SDR windows development environment

CSS

LinWin-Cloud/setool-master - SetoolMaster是一款让你入门即入狱的python3开发的进阶型社会工程学工具。包括了全球定位、Ngrok内网穿透、Seeker高精度定位、网页钓鱼、病毒攻击、恐吓勒索信、爬虫、网站克隆、物联网设备搜索等，同时拥有中文支持，内置大量钓鱼模板，设计用于组织级别红队渗透测试，用于团队组织设备型协同，经过实战演练，效果出众，远超同行产品
paulbricman/dual-obsidian-client - A skilled virtual assistant for Obsidian.
twotreesus/V2RayPi - 将树莓派配置为 V2Ray 透明代理旁路由，只需要主路由设置好网关，即可代理主路由器下所有设备透明科学上网，接入网络的终端不需要做任何设置，只需要连入主路由WiFi或有线即可。支持直连\智能分流\全局代理三种模式，并能自动管理订阅和各种高级策略设置，原理参考透明代理(TPROXY) ，TG讨论组:https://t.me/v2raypi
paranoidninja/O365-Doppelganger - A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user
LimberDuck/nessus-cheat-sheet - Nessus Cheat Sheet in HTML, PDF, PNG, ADOC
Escher1108/mailqq - 模拟QQ邮箱登录的钓鱼程序，数据实时发送到手机，能运行html 就可跑，告别PHP等环境
dwisiswant0/nuclei-templates-dir - Nuclei Templates Directory
Yavuzlar/VulnLab -
P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
opensec-cn/conote-community - Conote 综合安全测试平台社区版。
du33169/typora-theme-essay_cn - a theme for Typora(a markdown editor), designed for chinese essay
lbc-team/deep_ethereum - 电子书：以太坊技术与实现
Pithus/bazaar - Android security & privacy analysis for the masses
abhijithb200/investigator - An online handy-recon tool
nccgroup/Solitude - Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating us
admin360bug/PHP - PHP训练靶场
hrqmonteiro/joplin-theme - My Joplin theme files, including userchrome.css and userstyles.css, as well as some markdown templates for my notes.
andrejilderda/joplin-macos-native-theme - Native looking macOS theme for note taking app Joplin
pierce403/nweb - web based nmap scan collection and search
shifa123/clickjackingpoc - A Proof of Concept for Clickjacking Attacks
andev-software/graphql-ide - ⚡️ GraphQL IDE - An extensive IDE for exploring GraphQL API's
m0chan/BugBounty - RepoToStoreBugBountyInfo
Chudry/Xerror - fully automated pentesting tool
marcinguy/CVE-2020-15999 - CVE-2020-15999
mrtc0/container-security-book -
elrumo/macOS_Big_Sur_icons_replacements - Replacement icons for popular apps in the style of macOS Big Sur
EstamelGG/Nessus-EN-2-CN - 将Nessus的英文版报告处理为中文版，能够在网页上预览，并导出为中文版CSV报告。导出的报告格式为“带有BOM的UTF-8编码”，可供测评能手等软件导入。
GoogleInside/Typora-Themes - 全部Typora主题+自定义修改
Aneureka/push-to-kindle - 📘 A web-based tool for pushing documents to your lovely kindle.
zseano/JS-Scan - a .js scanner, built in php. designed to scrape urls and other info
gwen001/bugbountytips - bugbountytips
varchashva/vPrioritizer - vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerabi
mike-goodwin/owasp-threat-dragon-desktop - An installable desktop variant of OWASP Threat Dragon
leonjza/frida-boot - Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
yingshang/banruo -
sp4rkw/Reaper - 一款用于src资产信息收集的工具
pythonran/Pcap_tools - 网络流量可配置嗅探，流量包解析，漏洞规则扫描
weev3/LKWA - Lesser Known Web Attack Lab
pratikborsadiya/vali-admin - Free Bootstrap 4 admin/dashboard template
wultra/powerauth-docker - Docker images for PowerAuth 2.0 Software
nowsecure/secure-mobile-development - A Collection of Secure Mobile Development Best Practices
josherich/repo-to-pdf - repository to pdf
varkai/hugo-theme-zozo - :star2: A simple and beautiful theme for Hugo
Area39/Webug4.0-Docker - Docker版本的Webug4.0
theme-nexmoe/hexo-theme-nexmoe - 🔥 一个比较特别的 Hexo 主题
Wei-Xia/most-frequent-technology-english-words - 程序员工作中常见的英语词汇
chokcoco/iCSS - 不止于 CSS
HackerYunen/Django-XSS-Platform -
UndeadSec/SocialFish - Phishing Tool & Information Collector
vinceliuice/Mojave-gtk-theme - Mojave is a macos Mojave like theme for GTK 3, GTK 2 and Gnome-Shell
appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows - Repository for all the workshop content delivered at nullcon X on 1st of March 2019
w-digital-scanner/w12scan - 🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
LiangJunrong/document-library - jsliang 的文档库. 里面包含了个人撰写的所有前端文章，例如 Vue、React,、ECharts、微信小程序、算法、数据结构等……
billryan/hugo-theme-even - 🚀 A super concise theme for Hugo https://blog.olowolo.com/example-site/
ba0gu0/WebRange - 一个Web版的docker管理程序，可以用来运行各种docker漏洞环境和CTF环境。
smartFlash/pySecurity - Python tutorials
SukkaW/hexo-theme-suka - 🎨Modern, powerful and simple theme for Hexo.
muzishanshi/tongleer_for_wordpress - tongleer_for_wordpress是一个Wordpress版本的WeiboForWordPress微博主题，又名TleWeiboForWordPress。
smartping/smartping - 综合性网络质量(PING)检测工具，支持正/反向PING绘图、互PING拓扑绘图与报警、全国PING延迟地图与在线检测工具等功能
w-digital-scanner/w11scan - 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
710leo/ZVulDrill - Web漏洞演练平台
nizarmah/tintedarc - An XFCE custom arc and tint2 auto-themer, voila you have yourself a nice theme
luodaoyi/CloudFlarePartner - CloudFlare partner website with python and flask
vinceliuice/vimix-gtk-themes - Vimix is a flat Material Design theme for GTK 3, GTK 2 and Gnome-Shell etc.
ProgrammingFonts/ProgrammingFonts - This is a collection of programming fonts,just share this with the programmers.Now there are 106 kinds of fantastic fonts!
FunctionClub/V2ray.Fun - 正在开发的全新 V2ray.Fun
hashview/hashview-old - A web front-end for password cracking and analytics
houshanren/hangzhou_house_knowledge - 2017年买房经历总结出来的买房购房知识分享给大家，希望对大家有所帮助。买房不易，且买且珍惜。Sharing the knowledge of buy an own house that according to the experience at hangzhou in 2017 to all the people. It's not easy to buy a own house, so I
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
jbtronics/CrookedStyleSheets - Webpage tracking only using CSS (and no JS)
hltj/kotlin-reference-chinese - Kotlin 官方文档（参考部分）中文版
cheng-kang/wildfire - 🔥From a little spark may burst a flame.
appsecco/dvna - Damn Vulnerable NodeJS Application
programster/Apaxy - A simple, customisable theme for your Apache directory listing.
ronggang/transmission-web-control - 一个 Transmission 浏览器管理界面。Transmission Web Control is a custom web UI.
caspartse/QQ-Groups-Spider - QQ Groups Spider（QQ 群爬虫）
justdeleteme/justdelete.me - A directory of direct links to delete your account from web services.
chaynHQ/diy-online-privacy-starter - Chayn's Do It Yourself Online Safety guide helps women keep their online accounts and social profiles secure against harassment, and stalkers. This guide is open source.
malaohu/Arukas-API - Arukas API 自动获取IP和端口，SSR服务器订阅，Arukas 监测启动
juliocesarfort/public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
Sunnyyoung/Farbox-NexT - A hexo theme NexT for Farbox.
zhangjikai/gitbook-use - 记录GitBook的一些配置及插件信息
wentin/cssicon - icon set made with pure css code, no dependencies, "grab and go" icons
Tencent/tmt-workflow - A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
PJtools/pd3 - 基于D3 v4+进行二次封装及扩展。示例来源于日常项目及客户提出的需求，转化成数据可视化。
smartdengjie/hbase-manager - 可视化hbase数据库

Classic ASP

xiaopan233/AntSword-Cryption-WebShell - Some traffic encryption webshell and encoder for AntSword. 蚁剑流量加密马及编码器
LandGrey/webshell-detect-bypass - 绕过专业工具检测的Webshell研究文章和免杀的Webshell

Clojure

ntestoc3/burp-clj - clojure实现burp插件，提供clj脚本加载环境

CodeQL

advanced-security/codeql-queries - GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations
ice-doom/CodeQLRule - 个人使用CodeQL编写的一些规则
synacktiv/QLinspector - Finding Java gadget chains with CodeQL
safe6Sec/CodeqlNote - Codeql学习笔记
cldrn/codeql-queries - My CodeQL queries collection
pwntester/codeql_grehack_workshop - GreHack 2021 CodeQL for Java workshop
SummerSec/LookupInterface - CodeQL 寻找 JNDI利用 Lookup接口
zbazztian/codeql-debug -
kanav99/github-java-ctf - Winning submission for the GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition

ColdFusion

foundeo/fixinator - ColdFusion / CFML Code Security Scanner

Dart

LuckyLi706/flutter_mobile_command_tools - flutter写的桌面可视化操作android和ios的简单命令
daixianceng/cron_dingding - 钉钉自动打卡
bingoogolapple/bga_issue_blog - Flutter 或 Vue 全家桶（Vue + VueRouter + Vuex + Axios）抓取 GitHub 上的 Issues，结合 GitHub Pages 搭建个人博客站点，支持 GitHub 登录和评论

Dockerfile

p0dalirius/Awesome-RCE-techniques - Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
aress31/docker_burp-enterprise - Attempt at dockerizing Burp Enterprise v2022.4.
n0madic/nmap-vulners-vulscan - Docker image for advanced vulnerability scanning with Nmap NSE scripts
sonnyyu/docker-nmap - Nmap is utility for network discovery and security auditing
xiecat/sec-docker - 常用安全工具 docker镜像自动更新仓库
geerlingguy/docker-ubuntu2204-ansible - Ubuntu 22.04 LTS (Jammy Jellyfish) Docker container for Ansible playbook and role testing.
puzzlepeaches/sneaky_proxy - Hiding your infrastructure from the boys in blue.
ericmjl/essays-on-data-science - In which I put together my thoughts on the practice of data science.
moranbw/https-dns-proxy-docker - Docker container for https-dns-proxy
Yogehi/Drozer-Docker -
caphosra/CTFDocker - This is a docker image for Capture The Flag and many useful and famous tools are on this image.
jumpserver/Dockerfile - Jumpserver all in one Dockerfile
Cl0udG0d/AWDDocker - 标准化AWD靶场Docker
eikendev/java-decompiler - A Docker image with four popular Java decompilers in one place (CFR, Fernflower, Krakatau, and Procyon) :rocket::hammer:
phith0n/phpsrc-debug-docker - Debug environment for PHP inside a Docker container. Document waiting to be completed.
sherifabdlnaby/elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
qeeqbox/chameleon - 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET,
mablanco/docker-reconftw - Docker image for reconftw, a simple script intended to perform a full recon on an objective with multiple subdomains
rosehgal/k8s-In-30Mins - Learn how to set up the Kubernetes cluster in 30 mins and deploy the application inside the cluster.
parzel/Damn-Vulnerable-WooCommerce-Plugins - This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities.
higatowa/bento - Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.
lazychanger/docker-kunlun-mirror - 昆仑镜docker镜像
Swordfish-Security/Pentest-In-Docker - Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
evi0s/Openresty-WAF - Openresty with WAF installed
mozilla/docker-sbt - Dockerfile for sbt (Scala build tool)
drandin/docker-php-workspace - PHP development environment for Docker
zjuchenyuan/dockerized_fuzzing - Run fuzzing experiments in Docker
heroku/bheu19-attacking-cloud-builds - Slides, Cheatsheet and Resources from our Blackhat EU talk
AlexisAhmed/BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
multiarch/crossbuild - :earth_africa: multiarch cross compiling environments
madhuakula/hacker-container - The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.
masahiro331/CVE-2020-9484 -
hexpwn/drozer-docker - Drozer (2.4.4) docker container
hysnsec/awesome-threat-modelling - A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
AvasDream/pentesting-dockerfiles - Pentesting/Bugbounty Dockerfiles.
FingerLeakers/docker-inurlbr - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. http://blog.inurl.c
Xyphex/docker-mara-framework - Unofficial Docker image for MARA Framework
OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Eadom/ctf_xinetd - A docker repository for deploying pwnable challenges in CTF
ferrarimarco/docker-pxe - A virtualized implementation of PXE supported by DNSMasq
laradock/laradock - Full PHP development environment for Docker.
e3net/rapidscan-docker - Docker image of rapidscan
pingod/docker-nps -
knqyf263/CVE-2019-6467 - CVE-2019-6467 (BIND nxdomain-redirect)
HenryQW/Awesome-TTRSS - 🐋 Awesome TTRSS, a powerful Dockerised all-in-one RSS solution.
davevs/dvxte - Damn Vulnerable eXtensive Training Environment
hitian/docker-shadowsocks-with-simple-obfs - shadowsocks-libev with simple-obfs
khs1994-docker/lnmp - :computer: :whale: :elephant: :dolphin: :penguin: :rocket: Start Docker LNMP(LEMP) In less than 2 minutes Powered by Docker Compose. 让 PHP 开发者快速（一键）搭建基于容器技术（Docker、Kubernetes）的开发、测试、生产（CI/CD by Drone）
linuxserver/docker-transmission -
diameter/rtorrent-rutorrent - Docker container with supervisor/rtorrent/nginx/ruTorrent 64/32 bit
filerun/docker - FileRun Docker Image
MyKings/docker-vulnerability-environment - Use the docker to build a vulnerability environment
vulhub/Dockertools - Some tools based on docker
luodaoyi/kms-server - a docker image for kms
johackim/docker-hacklab - My personal hacklab, create your own.
vulhub/vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
mikesplain/openvas-docker - A Docker container for Openvas

Emacs Lisp

jinzhu/configure - My dot files for Emacs, Openbox, XMonad, VIM, Golang, Zsh/Bash, tmux, URXVT, ArchLinux, Git, Ruby/Rails, Xbindkey, Vrome...

Erlang

kudelskisecurity/scannerl - The modular distributed fingerprinting engine

F#

microsoft/rest-api-fuzz-testing - REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enable
jmhickman/Fetters - Port of Seatbelt in F#

FreeMarker

API-Security/APISandbox - Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.

Go

pingc0y/URLFinder - 类似JSFinder的golang实现，更快更全更舒服
RedTeamPentesting/pretender - Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
redhuntlabs/HTTPLoot - An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.
j5s/accelerator - Use Golang to batch analyze class files for Java security research
mstxq17/MoreFind - 一款用于快速导出URL、Domain和IP的小工具
u21h2/nacs - 事件驱动的渗透测试扫描器 Event-driven pentest scanner
safe6Sec/GolangBypassAV - 研究利用golang各种姿势bypassAV
merlinepedra25/SCA4ALL -
code-scan/Goal - Goal Go Red-Team 工具类
teamssix/cf - Cloud Exploitation Framework 云环境利用框架，方便红队人员在获得 AK 的后续工作
jmoiron/sqlx - general purpose extensions to golang's database/sql
inbug-team/SweetBabyScan - Red Tools 渗透测试
hktalent/scan4all - Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty...
daffainfo/apiguesser - Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/
0xsha/ChainWalker - Rapid Smart Contract Crawler
burpheart/cdnlookup - 一个使用 Edns-Client-Subnet(ECS) 遍历智能CDN节点IP地址的工具
779789571/rsasZipToExcel - RSAS绿盟科技漏洞扫描html报告转excel
TryGoTry/edit-gencon - geacon:简单适配了一个profile配置文件,可直接拿来修改使用,用于cs上线linux.
RicterZ/CVE-2021-3560-Authentication-Agent - PolicyKit CVE-2021-3560 Exploit (Authentication Agent)
ofasgard/ungoliant - A web reconnaissance tool that proxies its results through Burp or ZAP.
patrickhener/gonh - Nessus Parser and query tool written in go
wikiZ/RedGuard - RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
alexbakker/log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
kubernetes/minikube - Run Kubernetes locally
tangxiaofeng7/zsxq_notice - 知识星球提醒
zan8in/afrog - afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 - A tool for finding vulnerabilities
deatil/lakego-admin - lakego-admin 是使用 gin、JWT 和 RBAC 的 go 后台管理系统
wrenchonline/glint - glint 是一款基于浏览器爬虫golang开发的web漏洞主动(被动)扫描器
yarox24/EvtxHussar - Initial triage of Windows Event logs
LubyRuffy/gofofa - fofa client in Go
Yihsiwei/GoFileBinder - golang免杀捆绑器
TryGoTry/xray_free_crack - xray_free_crack,通用xray白嫖高级版.
chroblert/jishell - jishell - A powerful modern CLI and SHELL,with a msfconsole-like style
optionalCTF/SSOh-No - User enumeration and password spraying tool for testing Azure AD
openclarity/kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
1ight-2020/GoRottenTomato - Go实现部分Rubeus功能，可执行asktgt, asktgs, s4u, describe ticket, renew ticket, asreproast等
cloudflare/ebpf_exporter - Prometheus exporter for custom eBPF metrics
sealerio/sealer - A tool to seal application's all dependencies and Kubernetes into ClusterImage, distribute this application anywhere via ClusterImage, and run it within any cluster in one command.
redcode-labs/GoSH - Golang reverse/bind shell generator
s4hm4d/shodanidb - Fetch data (open ports, CVEs, CPEs, ...) from shodan internetDB API
alanEG/Gosna - Dynamic url monitor
cycraft-corp/Prometheus-Decryptor - Prometheus-Decryptor is a project to decrypt files encrypted by Prometheus ransomware.
sourque/louis - Linux EDR written in Golang and based on eBPF.
snehshah22/DNS_poison_attack - On-path DNS poisoning attack tool.
Ciyfly/woodpecker - 兼容xray nuclei yaml格式以及go代码格式的poc验证扫描器
Buzz2d0/xssfinder - XSS discovery tool
xwjdsh/manssh - Manage your ssh alias configs easily.
SummerSec/SpringExploit - 🚀 一款为了学习go而诞生的漏洞利用工具
ExpLangcn/Aopo - 内网自动化快速打点工具｜资产探测｜漏洞扫描｜服务扫描｜弱口令爆破
hakluke/hakoriginfinder - Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
mittwald/kubernetes-replicator - Kubernetes controller for synchronizing secrets & config maps across namespaces
AlphabugX/Alphalog - DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全匿名产品(fuzz.red)，Alphalog与传统DNSLog不同，更快、更安全。
ipfs/kubo - IPFS implementation in Go
j3ssie/cdnstrip - Striping CDN IPs from a list of IP Addresses
ferreiraklet/airixss - Finding XSS during recon
chaosblade-io/chaosblade - An easy to use and powerful chaos engineering experiment toolkit.（阿里巴巴开源的一款简单易用、功能强大的混沌实验注入工具）
fuxiaohei/pugo - a simple site generator
hakluke/hakip2host - hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
yuyan-sec/RedisEXP - Redis 漏洞利用工具
lal0ne/vulnerability - 收集、整理、修改互联网上公开的漏洞POC
ShangRui-hash/siusiu - 一款基于docker的渗透测试工具箱，致力于做到渗透工具随身携带、开箱即用。减少渗透测试工程师花在安装工具、记忆工具使用方法上的时间和精力。
google/licensecheck - The licensecheck package classifies license files and heuristically determines how well they correspond to known open source licenses.
step-security/secure-workflows - Open platform to update your CI/CD pipelines to comply with security requirements
brokercap/Bifrost - Bifrost ---- 面向生产环境的 MySQL 同步到Redis,MongoDB,ClickHouse,MySQL等服务的异构中间件
learnerLj/geth-analyze - go-ethereum source code analyzation under the perspective of smart contract security
sjatsh/unwxapkg - 微信小程序.wxapkg解码工具
wfinn/redirex - tool that generates bypasses for open redirects
wfinn/ucors - tool that scans for CORS bypasses
AidenPearce369/ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
RistBS/Awesome-RedTeam-Cheatsheet - Active Directory & Red-Team Cheat-Sheet in constant expansion.
six2dez/ipcdn - Check which CDN providers an IP list belongs to
atsud0/frp-modify - frp0.38.1 支持域前置、远程加载配置文件、配置文件自删除、流量特征修改
xntrik/hcltm - Documenting your Threat Models with HCL
utkusen/wholeaked - a file-sharing tool that allows you to find the responsible person in case of a leakage
corazawaf/coraza - OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
firefart/stunner - Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
common-fate/granted - The easiest way to access your cloud.
timwhitez/gobusterdns - lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具
brentp/gargs - better(?) xargs in go
login546/domainhouse - 子域名查询工具,接口来自【www.domainhouse.buzz】
ZhuriLab/Starmap - 一个轮子融合的子域名收集小工具
utkusen/socialhunter - crawls the website and finds broken social media links that can be hijacked
bonjourmalware/melody - Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation.
ferreiraklet/Jeeves - Jeeves SQLI Finder
codeyourweb/fastfinder - Incident Response - Fast suspicious file finder
3rsh1/goBypassAv - 一个持续收集和学习bypassAv技术的golang实现的仓库
deepfence/PacketStreamer - :star: :star: Distributed tcpdump for cloud native environments :star: :star:
tmoneypenny/conspirator - An enhanced collaborator-like standalone server
takshal/freq - This is go CLI tool for send fast Multiple get HTTP request.
MrTuxx/OffensiveGolang - A collection of offensive Go packages inspired by different Go repositories.
mytechnotalent/turbo-attack - A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.
mitchellh/golicense - Scan and analyze OSS dependencies and licenses from compiled Go binaries
alist-org/alist - 🗂️A file list program that supports multiple storage, powered by Gin and Solidjs. / 一个支持多存储的文件列表程序，使用 Gin 和 Solidjs。
damit5/gitdorks_go - 一款在github上发现敏感信息的自动化收集工具
s0md3v/Smap - a drop-in replacement for Nmap powered by shodan.io
ahhh/Ducky_Maker - A fun script to teach automation and create ducky scripts, from existing scripts or ASCII art files
lithammer/fuzzysearch - :pig: Tiny and fast fuzzy search in Go
murphysecurity/murphysec - An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。
pry0cc/tew - A quick ‘n dirty nmap parser written in Golang to convert nmap xml to IP:Port notation.
binodlamsal/zerophish - Zero phish phishing simulated platform
YaoApp/yao - :rocket: A performance app engine to create web services and applications in minutes.Suitable for AI, IoT, Industrial Internet, Connected Vehicles, DevOps, Energy, Finance and many other use-cases.
Azure/AzureDefender-K8S-InClusterDefense -
hudangwei/codemillx - codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
zombiezen/go-sqlite - Low-level Go interface to SQLite 3
j3ssie/sdlookup - IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io
wumansgy/goEncrypt - go语言封装的各种对称加密和非对称加密，可以直接使用，包括3重DES，AES的CBC和CTR模式，还有RSA非对称加密,ECC椭圆曲线的加密和数字签名
chaitin/veinmind-tools - veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集
projectdiscovery/uncover - Quickly discover exposed hosts on the internet using multiple search engine.
JustinTimperio/gomap - A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)
bytedance/godlp - sensitive information protection toolkit
goreleaser/goreleaser - Deliver Go binaries as fast and easily as possible
tidwall/gjson - Get JSON values quickly - JSON parser for Go
p7e4/dnsearch - using rapid7 open dns data search subdomain and reverse ip
lprat/spyre - simple YARA-based IOC scanner
bufsnake/aiqicha - 基于无头浏览器查询爱企查内的企业信息
ffffffff0x/ones - 可用于多个网络资产测绘引擎 API 的命令行查询工具
wagoodman/dive - A tool for exploring each layer in a docker image
hahwul/authz0 - 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Kevin-fqh/learning-k8s-source-code - k8s、docker源码分析、读书笔记
naiba/nezha - :trollface: Self-hosted, lightweight server and website monitoring and O&M tool
chroblert/JSigThief - Golang 版SigThief
DataDog/stratus-red-team - :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
trufflesecurity/driftwood - Private key usage verification
mhmdiaa/second-order - Second-order subdomain takeover scanner
devploit/dontgo403 - Tool to bypass 40X response codes.
Le0nsec/SecCrawler - 一个方便安全研究人员获取每日安全日报的爬虫和推送程序，目前爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区以及绿盟、腾讯玄武、天融信、360等实验室博客，持续更新中。
feiyu563/nbping - nbping是为解决局域网大批量IP实例或主机探活,采用go协程并发处理,可以自定义并发的协程数量和输出结果.效率远高于现有的批量ping工具.
antonmedv/fx - Terminal JSON viewer
wallarm/gotestwaf - An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
kenjoe41/goSubsWordlist - Generate wordlist from already collected subdomains for bruteforcing purposes.
aau-network-security/riotpot - Resilient IoT and Operational Technology Honeypot
busterb/msmailprobe - Office 365 and Exchange Enumeration
timwhitez/Doge-Gabh - GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisper/RefleXXion golang implementation
wgpsec/ENScan_GO - 一款基于各大企业信息API的工具，解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。
sairson/Yasso - 强大的内网渗透辅助工具集-让Yasso像风一样支持rdp，ssh，redis，postgres，mongodb，mssql，mysql，winrm等服务爆破，快速的端口扫描，强大的web指纹识别，各种内置服务的一键利用（包括ssh完全交互式登陆，mssql提权，redis一键利用，mysql数据库查询，winrm横向利用，多种服务利用支持socks5代理执行）
bufsnake/blueming - 备份文件扫描，并自动进行下载
fiatjaf/jiq - jid on jq - interactive JSON query tool using jq expressions
phith0n/zkar - ZKar is a Java serialization protocol analysis tool implement in Go.
shmilylty/netspy - netspy是一款快速探测内网可达网段工具（深信服深蓝实验室天威战队强力驱动）
Arks7/Go_Bypass - Golang Bypass Av Generator template
binganao/golang-shellcode-bypassav - 2021.12.9 使用go语言免杀360、微软、腾讯、火绒
google/log4jscanner - A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
xiecat/fofax - fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!
Hackmanit/Web-Cache-Vulnerability-Scanner - Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
ariary/TrojanSourceFinder - 🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators (CI/CD)
1ultimat3/tld-scan - Top level domain scanner in Go
ravro-ir/log4shell-looker - log4jshell vulnerability scanner for bug bounty
rodnt/gospf - Golang tool to parse netblocks and domain names from SPF and get information about ASN.
N0MoreSecr3ts/wraith - Uncover forgotten secrets and bring them back to life, haunting security and operations teams.
panjf2000/gnet - 🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
freshcn/qqwry - 纯真ip库的golang服务
wolfeidau/golang-massl - Simple examples of configuring mutual authentication (MASSL)
LeakIX/l9fuzz - Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload
hupe1980/scan4log4shell - Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system
nodauf/GoMapEnum - User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
ariary/fileless-xec - Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)
mmcdole/gofeed - Parse RSS, Atom and JSON feeds in Go
palantir/log4j-sniffer - A tool that scans archives to check for vulnerable log4j versions
0xInfection/LogMePwn - A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
proferosec/log4jScanner - log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services
veo/vscan - 开源、轻量、快速、跨平台的网站漏洞扫描工具，帮助您快速检测网站安全隐患。功能端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
40a/go-powershell - Go wrapper for running PowerShell sessions
containers/podman - Podman: A tool for managing OCI containers and pods.
imgproxy/imgproxy - Fast and secure standalone server for resizing and converting remote images
dvyukov/go-fuzz - Randomized testing for Go
0xInfection/PewSWITCH - A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.
CTF-MissFeng/jsForward - 解决web及移动端H5数据加密Burp调试问题
jas502n/Grafana-CVE-2021-43798 - Grafana Unauthorized arbitrary file reading vulnerability
shirdonl/goWebActualCombat - 🔥🔥🔥🔥🔥🔥重磅！《Go Web编程实战派从入门到精通》随书源码开源啦，Go语言/Web开发/高并发/微服务/Gin/Redis/MongoDB/并发编程/Docker源码！欢迎star~
krishpranav/webinfo - A web information gathering tool made in go - DNS / Subdomains / Ports / Directories enumeration
lord3ver/gctsubdomains - Discover subdomains in Certificate Transparency logs using Google's Transparency Report
channyein1337/gup - gup aka Get All Urls parameters to create wordlists for brute forcing parameters.
lanyi1998/DNSlog-GO - DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具，自带WEB界面
FDlucifer/Proxy-Attackchain - proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool
redtoolskobe/scaninfo - fast scan for redtools
tomatome/grdp - pure golang rdp protocol
code-scan/AutoSubtitles -
zyylhn/zscan - Zscan a scan blasting tool set
zema1/yarx - An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应 server 的工具
NyDubh3/CuiRi - 一款红队专用免杀木马生成器，基于shellcode生成绕过所有杀软的木马。
akkuman/toolset - 免杀小小工具集
yqcs/ZheTian - ::ZheTian Powerful Anti Anti-Virus Trojan horse generator / 强大的免杀木马生成器。静态Bypass All.
NetSPI/goddi - goddi (go dump domain info) dumps Active Directory domain information
botherder/androidqf - androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.
tanc7/EXOCET-AV-Evasion - EXOCET - AV-evading, undetectable, payload delivery tool
box/kube-applier - kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.
lal0ne/monitor - 监控网站目录下的文件变更，通过钉钉机器人发送告警。
vbouchaud/k8s-ldap-auth - Kubernetes webhook token authentication plugin implementation using ldap.
mutagen-io/mutagen - Fast file synchronization and network forwarding for remote development
p4gefau1t/trojan-go - Go实现的Trojan代理，支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件，多平台，无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
XiaoMi/soar - SQL Optimizer And Rewriter
mainfunx/frpc_android - frpc_android 最新版本0.39.1
lqqyt2423/go-mitmproxy - mitmproxy implemented with golang. 用 Golang 实现的中间人攻击（Man-in-the-middle），解析、监测、篡改 HTTP/HTTPS 流量。
Maka8ka/NGLite - A major platform RAT Tool based by Blockchain/P2P.Now support Windows/Linux/MacOS
lwch/natpass - 新一代主机管理工具，支持web shell和web桌面，居家办公神器
akkuman/gSigFlip - A SigFlip implement in golang
IngoKl/HTTPUploadExfil - A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
looCiprian/GC2-sheet - GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.
Rvn0xsy/zipcreater - ZipCreater主要应用于跨目录的文件上传漏洞的利用，它能够快速进行压缩包生成。
Metarget/cloud-native-security-book - 《云原生安全：攻防实践与体系构建》资料仓库
vyrus001/go-mimikatz - A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
cckuailong/hostscan - 自动化Host碰撞工具，帮助红队快速扩展网络边界，获取更多目标点
R4yGM/dorkscout - DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
Tylous/ZipExec - A unique technique to execute binaries from a password protected zip
akkuman/rotateproxy - 利用fofa搜索socks5开放代理进行代理池轮切的工具
SkewwG/henggeFish - 自动化批量发送钓鱼邮件（横戈安全团队出品）
FourCoreLabs/EDRHunt - Scan installed EDRs and AVs on Windows
openrdap/rdap - RDAP command line client
Shu1L/avbypass - 简单go加载器实现免杀360 火绒
glebarez/cero - Scrape domain names from SSL certificates of arbitrary hosts
knes1/elktail - Command line utility to query, search and tail EL (elasticsearch, logstash) logs
mhmdiaa/chronos - Extract pieces of info from a web page's Wayback Machine history
un4gi/fave - Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.
kirides/screencapture - D3D11 based screen sharing webserver via COM interop and IDXGIOutputDuplication
fuzz7j/cDogScan - 多服务口令爆破、内网常见服务未授权访问探测，端口扫描
ariary/QueenSono - Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)
sh4hin/GoPurple - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
raverrr/plution - Prototype pollution scanner using headless chrome
Rvn0xsy/red-tldr - red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel wit
akkuman/EvilEye - A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.
galli-leo/emmutaler - A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
lucaslorentz/caddy-docker-proxy - Caddy as a reverse proxy for Docker
yunginnanet/prox5 - 🧮 SOCKS5/4/4a 🌾 validating proxy pool for 🤽 LOLXDsoRANDum connections 🎋
BishopFox/dufflebag - Search exposed EBS volumes for secrets
drosseau/degob - Go library/tool for viewing and reversing Go gob data [Moved to GitLab]
0xERR0R/blocky - Fast and lightweight DNS proxy as ad-blocker for local network with many features
xjasonlyu/tun2socks - tun2socks - powered by gVisor TCP/IP stack
xiecat/goblin - 一款适用于红蓝对抗中的仿真钓鱼系统
CasperGN/GoHead - Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info
harleo/knockknock - A simple reverse whois lookup tool which returns a list of domains owned by people or companies
MPaandeey/dlevel - A tool get level of subdomain from 1....n
i5nipe/nipejs - Detects JavaScript leaks via regex patterns
un4gi/dirtywords - A targeted word list generation tool
incogbyte/gojsx - Find juicy information inside javascript files.
FleexSecurity/fleex - Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.
Timofey21/darlene - This is a tool for fuzzing XSS vulnerabilities. It's based on genetic algorithm.
0xTeles/jsleak - a Go code to detect leaks in JS files via regex patterns
cryonayes/GoFilter - A tool to filter URLs by parameter count or size
hanc00l/nemo_go - Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率，用Go语言完全重构了原Python版本。
thelikes/fuzznav - parse ffuf & map endpoints to wordlists
dqcostin/fxr - 使用fscan联动Xray
docker-slim/docker-slim - DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
aoyouer/selfhelp-iptables - 通过http api自助添加iptables白名单与黑名单的工具，防止nmap等程序的端口扫描和恶意主动探测，防止ssh、mysql等敏感服务受到攻击，并能对探测进行记录。
darkb1rd/DarkGld - A tool for quickly generating fishing Trojan horse.
ethicalhackingplayground/tprox - TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
jakubd/apkreport - Generate CSV Reports of MobSF Results
pwnesia/dnstake - DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
neex/http2smugl -
wrfly/gus-proxy - "打一枪换一个地方" 一个HTTP代理
ossf/allstar - GitHub App to set and enforce security policies
mosajjal/dnsmonster - Passive DNS Capture and Monitoring Toolkit
j3ssie/goverview - goverview - Get an overview of the list of URLs
alexzorin/cve-2021-34558 -
zhzyker/dismap - Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点
JKme/cube - 内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描
0voice/Introduction-to-Golang - 【未来服务器端编程语言】最全空降golang资料补给包（满血战斗），包含文章，书籍，作者论文，理论分析，开源框架，云原生，大佬视频，大厂实战分享ppt
marv2097/siprocket - Fast SIP and SDP Parser
desertbit/grumble - A powerful modern CLI and SHELL
praetorian-inc/gokart - A static analysis tool for securing Go code
Tylous/SourcePoint - SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
timwhitez/doge-getsys - An easy way to getsystem by golang.
binwiederhier/replbot - Slack/Discord bot for running interactive REPLs and shells from a chat.
sanity-io/litter - Litter is a pretty printer library for Go data structures to aid in debugging and testing.
h0x0er/andromanifest - AndroidManifest.xml parser written in go
krishpranav/sshpot - A simple ssh honey pot, fake ssh server that lets anyone to connect and monitor their activty
ContainerSSH/ContainerSSH - ContainerSSH: Launch containers on demand
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
saferwall/saferwall - :cloud: Collaborative and Streamlined Threat Analysis at Scale
kube-tarian/tarian - Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-a
perlogix/cmon - NIST Information Security Continuous Monitoring (ISCM) and configuration baseline data collector
VerSprite/alpnpass - This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most S
antihax/gambit - GaMBiT Honeypot
octarinesec/kube-scan - kube-scan: Octarine k8s cluster risk assessment tool
endorama/devid - Securely manage your developer personas
aveyuan/icpquery - ICP备案查询库
gofiber/fiber - ⚡️ Express inspired web framework written in Go
KalbiProject/kalbi - Kalbi - Golang Session Initiated Protocol Framework
iiiusky/webrtc-proxy - 反向代理+webrtc 神不知鬼不觉的获取真实IP
EatonChips/wsh - Web shell generator and command line interface.
k0kubun/pp - Colored pretty printer for Go language
Rvn0xsy/goDomain - Windows活动目录中的LDAP信息收集工具
Ne0nd0g/merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Dc4ts/ChangeTower - ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
Ne0nd0g/go-shellcode - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
signedsecurity/sigurlfind3r - A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources.
capnspacehook/taskmaster - Windows Task Scheduler Library for Go
tooBugs/golang-ReflectiveDLLInjection - golang ReflectiveDLLInjection
banzaicloud/dast-operator - Dynamic Application and API Security Testing
jeessy2/ddns-go - 简单好用的DDNS。自动更新域名解析到公网IP(支持阿里云、腾讯云dnspod、Cloudflare、华为云、百度云)
haochen233/socks5 - A Go library about socks5, supports all socks5 commands. That Provides server and client and easy to use. Compatible with socks4 and socks4a.
koho/frpmgr - Windows 平台的 FRP GUI 客户端 / A user-friendly desktop GUI client for FRP on Windows.
daffainfo/Git-Secret - Go scripts for finding sensitive data like API key / some keywords in the github repository
benmanns/goworker - goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.
fullstorydev/grpcurl - Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
miku/esbulk - Bulk indexing command line tool for elasticsearch
For-ACGN/MS17-010 - An EternalBlue exploit implementation in pure go
cockroachdb/pebble - RocksDB/LevelDB inspired key-value database in Go
derekparker/delve - Delve is a debugger for the Go programming language.
m-mizutani/octovy - Trivy based vulnerability management service
inspiringz/fofa - 一款 Go 语言编写的小巧、简洁、快速采集 fofa 数据导出到 Excel 表单的小工具。
Li4n0/revsuit - RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
nicocha30/ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
fengziHK/bypass_go - bypass_go cs免杀
Lmg66/shellcodeloading - shellcode加载器 golang 分离免杀
TryGoTry/go-shellcode-webimg-load - golang shellcode loader 远程图片隐写加载执行无文件落地
projectdiscovery/simplehttpserver - Go alternative of python SimpleHTTPServer
Josue87/roboxtractor - Extract endpoints marked as disallow in robots files to generate wordlists.
daffainfo/Key-Checker - Go scripts for checking API key / access token validity
lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin?
kleiton0x00/ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
allyomalley/dnsobserver - A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications vi
Ullaakut/Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs
redcode-labs/neurax - A framework for constructing self-spreading binaries
aktsk/ipa-medit - Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
immunIT/TeamsUserEnum - User enumeration with Microsoft Teams API
lesnuages/hershell - Multiplatform reverse shell generator
txthinking/tun2brook - Proxy all traffic just one line command. tun2socks, tun2brook. IPv4 and IPv6, TCP and UDP. 只需一行命令. 让系统所有流量全部走socks5, brook server, brook wsserver, brook wssserver.
ThreeDotsLabs/watermill - Building event-driven applications the easy way in Go.
google/cel-spec - Common Expression Language -- specification and binary representation
Fahrj/reverse-ssh - Statically-linked ssh server with reverse shell functionality for CTFs and such
daffainfo/bypass-403 - Go script for bypassing 403 forbidden
Maka8ka/Faygo - A major platforms RAT Tools .High scalability.Now support Windows/Linux/MacOS
xm1k3/cent - Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
iammaguire/MeetC2 - Modular C2 framework aiming to ease post exploitation for red teamers.
irsl/gcp-dhcp-takeover-code-exec - Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
ethicalhackingplayground/erebus - Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
grines/scour -
edoardottt/cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Mdxjj/ByPassAVAddUser -
seccome/Ehoney - 安全、快捷、高交互、企业级的蜜罐管理系统，护网；支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions
KubeOperator/KubeOperator - KubeOperator 是一个开源的轻量级 Kubernetes 发行版，专注于帮助企业规划、部署和运营生产级别的 K8s 集群。
spf13/viper - Go configuration with fangs
ccfos/nightingale - An enterprise-level cloud-native monitoring system, which can be used as drop-in replacement of Prometheus for alerting and Grafana for visualization.
projectdiscovery/hmap - Hybrid memory/disk map
SPuerBRead/mqtts - MQTT安全测试工具 (MQTT Security Tools)
dumorewithcode/purl -
jafarlihi/rconn - rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.
redcode-labs/UnChain - A tool to find redirection chains in multiple URLs
xiaobaiTech/golangFamily - 【超全golang面试题合集+golang学习指南+golang知识图谱+入门成长路线】一份涵盖大部分golang程序员所需要掌握的核心知识。常用第三方库(mysql,mq,es,redis等)+机器学习库+算法库+游戏库+开源框架+自然语言处理nlp库+网络库+视频库+微服务框架+视频教程+音频音乐库+图形图片库+物联网库+地理位置信息+嵌入式脚本库+编译器库+数据库+金融库+电子邮件库+电子
yumusb/DNSLog-Platform-Golang - DNSLOG平台 golang 一键启动版
redcode-labs/Coldfire - Golang malware development library
sigstore/cosign - Container Signing
zu1k/proxypool - 自动抓取tg频道、订阅地址、公开互联网上的ss、ssr、vmess、trojan节点信息，聚合去重后提供节点列表
tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
adamyi/CTFProxy - Your ultimate infrastructure to run a CTF, with a BeyondCorp-like zero-trust network and simple infrastructure-as-code configuration.
eikendev/hackenv - Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) :rocket::wrench:
togettoyou/ipashare - 🚤 share and install your Apple ipa 分享你的 ipa 应用给别人安装
KCarretto/paragon - Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
spyse-com/go-spyse - The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
Daybr4ak/C2ReverseProxy - 一款可以在不出网的环境下进行反向代理及cs上线的工具
jiaocoll/GoWebBanner - Go语言web指纹识别
WhiteHSBG/fofaSearch-go - go实现的fofa搜索批量工具需要高级会员
canc3s/judas - 轻便的恶意反代
idiotc4t/Reflective-HackBrowserData - HackBrowserData的反射模块
marmotedu/iam - 企业级的 Go 语言实战项目：认证和授权系统（带配套课程）
edoardottt/lit-bb-hack-tools - Little Bug Bounty & Hacking Tools⚔️
kubecost/kubectl-cost - CLI for determining the cost of Kubernetes workloads
ahmetak4n/radar - Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish, OpenVAS etc.
TardC/fofadump - A small utility that calls fofa api to download data.
koderover/zadig - Zadig is a cloud native, distributed, developer-oriented continuous delivery product.
golang/vulndb - [mirror] The Go Vulnerability Database
Josue87/AnalyticsRelationships - Get related domains / subdomains by looking at Google Analytics IDs
umputun/reproxy - Simple edge server / reverse proxy
ipinfo/cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
Sakurasan/scf-proxy - 云函数代理服务
activecm/rita - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
work-helper/command-search-alfred - alfred命令搜索workflow
akavel/rsrc - Tool for embedding .ico & manifest resources in Go programs for Windows.
FunnyWolf/ligolo - Ligolo : 用于内网渗透的反向隧道
jweny/pocassist - 全新的漏洞测试框架，支持poc在线编辑、运行、批量测试。使用文档：
optiv/Dent - A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
TryGoTry/multiplexing_port_socks5 - 一款golang写的支持http与socks5的端口复用小工具，并且可以开启socks5代理。
superfashi/pwnlib - A Go rewrite of pwntools.
hashsecteam/scf-proxy -
yonyoucloud/install_k8s - 一键安装kubernets(k8s)系统，采用RBAC模式运行（证书安全认证模式），既可以单台安装、也可以集群安装，并且完全是生产环境的安装标准。有疑问大家可以加我微信沟通：bsh888
projectdiscovery/interactsh - An OOB interaction gathering server and client library
hanc00l/TXPortMap - Port Scanner & Banner Identify From TianXiang
4dogs-cn/TXPortMap - Port Scanner & Banner Identify From TianXiang
chenjia404/p2ptunnel - 一个基于p2p的tcp、udp内网穿透隧道工具
vugu/vugu - Vugu: A modern UI library for Go+WebAssembly (experimental)
1340691923/ElasticView - 这是一个简单好用的ElasticSearch可视化客户端，支持连接6，7，8版本的ES，不妨一试
binyoucai/sec -
redcode-labs/GodSpeed - Fast and intuitive manager for multiple reverse shells
0xrawsec/whids - Open Source EDR for Windows
k3s-io/kine - Run Kubernetes on MySQL, Postgres, sqlite, dqlite, not etcd.
yunxu1/dnsub - dnsub一款好用且强大的子域名扫描工具
Matrix86/flowdownloader - Simple software to download HLS encrypted files used by FlowPlayer video player
charmbracelet/glow - Render markdown on the CLI, with pizzazz! 💅🏻
inbug-team/InScan - 边界打点后的自动化渗透工具
assetnote/kiterunner - Contextual Content Discovery Tool
Alaa-abdulridha/SerpScan - Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.
cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
redcode-labs/SNOWCRASH - A polyglot payload generator
nyancrimew/goop - Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
giteshnxtlvl/cook - An overpower wordlist generator, splitter, merger, finder, permutator, encoder, decoder.. Frustration killer. Customizable. The Wordlist Framework.
rootklt/snowball - fofa+xray vul scan golang
d3mondev/puredns - Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
genkiroid/cert - Cert is the Go tool to get TLS certificate information.
kgoins/ldsview -
Tylous/Limelighter - A tool for generating fake code signing certificates or signing real ones
terorie/cve-2021-3449 - CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻
labring/sealos - sealos is a multi-tenant kubernetes distribution. You can use sealos to easily build a public or a private cloud. It is simple, flexible and powerful!
sw33tLie/bbscope - Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
muraenateam/muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
hakluke/haktrails - Golang client for querying SecurityTrails API data
evilsocket/stork - A small utility that aims to automate and simplify some tasks related to software release cycles.
LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
daehee/mildew - Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
canc3s/cIPR - 将域名转为ip段权重
staaldraad/turner - SOCKS5 and HTTP over TURN/STUN proxy
joanbono/gap - Google Maps API checker
AdguardTeam/dnsproxy - Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
canc3s/cSubsidiary - 利用天眼查查询企业子公司
flavio/kube-image-bouncer - Simple endpoint for the ImagePolicyWebhook and the GenericAdmissionWebhook Kubernetes admission controllers
canc3s/cDomain - 利用天眼查查询企业备案
EgeBalci/amber - Reflective PE packer.
ZupIT/horusec - Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
kitabisa/mubeng - An incredibly fast proxy checker & IP rotator with ease.
rakyll/hey - HTTP load generator, ApacheBench (ab) replacement
1ight-2020/Struts2Scanner - 一款Golang编写的Struts2漏洞检测和利用工具，支持并发批量检测
M4DM0e/DirDar - DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
lcvvvv/kscan - Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹2000+，暴力破解协议10余种。
gustavorobertux/gcs -
Rvn0xsy/Pricking - Watering hole attack deployment tool based on reverse proxy.
optiv/CVE-2020-15931 - Netwrix Account Lockout Examiner 4.1 Domain Admin Account Credential Disclosure Vulnerability
kost/revsocks - Reverse SOCKS5 implementation in Go
kuriv/civil-service-exam - 公务员考试知识思维导图，我们岸上见！
liamg/traitor - :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
deepfence/SecretScanner - :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
hahwul/backbomb - 💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
hahwul/gee - 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
ryandamour/ssrfuzz - SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
gustavorobertux/goshock - SonicWall VPN-SSL Exploit* using Golang ( * and other targets vulnerable to shellshock ).
jaswdr/faker - :rocket: Ultimate fake data generator for Go with zero dependencies
mehrdadrad/tcpdog - eBPF based TCP observability.
R0X4R/ssrf-tool - An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
RumbleDiscovery/recog-go - Recog-Go: Pattern Recognition using Rapid7 Recog
seventh-letter/DictGenerate - 使用Go语言编写的社工字典生成器(The social engineering dictionary generator written by Go)
evilsocket/uroboros - A GNU/Linux monitoring and profiling tool focused on single processes.
cyal1/host_scan - 这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。https://github.com/fofapro/Hosts_scan implement in Go
optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
evilsocket/ditto - A tool for IDN homograph attacks and detection.
tehmoon/http-fuzzer -
n9e/k8s-mon - 滴滴夜莺Kubernetes monitor
EdgeSecurityTeam/EHole - EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
mickael-kerjean/filestash - 🦄 A modern web client for SFTP, S3, FTP, WebDAV, Git, Minio, LDAP, CalDAV, CardDAV, Mysql, Backblaze, ...
juicedata/juicefs - JuiceFS is a distributed POSIX file system built on top of Redis and S3.
doitintl/kubeip - Assign static external IPs from predefined pool of external IP addresses to Google GKE nodes so your customers could whitelist them
thibmaek/go-volumio-mqtt-proxy -
JavierOlmedo/ipdiscover - 🔍 A simple tool to obtain long lists of ips from domains using goroutines
blackcrw/wprecon - WPRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.
hahwul/MobileHackersWeapons - Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
C4o/FBI-Analyzer - A Flexible Log Analysis System Based on Golang and Lua-Plugins. 插件化的准实时日志分析系统。
moloch--/denim - Automated compiler obfuscation for nim
alltom/dirgui - turn a directory into a GUI, slash example of VNC-based GUI
gomodules/notify - Send notification via Email, SMS, Chat etc.
0xsapra/fuzzparam -
Charlie-belmer/nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
acme-dns/acme-dns-client - A client software for https://github.com/joohoi/acme-dns
goretk/redress - Redress - A tool for analyzing stripped Go binaries
riza/gigger - Git folder digger, I'm sure it's worthwhile stuff.
alpkeskin/mosint - An automated e-mail OSINT tool
nytr0gen/deduplicate - Remove duplicate urls from input
edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
m7shapan/querycsv - QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file
tomnomnom/meg - Fetch many paths for many hosts - without killing the hosts
michenriksen/Amass - In-depth Attack Surface Mapping and Asset Discovery
jm33-m0/emp3r0r - Linux/Windows post-exploitation framework made by linux user
assetnote/commonspeak2 - Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
CTF-MissFeng/GoScan - GoScan是采用Golang语言编写的一款分布式综合资产管理系统，适合红队、SRC等使用
posener/h2conn - HTTP2 client-server full-duplex connection
Ridter/p12tool - A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
ranon-rat/sayBruh - its a rebuild of saycheese with golang
mlcsec/headi - Customisable and automated HTTP header injection
bp0lr/linkz -
netxfly/sec-dev-in-action-src - 《白帽子安全开发实战》配套代码
pelaohxc/postMessageFinder -
C-Sto/GoGitDumper - Dump exposed HTTP .git fast
sudosammy/knary - A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support
ameenmaali/qsfuzz - qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
hahwul/mzap - ⚡️ Multiple target ZAP Scanning
ezekg/git-hound - Git plugin that prevents sensitive data from being committed.
root4loot/rescope - A scope-generator-tool for Burp Suite and ZAP
awgh/madns - DNS server for pentesters
braaaax/gfz -
gen2brain/url2img - HTTP server with API for capturing screenshots of websites
arkrz/v2sub - 用于 linux 下订阅 v2ray 的小工具。
jimareed/casbin-auth0-rbac-backend - Example RBAC implementation with Casbin and Auth0
Hackl0us/GeoIP2-CN - 小巧精悍、准确、实用 GeoIP2 数据库
bp0lr/dmut - A tool to perform permutations, mutations and alteration of subdomains in golang.
tismayil/rsdl - Subdomain Scan With Ping Method.
projectdiscovery/proxify - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
rmb122/rogue_mysql_server - 一个支持 go, php, python, java, 原生命令行等多种语言下客户端的 mysql 恶意服务器
bp0lr/dnsfaster - Test the speed and reliability of a list of DNS servers
projectdiscovery/cloudlist - Cloudlist is a tool for listing Assets from multiple Cloud Providers.
mehrdadrad/tcpprobe - Modern TCP tool and service for network performance observability.
ReddyyZ/urlbrute - Directory/Subdomain scanner developed in GoLang.
fzakaria/autopatchelf -
denandz/sourcemapper - Extract JavaScript source trees from Sourcemap files
cloudquery/cloudquery - The open-source cloud asset inventory powered by SQL.
FairwindsOps/nova - Find outdated or deprecated Helm charts running in your cluster.
matryer/xbar - Put the output from any script or program into your macOS Menu Bar (the BitBar reboot)
gorse-io/gorse - An open source recommender system service written in Go
ribbybibby/ssl_exporter - Exports Prometheus metrics for TLS certificates
sysdream/chashell - Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
utkusen/urlhunter - a recon tool that allows searching on URLs that are exposed via shortener services
Cgboal/exclude-cdn - Wraps projectdiscovery's cdncheck library to exclude CDN hosts from input passed over stdin
ipipdotnet/ipdb-go - IPIP.net officially supported IP database ipdb format parsing library
idoubi/goz - A fantastic HTTP request libarary used in Golang.
MaxSecurity/BurpSuite-MacOS-Crack -
projectdiscovery/collaborator - BurpSuite Standard/Private Collaborator Library
digininja/GitHunter - A tool for searching a Git repository for interesting content
k0sproject/k0s - k0s - The Zero Friction Kubernetes by Team Lens
cdk-team/CDK - 📦 Make security testing of K8s, Docker, and Containerd easier.
rvrsh3ll/RendezvousRAT - Self-healing RAT utilizing libp2p
shadow1ng/fscan - 一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
xo/xo - Command line tool to generate idiomatic Go code for SQL databases supporting PostgreSQL, MySQL, SQLite, Oracle, and Microsoft SQL Server
PaddlePaddle/PaddleCloud - PaddlePaddle Docker images and K8s operators for PaddleOCR/Detection developers to use on public/private cloud.
tomnomnom/gron - Make JSON greppable!
uknowsec/keylogger - 键盘记录，支持定时回传
aquasecurity/starboard - Moved to https://github.com/aquasecurity/trivy-operator
ossf/scorecard - Security Scorecards - Security health metrics for Open Source
k8gege/LadonGo - LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫
yolossn/Prometheus-Basics - Prometheus-Basics is part of Prometheus Docs now, checkout 👇
RedTeamPentesting/CVE-2020-13935 - Exploit for WebSocket Vulnerability in Apache Tomcat
projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go -
kitabisa/teler - Real-time HTTP Intrusion Detection
iiiusky/alicloud-tools - 阿里云ECS、策略组辅助小工具
anchore/grype - A vulnerability scanner for container images and filesystems
Ridter/DomainHiding - external c2 use domainhiding.
timwhitez/Doge-Loader - 🐶Cobalt Strike Shellcode Loader by Golang
ThreatUnkown/jsubfinder - jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
Shivangx01b/BountyIt - A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures
StamusNetworks/gophercap - Accurate, modular, scalable PCAP manipulation tool written in Go.
C-Sto/recursebuster - rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
facebookincubator/nvdtools - A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
hashicorp/waypoint - A tool to build, deploy, and release any application on any platform.
nscuro/fdnssearch - Swiftly search FDNS datasets from Rapid7 Open Data
jimen0/fdns - Concurrent Rapid7 FDNS dataset parser
rootless-containers/bypass4netns - [Experimental] Accelerates slirp4netns using SECCOMP_IOCTL_NOTIF_ADDFD. As fast as --net=host.
mzfr/takeover - A tool for testing subdomain takeover possibilities at a mass scale.
vsec7/urlive - Check url is live (HTTP status code "200 ok" only).
valyala/fasthttp - Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
gwen001/github-subdomains - Find subdomains on GitHub
aquasecurity/tfsec - Security scanner for your Terraform code
tstillz/webshell-analyzer - Web shell scanner and analyzer.
falcosecurity/kilt - Kilt is a project that defines how to inject foreign apps into containers
C-Sto/gosecretsdump - Dump ntds.dit really fast
GoogleContainerTools/kpt - Automate Kubernetes Configuration Editing
berty/berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
LukaSikic/subzy - Subdomain takeover vulnerability checker
liamg/scout - 🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
OWASP/Go-SCP - Go programming language secure coding practices guide
bp0lr/wurl - A tool to test working urls.
mergestat/mergestat - Query git repositories with SQL. Generate reports, perform status checks, analyze codebases. 🔍 📊
nkanaev/yarr - yet another rss reader
sw33tLie/bcscope - Get the scope of your bugcrowd programs
dstotijn/hetty - An HTTP toolkit for security research.
liamg/gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
code-scan/s5_server -
crowdsecurity/crowdsec - CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI data
incogbyte/quickpress - Small tool to automate SSRF wordpress and XMLRPC finder
RedTeamPentesting/monsoon - Fast HTTP enumerator
harleo/asnip - ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
projectdiscovery/mapcidr - Small utility program to perform multiple operations for a given subnet/CIDR ranges.
Shpota/goxygen - Generate a modern Web project with Go and Angular, React or Vue in seconds 🚀
EddieIvan01/gld - Go shellcode LoaDer
theblackturtle/wildcheck - A simple tool to detect wildcards domain based on Amass's wildcards detector.
dwisiswant0/unew - A tool for append URLs, skipping duplicates/paths & combine parameters.
0xsha/CloudBrute - Awesome cloud enumerator
Becivells/iconhash - fofa shodan favicon.ico hash icon ico 计算器
shenwei356/rush - A cross-platform command-line tool for executing jobs in parallel
awake1t/linglong - 一款甲方资产巡航扫描系统。系统定位是发现资产，进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
mingrammer/go-web-framework-stars - :star: Web frameworks for Go, most starred on GitHub
imroc/req - Simple Go HTTP client with Black Magic
arminc/clair-scanner - Docker containers vulnerability scan
FiloSottile/age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
schollz/croc - Easily and securely send things from one computer to another :crocodile: :package:
Ladicle/kubectl-rolesum - Summarize Kubernetes RBAC roles for the specified subjects.
kalmhq/kalm - Kalm | Kubernetes AppLication Manager
lamoda/gonkey - Gonkey - a testing automation tool
jcatala/gqm - Go quick message
fanjq99/dnslog - dnslog reverse vul-verify 反连平台漏洞验证
chennqqi/godnslog - An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
ArturSS7/TukTuk - Tool for catching and logging different types of requests.
ethicalhackingplayground/wordlistgen - Generates target specific word lists for Fuzzing with fuff
BishopFox/smogcloud - Find cloud assets that no one wants exposed 🔎 ☁️
containerd/stargz-snapshotter - Fast container image distribution plugin with lazy pulling
ethicalhackingplayground/ssrf-tool -
chroblert/JCRandomProxy - 随机代理
hahwul/jwt-hack - 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
ethicalhackingplayground/dorkX - Pipe different tools with google dork Scanner
ethicalhackingplayground/linkJS -
KathanP19/Gxss - A tool to check a bunch of URLs that contain reflecting params.
mhewedy/vermin - The smart virtual machines manager. A modern CLI for Vagrant Boxes.
dwisiswant0/wadl-dumper - Dump all available paths and/or endpoints on WADL file.
alfarom256/ExternalC2Go -
qq431169079/PortScanner-3 - golang 版本的分布式端口扫描器，可快速方便部署，扫描核心基于 masscan & nmap
FunnyWolf/TFirewall - 防火墙出网探测工具,内网穿透型socks5代理
mitchellh/gox - A dead simple, no frills Go cross compile tool
projectcalico/calico - Cloud native networking and network security
awake1t/PortBrute - 一款跨平台小巧的端口爆破工具，支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compact port blasting tool that supports blasting FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD
nerdswords/yet-another-cloudwatch-exporter - AWS cloudwatch to prometheus exporter - Discovers services through AWS tags, gets cloudwatch data and provides them as prometheus metrics with AWS tags as labels.
codingo/bbr - An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
dwisiswant0/slackcat - A simple way of sending messages from the CLI output to your Slack with webhook.
alexellis/registry-creds - Replicate Kubernetes ImagePullSecrets to all namespaces
Threagile/threagile - Agile Threat Modeling Toolkit
knownsec/ksubdomain - 无状态子域名爆破工具
tkmru/dumproid - Android process memory dump tool without ndk.
pkujhd/goloader - load and run golang code at runtime.
inguardians/peirates - Peirates - Kubernetes Penetration Testing tool
hirochachacha/go-smb2 - SMB2/3 client library written in Go.
capnspacehook/rose -
burrowers/garble - Obfuscate Go builds
dalconan/NaviPassRead - Read Navicat 12 Password
thought-machine/dracon - Security scanning & static analysis tool
optiv/Go365 - An Office365 User Attack Tool
halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
MilindPurswani/whoxyrm - A reverse whois tool based on Whoxy API.
ameenmaali/wordlistgen - Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
openservicemesh/osm - Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microser
Masterminds/sprig - Useful template functions for Go templates.
C4o/Juggler - A system that may trick hackers. 一个也许能骗到黑客的系统。
zu1k/nali - 一个查询IP地理信息和CDN服务提供商的离线终端工具.An offline tool for querying IP geographic information and CDN provider.
hasura/gitkube - Build and deploy docker images to Kubernetes using git push
xct/xc - A small reverse shell for Linux & Windows
impost0r/Misc-Tools - Miscellaneous tools I've developed over the years for help in infosec.
x1sec/commit-stream - #OSINT tool for finding Github repositories by extracting commit logs in real time from the Github event API
ayoul3/reflect-pe - Reflectively load PE
vmware-tanzu/octant - Highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
CloudyKit/jet - Jet template engine
moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
lunixbochs/usercorn - dynamic binary analysis via platform emulation
he1m4n6a/cve-db - 一个用于生成cve数据库的程序并提供简单的http协议查询接口
sourcegraph/sourcegraph - Universal code search (self-hosted)
jpillora/chisel - A fast TCP/UDP tunnel over HTTP
paranoidninja/Boomerang - Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal servic
overnote/over-golang - Golang相关：[审稿进度80%]Go语法、Go并发思想、Go与web开发、Go微服务设施等
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
dwisiswant0/go-dork - The fastest dork scanner written in Go.
hakluke/hakq - A basic golang server/client for distributing tasks over multiple systems.
ctoyan/ponieproxy - Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.
greyireland/algorithm-pattern - 算法模板，最科学的刷题方式，最快速的刷题路径，你值得拥有~
optiv/Talon - A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.
CTF-MissFeng/NmapTools - Go语言练习，第一个小工具，nmaptools解析xml导出xlsx结果、进行web服务探测、进行socket数据探测等
lifei6671/interview-go - golang面试题集合
hsiafan/httpdump - Capture and parse http traffics
moloch--/leakdb - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
cybercdh/kitphishr - A tool designed to hunt for Phishing Kit source code
gokrazy/gokrazy - turn your Go program(s) into an appliance running on the Raspberry Pi 3 or 4 (or on amd64 PCs!)
aktsk/apk-medit - memory search and patch tool on debuggable apk without root & ndk
sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
kubernetes-sigs/kustomize - Customization of kubernetes YAML configurations
Static-Flow/gofingerprint - GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
D00MFist/Go4aRun - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
riza/medusa - Fastest recursive HTTP fuzzer, like a Ferrari.
sunshinev/go-sword - 【Go-sword】可视化CRUD管理后台生成工具
jckuester/awsls - A list command for AWS resources
go-rod/rod - A Devtools driver for web automation and scraping
mailhog/MailHog - Web and API based SMTP testing
kinvolk/lokomotive - 🪦 DISCONTINUED Further Lokomotive development has been discontinued. Lokomotive is a 100% open-source, easy to use and secure Kubernetes distribution from the volks at Kinvolk
stefanoj3/dirstalk - Modern alternative to dirbuster/dirb
sethvargo/go-envconfig - A Go library for parsing struct tags from environment variables.
seata/seata-go - Go Implementation For Seata
ncarlier/feedpushr - A simple feed aggregator daemon with sugar on top.
michelin/ChopChop - ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit allows to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
ColetteContreras/v2ray-poseidon - An Enhanced V2Ray(based on v2ray-core) for VNetPanel, SSRPanel, V2board and SSPanel-v3-Uim to sync users from database to v2ray, to log traffics/system info
lesnuages/go-execute-assembly - Allow a Go process to dynamically load .NET assemblies
EddieIvan01/iox - Tool for port forwarding & intranet proxy
TheMMMdev/addSome - Simple Go script to check if found domains in a file are already saved in your Findomain database
fuzzitdev/fuzzit - CLI to integrate continuous fuzzing with Fuzzit (no longer available)
whitehatnote/BlueShell - 红蓝对抗跨平台远控工具
1ndianl33t/1ndiList - Recon Custom WordList Ganerator
smallstep/autocert - ⚓ A kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers
ameenmaali/whoareyou - whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)
ethicalhackingplayground/Zin - A Payload Injector for bugbounties written in go
hakluke/haktldextract - Extract domains/subdomains from URLs en masse
ngrok/sqlmw - Interceptors for database/sql
hwholiday/gid - Golang 分布式ID生成系统，高性能、高可用、易扩展的id生成服务
BishopFox/sliver - Adversary Emulation Framework
projectdiscovery/chaos-client - Go client to communicate with Chaos DNS API.
projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
dwisiswant0/cf-check - CloudFlare Checker written in Go
vidar-team/Cardinal - CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD platform - 欢迎 Star~ ✨
wunderwuzzi23/KoiPhish - A simple yet beautiful phishing proxy.
caddyserver/forwardproxy - Forward proxy plugin for the Caddy web server
Binject/backdoorfactory - A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire.
go-vgo/robotgo - RobotGo, Go Native cross-platform GUI automation @vcaesar
erbbysam/DNSGrep - Quickly Search Large DNS Datasets
random-robbie/ssrf-finder - Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
1ndianl33t/1ndi-hacks - Bug Bounty Tools
gobysec/GobyVuls - Vulnerabilities of Goby supported with exploitation.
projectdiscovery/public-bugbounty-programs - Community curated list of public bug bounty and responsible disclosure programs.
xluohome/phonedata - 手机号码归属地信息库、手机号归属地查询 phone.dat 最后更新：2021年08月
tomnomnom/fff - The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
praetorian-inc/slack-c2bot - Slack C2bot that executes commands and returns the output.
esrrhs/pingtunnel - Pingtunnel is a tool that send TCP/UDP traffic over ICMP
pry0cc/subgen - A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
ctoyan/waybackcollector - Fetch wayback machine historical content for a given url
cruise-automation/rbacsync - Automatically sync groups into Kubernetes RBAC
uber-go/ratelimit - A Golang blocking leaky-bucket rate limit implementation
Shivangx01b/CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner
leobeosab/sharingan - Offensive Security recon tool
Sh1Yo/rate-limit-checker - Check whether the domain has a rate limit enabled.
asciimoo/wuzz - Interactive cli tool for HTTP inspection
zmap/zgrab2 - Fast Go Application Scanner
ndelphit/apkurlgrep - Extract endpoints from APK files
GameXG/TcpRoute2 - TcpRoute , TCP 层的路由器。对于 TCP 连接自动从多个线路(电信、联通、移动)、多个域名解析结果中选择最优线路。
heroku/terrier - Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
xfhg/intercept - INTERCEPT / Policy as Code Static Analysis Auditing / SAST
chai2010/go-ast-book - :books: 《Go语言定制指南》(原名：Go语法树入门/开源免费图书/Go语言进阶/掌握抽象语法树/Go语言AST)
tillson/git-hound - Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
ihaiker/sudis - Sudis !! Distributed supervisor process control system
tailscale/tailscale - The easiest, most secure way to use WireGuard and 2FA.
QSoloX/whoisyou - Take a list of domains and output the hostname and ip.
virink/xray-weblisten-ui - Xray 被动扫描管理
Dliv3/Venom - Venom - A Multi-hop Proxy for Penetration Testers
jjf012/gopoc - 用cel-go重现了长亭xray的poc检测功能的轮子
go-admin-team/go-admin - 基于Gin + Vue + Element UI的前后端分离权限管理系统脚手架（包含了：多租户的支持，基础用户管理功能，jwt鉴权，代码生成器，RBAC资源控制，表单构建，定时任务等）3分钟构建自己的中后台项目；文档：https://doc.go-admin.dev Demo： https://www.go-admin.dev Antd beta版本：https://preview.go-ad
tismayil/ohmybackup - Scan Victim Backup Directories & Backup Files
drk1wi/Modlishka - Modlishka. Reverse Proxy.
joanbono/Gurp - Burp Commander written in Go
projectdiscovery/dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
zmap/zdns - Fast CLI DNS Lookup Tool
jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
hahwul/dalfox - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
shomali11/go-interview - Collection of Technical Interview Questions solved with Go
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
gudegg/yunSpider - 百度云网盘爬虫
master-coder-ll/v2ray-web-manager - v2ray-web-manager 是一个v2ray的面板，也是一个集群的解决方案；同时增加了流量控制/账号管理/限速等功能。key: admin , panel ,web,cluster,集群,proxy
tuxotron/docker-image-generator - Customized docker images generation toolkit
hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Adminisme/ServerScan - ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
projectdiscovery/nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL.
argoproj/argo-workflows - Workflow engine for Kubernetes
theblackturtle/fprobe - Take a list of domains/subdomains and probe for working http/https server.
madneal/gshark - Scan for sensitive information easily and effectively.
ATpiu/asset-scan - asset-scan是一款适用甲方企业的外网资产周期性扫描监控系统
jesseduffield/lazydocker - The lazier way to manage everything docker
parsiya/Hacking-with-Go - Golang for Security Professionals
projectdiscovery/shuffledns - MassDNS wrapper written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
rhaidiz/broxy - An HTTP/HTTPS intercept proxy written in Go.
TheKingOfDuck/ReverseGoShell - A Golang Reverse Shell Tool With AES Dynamic Encryption
darkr4y/geacon - Practice Go programming and implement CobaltStrike's Beacon in Go
kozlice/slack-webm-sentinel - A bot that tracks .webm links and converts them to .mp4
Go-zh/tour - Go 语言官方教程中文版
gophish/gophish - Open-Source Phishing Toolkit
sensepost/gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
xfiftyone/STS2G - Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
ZeroDream-CN/SakuraFrp - 基于 Frp 二次开发定制的版本，可实现多用户管理、限速等商业化功能
phil-fly/goWeakPass - 使用golang编写的服务弱口令检测
ph4ntonn/Stowaway - 👻Stowaway -- Multi-hop Proxy Tool for pentesters
geph-official/geph2 - (ARCHIVED) Geph (迷霧通) is a modular Internet censorship circumvention system designed specifically to deal with national filtering.
tomnomnom/hacks - A collection of hacks and one-off scripts
tomnomnom/qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
phuslu/iploc - Fastest IP To Country Library
Buzz2d0/Hyuga - Hyuga 是一个用来监控带外(Out-of-Band)流量的工具。🪤
hakluke/hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.
RumbleDiscovery/rumble-tools - Open source tools, libraries, and datasets related to the Rumble Network Discovery product and associated research
hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
yuxiaokui/gohtran - 反向socks5代理, 关键词: go htran 重复造轮子 ssocks ew
sundowndev/phoneinfoga - Information gathering & OSINT framework for phone numbers
40t/go-sniffer - 🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。
aquasecurity/trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
xxjwxc/gowp - golang worker pool , Concurrency limiting goroutine pool
Qianlitp/crawlergo - A powerful browser crawler for web vulnerability scanners
dreamans/syncd - syncd是一款开源的代码部署工具，它具有简单、高效、易用等特点，可以提高团队的工作效率.
insidersec/insider - Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im
bnkamalesh/verifier - A minimal, customizable Go package for Email & Mobile number verification
ahhh/nmap-to-netscan - A helper utility for turning nmap xml files into target lists for go-netscan
openkruise/kruise - Automate application management on Kubernetes (project under CNCF)
guonaihong/gout - gout to become the Swiss Army Knife of the http client @^^@---> gout 是http client领域的瑞士军刀，小巧，强大，犀利。具体用法可看文档，如使用迷惑或者API用得不爽都可提issues
wxbool/video-srt-windows - 这是一个可以识别视频语音自动生成字幕SRT文件的开源 Windows-GUI 软件工具。
aau-network-security/haaukins - A Highly Accessible and Automated Virtualization Platform for Security Education
crawlab-team/crawlab - Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台，支持任何语言和框架
yakumioto/alkaid - Alkaid is a BaaS(Blockchan as a Service) service based on Hyperledger Fabric.
TNK-Studio/gortal - 🚪A super lightweight jumpserver service developed using the Go language. 一个使用 Go 语言开发的，超级轻量的跳板机服务。
kerbyj/goLazagne - Go library for credentials recovery
squat/kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
filebrowser/filebrowser - 📂 Web File Browser
derailed/k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!
flipped-aurora/gin-vue-admin - 基于vite+vue3+gin搭建的开发基础平台（支持TS,JS混用），集成jwt鉴权，权限管理，动态路由，显隐可控组件，分页封装，多点登录拦截，资源权限，上传下载，代码生成器，表单生成器等开发必备功能。
aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
cbeuw/Cloak - A censorship circumvention tool to evade detection by authoritarian state adversaries
gin-gonic/gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
kataras/iris - The fastest HTTP/2 Go Web Framework. Easy to learn. Fast development with Code you control. Unbeatable cost-performance ratio :leaves: :rocket: | 谢谢 |
github/gh-ost - GitHub's Online Schema-migration Tool for MySQL
mehrdadrad/radvpn - Decentralized VPN
LyricTian/gin-admin - RBAC scaffolding based on Gin + Gorm 2.0 + Casbin + Wire DI.
liuzhuoling2011/RedisGo - 为更好的管理/监控Redis而倾心打造~
TruthHun/BookStack - BookStack，基于MinDoc，使用Beego开发的在线文档管理系统，功能类似Gitbook和看云。
thinkeridea/go-extend - go语言扩展包，收集一些常用的操作函数，辅助更快的完成开发工作，并减少重复代码
zhshch2002/goribot - [Crawler/Scraper for Golang]🕷A lightweight distributed friendly Golang crawler framework.一个轻量的分布式友好的 Golang 爬虫框架。
xinliangnote/go-gin-api - 基于 Gin 进行模块化设计的 API 框架，封装了常用功能，使用简单，致力于进行快速的业务研发。比如，支持 cors 跨域、jwt 签名验证、zap 日志收集、panic 异常捕获、trace 链路追踪、prometheus 监控指标、swagger 文档生成、viper 配置文件解析、gorm 数据库组件、gormgen 代码生成工具、graphql 查询语言、errno 统一定义错误码、gR
eolinker/goku_lite - A Powerful HTTP API Gateway in pure golang！Goku API Gateway （中文名：悟空 API 网关）是一个基于 Golang开发的微服务网关，能够实现高性能 HTTP API 转发、服务编排、多租户管理、API 访问权限控制等目的，拥有强大的自定义插件系统可以自行扩展，并且提供友好的图形化配置界面，能够快速帮助企业进行 API 服务治理、提高 AP
yangwenmai/learning-golang - Go 学习之路：Go 开发者博客、Go 微信公众号、Go 学习资料（文档、书籍、视频）
defenxor/dsiem - Security event correlation engine for ELK stack
TeaWeb/build - TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777
gourouting/singo - Gin+Gorm开发Golang API快速开发脚手架
nntaoli-project/goex - Exchange Rest And WebSocket API For Golang Wrapper support okcoin,okex,huobi,hbdm,bitmex,coinex,poloniex,bitfinex,bitstamp,binance,kraken,bithumb,zb,hitbtc,fcoin, coinbene
sqshq/sampler - Tool for shell commands execution, visualization and alerting. Configured with a simple YAML file.
mdsecactivebreach/o365-attack-toolkit - A toolkit to attack Office365
OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
netevert/delator - Golang-based subdomain miner leveraging certificate transparency logs
tomnomnom/assetfinder - Find domains and subdomains related to a given domain
astaxie/build-web-application-with-golang - A golang ebook intro how to build a web with golang
myrual/mixin-network-snapshot-golang - crypto currency gateway plugin for web store
aceld/zinx - 基于Golang轻量级TCP并发服务器框架
hanxi/lemonade - Lemonade is a remote utility tool. (copy, paste and open browser) over TCP.
txthinking/zoro - zoro can help you expose local server to external network. Support both TCP/UDP, of course support HTTP. Zero-Configuration. zoro 帮助你将本地端口暴露在外网.支持TCP/UDP, 当然也支持HTTP. 内网穿透.
az0ne/Finder - 一款Go语言实现的端口扫描器.
lakevilladom/goSkylar - 基于Golang开发的企业级外网端口资产扫描
Virus-V/arpZebra - ARP+DNS欺骗工具，网络安全第三次实验，课堂演示用，严禁非法用途。ARPSpoof，wifi hijack，dns spoof
rancher/k3os - Purpose-built OS for Kubernetes, fully managed by Kubernetes.
gcla/termshark - A terminal UI for tshark, inspired by Wireshark
RickGray/vscan-go - golang version for nmap service and application version detection (without nmap installation)
ffuf/ffuf - Fast web fuzzer written in Go
lis912/CapOS - 等级保护测评windows工具源码
netxfly/x-crack - x-crack - Weak password scanner, Support: FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
ice-ice/dnstunnel - dns tunnel backdoor DNS隧道后门
future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
milo2012/pathbrute - Pathbrute
l3m0n/whatweb - 更快速的进行Web应用指纹识别
boy-hack/goWhatweb - [学习GO] go语言写的web指纹识别 - Identify websites by go language
gwuhaolin/livego - live video streaming server in golang
ffhelicopter/Go42 - 《Go语言四十二章经》详细讲述Go语言规范与语法细节及开发中常见的误区，通过研读标准库等经典代码设计模式，启发读者深刻理解Go语言的核心思维，进入Go语言开发的更高阶段。
meshbird/meshbird - Distributed private networking
Q2h1Cg/dnsbrute - a fast domain brute tool
marco-lancini/goscan - Interactive Network Scanner
alibaba/RedisShake - redis-shake is a tool for synchronizing data between two redis databases. Redis-shake 是一个用于在两个 redis之间同步数据的工具，满足用户非常灵活的同步、迁移需求。
knownsec/gsm - 使用树莓派配合硬件来进行短信转发
WangYihang/Platypus - :hammer: A modern multiple reverse shell sessions manager written in go
jmpews/goscan - golang的扫描框架, 支持协程池和自动调节协程个数.
coyim/coyim - coyim - a safe and secure chat client
chai2010/awesome-go-zh - :books: Go资源精选中文版(含中文图书大全)
securego/gosec - Golang security checker
ehang-io/nps - 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server,
opensec-cn/kunpeng - kunpeng是一个Golang编写的开源POC框架/库，以动态链接库的形式提供各种语言调用，通过此项目可快速开发漏洞检测类的系统。
j3ssie/osmedeus - A Workflow Engine for Offensive Security
rockagen/cmus-lyric - cmus lyric viewer
maxmcd/webtty - Share a terminal session over WebRTC
0xDkd/auxpi - 🍭 集合多家 API 的新一代图床
root-gg/plik - Plik is a temporary file upload system (Wetransfer like) in Go.
sensepost/godoh - 🕳 godoh - A DNS-over-HTTPS C2
mkchoi212/fac - Easy-to-use CUI for fixing git conflicts
gogs/gogs - Gogs is a painless self-hosted Git service
iwannay/jiacrontab - 简单可信赖的任务管理工具
Releasel0ck/Blind-SQL-Injector - 手工盲注辅助注入工具
netxfly/docker_ssh_honeypot - 安全开发教学 - 用Docker制作一个高交互ssh蜜罐
jesseduffield/lazygit - simple terminal UI for git commands
go-gitea/gitea - Git with a cup of tea, painless self-hosted git service
sipt/shuttle - A web proxy in Golang with amazing features.
lixiangzhong/dnsutil - dns dig for golang
TruthHun/DocHub - 参考百度文库，使用Beego（Golang）开发的开源文库系统
TimothyYe/godns - A dynamic DNS client tool supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS & DreamHost, etc, written in Go.
cloverstd/tcping - ping over a tcp connection
google/subcommands - Go subcommand library.
fanpei91/torsniff - torsniff - a sniffer that sniffs torrents from BitTorrent network
anshumanbh/merge-nmap-masscan - Merge results from NMAP and Masscan into one CSV file
anoshop/BAT_Check_DomainName -
jimeh/tmux-themepack - A pack of various Tmux themes.
xo/usql - Universal command-line interface for SQL databases
miniflux/v2 - Minimalist and opinionated feed reader
AmyangXYZ/DNSSniffer - DNSQuery Sniffer in Golang
OpenBazaar/go-onion-transport - Tor onion transport for IPFS
snail007/goproxy - 🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port
shawn1m/overture - A customized DNS relay server
tianon/gosu - Simple Go-based setuid+setgid+setgroups+exec
projectdiscovery/subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
baidu-security/app-env-docker - 基于 Docker 的真实应用测试环境
claudiodangelis/qrcp - :zap: Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.
dsopas/rfd-checker - RFD Checker - security CLI tool to test Reflected File Download issues
gilbertchen/duplicacy - A new generation cloud backup tool
tiagorlampert/CHAOS - :fire: CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
cointop-sh/cointop - A fast and lightweight interactive terminal based UI application for tracking cryptocurrencies 🚀
lyyyuna/godht -
shadowsocks/shadowsocks-go - go port of shadowsocks (Deprecated)
mritd/idgen - 一个使用 golang 编写的大陆身份证生成器
cbeuw/GoQuiet - A Shadowsocks obfuscation plugin utilising domain fronting to evade deep packet inspection
haccer/subjack - Subdomain Takeover tool written in Go
gwuhaolin/lightsocks - ⚡️一个轻巧的网络混淆代理🌏
qax-os/ElasticHD - Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索，Index template快捷替换修改，索引列表信息查看， SQL converts to DSL等
zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
cloudreve/Cloudreve - 🌩支持多家云存储的云盘系统 (Self-hosted file management and sharing system, supports multiple storage providers)
Ice3man543/SubOver - A Powerful Subdomain Takeover Tool
MiSecurity/x-patrol - github泄露扫描系统
ginuerzh/gost - GO Simple Tunnel - a simple tunnel written in golang
avast/apkverifier - APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.
dzonerzy/goWAPT - Go Web Application Penetration Test
rgburke/grv - GRV is a terminal interface for viewing git repositories
jiajunhuang/guard - NOT MAINTAINED! A generic high performance circuit breaker & proxy server written in Go
GameXG/ProxyClient - golang 代理库，和net一致的API。支持 socks4、socks4a、socks5、http、https 等代理协议。
random-robbie/AWS-Scanner - Scans a list of websites for Cloudfront or S3 Buckets
DNSCrypt/dnscrypt-proxy - dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
malfunkt/hyperfox - HTTP/HTTPS MITM proxy and recorder.
LubyRuffy/tcptunnel - 将本地内网服务器映射到公网。
ghostunnel/ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
mmatczuk/go-http-tunnel - Fast and secure tunnels over HTTP/2
mattn/ft - File Transferer
ethereum/go-ethereum - Official Go implementation of the Ethereum protocol
cookieY/Yearning - 🐳 A most popular sql audit platform for mysql
crabkun/switcher - 一个多功能的端口转发/端口复用工具，支持转发本地或远程地址的端口，支持正则表达式转发（实现端口复用）。
fardog/secureoperator - A DNS-protocol proxy for DNS-over-HTTPS providers, such as Google and Cloudflare
drish/ben - Your benchmark assistant, written in Go.
Nhoya/gOSINT - OSINT Swiss Army Knife
cw1997/NATBypass - 一款lcx在golang下的实现, 可用于内网穿透, 建立TCP反弹隧道用以绕过防火墙入站限制等, A tool for establish reverse tunnel for NAT network environment and proxy, support all functions of lcx.exe
netxfly/xsec-proxy-scanner - xsec-proxy-scanner是一款速度超快、小巧的代理扫描器
go-ignite/ignite - A SS(R) panel for managing multiple users, powered by Go & Docker.
yinqiwen/gsnova - Private proxy solution & network troubleshooting tool.
timest/goscan - goscan is a simple and efficient IPv4 network scanner that discovers all active devices on local subnet.
tam7t/hpkp - golang hpkp client library
twitchyliquid64/subnet - Simple, auditable & elegant VPN, built with TLS mutual authentication and TUN.
dreddsa5dies/goHackTools - Hacker tools on Go (Golang)
rclone/rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files
moul/assh - :computer: make your ssh client smarter
yangxuan8282/docker-image -
averagesecurityguy/searchscan - Search Nmap and Metasploit scanning scripts.
netxfly/xsec-ip-database - xsec-ip-database为一个恶意IP和域名库（Malicious ip database）
bynil/sov2ex - A site search for V2EX
coyove/goflyway - An encrypted HTTP server
junegunn/fzf - :cherry_blossom: A command-line fuzzy finder
flynaj/kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing
inconshreveable/slt - A TLS reverse proxy with SNI multiplexing in Go
diamondyuan-achieve/frp -
inconshreveable/ngrok - Introspected tunnels to localhost
moby/moby - Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
gohugoio/hugo - The world’s fastest framework for building websites.
jpillora/cloud-torrent - ☁️ Cloud Torrent: a self-hosted remote torrent client
yeasy/docker_practice - Learn and understand Docker&Container technologies, with real DevOps practice!
shyiko/kubesec - Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
netxfly/xsec-dns-proxy - DNS代理服务器，可以记录log到数据库中
shiyanhui/dht - BitTorrent DHT Protocol && DHT Spider.
btcsuite/btcd - An alternative full node bitcoin implementation written in Go (golang)
ARwMq9b6/dnsproxy - 防 DNS 缓存污染，兼顾查询质量与速度
yinghuocho/firefly-proxy - A proxy software to help circumventing the Great Firewall.
Kisesy/gscan_quic - Google Quic 扫描工具
IDrinkMoreWater/fetchserver - phuslu删掉了fetchserver，我重新传一个
nadoo/glider - glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
txthinking/brook - A cross-platform network tool designed for developers. 一个为开发者设计的跨平台网络工具.
avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
caddyserver/caddy - Fast, multi-platform web server with automatic HTTPS
evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
hound-search/hound - Lightning fast code searching made easy
huacnlee/flora-kit - 💐 基于 shadowsocks-go 做的完善实现，自动网络分流，完全兼容 Surge 的配置文件。
apex/gh-polls - Polls for user feedback in GitHub issues
rabbitstack/fibratus - A modern tool for the Windows kernel exploration and tracing
crazy-max/WindowsSpyBlocker - Block spying and tracking on Windows
evilsocket/dnssearch - A subdomain enumeration tool.
zmap/zgrab - DEPRECATED This project has been replaced by https://github.com/zmap/zgrab2
evilsocket/brutemachine - A Go library which main purpose is giving an interface to loop over a dictionary and use those words/lines as input for some custom logic such as HTTP file bruteforcing, DNS bruteforcing, etc.
rqlite/rqlite - The lightweight, distributed relational database built on SQLite
michenriksen/aquatone - A Tool for Domain Flyovers
anshumanbh/git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
quay/clair - Vulnerability Static Analysis for Containers
InsZVA/tap0901 - Go语言虚拟网卡库，可用于制作对战平台、加速器、防火墙、VPN等
techjacker/repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
netxfly/crack_ssh - go写的协程版的ssh\redis\mongodb弱口令破解工具
shunfei/cronsun - A Distributed, Fault-Tolerant Cron-Style Job System.
kashav/fsql - Search for files using a structured query language
yeasy/blockchain_guide - Introduce blockchain related technologies, from theory to practice with bitcoin, ethereum and hyperledger.
mysteriumnetwork/node - Mysterium Network Node - official implementation of distributed VPN network (dVPN) protocol
zhiqing-lee/ebreader - 一个让你可以在浏览器中阅读Epub电子书的CLI程序，使用Golang编写
pilosa/pilosa - Pilosa is an open source, distributed bitmap index that dramatically accelerates queries across multiple, massive data sets.
kryptco/kr - A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
c0nrad/go-mbf - MongoDB Login Brute Forcer
coreybutler/nvm-windows - A node.js version management utility for Windows. Ironically written in Go.
Shopify/toxiproxy - :alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
trufflesecurity/trufflehog - Find credentials all over the place
duolatech/xapimanager - XAPI MANAGER -专业实用的开源接口管理平台，为程序开发者提供一个灵活，方便，快捷的API管理工具，让API管理变的更加清晰、明朗。如果你觉得xApi对你有用的话，别忘了给我们点个赞哦^_^ ！
fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
cilium/cilium - eBPF-based Networking, Security, and Observability
linuxkit/linuxkit - A toolkit for building secure, portable and lean operating systems for containers
portainer/portainer - Making Docker and Kubernetes management easy.
weaveworks/scope - Monitoring, visualisation & management for Docker & Kubernetes
prasmussen/gdrive - Google Drive CLI Client
StackExchange/dnscontrol - Synchronize your DNS to multiple providers from a simple DSL
sensepost/ruler - A tool to abuse Exchange services
0x4D31/honeybits - A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
qiniu/qshell - Shell Tools for Qiniu Cloud
gonet2/geoip - query geo-locations of ips
michenriksen/gitrob - Reconnaissance tool for GitHub organizations
huichen/wukong - 高度可定制的全文搜索引擎
beego/beego - beego is an open-source, high-performance web framework for the Go programming language.
xtaci/kcptun - A Stable & Secure Tunnel based on KCP with N:M multiplexing and FEC. Available for ARM, MIPS, 386 and AMD64。KCPプロトコルに基づく安全なトンネル。KCP 프로토콜을 기반으로 하는 보안 터널입니다。
unknwon/the-way-to-go_ZH_CN - 《The Way to Go》中文译本，中文正式名《Go 入门指南》
urfave/negroni - Idiomatic HTTP Middleware for Golang
ajermakovics/jvm-mon - Console-based JVM monitoring tool
flike/kingshard - A high-performance MySQL proxy

Groovy

ankushs92/geolocation-useragent-parser-rest-api - A very fast geolocation and user-agent analysis REST API. Written in Groovy on top of Vert.x platform.

HCL

bridgecrewio/terragoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production
christophetd/Adaz - :wrench: Deploy customizable Active Directory labs in Azure - automatically.
nozaq/terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
ralphte/devops_4_hackers - DevOps for Hackers with Hands-On Labs w/ Ralph May (4-Hour Workshop)
cfalta/activedirectory-lab - Terraform config to spin up a domain controller and some member servers in azure
easttimor/aws-incident-response -
stackrox/Kubernetes_Security_Specialist_Study_Guide -
anshumanbh/terraform-burp-collaborator - Terraform configuration to build a Burp Private Collaborator Server
cisagov/ansible-role-cobalt-strike - An Ansible role for installing Cobalt Strike.
BlueTeamLabs/sentinel-attack - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

HTML

code-scan/LoginFish - 通用登录页面安全控件钓鱼
Phuong39/PoC-CVE-2021-30632 - PoC CVE-2021-30632 - Out of bounds write in V8
Roc-L8/JSFinderPlus - 一款快速提取网站URL的工具
Wrong-pixel/inforgation -
theori-io/CVE-2022-26717-Safari-WebGL-Exploit -
mahp/jQuery-with-XSS - jQuery with XSS, Testing and Secure Version
alufers/mitmproxy2swagger - Automagically reverse-engineer REST APIs via capturing traffic
KhronosGroup/glTF - glTF – Runtime 3D Asset Delivery
Threekiii/Vulnerability-Wiki - 一个综合漏洞知识库，集成了Vulhub、Peiqi、Edge、0sec、Wooyun等开源漏洞库
shengshengli/SecExample - java漏洞靶场
zhizhuoshuma/cve_info_data - 各大平台IOT设备漏洞资源库
satan1a/TheRoadOfSO - 学习安全运营的记录 | The knowledge base of security operation
lovechoudoufu/baselinecheck_cdf - Security check of system baseline.服务器基线检查工具。基于python3造的对linux、windows服务器做基线核查的轮子。
Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
kagancapar/CVE-2022-29072 - 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
ultrasecurity/Storm-Breaker - Social engineering tool [Access Webcam & Microphone & Location Finder] With Python
jatinkalwar/fisher - New phishing tool with 30+ templates updated tool
yearnwang/wifipineaplle_dwall_log - wifipineapple dwall增加log功能
reconmap/pentest-reports - Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
redteamwiki/redteamwiki -
etlownoise/xolo - Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises.
Rvn0xsy/SMTP-NC - SMTP Netcat , test SMTP protocol
jgamblin/CPEData - NVD CPE Data
orleven/Celestion - Celestion 是一个无回显漏洞测试辅助平台，平台使用flask编写，提供DNSLOG，HTTPLOG等功能。 (界面懒得弄，后续有需要再说)。
terryvogelsang/PentestFTW - Penetration Testing tips & tricks
roottusk/vapi - vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
tb0hdan/domains - World’s single largest Internet domains dataset
xsscx/Commodity-Injection-Signatures - Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Ed1s0nZ/cool - Golang-Gin 框架写的免杀平台，内置分离、捆绑等多种BypassAV方式。
ybdt/post-hub - Webshell、C2、免杀、提权、代理、横向、域渗透
chroblert/Flash-Pop2 - Flash-Pop升级版
EdOverflow/bugbountyguide - Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
1modm/petereport - PeTeReport is an open-source application vulnerability reporting tool.
tombstoneghost/TIWAP - Totally Insecure Web Application Project (TIWAP)
mpast/mobileAudit - Django application that performs SAST and Malware Analysis for Android APKs
zzzteph/weakpass - Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.
klezVirus/CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
OWASP/Top10 - Official OWASP Top 10 Document Repository
lockedbyte/CVE-2021-40444 - CVE-2021-40444 PoC
ybdt/misc-hub - 杂七杂八
HangZhouCat/ReaverAPKTools - 逆向APK工具
cckuailong/vulbase - 各大漏洞文库合集
techchipnet/CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
rubickCenter/rubick - 🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱，自由集成丰富插件。
Accruent/owasp-zap-historic - Store ZAP reports historically and compare current ZAP results against the most recent for changes in alerts.
OtherDevOpsGene/zap-sonar-plugin - Integrates OWASP Zed Attack Proxy reports into SonarQube
IQTLabs/AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool for Visualizing Python Package Registry Security Audit Data
r00tk1ts/binary-security-tutorial - Resource assembly of 'Binary Security Tutorial' online course of mine. Video link：https://pan.baidu.com/s/1ltcHIehhLFVFMvru6tGQ8A Passwd：axje
OWASP/NodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
InfosecHouse/InfosecHouse - Infosec resource center for offensive and defensive security operations.
tangxiaofeng7/SecExample - JAVA 漏洞靶场 (Vulnerability Environment For Java)
iknowjason/BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
coinbase/salus - Security scanner coordinator
The-Login/DNS-Reset-Checker - Tools to assess the DNS security of web applications
rpetrich/deciduous - App that makes building attack decision trees from the Security Chaos Engineering report easy
M4tir/M-Scan - Optical Chain Scanner 光链安全扫描器
chainflag/ctfd-neon-theme -
ctf-wiki/ctf-challenges -
Cl0udG0d/pppXray - Xray批量化自动扫描
woj-ciech/Shomap - Create visualization from Shodan query
TomAPU/schemeflood - schemeflood demo
satan1a/awesome-cybersecurity-blueteam-cn - 网络安全 · 攻防对抗 · 蓝队清单，中文版
HacktivistRO/Bug-Bounty-Wordlists -
s7ckTeam/sWebScanner - 作为一个网络安全从业人员，在测试网站目录时，常用的就是御剑，7kb等几款，使用下来始终觉得缺少了什么东西，于是重复造了一个轮子，此版本支持自定义字典，返回大小，代理IP模式，爆破模式
ripienaar/free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Puliczek/CVE-2021-21123-PoC-Google-Chrome - 🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
ustayready/CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
M-Kings/BypassAv-web - nim一键免杀
collabnix/kubetools - Kubetools - Curated List of Kubernetes Tools
jonasstrehle/supercookie - ⚠️ Browser fingerprinting via favicon!
zwc456baby/file-proxy - 文件代下载服务，github文件加速下载，支持任意文件格式。支持命令行代下，支持子节点权重负载均衡。
alivx/CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
WADComs/WADComs.github.io - WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
xsleaks/wiki - XS-Leaks Wiki
ethicalhackingplayground/SubNuke - Subdomain Takeover tool with web UI
RCStep/CSSG - Cobalt Strike Shellcode Generator
Ap0k4L1p5/Ap0k4L1p5.github.io - Portfolio website.
madhuakula/security-automation-with-ansible-2 - Ansible Playbooks for Security Automation with Ansible2 book
gh0stkey/Web-Fuzzing-Box - Web Fuzzing Box - Web 模糊测试字典与一些Payloads，主要包含：弱口令暴力破解、目录以及文件枚举、Web漏洞...字典运用于实战案例：https://gh0st.cn/archives/2019-11-11/1
ybdt/poc-hub - 漏洞攻击
qeeqbox/social-analyzer - API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Cl0udG0d/HXnineTails - python3实现的集成了github上多个扫描工具的命令行WEB扫描工具
facert/beijing_house_knowledge - 北京买房攻略
jas502n/Security_Article - scrapy website Article and link ...
Wileysec/adobe-flash-phishing-page - Adobe Flash Phishing Page(Adobe Flash钓鱼页面)
ericchiang/pup - Parsing HTML at the command line
ffffffff0x/AboutSecurity - Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
bytecaps/Flash_Xss - Flash最新钓鱼源码对接官方API实现跟随官方升级而升级
fwonggh/Bthub - Bthub最新地址发布页
qkqpttgf/OneManager-php - An index & manager of Onedrive based on serverless. Can be deployed to Heroku/Glitch/Vercel/Replit/SCF/FG/FC/CFC/PHP web hosting/VPS.
sense-of-security/ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
BaizeSec/bylibrary - 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
hunzaboy/CodedMailsFree - Ready to use 50+ responsive HTML email templates - Codedmails Free
DefectDojo/django-DefectDojo - DefectDojo is a DevSecOps and vulnerability management tool.
MS-WEB-BN/c41n - Automated rogue access point setup tool.
r00tSe7en/Mail-Probe - 邮箱探针后台管理系统
wgpsec/VulnRange - 漏洞靶场-快速搭建Web安全漏洞和第三方组件漏洞环境，用于漏洞复现和研究
zgjx6/SocialEngineeringDictionaryGenerator - 社会工程学密码生成器，是一个利用个人信息生成密码的工具
sbousseaden/EVTX-ATTACK-SAMPLES - Windows Events Attack Samples
r00tSe7en/Flash-Pop - Flash钓鱼弹窗优化版
EtherDream/js-port-knocking - Web 端口敲门的奇思妙想
SummerSec/JavaLearnVulnerability - Java漏洞学习笔记 Deserialization Vulnerability
Humoud/apksneeze-lab - Analyze Android APK files from a browser.
OWASP/www-project-integration-standards - OWASP Foundation Web Respository
DasSecurity-HatLab/HatLab_IOT_Wiki - 海特实验室物联网安全知识库
KnightSec-Official/Phlexish - Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
M-Kings/WEB-shiro_rememberMe_encode_decode - shiro rememberMe 在线加解密工具
math1as/Windows-GDI-fuzzer - Windows Graphics Device Interface (GDI+) fuzzer
sayaanalam/CORS-EXPLOIT -
ninoseki/mihari - A tool for OSINT based threat hunting
mixmark-io/turndown - 🛏 An HTML to Markdown converter written in JavaScript
dongfangyuxiao/BurpExtend - 基于Burp插件开发打造渗透测试自动化
FeeiCN/Security-PPT - Security-related Slide Presentation & Security Research Report（大安全各领域各公司各会议分享的PPT以及各类安全研究报告）
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
momenbasel/keyFinder - Keyfinder🔑 is a tool that let you find keys while surfing the web!
Arryboom/Language - Some dirty tricks to learn different programming language.
humblelad/Needle - Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
UnkL4b/BabyShark - Basic C2 Server
Cl0udG0d/SZhe_Scan - 碎遮SZhe_Scan Web漏洞扫描器，基于python Flask框架，对输入的域名/IP进行全面的信息搜集，漏洞扫描，可自主添加POC
guhe120/Windows-EoP - Windows EoP Bugs
subspacecommunity/subspace - A fork of the simple WireGuard VPN server GUI community maintained
mubix/post-exploitation-wiki - Post Exploitation Wiki
nccgroup/autochrome - This tool downloads, installs, and configures a shiny new copy of Chromium.
knassar702/hacking-lab - Small Vulnerable Web App
hackxc/xss_flash - Xss之Flash钓鱼
proabiral/inception - A highly configurable Framework for easy automated web scanning
vavkamil/bugbountytip.com - Flask powered website to display tweets with a hashtag #bugbountytip
bb1nfosec/Information-Security-Tasks - This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on pr
si9int/Subra - A Web-UI for subdomain enumeration (subfinder)
clong/DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
nu11secur1ty/Windows10Exploits - Microsoft » Windows 10 : Security Vulnerabilities
myvyang/chromium_for_spider - dynamic crawler for web vulnerability scanner
mewcoder/SharedCourses - 大学课程共享计划整理
Coq-zh/SF-zh - 《软件基础》中译版 Software Foundations Chinese Translation
forecho/hugo-theme-echo - A super concise theme for Hugo
nshalabi/ATTACK-Tools - Utilities for MITRE™ ATT&CK
HiddenStrawberry/Crawler_Illegal_Cases_In_China - Collection of China illegal cases about web crawler 本项目用来整理所有中国大陆爬虫开发者涉诉与违规相关的新闻、资料与法律法规。致力于帮助在中国大陆工作的爬虫行业从业者了解我国相关法律，避免触碰数据合规红线。 [AD]中文知识图谱门户
Securityautomation/DumpTheGit - DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.
xfirefly/Airplay-SDK - Airplay Receiver SDK supports Airplay Mirroring and AirPlay Casting to a receiver device.
wangweianger/APubPlat - Devops自动化部署、堡垒机开源项目、Web Terminal
ColorlibHQ/gentelella - Free Bootstrap 4 Admin Dashboard Template
decal/werdlists - :keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
r00t-3xp10it/morpheus - Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)
maaaaz/androwarn - Yet another static code analyzer for malicious Android applications
cch123/golang-notes - Go source code analysis(zh-cn)
xazlsec/APT_Sample-Weapoon - Pull some collected APT group related samples, ransomware, remote control and other malicious programs for security researchers to use.
rigtorp/awesome-modern-cpp - A collection of resources on modern C++
yzhu798/CodingInterviewsNotes - 涵盖C++ Primer 5th、 effective C++ 、 STL api和demos C++ 基础知识与理论、智能指针、C++11、 Git教程 Linux命令 Unix操作系统（进程、线程、内存管理、信号）计算机网络、数据结构（排序、查找）、数据库、、C++对象模型、设计模式、算法（《剑指offer》、leetcode、lintcode、hihocoder、《王道程序员求职宝典》
Ebryx/Nessus_Map - Parse .nessus file(s) and shows output in interactive UI
yaseng/iot-security-wiki - IOT security wiki
LangziFun/LangNetworkTopologys - 端口扫描，指纹识别，网站探测，结果整理
gh0stkey/RGPerson - RGPerson - Randomly generate identity information
RomanEmelyanov/CobaltStrikeForensic - Toolset for research malware and Cobalt Strike beacons
biggerwing/nsfocus-rsas-knowledge-base - 绿盟科技漏洞扫描器(RSAS)漏洞库
helloxz/ccaa - Linux一键安装Aria2 + AriaNg + FileBrowse实现离线下载、文件管理。
ningbonb/HTML5 - HTML5学习、总结、实践
mxk/win10-secure-baseline-gpo - Windows 10 and Server 2016 Secure Baseline Group Policy
go101/go101 - An online book focusing on Go syntax/semantics and runtime related things
JeffXue/web-log-parser - An open source analysis web log tool
honze-net/nmap-bootstrap-xsl - A Nmap XSL implementation with Bootstrap.
sisoc-tokyo/Real-timeDetectionAD_ver2 -
tanjiti/sec_profile - 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
chg122345/mall - ssm小商城
zaiyunduan123/springboot-manage - 基于SpringBoot + Mybatis + Thymeleaf + Redis + MongoDB + MySQL开发的商品管理系统
hookmaster/frida-all-in-one - 《FRIDA操作手册》by @hluwa @r0ysue
buyingfei/live - 完整搭建直播平台实例
QSCTech/zju-icicles - 浙江大学课程攻略共享计划
cainiaocome/xssgun - xss payloads generator
Ridter/cs_custom_404 - Cobalt strike custom 404 page
M4cs/BabySploit - :baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:
ym2011/SecurityMind - share experience towards for information management, brainstorming and so on.
Raul1718/sec_profile - 安全行业信息趋势分析
gdufeZLYL/springboot-penguin - :penguin:Online Examination System 基于SpringBoot+Mybatis+Thymeleaf+SemanticUI+Bootstrap的在线考试系统(低仿牛客网)
micyo202/yan-demo - 本项目是基于 SpringMVC+Spring+MyBatis （SSM）架构的高效率便捷开发框架
C4o/ChineseDarkWebCrawler - 中文暗网爬虫
abbeyokgo/flask_multi_uploader - flask+webuploader实现多文件上传
posclegom/programthink - for 热心读者
Igglybuff/awesome-piracy - A curated list of awesome warez and piracy links
TgeaUs/Weak-password - 字典大全 dictionary
zfaka-plus/zfaka - 免费、安全、稳定、高效的发卡系统，值得拥有!
nsacyber/Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
fate0/proxylist - proxylist, generate by fate0/getproxy project in every 15 minute
salesforce/vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
anquanquantao/pentraining - 一个网络安全基础知识的教程。内容比较杂，好在都是实验视频和工具提供，可以自行动手完成实验。
NetSPI/SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods
davideuler/architecture.of.internet-product - 互联网公司技术架构，微信/淘宝/微博/腾讯/阿里/美团点评/百度/Google/Facebook/Amazon/eBay的架构，欢迎PR补充
iwannarun/JavaWiki - 不定期收集与JAVA有关书籍或文章
zhangkaitao/shiro-example - 跟我学Shiro（我的公众号：kaitao-1234567，我的新书：《亿级流量网站架构核心技术》）
tennc/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
skulltech-archive/wordpress-vulscan - WordPress vulnerability scanner
intezer/linux-explorer - Easy-to-use live forensics toolbox for Linux endpoints
OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Wscats/CV - :see_no_evil:Front End Engineer Curriculum Vitae - 前端面试宝典和简历生成器
chu888chu888/HadoopAndSparkDataStudy - 这是一本关于大数据学习记录的手册,主要针对初学者.做为一个老IT工作者,学习是一件很辛苦的事情.希望这本手册对帮助大家快速的学习与认识大数据(特指Hadoop Spark),为了不让初学者一下接触爆炸式的新概念,我们会以实验先行,概念跟进的方式进行课程学习,这样有利于大家快速进入状态,而不至于一直深陷逻辑概念出不来,但是每个人的学习方式不一样,仁者见仁智者见智吧.大家如果有意见请给我发邮件chu8
securitytxt/security-txt - A proposed standard that allows websites to define security policies.
Xyntax/Campus-FakeAP - 针对校园网的wifi钓鱼工具
Ph0en1x-XMU/Awesome-CTF-Book - Study CTF, study security
CHYbeta/WAF-Bypass - WAF Bypass Cheatsheet
leizongmin/js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
pingfangx/TranslatorX - JetBrains 系列软件汉化包关键字: Android Studio 3.5 汉化包 CLion 2019.3 汉化包 DataGrip 2019.3 汉化包 GoLand 2019.3 汉化包 IntelliJ IDEA 2019.3 汉化包 PhpStorm 2019.3 汉化包 PyCharm 2019.3 汉化包 Rider 2019.3 汉化包 RubyMine 2019.3 汉化
ewen0930/PyCharm-Chinese - PyCharm Chinese Language Pack（中文语言包）
rootclay/Powershell-Attack-Guide - Powershell攻击指南----黑客后渗透之道
vanhoefm/krackattacks -
Magicalex/seedbox-manager - [UNMAINTAINED] Web app for manage your seedbox
vl0ms/docker-armhf-torrentbox - Docker image with nginx + php5-fpm + rtorrent + rutorrent(web ui) started with supervisord
xuechiyaobai/CVE-2017-7092-PoC - This is the Pwn2Own 2017 Safari backup vul's exploit.
SuxLab/dorm-system - Dorm System
CHYbeta/Software-Security-Learning - Software-Security-Learning
CHYbeta/Web-Security-Learning - Web-Security-Learning
me115/linuxtools_rst - Linux工具快速教程
pointbiz/bitaddress.org - JavaScript Client-Side Bitcoin Wallet Generator
HACK-BLOSSOM/DIY-Cybersecurity-For-Domestic-Violence - Abuse adapts to technology. You deserve privacy and compassion.
twngo/privacytools-zh - privacytool.io -Traditional Chinese version
privacytools/privacytools.io - 🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
l3m0n/wooyun-wiki - wiki.wooyun.org的部分快照网页
odin1314/skills - Linux、WAF、正则、web安全等一些知识点的总结
burpsuite/Manual -
sukeesh/Music-Downloader - Download any music from web
chrisallenlane/drek - A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development an
ihebski/angryFuzzer - Tools for information gathering
wisec/domxsswiki - Automatically exported from code.google.com/p/domxsswiki
SecWiki/ipot - Honeypot Research Blog 蜜罐技术研究小组
keithjjones/visualize_logs - A Python library and command line tools to provide interactive log visualization.
ITI/ICS-Security-Tools - Tools, tips, tricks, and more for exploring ICS Security.
bitdust/WamaCry - a fake WannaCry
cure53/HTTPLeaks - HTTPLeaks - All possible ways, a website can leak HTTP requests
SamJoan/droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
SuperKieran/WooyunDrops - Wooyun知识库，乌云知识库，https://wooyun.kieran.top
FluxionNetwork/fluxion - Fluxion is a remake of linset by vk496 with enhanced functionality.
ZJU-NewMirrors/OldMirrorsFrontend - mirrors.zju.edu.cn
beckyricha/Broadlink-RM-SmartThings-Alexa - Control RF and Ir devices using SmartThings and Alexa.
sbehrens/sleepy-puppy - Deprecated please use https://github.com/Netflix/sleepy-puppy
phodal/fe - 《我的职业是前端工程师》 - Ebook：I'm a FrontEnd Developer
n0tr00t/Sreg - Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
Xyntax/1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
chromium/badssl.com - :lock: Memorable site for testing clients against bad SSL configs.
solid/solid - Solid - Re-decentralizing the web (project directory)
cloudtracer/ThreatPinchLookup - Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
SebastianElvis/ElvisProjs -
exploitprotocol/material-blog -
ubuntu/ubuntu-make - Easy setup of common tools for developers on Ubuntu.
elasticsearch-cn/elasticsearch-definitive-guide - 欢迎加QQ群：109764489，贡献力量！
iros/d3-v4-whats-new -
yiminghe/learning-react - materials about learning react
HT524/500LineorLess_CN - 500 line or less 中文翻译计划。
suhanyujie/php_webDataMining - php_webDataMining，PHP网络数据挖掘，第一个应用是爬取并分析和（草）谐（榴）论坛的一个版块数据并作可视化分析
yoghurtjia/Zhihu_bigdata - 使用scrapy和pandas完成对知乎300w用户的数据分析。首先使用scrapy爬取知乎网的300w，用户资料，最后使用pandas对数据进行过滤，找出想要的知乎大牛，并用图表的形式可视化。

Hack

justid/InlineAMP - InlineAMP is an AMP ready WordPress theme.

Haskell

dapphub/dapptools - Dapp, Seth, Hevm, and more
jekor/gressgraph - visualize your iptables firewall
github/semantic - Parsing, analyzing, and comparing source code across many languages
digitallyinduced/ihp - 🔥 The fastest way to build type safe web apps. IHP is a new batteries-included web framework optimized for longterm productivity and programmer happiness
iostreamer-X/FuncShell - Improve your shell by making it functional through Haskell! (An update to Awkward)
huangz1990/real-world-haskell-cn - 《Real World Haskell》中文翻译项目

Inno Setup

mentebinaria/retoolkit - Reverse Engineer's Toolkit

Java

xyy-ws/NoAgent-memshell-scanner -
veo/wsMemShell - WebSocket 内存马，一种新型内存马技术
kezibei/yongyou_nc_poc -
keven1z/DHook - DHook是一个动态修改应用运行中代码的工具，支持通过界面，插件，配置文件方式配置hook点。
safe6Sec/proxyServer - 本项目其实就是个简单的代理服务器，把代理池集成进来来了。
F6JO/RouteVulScan - Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
achuna33/MYExploit - OAExploit一款基于产品的一键扫描工具。
su18/ysoserial - ysoserial for su18
BeichenDream/PostConfluence - 哥斯拉Confluence后渗透插件 MakeToken SearchPage ListAllUser AddAdminUser ListAllPage ........
RASSec/BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL -
Weik1/Artillery - JAVA 插件化漏洞扫描器，Gui基于javafx。POC 目前集成 Weblogic、Tomcat、Shiro、Spring等。
javahongxi/whatsmars - Java生态研究(Spring Boot + Redis + Dubbo + RocketMQ + Elasticsearch)🔥🔥🔥🔥🔥
kezibei/fastjson_payload -
tauh33dkhan/fastjson-1.2.80-test-lab -
Marszs/EZ-JNDI - 一键启动JNDI测试/利用环境。
HenryFBP/JNDI-Exploit-Server - JNDI Exploit Server
winnpixie/log4noshell - Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."
topicusonderwijs/naming-kubernetes - Java naming context (JNDI) for WildFly using Kubernetes as backend.
0xJDow/rogue-rmi-server - Rogue RMI Registry PoC for https://www.veracode.com/blog/research/exploiting-jndi-injections-java. All credit to artsploit.
Bl0omZ/JNDIEXP - JDNI在java高版本的利用工具
Like0x/0xagent - CobaltStrike 4.0 - 4.5 Patch
elkokc/reflector - Burp plugin able to find reflected XSS on page in real-time while browsing on site
jweny/shiro-cve-2020-17523 - shiro-cve-2020-17523 漏洞的两种绕过姿势分析以及配套的漏洞环境
ce-automne/TomcatMemShell - 拿来即用的Tomcat7/8/9/10版本Listener/Filter/Servlet内存马，支持注入CMD内存马和冰蝎内存马
ballcat-projects/ballcat - 😸一个快速开发脚手架，快速搭建企业级后台管理系统，并提供多种便捷starter进行功能扩展。主要功能包括前后台用户分离，菜单权限，数据权限，定时任务，访问日志，操作日志，异常日志，统一异常处理，XSS过滤，SQL防注入，国际化等多种功能
metaStor/SpringScan - SpringScan 漏洞检测 Burp插件
pnpninja/nsetools - A Java Implementation of nse-tools package in Python
wh1t3p1g/tabby-path-finder - A neo4j procedure for tabby (dev)
ca3tie1/CrackSleeve - 破解CS4.0
niccellular/hammer - A software acoustic modem for the Android Team Awareness Kit (ATAK) that allows multiple ATAK devices to share data using only voice comms (e.g., over a walkie talkie)
KeenSecurityLab/BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
doocs/jvm - 🤗 JVM 底层原理最全知识总结
alibaba/DataX - DataX是阿里云DataWorks数据集成的开源版本。
ChrisM09/KNX-Bus-Dump - A tool to listen on a KNX bus via TPUART and the Calimero Project suite and to dump the data from the packets into a Wireshark-Compatible file hex dump.
billyJoePiano/TenaPull - TenaPull is a configurable Java application which fetches and processes the data from one or more Nessus APIs, and converts it into JSON ouputs that are usable by Splunk
passer-W/Ruoyi-All - 若依后台定时任务一键利用
Y4er/ysoserial - ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。
Adrninistrator/java-all-call-graph - Generate all call graph for Java Code.
jorgectf/spring-cloud-function-spel -
lz520520/tabby - A CAT called tabby ( Code Analysis Tool )
smxiazi/xia_sql - xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。
RASSec/BurpFastJsonScan - 一款基于BurpSuite的被动式FastJson检测插件
33time/captcha-killer-5h6m - 原插件在新版本burpsuite无法使用，对插件jdk版本进行升级，引用jdk8、base64包
projectdiscovery/nuclei-burp-plugin - Nuclei plugin for BurpSuite
tangxiaofeng7/Spring-Cloud-Function-Spel - Spring Cloud Function Spel命令执行漏洞
xxDark/JavaShellcodeInjector - Java utility that allows to inject shell code and execute it
czz1233/GBByPass - 冰蝎哥斯拉 WebShell bypass
Endava/cats - CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing
lovechoudoufu/GoogleCSAgent_cdf - CSAgent 与 GoogleAuth 的缝合体，cobalt strike4.4版本的破解+otp动态口令的agent
SummerSec/AgentInjectTool - 改造BeichenDream/InjectJDBC加入shiro获取key和修改key功能
nsacyber/GRASSMARLIN - Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber
BeichenDream/InjectJDBC - 注入JVM进程动态获取目标进程连接的数据库
Y4tacker/JavaSec - a rep for documenting my study, may be from 0 to 0.1
ultimate-pa/ultimate - The Ultimate program analysis framework.
whwlsfb/JDumpSpider - HeapDump敏感信息提取工具
Retsamer/java_vuln_code - 基于SpringBoot编写的常见Web漏洞安全开发学习平台
alibaba/cobar - a proxy for sharding databases and tables
SummerSec/SPATool - 静态程序分析工具主要生成方法的CFG和.java文件的AST
pen4uin/awesome-java-security - Java安全☞代码审计/漏洞分析/武器化
rajasoun/log4j-zero-day-exploit - Log4j Zero-Day Exploit
bitterzzZZ/CVE-2021-43297-POC - CVE-2021-43297 POC，Apache Dubbo<= 2.7.13时可以实现RCE
theonedev/onedev - Self-hosted Git Server with CI/CD and Kanban
mtxiaowangzi/CAFJE - 又一个Java Web代码审计工具
nottyjay/Ruoyi-Vue-Mybatis-plus -
woodpecker-appstore/springboot-vuldb -
colodoo/lanb-wvs - 一个正在孵化的漏扫平台；漏洞扫描平台。
f0ng/poc2jar - Java编写，Python作为辅助依赖的漏洞验证、利用工具，添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro rememberMe解密模块，加快测试效率
Peithon/JustC2file - Burp插件，Malleable C2 Profiles生成器；可以通过Burp代理选中请求，生成Cobalt Strike的profile文件(CSprofile)
kezibei/Urldns -
sunilpaulmathew/NFSManager - The source code of NFS Manager: An application to control NFS Injector
jboss-javassist/javassist - Java bytecode engineering toolkit
981011512/-- - 停车场系统源码，新能源充电桩系统，停车场小程序，智能停车，Parking system，【功能介绍】：①兼容市面上主流的多家相机，理论上兼容所有硬件，可灵活扩展，②相机识别后数据自动上传到云端并记录，校验相机唯一id和硬件序列号，防止非法数据录入，③用户手机查询停车记录详情可自主缴费(支持微信，支付宝，银行接口支付，支持每个停车场指定不同的商户进行收款)，支付后出场在免费时间内会自动抬杆。④支持a
opengoofy/hippo4j - 📌 强大的动态线程池框架，附带监控报警功能，支持 JDK、Tomcat、Jetty、Undertow 线程池；Apache RocketMQ、Dubbo、RabbitMQ、Hystrix 消费线程池（更多框架线程池还在适配中）。内置两种使用模式：轻量级依赖配置中心以及无中间件依赖版本。
LeadroyaL/dex-finder - 快速寻找一个类所在 dex 的小工具
exp1orer/JNDI-Inject-Exploit - 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
evi1hack/LandrayExploit - 蓝凌OA漏洞利用工具/前台无条件RCE/文件写入
pmiaowu/RMITest - 就是一个练习RMI反序列化的最简单环境
Acmesec/Sylas - 新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool
bit4woo/Fiora - Fiora：漏洞PoC框架的图形版，快捷搜索PoC、一键运行Nuclei
Jesse505/PrivacyMonitorAndroid - Android 隐私合规检测方案，基于ASM编译期插桩，将隐私api调用的堆栈信息保存到本地Excel文件中
simplepeng/HeGuiChecker - 基于Hook方案的合规化检测器
LGH1996/ADGO - TapClick，一款居于Android无障碍服务的自动化点击工具，可用于自动跳过广告，自定关闭弹窗，以及其他的一些自动点击操作，最新版下载地址：https://www.coolapk.com/apk/com.lgh.advertising.going
six2dez/wahh_extras - The Web Application Hacker's Handbook - Extra Content
whwlsfb/Log4j2Scan - Log4j2 RCE Passive Scanner plugin for BurpSuite
Ovi3/010Editor-Template - 010Editor Templates
Firebasky/Java - 关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
f0ng/log4j2burpscanner - CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
cryptomator/cryptomator - Multi-platform transparent client-side encryption of your files in the cloud
r00tSe7en/JNDIMonitor - 一个LDAP请求监听器，摆脱dnslog平台
twseptian/spring-boot-log4j-cve-2021-44228-docker-lab - Spring Boot Log4j - CVE-2021-44228 Docker Lab
Contrast-Security-OSS/safelog4j - Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
theque5t/Detect4j - Runnable jar that detects if a specific class(es) is in use within existing JVMs
lz2y/yaml-payload-for-ruoyi - A memory shell for ruoyi
madCdan/JndiLookup - Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
christophetd/log4shell-vulnerable-app - Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
back2root/log4shell-rex - PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
Cybereason/Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
nccgroup/log4j-jndi-be-gone - A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.
javaweb-sec/javaweb-sec -
woodpecker-appstore/log4j-payload-generator - Log4j jndi injects the Payload generator
CodeShield-Security/Log4JShell-Bytecode-Detector - Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
javasec/log4j-patch - log4j-patch 修改字节码实现补丁防御
qingtengyun/cve-2021-44228-qingteng-online-patch - Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
Puliczek/CVE-2021-44228-PoC-log4j-bypass-words - 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
welk1n/JNDI-Injection-Bypass - Some payloads of JNDI Injection in JDK 1.8.0_191+
numanturle/Log4jNuclei - Log4j for nuclei
code-scan/log4j-rce-demo - log4j rce测试项目
l4yn3/micro_service_seclab - Java漏洞靶场
bkfish/yaml-payload-for-Win - 用于windows反弹shell的yaml-payload
Barro/java-afl - Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.
xiaoliangli1128/SpringBootFinder - Springboot detection
ax/burp-logs - Logs is a Burp Suite extension to work with log files.
p0desta/AutoBypass403-BurpSuite - 一个自动化bypass 403/auth的Burpsuite插件
skylot/jadx - Dex to Java decompiler
dyc87112/SpringBoot-Learning - 《Spring Boot基础教程》，2.x版本持续连载中！点击下方链接直达教程目录！
OneSourceCat/YonyouNC-EXP - YonyouNC RCE
gzu-liyujiang/Android_CN_OAID - 安卓设备唯一标识解决方案，可替代移动安全联盟统一 SDK 闭源方案。包括国内手机厂商的开放匿名标识（OAID）、海外手机平台的安卓广告标识（AAID），另外也提供了 IMEI/MEID、AndroidID、WidevineID、PseudoID、GUID 等常见的设备标识的获取方法。
jas502n/FinalShellDecodePass - FinalShellDecodePass 加密解密
SummerSec/ShiroAttack2 - shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
puhaiyang/easyHttpProxy - support http/https proxy.类似于finddler,由java编写，代码简单便于理解。支持http/https代理！
w568w/XposedChecker - [Deprecated] Check whether your xposed has been enabled.
ElivenLZY/AndroidSafeCheck - APP过等保要用到的安全检测，支持调试检测/签名校验/Root检测/网络代理检测等，功能高度灵活可定制。
depycode/fastjson-local-echo - 基于dbcp的fastjson rce 回显
API-Security/APIKit - APIKit：Discovery, Scan and Audit APIs Toolkit All In One.
smxiazi/NEW_xp_CAPTCHA - xp_CAPTCHA(瞎跑白嫖版) burp 验证码识别 burp插件
ssssssss-team/spider-flow - 新一代爬虫平台，以图形化方式定义爬虫流程，不写代码即可完成爬虫。
potats0/CasExp - Apereo CAS exploit tool
ixrjog/opscloud4 - 云上运维
artsploit/yaml-payload - A tiny project for generating SnakeYAML deserialization payloads
hamibot/hamibot - Android 平台 JavaScript 自动化工具，无需 root。
OakChen/ApkShelling - 脱Apk使用360加固、梆梆加固、腾讯乐固、百度加固免费版加的壳
ftmtshuashua/AndroidMonitor - Android监控器（Activity异常destroy , 隐私政策合规）
yanerchuang/PrivacyPolicyComplianceCheck - Android 隐私政策合规检查方案
gh0stkey/CaA - CaA - BurpSuite Collector and Analyzer
fa1c0n1/rmi-attack-demo - 在学习Java反序列化漏洞的过程中，用来理解Java RMI程序的执行流程，演示如何攻击Java RMI程序的几个示例。
CodeShield-Security/SPDS - Efficient and Precise Pointer-Tracking Data-Flow Framework
BeichenDream/Chunk-Proxy -
tkmru/lazyCSRF - A more useful CSRF PoC generator on Burp Suite
0x727/SpringBootExploit - 项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。
pmiaowu/HostCollision - 用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
yetingli/ReDoSHunter - ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
ChenJunsen/Hegui3.0 - 工信部合规检测Xposed模块源码
jas502n/spring-ENC - sprint encode (plan text) get enc password
Netflix/EVCache - A distributed in-memory data store for the cloud
usualwyy/PowerScanner - 面向HW的红队半自动扫描器
weweibuy/weweibuy-framework - 基于Springboot 封装的基础组件, 包括: Http请求响应日志,日志脱敏,APM, 加解密,签名(AES,BCrypt,RSA,JWT),数据库脱敏,报文脱敏,下滑线风格URL传参,统一异常处理,feign mock,feign日志,feign报文风格转换,跨应用异常上抛,自动补偿组件,幂等组件,RocketMq客户端
shwenzhang/AndResGuard - proguard resource for Android by wechat team
lqs1848/AllatoriCrack - 破解 Java 混淆工具 Allatori
jmockit/jmockit1 - Advanced Java library for integration testing, mocking, faking, and code coverage
durkworf/spring-boot-webshell -
sec-it/BFAC-Burp-Extension - Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)
ethushiroha/JavaAgentTools - 用Java agent实现内存马等功能
su18/JDBC-Attack - JDBC Connection URL Attack
gfbjngjibn/JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
yhy0/ExpDemo-JavaFX - 图形化漏洞利用Demo-JavaFX版
LeadroyaL/drozer-agent - The Android Agent for the Mercury Security Assessment Framework.
makeloveandroid/XpRoot - 描述
CTF-MissFeng/Ecloud - Ecloud是一款基于http/1.1协议传输TCP流量工具，适用于内网不出网时通过web代理脚本转发tcp流量
Static-Flow/RepeaterSearch - This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.
rbmonster/learning-note - Java开发及面试（个人面试、工作总结、资料收集站）
shrinkwrap/resolver - ShrinkWrap Resolvers
PortSwigger/php-object-injection-check - PHP Unserialize Check - Burp Scanner Extension
dipjyotimetia/HybridTestFramework - End to End testing of Web, API, Cloud, Events and Security
j3ers3/Hello-Java-Sec - ☕️ Java Security，安全编码和代码审计
hengyunabc/dumpclass - Dump classes from running JVM process.
karma9874/AndroRAT - A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
sqlancer/sqlancer - Detecting Logic Bugs in DBMS
jsnjfz/WebStack-Guns - 一个开源的网址导航网站项目，后台基于Guns和Springboot
songxiaomo1997/ScanStation - 一个可以自定规则的动扫描器,支持主动和被动扫描
StringCare/AndroidLibrary - Android library to reveal or obfuscate strings and assets at runtime
SasanLabs/owasp-zap-fileupload-addon - OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
jenkinsci/contrast-continuous-application-security-plugin - Jenkins Plugin from Contrast Security
gdgd009xcd/AutoMacroBuilderForZAP - A OWASP ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such
jenkinsci/fortify-plugin - Fortify Jenkins plugin
openraven/magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
pt-tools/rmi_bypass_jep290 -
trung/InMemoryJavaCompiler - Utility class to compile java source code in memory
rufherg/WebLogic_Basic_Poc - 用于WebLogic poc及exp测试的基础脚本，后续将集成各版本poc库
raphw/byte-buddy - Runtime code generation for the Java virtual machine.
cgddgc/secheguicheck - 工信部APP个人隐私信息安全合规检测
neykov/extract-tls-secrets - Decrypt HTTPS/TLS connections on the fly with Wireshark
grpc/grpc-java - The Java gRPC implementation. HTTP/2 based RPC
spotbugs/sonar-findbugs - SpotBugs plugin for SonarQube
woodpecker-appstore/xmldecoder-payload-generator - Java XMLDecoder payload generator
sepinf-inc/IPED - IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by p
cmu-sei/kaiju - CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- please file tickets, bug reports, or pull requests at the upstre
ALW1EZ/Arkhota - Arkhota, a web brute forcer for Android.
Mr-xn/RedTeam_BlueTeam_HW - 红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具
doocs/source-code-hunter - 😱 从源码层面，剖析挖掘互联网行业主流技术的底层实现原理，为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶，Mybatis、Netty、Dubbo 框架，及 Redis、Tomcat 中间件等
zifeihan/friday - java runtime decompiler (java实时反编译工具)
qtc-de/beanshooter - JMX enumeration and attacking tool.
chefyuan/algorithm-base - 一位酷爱做饭的程序员，立志用动画将算法说的通俗易懂。我的面试网站 www.chengxuchu.com
Lotus6/ThinkphpGUI - Thinkphp(GUI)漏洞利用工具，支持各版本TP漏洞检测，命令执行，getshell。
LSPosed/LSPosed - LSPosed Framework
ggg4566/BurpBountyPlus - BurpBounty 魔改版本
riskscanner/riskscanner - RiskScanner 是开源的多云安全合规扫描平台，基于 Cloud Custodian 和 Nuclei 引擎，实现对主流公(私)有云资源的安全合规扫描和漏洞扫描。
Dor-Tumarkin/CVE-2021-25641-Proof-of-Concept - Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets
JunGe-Y/JustTrustMePP -
su18/MemoryShell - JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
22CB7139/openfire_shells - 后台插件getshell
dushitaoyuan/javaweb_security_handle - web常见漏洞处理,xss,sql注入,跨域,文件上传,接口暴力,限流实现
mprunet/burp-scripting -
duckstroms/xss-reflector - XSS reflector vulnerabilities exploitation extended.
5wimming/gadgetinspector - 利用链、漏洞检测工具
yuyan-sec/druid_sessions -
fynch3r/Gadgets - Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
didi/LogiKM - 一站式Apache Kafka集群指标监控与运维管控平台
bitterzzZZ/MemoryShellLearn - 分享几个直接可用的内存马，记录一下学习过程中看过的文章
woodpecker-framework/ysoserial-for-woodpecker - 给woodpecker框架量身定制的ysoserial
wgpsec/fofa_viewer - 一个简单实用的FOFA客户端 By flashine
jweny/MemShellDemo - 内存马Demo合集 memshell demo for java / php / python
MobSF/mobsfscan - mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r
woodpecker-appstore/rmi-deserialization-vuldb - Java RMI反序列化漏洞插件
Hakky54/mutual-tls-ssl - 🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are
xxux11/http-methods-discloser -
durkworf/BCELconvert - bcel转码
synacktiv/HopLa - HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
wh1t3p1g/tabby - A CAT called tabby ( Code Analysis Tool )
Ramos-dev/graph4code - 超硬核！使用图数据技术发现软件漏洞
java-deobfuscator/deobfuscator-gui - An awesome GUI for an awesome deobfuscator
raise-isayan/FakeCert - Burp suite Certificate modification tool
bailsong/BurpDecoder - This is a Burpsuite Extension that will be able to Auto-Decode intercepted request message by PROXY TOOL before the message was shown in PROXY Panel ,and Auto-Encode request message after it forwarde
Ebryx/SRePlay - Burpsuite Plugin to bypass strict RePlay protection
LSPosed/AndroidHiddenApiBypass - LSPass: Bypass restrictions on non-SDK interfaces
ThexXTURBOXx/bytecode-viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Y4er/yaml-payload - Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg
LandGrey/spring-boot-upload-file-lead-to-rce-tricks - spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
1n7erface/sendMail - 批量发送钓鱼邮箱
FishM4n/Fofa-collect - Fofa采集工具
safeYYY/easyHook - 直接指定hook目标，无需重新编写hook代码
HXSecurity/DongTai-agent-java - Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
keven1z/weblogic_memshell - 适用于weblogic和Tomcat的无文件的内存马(memshell)
rebeyond/memShell - a webshell resides in the memory of java web server
threedr3am/ZhouYu - （周瑜）Java - SpringBoot 持久化 WebShell 学习demo（不仅仅是SpringBoot，适合任何符合JavaEE规范的服务）
tlamb96/kgb_messenger - An Android CTF practice challenge
espduino/Hegui2.0 - 检测用户在同意授权前是否有获取隐私信息的Xposed插件
jas502n/Burp_AES_Plugin - Burpsuite Plugin For AES Crack
wfh45678/radar - 实时风控引擎(Risk Engine)，自定义规则引擎（Rule Script），完美支持中文，适用于反欺诈(Anti-fraud)应用场景，开箱即用！！！移动互联网时代的风险管理利器，你 Get 到了吗？
vran-dev/PrettyZoo - 😉 Pretty nice Zookeeper GUI, Support Win / Mac / Linux Platform
AntSwordProject/AwesomeScript - AntSword Shell 脚本分享/示例
xinyu2428/TDOA_RCE - 通达OA综合利用工具
doyensec/ajpfuzzer - A command-line fuzzer for the Apache JServ Protocol (ajp13)
OneSourceCat/BcelPayloadGenerator - A fastjson payload generator
GraxCode/JByteMod-Beta - Java bytecode editor
LandGrey/copagent - java memory web shell extracting tool
jas502n/BurpSuiteAutoCompletion - This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
sanfengAndroid/FakeXposed - Hide xposed, root, file redirection, etc.
bit4woo/domain_hunter_pro - domain_hunter的高级版本，SRC挖洞、HW打点之必备！自动化资产收集；快速Title获取；外部工具联动；等等
dunwu/java-tutorial - :coffee: 老司机在 Java 技术领域的十年积累。
Meshall/flutter_fp -
CyberScions/Digitalbank - Android Digital Bank Vulnerable Mobile App
qtc-de/remote-method-guesser - Java RMI Vulnerability Scanner
elki-project/elki - ELKI Data Mining Toolkit
baidu-security/openrasp-testcases - OpenRASP 漏洞测试环境
mdsecresearch/BurpSuiteSharpener -
0Chencc/DaE - CTFCrackTools 's BurpSuite Plugin - Decode and Encode
ffffffff0x/BerylEnigma - 一个为渗透测试与CTF而制作的工具集，主要实现一些加解密的功能。
Josue87/BurpMetaFinder - Burp Suite extension for extracting metadata from files
gdgd009xcd/AutoMacroBuilder - A BurpSuite Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as s
jcasbin/shiro-casbin - Apache Shiro's authorization middleware based on Casbin
TheKingOfDuck/Loki - 一个轻量级Web蜜罐 - A Little Web Honeypot.🍯🍯🍯🐝🐝🐝
wizos/loread - RSS Android client，support Inoreader, Feedly, TinyTinyRSS, Fever。
SecureSkyTechnology/burpextender-proxyhistory-webui - Burp Extender : Proxy History viewer in Web UI
nscuro/bradamsa-ng - Burp Suite extension for Radamsa-powered fuzzing with Intruder
hvqzao/burp-wildcard - Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
BitTheByte/BitTraversal - Burpsuite Plugin to detect Directory Traversal vulnerabilities
raise-isayan/ViewStateDecoder - Burpsuite extension. Supports ASP.NET ViewStateDecoder
simioni87/auth_analyzer - Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Ppsoft1991/CodeReviewTools - 通过正则搜索、批量反编译特定Jar包中的class名称
aau-network-security/HosTaGe - Low Interaction Mobile Honeypot
TimelineSec/ATTCK-Tools-library - TimelineSec ATT&CK 工具库
SecUSo/privacy-friendly-pedometer - Privacy Friendly App that counts your steps on Android devices.
JackyTsuuuy/UnicodeDecoder4burp - burpsuite Unicode解码插件
superblaubeere27/obfuscator - A java obfuscator (GUI)
ethicalhackingplayground/ssrf-king - SSRF plugin for burp Automates SSRF Detection in all of the Request
CoreyD97/BurpCustomizer - Because just a dark theme wasn't enough!
bytebutcher/burp-send-to - Adds a customizable "Send to..."-context-menu to your BurpSuite.
SafeGroceryStore/MDUT - MDUT - Multiple Database Utilization Tools
hs-vae/java-load - 记录自己从零开始学习Java SE的道路
TheKingOfDuck/burpJsEncrypter - More Easier Burp Extension To Solve Javascript Front End Encryption,一款更易使用的解决前端加密问题的Burp插件。
t0thkr1s/allsafe - Intentionally vulnerable Android application.
zhutougg/LandrayDES - 蓝凌OA的前后台密码的加解密工具
pmiaowu/BurpFastJsonScan - 一款基于BurpSuite的被动式FastJson检测插件
jas502n/OpenFire_Decrypt - OpenFire 管理后台账号密码解密
pimps/ysoserial-modified - That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
jas502n/CVE-2020-26259 - CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
lwierzbicki/RegexFinder - RegexFinder - Burp Suite extension to passively scan responses for occurrence of regular expression patterns.
aress31/swurg - Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
augustd/burp-suite-utils - Utilities for creating Burp Suite Extensions.
pimps/JNDI-Exploit-Kit - JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vuln
lianglixin/SandVXposed - Xposed environment without root (OS 5.0 - 12.0)
dschadow/JavaSecurity - Java web and command line applications demonstrating various security topics
w296488320/XposedAppium - 基于Xposed自动化框架
w296488320/XposedOkHttpCat -
WindySha/Xpatch - 免Root实现app加载Xposed插件工具。This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.
framgia/android-emulator-detector - Easy to detect android emulator
jas502n/publiccms_decrypt - publiccms_decrypt
lenve/javaboy-code-samples - 公众号【江南一点雨】文章案例汇总，技术文章请戳这里----->
yongyecc/dexshellerInMemory - android APK一键DEX加固脚本(内存加载DEX)
xkzhangsan/xk-time - xk-time 是时间转换，时间计算，时间格式化，时间解析，日历，时间cron表达式和时间NLP等的工具，使用Java8（JSR-310），线程安全，简单易用，多达70几种常用日期格式化模板，支持Java8时间类和Date，轻量级，无第三方依赖。
PortSwigger/freddy-deserialization-bug-finder -
Leoid/Burp2Slack - Push notifications to Slack channel or to custom server based on BurpSuite response conditions.
theLSA/burp-info-extractor - burpsuite extension for extract information from data
SasanLabs/VulnerableApp - OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
yangchong211/YCAndroidTool - 用于项目测试，崩溃重启操作，崩溃记录日志【可以查看，分享】和重启【多种重启app方式】；网路拦截查看的工具小助手，拦截请求和响应数据，统计接口请求次数，流量消耗，以及统计网络链接/dns解析/request请求/respond响应等时间。提高开发效率……
pkilller/super-jadx - Add new features for reverse engineering, such as: renaming of classes, fields, methods, variables, reference graphs and more.
AutohomeCorp/frostmourne - Frostmourne（霜之哀伤监控平台）是基于Elasticsearch, Prometheus, SkyWalking, InfluxDB，Mysql/TiDB，ClickHouse, SqlServer, IoTDB数据的监控，报警系统. Monitor & alert & alarm for Elasticsearch，Prometheus data。主要使用springboot2 + v
gdelmas/IntelliJDashPlugin - A smart and simple plugin that provides keyboard shortcut access for Dash, Velocity or Zeal in IntelliJ IDEA, RubyMine, WebStorm, PhpStorm, PyCharm and Android Studio.
rewanthtammana/Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
jeremylong/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Freakboy/jgraphx - jgraphx 4.0.4 build for cs project
monkeyWie/proxyee - HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
geekxh/hello-algorithm - 🌍 针对小白的算法训练 | 包括四部分：①.算法基础 ②.力扣图解 ③.大厂面经 ④.CS_汇总 | 附：1、千本开源电子书 2、百张技术思维导图（项目花了上百小时，希望可以点 star 支持，🌹感谢~）
xiaoxiaoleo/BurpSuite-Exclude-From-Scope -
L-JINBIN/ApkSignatureKiller - 一键破解APK签名校验
OneSourceCat/XxlJob-Hessian-RCE - XxlJob<=2.1.2配置不当情况下反序列化RCE
it-gorillaz/lnk2pwn - Malicious Shortcut(.lnk) Generator
Nicky213Zhang/WeChatAssist - 一款基于Android AccessibilityService（辅助服务）的自动操作微信的app，实现的功能有，附近的人自动打招呼，通讯录自动发消息，自动加好友，自动点赞评论，自定发漂流瓶，自动加群好友，自动推广公众号等等，同时，使用hook模块进行了微信的模拟定位，附近的人位置随意切换。
xiaoxiaoleo/Burp-Auto-Do-Intercept - Burp Suite Extender can auto intercept response for specify URL.
EXALAB/AnLinux-App - AnLinux allow you to run Linux on Android without root access.
doyensec/burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
luoyesiqiu/DexRepair - android dex文件修复程序
bit4woo/burp-api-drops - burp插件开发指南
rohanpadhye/JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
hakistan/Lokiboard-Mod - Just Mod Version of lokiboard with remote reporting via Gmail
moloch--/burp-multiplayer - Burp with Friends
c0ny1/java-memshell-scanner - 通过jsp脚本扫描java web Filter/Servlet型内存马
DependencyTrack/dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
motikan2010/CVE-2020-5398 - 💣 CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
momosecurity/momo-code-sec-inspector-java - IDEA静态代码安全审计及漏洞一键修复插件
Ramos-dev/OSSTunnel - 基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具
noidsirius/SootTutorial - A step-by-step tutorial for Soot (a Java static analysis framework)
f1tz/BCELCodeman - BCEL encode/decode manager for fastjson payloads
redtimmy/Richsploit - Exploitation toolkit for RichFaces
J0hnWalker/MysqlMonitor - Mysql 语句执行记录监控
0x10f2c/Mini-Android-Challenges - A small Android CTF challenge
MountCloud/BehinderClientSource - 冰蝎客户端源码-3.0-BETA11.t00ls
Y4er/CVE-2020-2551 - Weblogic IIOP CVE-2020-2551
waderwu/attackRmi - attackRmi
ydnzol/memshell - Tomcat 冰蝎内存马。
woodpecker-appstore/BCELConverter - BCEL class转换插件
Daybr4ak/ShiroScan - burp插件 ShiroScan 主要用于框架、无dnslog key检测
Conanjun/passive-scan-client-and-sendto - burp被动扫描自动转发和手动重发插件
LuD1161/HackingSimplified - This is where I share code/material shown in my videos
veracode-research/spring-view-manipulation - When MVC magic turns black
z1Ro0/tomcat_nofile_webshell - Tomcat基于动态注册Filter的无文件Webshell
Maskhe/FastjsonScan - 一个简单的Fastjson反序列化检测burp插件
zhisheng17/flink-learning - flink learning blog. http://www.54tianzhisheng.cn/ 含 Flink 入门、概念、原理、实战、性能调优、源码解析等内容。涉及 Flink Connector、Metrics、Library、DataStream API、Table API & SQL 等内容的学习案例，还有 Flink 落地应用的大型项目案例（PVUV、日志存储、百亿数据实时去重、
Y4er/fastjson-bypass-autotype-1.2.68 - fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.
nutzam/nutz - Nutz -- Web Framework(Mvc/Ioc/Aop/Dao/Json) for ALL Java developer
ozzi-/JWT4B - JWT Support for Burp
LuckyC4t/shiro-urldns - shiro反序列化检测(只是个玩具23333)
0x141/ShiroRce-Burp -
wultra/powerauth-push-server - PowerAuth Push Server repository
xhycccc/Struts2-Vuln-Demo - Struts2漏洞实例源码
Y4er/WebLogic-Shiro-shell - WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
leibnitz27/cfr - This is the public repository for the CFR Java decompiler
alibaba/jvm-sandbox - Real - time non-invasive AOP framework container based on JVM
5up3rc/weblogic_cmd - weblogic t3 deserialization rce
longofo/rmi-jndi-ldap-jrmp-jmx-jms - rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
Afant1/RemoteObjectInvocationHandler - bypass JEP290 RaspHook code
Y4er/CVE-2020-2555 - Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
cdaller/security_taint_propagation - Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.
javaparser/javaparser - Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13
JackOfMostTrades/gadgetinspector - A byte code analyzer for finding deserialization gadget chains in Java applications
0Kee-Team/JavaProbe - A Java runtime information-gathering tool which uses the Java Attach API for information acquisition
soot-oss/soot - Soot - A Java optimization framework
GraxCode/cafecompare - Java code comparison tool (jar / class)
threedr3am/fastjson-blacklist - 打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
Ramos-dev/R9000 -
threedr3am/log-agent - 利用agent hock指定的class，在jar运行周期内，用于跟踪被执行的方法，辅助做一些事情，比如挖洞啊
feihong-cs/Java-Rce-Echo - Java RCE 回显测试代码
topjohnwu/libsu - A complete solution for apps using root permissions
fluency03/leetcode-java - 🎓🎓🎓 Leetcode solution in Java - 536/921 Solved. https://leetcode.com/problemset/all/
0nise/burp-fofa - 基于BurpSuite的一款FOFA Pro 插件
potats0/cve_2020_14644 -
oversecured/ovaa - Oversecured Vulnerable Android App
L-codes/Neo-reGeorg - Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
metersphere/metersphere - MeterSphere 是一站式开源持续测试平台，覆盖测试管理、接口测试、UI 测试和性能测试等。搞测试，就选 MeterSphere！
pyn3rd/Apache-Tomcat-Redis-Remote-Code-Execution - Apache-Tomcat-Redis-Remote-Code-Execution
Wh0ale/CAS_Execution_decode - Apereo CAS payload AES解密
iqiyi/Lens - 功能简介：一种开发帮助产品研发的效率工具。主要提供了：页面分析、任务分析、网络分析、DataDump、自定义hook 、Data Explorer 等功能。以帮助开发、测试、UI 等同学更便捷的排查和定位问题，提升开发效率。
pmiaowu/BurpShiroPassiveScan - 一款基于BurpSuite的被动式shiro检测插件
momosecurity/oxpecker - oxpecker是一款用于从IDE提取开发项目仓库地址、当前分支、三方组件等信息用于安全分析的JetBrains家族IDE插件。
momosecurity/mosec-maven-plugin - 用于检测maven项目的第三方依赖组件是否存在安全漏洞。
momosecurity/mosec-gradle-plugin - 用于检测gradle项目的第三方依赖组件是否存在安全漏洞。
snyk/snyk-maven-plugin - Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
thatcherclough/BetterBackdoor - A backdoor with a multitude of features.
ThisIsLibra/AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers
pwntester/StaticInitializerPayload -
shuzijun/leetcode-editor - Do Leetcode exercises in IDE, support leetcode.com and leetcode-cn.com, to meet the basic needs of doing exercises.Support theoretically: IntelliJ IDEA PhpStorm WebStorm PyCharm RubyMine AppCode CLion
stevespringett/threatmodel-sdk - A Java library for parsing and programmatically using threat models
potats0/shiroPoc -
fupinglee/ShiroScan - Shiro RememberMe 1.2.4 反序列化漏洞图形化检测工具(Shiro-550)
tangxiaofeng7/Fofa-collect - Fofa平台采集工具
wh1t3p1g/ysoserial - forked from frohoff/ysoserial and added my own payloads.
huanzi-qch/base-admin - Base Admin一套简单通用的后台管理系统，主要功能有：权限管理、菜单管理、用户管理，系统设置、实时日志，实时监控，API加密，以及登录用户修改密码、配置个性菜单等
NickstaDB/SerializationDumper - A tool to dump Java serialization streams in a more human readable form.
Y4er/CVE-2020-14645 - Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()
lalajun/RMIDeserialize - RMI 反序列化环境一步步
phith0n/JavaThings - Share Things Related to Java - Java安全漫谈笔记相关内容
langligelang/CAS_EXP - CAS 硬编码远程代码执行漏洞
ztosec/secscan-authcheck - 越权检测工具
NetSPI/JavaSerialKiller - Burp extension to perform Java Deserialization Attacks
fairyming/CVE-2020-9547 - CVE-2020-9547：FasterXML/jackson-databind 远程代码执行漏洞
canyie/pine - Dynamic java method hook framework on ART.
google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
SycloverSecurity/SCTF2020 - SCTF2020
keycloak/keycloak - Open Source Identity and Access Management For Modern Applications and Services
mogwailabs/rmi-deserialization - Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
Ch1ngg/WebLogicPasswordDecryptorUi - 解密weblogic AES或DES加密方法
jas502n/CVE-2020-5902 - CVE-2020-5902 BIG-IP
Ch0pin/AndroidWebDoor - A minimalistic android backdoor
core-lib/xjar - Spring Boot JAR 安全加密运行工具，支持的原生JAR。
victordiaz/PHONK - PHONK is a coding playground for new and old Android devices
spoofzu/jvmxray - Make Java security events of interest visible for analysis
bage2014/study - 全栈工程师学习笔记；Spring登录、shiro登录、CAS单点登录和Spring boot oauth2单点登录；Spring data cache 缓存，支持Redis和EHcahce; web安全，常见web安全漏洞以及解决思路；常规组件，比如redis、mq等；quartz定时任务，支持持久化数据库，动态维护启动暂停关闭；docker基本用法，常用image镜像使用，Docker-MySQ
TimeAndSpaceIO/CronScheduler - An alternative to ScheduledThreadPoolExecutor proof against the clock drift problem
wh1t3p1g/ysomap - A helpful Java Deserialization exploit framework.
cdk8s/tkey - 以材料最全、示例最多为目标的单点登录系统（SSO）
Ruil1n/after-deserialization-attack - Java After-Deserialization Attack
iamyours/ApkCrack - A tool that make your apk debuggable for Charles/Fiddler in Android 7.0
feix760/WebViewDebugHook - Use Xposed force all webView to debug on android 4.4+
ba0zi/Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
bigsizeme/shiro-check - Shiro反序列化回显利用、内存shell、检查 Burp插件
dineshshetty/FridaLoader - A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices
jpiechowka/burp-security-headers-checker - Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses
salesforce/VulnreportForBurp - Burp Suite extension to enable reporting findings directly to VulnReport
celsogbezerra/Copy-as-JavaScript-Request - Copy as JavaScript Request plugin for Burp Suite
confuciussayuhm/Burp-TCP-and-DNS-Proxy - TCP and DNS Proxy for Burp Suite.
raise-isayan/YaguraExtender - Burpsuite extension. Supports CJK (Chinese, Japanese, Korean) encoding.
bit4woo/burp-api-common - common methods that used by my burp extension projects
ldionmarcil/burp-samesite-reporter - Burp extension that passively reports various SameSite flags
augustd/burp-suite-swaggy - Burp Suite extension for parsing Swagger web service definition files
raise-isayan/BigIPDiscover - It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
madneal/r-forwarder-burp - The burp extension to forward the request
wrvenkat/burp-multistep-csrf-poc - Burp extension to generate multi-step CSRF POC.
augustd/burp-suite-jsonpath - JSONPath extension for BurpSuite
righettod/log-requests-to-sqlite - BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
usdAG/cstc - CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
humblelad/TeaBreak - A productivity burp extension which reminds to take break while you are at work!
chason0528/profiler - A tool to trace java method dynamically for android application.
pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution - Apache Tomcat + MongoDB Remote Code Execution
asLody/SandVXposed - Xposed environment without root (OS 5.0 - 10.0)
feihong-cs/JspMaster-Deprecated - 一款基于webshell命令执行功能实现的GUI webshell管理工具，支持流量加密
zsdlove/fortify-license-crack - fortify-license-crack
la0s/JustTrustMe-master - 在JustTrustMe的基础上修改了log日志打印位置，便于追踪hook函数
virjar/DVMUnpacker -
iSafeBlue/fastjson-autotype-bypass-demo - fastjson 1.2.68 版本 autotype bypass
LeadroyaL/fastjson-blacklist -
mpgn/Spring-Boot-Actuator-Exploit - Spring Boot Actuator (jolokia) XXE/RCE
nccgroup/freddy - Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
langgithub/RxAppEncryptionProtocol - frida反特征检测 app协议破解 Frida破解协议 sslping抓包通用逆向破解打印native动态注册函数
0ffffffffh/dragondance - Binary code coverage visualizer plugin for Ghidra
zjkhiyori/hack-root - Android APP get root-level permissions without rooted system
bihe0832/Android-GetAPKInfo - 获取Android应用基本信息的工具集
Wfzsec/FastJson1.2.62-RCE - 来源于jackson-CVE-2020-8840，需要开autotype
veracode-research/rogue-jndi - A malicious LDAP server for JNDI injection attacks
whwlsfb/BurpCrypto - BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
BishopFox/rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
anatolikalysch/roots_a11y - PoC files for the publication 'How Android's UI Security is Undermined by Accessibility'.
threedr3am/JSP-WebShells - Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
langgithub/JustTrustMePlus -
LandGrey/SpringBootVulExploit - SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list
threedr3am/tomcat-cluster-session-sync-exp - tomcat使用了自带session同步功能时，不安全的配置（没有使用EncryptInterceptor）导致存在的反序列化漏洞，通过精心构造的数据包，可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484，9484是session持久化的洞，这个是session集群同步的洞！
YunaiV/SpringBoot-Labs - 一个涵盖六个专栏：Spring Boot 2.X、Spring Cloud、Spring Cloud Alibaba、Dubbo、分布式消息队列、分布式事务的仓库。希望胖友小手一抖，右上角来个 Star，感恩 1024
Skactor/behinder_source - Behinder3.0 Beta4 源码（Decompile and Fixed）
Y4er/CVE-2020-2883 - Weblogic coherence.jar RCE
LinShunKang/MyPerf4J - High performance Java APM. Powered by ASM. Try it. Test it. If you feel its better, use it.
GraxCode/threadtear - Multifunctional java deobfuscation tool suite
ElderDrivers/EdXposedManager - Companion Android application for EdXposed
PortSwigger/param-miner -
feihong-cs/ShiroExploit-Deprecated - Shiro550/Shiro721 一键化利用工具，支持多种回显方式
yzddmr6/JspForAntSword - 中国蚁剑JSP一句话Payload
NetsOSS/headless-burp - Automate security tests using Burp Suite.
nccgroup/CollaboratorPlusPlus -
xkcoding/spring-boot-demo - 该项目已成功集成 actuator(监控)、admin(可视化监控)、logback(日志)、aopLog(通过AOP记录web请求日志)、统一异常处理(json级别和页面级别)、freemarker(模板引擎)、thymeleaf(模板引擎)、Beetl(模板引擎)、Enjoy(模板引擎)、JdbcTemplate(通用JDBC操作数据库)、JPA(强大的ORM框架)、mybatis(强大的OR
nccgroup/LoggerPlusPlus - Advanced Burp Suite Logging Extension
google/firing-range -
su18/JNDI - JNDI 注入利用工具
SPuerBRead/Bridge - 无回显漏洞测试辅助平台，平台使用Java编写，提供DNSLOG，HTTPLOG等功能，辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
rsrdesarrollo/generator-burp-extension - Everything you need about Burp Extension Generation
mr-m0nst3r/Burpy - A plugin that allows you execute python and get return to BurpSuite.
c0ny1/java-object-searcher - java内存对象搜索辅助工具
SonarSource/sonarqube - Continuous Inspection
find-sec-bugs/find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
ffffffff0x/CryptionTool - 一个CTF+渗透测试工具框架,集成常见加解密，密码、编码转换，端口扫描，字符处理等功能
somowhere/albedo - Albedo 是一个Java企业应用开源框架，使用经典技术组合（SpringBoot2.x、MyBatis、Vue），包括核心模块如：组织机构、角色用户、权限授权、数据权限、代码生成、定时任务等。
wuyr/PathLayoutManager - RecyclerView的LayoutManager，轻松实现各种炫酷、特殊效果，再也不怕产品经理为难！
Byron4j/CookBook - 🎉🎉🎉JAVA高级架构师技术栈==任何技能通过 “刻意练习” 都可以达到融会贯通的境界，就像烹饪一样，这里有一份JAVA开发技术手册，只需要增加自己练习的次数。🏃🏃🏃
work-helper/class-decompile-intellij - decompile .class file
AnyListen/tools-ocr - 树洞 OCR 文字识别（一款跨平台的 OCR 小工具）
Zo3i/frpMgr - Frp快速配置面板
threedr3am/gadgetinspector - 一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
threedr3am/FindClassInJars - 个人用于在自动化挖掘gadget时，方便查找gadget chains中class所在jar包，以助于便捷审计测试gadget有效性的那么一个小工具。
jas502n/jackson-CVE-2020-8840 - FasterXML/jackson-databind 远程代码执行漏洞
BishopFox/GadgetProbe - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
threedr3am/learnjavabug - Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
charles2gan/GDA-android-reversing-Tool - GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection,
TideSec/Decrypt_Weblogic_Password - 搜集了市面上绝大部分weblogic解密方式，整理了7种解密weblogic的方法及响应工具。
alipay/SoloPi - SoloPi 自动化测试工具
dkhadoop/dk-fitting - Fitting是一个面向大数据的统一的开发框架，由大快搜索主导并完全开源，克服了大数据技术开发涉及技术面广,各组件间缺乏统一规范等问题，能有效降低大数据的学习难度，并提高大数据项目的开发效率并可与开源项目混用。 Fitting遵循Apache2.0开源协议，采用类黑箱框架模式，将大数据生态圈内各组件底层API根据应用组合封装为Fitting API服务。用户编程时直接引用Fitting框架，即可使
Genymobile/gnirehtet - Gnirehtet provides reverse tethering for Android
oracle/opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java
mock-server/mockserver - MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied tra
DayorNight/BLCS - 一款集合多个Android开源库的使用工具，可以展示各个开源库的特性。并简单了解其使用方法。包含[★1.1仿微信功能-字体大小★1.2仿微信功能-存储空间★1.3仿微信功能-多语言★1.4仿微信功能-地区选择★2.BottomNavigationView★3.RecyclerView4.DialogFragment★5.toolbar★6.RxToast★7.转盘小游戏★8.跑马灯/水波纹/标签★
Guardsquare/proguard - ProGuard, Java optimizer and obfuscator
welk1n/JNDI-Injection-Exploit - JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
bastillion-io/Bastillion - Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
wrlu/SecMobile - 移动安全检测平台，支持Android和iOS应用辅助分析。
wrlu/FridaHooker - Android Frida GUI Manager // An advanced version by @icespite :https://github.com/icespite/FridaHooker
tchiotludo/akhq - Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more...
fntneves/falcon - Falcon: A practical log-based analysis tool for distributed systems
ricardojba/poi-slinger - Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan
iamaldi/rapid - Rapid is a Burp extension that enables you to save HTTP Request & Response data to a single file a lot easier and faster in one go.
c0ny1/burp-cookie-porter - 一个可快速“搬运”cookie的Burp Suite插件
lilifengcode/Burpsuite-Plugins-Usage - Burpsuite-Plugins-Usage
c0ny1/sqlmap4burp-plus-plus - sqlmap4burp++是一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件
c0ny1/passive-scan-client - Burp被动扫描流量转发插件
c0ny1/captcha-killer - burp验证码识别接口调用插件
nelenkov/android-backup-extractor - Android backup extractor
woozoo73/adonistrack - Simple Java profiling tool
wultra/powerauth-cmd-tool - Command-line utility for PowerAuth Reference Client
itemic/rotacsufbo - did u know the name of the repo is obfuscator backwards?
HTBridge/pivaa - Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
1ultimat3/BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
appsecco/VyAPI - VyAPI - A cloud based vulnerable hybrid Android App
gpengDemo/Estore - Java 语言实现的苹果网上商城，前端模仿苹果爱否商城的页面，后端运用纯 Servlet + JSP +c3p0 数据库连接池以及web 相关技术，实现的基础功能包括前后台、实现展示首页、管理商品页面、商品分类、添加购物车、购买、提交订单、联系客服等，欢迎 star，谢谢！！！
tianshiyeben/wgcloud - linux运维监控工具，支持系统信息，内存，cpu，温度，磁盘空间及IO，硬盘smart，系统负载，网络流量等监控，API接口，大屏展示，拓扑图，进程监控，端口监控，docker监控，文件防篡改，日志监控，数据可视化，web ssh，堡垒机，指令下发批量执行，linux面板，探针，故障告警
boy-hack/wooyun-payload - 从wooyun中提取的payload，以及burp插件
imperva/automatic-api-attack-tool - Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
OWASP/MSTG-Hacking-Playground -
payatu/diva-android - DIVA Android - Damn Insecure and vulnerable App for Android
0nise/shell-plus - 💻Shell Plus 是基于 RMI 的一款服务器管工具，由服务端、注册中心、客户端进行组成。该工具主要用于服务器管理、攻防后门安全测试以及技术研究，禁止用于非法犯罪。
facebook/stetho - Stetho is a debug bridge for Android applications, enabling the powerful Chrome Developer Tools and much more.
android-notes/SwissArmyKnife - android ui调试工具
ernw/AndroTickler - Penetration testing and auditing toolkit for Android apps.
patrickfav/uber-apk-signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing sche
android-hacker/VirtualXposed - A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
google/android-classyshark - Android and Java bytecode viewer
heibaiying/BigData-Notes - 大数据入门指南 :star:
LeadroyaL/java_xxe_2019 - 总结了一下2019年在JVM环境中使用XXE攻击的知识
federicodotta/Brida - The new bridge between Burp Suite and Frida!
guanchao/apk_auto_enforce - APK一键自动化加固脚本
oneWayOut/atlassian-agent - Atlassian's productions crack.
fangjinuo/sqlhelper - SQL Tools ( Dialect, Pagination, DDL dump, UrlParser, SqlStatementParser, WallFilter, BatchExecutor for Test) based Java. it is easy to integration into any ORM frameworks
c0ny1/FastjsonExploit - Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
louislivi/fastdep - Fast integration dependencies in spring boot.是一个快速集成依赖的框架，集成了一些常用公共的依赖。例：多数据源，Redis，JWT...
201206030/novel - novel 是一套基于时下最新 Java 技术栈 Spring Boot 3 + Vue 3 开发的前后端分离学习型小说项目，配备详细项目开发文档，由小说门户系统、作家后台管理系统、平台后台管理系统等多个子系统构成。包括小说推荐、作品检索、小说排行榜、小说阅读、小说评论、会员中心、作家专区、充值订阅、新闻发布等功能。
gulihua10010/eshop - 基于Spring Boot +Dubbo微服务商城系统
LiuKay/mmall-kay-Java - 简单的电商项目，SSM, SpringBoot，SpringCloud, k8s，on the way ...
GrowingGit/GitHub-Chinese-Top-Charts - :cn: GitHub中文排行榜，各语言分设「软件 | 资料」榜单，精准定位中文好项目。各取所需，高效学习。
ylw-github/pingyougou - 使用IDEA版本开发品优购商城项目
justauth/JustAuth - 🏆Gitee 最有价值开源项目 🚀:100: 小而全而美的第三方登录开源组件。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐、Gitlab、美团、饿了么、
jeequan/jeepay - Jeepay是一套适合互联网企业使用的开源支付系统，支持多渠道服务商和普通商户模式。已对接微信支付，支付宝，云闪付官方接口，支持聚合码支付。
elunez/eladmin - 项目基于 Spring Boot 2.1.0 、 Jpa、 Spring Security、redis、Vue的前后端分离的后台管理系统，项目采用分模块开发方式，权限控制采用 RBAC，支持数据字典与数据权限管理，支持一键生成前后端代码，支持动态路由
tanling8334/Matplot3D-for-Java - Matplot3D for java. It is a library for drawing 3D plot
zhegexiaohuozi/SeimiCrawler - 一个简单、敏捷、分布式的支持SpringBoot的Java爬虫框架;An agile, distributed crawler framework.
hope-for/hope-cloud - :whale: Hope-Cloud 微服务框架
sun0x00/redtorch - Kotlin(Java)开源量化交易开发框架
loliiiiipop886/quant4j - 火币量化交易指标组合策略简单的数值策略这个项目只是提供一个思路。
2bcoin/zheshiyigeniubidexiangmu - 数字货币量化交易系统，支持多家交易所
java-aodeng/hope-boot - 🌱 一款现代化的脚手架项目
guangzhengli/spring-framework - 对 Spring 源码的解读分析
WBGlIl/CobaltStrike-file -
ScaleSec/vulnado - Purposely vulnerable Java application to help lead secure coding workshops
macrozheng/mall-learning - mall学习教程，架构、业务、技术要点全方位解析。mall项目（50k+star）是一套电商系统，使用现阶段主流技术实现。涵盖了SpringBoot 2.3.0、MyBatis 3.4.6、Elasticsearch 7.6.2、RabbitMQ 3.7.15、Redis 5.0、MongoDB 4.2.5、Mysql5.7等技术，采用Docker容器化部署。
apache/dolphinscheduler - Apache DolphinScheduler is a distributed and extensible workflow scheduler platform with powerful DAG visual interfaces, dedicated to solving complex job dependencies in the data pipeline and providin
febsteam/FEBS-Shiro - Spring Boot 2.4.2，Shiro1.6.0 & Layui 2.5.6 权限管理系统。
forezp/SpringCloudLearning - 《史上最简单的Spring Cloud教程源码》
PortSwigger/authz -
ZHENFENG13/concurrent-programming - :cactus:《实战java高并发程序设计》源码整理
hustcc/JS-Sorting-Algorithm - 一本关于排序算法的 GitBook 在线书籍《十大经典排序算法》，多语言实现。
chenhaoxiang/Java - Java的学习之路，学习JavaEE以及框架时候的一些项目，结合博客和源码，让你受益匪浅，适合Java初学者和刚入门开始学框架者
JeffLi1993/java-core-learning-example - 关于Java核心技术学习积累的例子，是初学者及核心技术巩固的最佳实践。
TheKingOfDuck/burpFakeIP - 服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件
GHBlade/Msgs - 短信群发，支持单卡/双卡，发送短信，Excel导入
jeecgboot/jeecg-boot - 「企业级低代码平台」前后端分离架构SpringBoot 2.x，SpringCloud，Ant Design&Vue，Mybatis，Shiro，JWT。强大的代码生成器让前后端代码一键生成，无需写任何代码! 引领新的开发模式OnlineCoding->代码生成->手工MERGE，帮助Java项目解决70%重复工作，让开发更关注业务，既能快速提高效率，帮助公司节省成本，同时又不失灵活性
Carson-Ho/RxJavaLearningMaterial - 这是一份详细的RxJava学习攻略 & 指南
zhuzhiqiang18/Second-hand-mall - 模仿咸鱼的二手交易商城
zhaojun1998/Shiro-Action - 基于 Shiro 的权限管理系统，支持 restful url 授权，体验地址 :
michaelliao/itranswarp - Full-featured CMS including blog, wiki, discussion, etc. powered by SpringBoot.
JoyChou93/java-sec-code - Java web common vulnerabilities and security code which is base on springboot and spring security
eclipse/steady - Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. ht
momosecurity/rhizobia_J - JAVA安全SDK及编码规范
hansonwang99/Spring-Boot-In-Action - Spring Boot 系列实战合集
c0ny1/jsEncrypter - 一个用于前端加密Fuzz的Burp Suite插件
malizhigithub/answerWeb - 基于SSM在线答题系统
bit4woo/Java_deserialize_vuln_lab - Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
wuyouzhuguli/SpringAll - 循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc
lorateam/Gotrip - 民宿旅游管理系统，SSM框架实现
hsingyin/EStore - 一个基于JavaWeb的网上电子购物城项目，实现展示商品、购买商品、提交订单、持久化保存到数据库等基本功能
veekxt/hfuu_shop - 原生Jsp和Servlet实现的简单二手物品交易网站
Liweimin0512/MMall_JAVA - 基于SSM框架的前后端分离设计完整仿天猫网站服务器端源码。项目特点：前后端分离，数据库接口设计，架构设计，功能开发，上线运维
jhyscode/SSM-personnel-management-system - 基于SSM的人事管理系统，适合初学者第一个实战项目
wonderyuan/LEMarket - 基于Java SSM框架和layui构建的手机商城系统（包含前后台）
xenv/S-mall-servlet - 小小商城系统，JavaWEB项目，基于原生Servlet，仿天猫页面，功能齐全
StevenWash/xxshop - (B2C) 基于Java 的SSM的B2C电商网站
jsphLim/Psychological-counseling-system - 简易心理咨询预约系统Based On SSM
KINGSABRI/godofwar - GodOfWar - Malicious Java WAR builder with built-in payloads
coderzc/biubiu - A website like bilibili
JackyFuu/SSM-Maven-Heima - 基于SSM(Spring+Springmvc+Mybatis)框架的电商小项目，使用Maven构建项目，MySQL为数据库系统，Redis的缓存服务器（并不是用的很多）。商城分为后台人员管理界面和前台处理服务器两个方面。实现了登录，邮件注册，redis缓存机制，cookie的历史记录浏览，分页浏览商品，加入购物车，提交订单等等功能。最精彩的是，如果你刚刚学完基础的SSM框架，那么你就可以跟着视频一
ysrc/Liudao - “六道”实时业务风控系统
CrazyBunQnQ/multimarkdown - 破解 IntelliJ IDEA 的 Markdown Navigator 插件，觉着不错的话可以 Start 一下哟！
Swati4star/Images-to-PDF - An app to convert images to PDF file!
pyn3rd/CVE-2018-3252 - CVE-2018-3252-PoC
yunxu1/jboss-_CVE-2017-12149 - CVE-2017-12149 jboss反序列化可回显
dunwu/javacore - :coffee: JavaCore 是对 Java 核心技术的经验总结。
29DCH/OnlineMall - :arrow_up: 基于springboot+thymeleaf+spring data jpa+druid+bootstrap+layui等技术的JavaWeb电商项目(项目包含前后台,分为前台商城系统及后台管理系统。前台商城系统包含首页门户、商品推荐、商品分类、商品搜索、商品展示、商品详情、购物车、订单流程、用户中心、评论(有些bug,当时做得不够好,下一个项目的评论模块比这个好)、模拟支付
mikemelon/java-exam - Java实现的包含题库编辑、抽题组卷、试题分析、在线考试等模块的Web考试系统。
d3vilbug/HackBar - HackBar plugin for Burpsuite
traccar/traccar - Traccar GPS Tracking System
Conanjun/XSSBlindInjector - burp插件，实现自动化xss盲打以及xss log
TheKingOfDuck/MySQLMonitor - MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)
qiao-zhi/springboot-ssm - springboot整合mybatis(SSM项目整合)
onblog/ProjectTree - 新人熟悉项目必备工具！基于AOP开发的一款方法调用链分析框架，简单到只需要一个注解，异步非阻塞，完美嵌入Spring Cloud、Dubbo项目！再也不用担心搞不懂项目！（欢迎Star，🚫禁止Fork）
c0ny1/chunked-coding-converter - Burp suite 分块传输辅助插件
Bypass007/Nessus_to_report - Nessus中文报告自动化脚本
lynnlovemin/SpringCloudLesson - SpringCloud从入门到精通系列课程
Dreamroute/locker - mybatis乐观锁插件,MyBatis Optimistic Locker Plugin
b2stry/mytwitter - 一个模仿Twitter的Java Web项目（基于原生的Servlet）
Tencent/APIJSON - 🚀 零代码、全功能、强安全 ORM 库，后端接口和文档零代码，前端(客户端) 定制返回 JSON 的数据和结构。 🚀 A JSON Transmission Protocol and an ORM Library for providing APIs and Docs without writing any code.
NationalSecurityAgency/ghidra - Ghidra is a software reverse engineering (SRE) framework
hollischuang/toBeTopJavaer - To Be Top Javaer - Java工程师成神之路
wistbean/manong-ssm - 基于SSM框架的Java电商项目
doublechaintech/scm-biz-suite - 供应链中台系统基础版，集成零售管理, 电子商务, 供应链管理, 财务管理, 车队管理, 仓库管理, 人员管理, 产品管理, 订单管理, 会员管理, 连锁店管理, 加盟管理, 前端React/Ant Design, 后端Java Spring+自有开源框架，全面支持MySQL, PostgreSQL, 全面支持国产数据库南大通用GBase 8s,通过REST接口调用，前后端完全分离。
xenv/S-mall-ssm - 小小商城系统，JavaWEB项目，基于SSM，仿天猫页面，功能齐全，实现了自动处理关联查询的通用Mapper、抽象 BaseService 类、注解鉴权、参数注解校验等
xuxueli/xxl-sso - A distributed single-sign-on framework.（分布式单点登录框架XXL-SSO）
lenve/vhr - 微人事是一个前后端分离的人力资源管理系统，项目采用SpringBoot+Vue开发。
ityouknow/spring-boot-examples - about learning Spring Boot via examples. Spring Boot 教程、技术栈示例代码，快速简单上手教程。
mustfun/mybatis-lite - Mybatis - Plugin Free版
sunnyandgood/JavaEE - 🔥⭐️👍框架(SSM/SSH)学习笔记
tywo45/t-io - 网络编程很苦，用t-io后会很甜
TheAlgorithms/Java - All Algorithms implemented in Java
macrozheng/mall - mall项目是一套电商系统，包括前台商城系统及后台管理系统，基于SpringBoot+MyBatis实现，采用Docker容器化部署。前台商城系统包含首页门户、商品推荐、商品搜索、商品展示、购物车、订单流程、会员中心、客户服务、帮助中心等模块。后台管理系统包含商品管理、订单管理、会员管理、促销管理、运营管理、内容管理、统计报表、财务管理、权限管理、设置等模块。
qiurunze123/miaosha - ⭐⭐⭐⭐秒杀系统设计与实现.互联网工程师进阶与分析🙋🐓
Maweiming/weixin-bot - 使用微信Api实现微信客户端功能（使用Java开发）可用于监控微信消息、特别关心钉钉提醒功能
doocs/advanced-java - 😮 Core Interview Questions & Answers For Experienced Java(Backend) Developers | 互联网 Java 工程师进阶知识完全扫盲：涵盖高并发、分布式、高可用、微服务、海量数据处理等领域知识
PataPon-coder/JrebelBrainsLicenseServerforJava -
dschadow/Java-Web-Security - Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
MisterBooo/LeetCodeAnimation - Demonstrate all the questions on LeetCode in the form of animation.（用动画的形式呈现解LeetCode题目的思路）
quentinhardy/jndiat - JNDI Attacking Tool
iSafeBlue/TrackRay - 溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）
Ebryx/AES-Killer - Burp Plugin to decrypt AES encrypted traffic on the fly
h2pl/MyTech - Java的基础总结和学习笔记，包括Java核心技术点和常见知识点。同时提供了Java基础原理的代码实现，供大家实践时参考。已补充JVM和JUC的相关内容，欢迎交流。
brianway/java-learning - 旨在打造在线最佳的 Java 学习笔记，含博客讲解和源码实例，包括 Java SE 和 Java Web
Snailclimb/JavaGuide - 「Java学习+面试指南」一份涵盖大部分 Java 程序员所需要掌握的核心知识。准备 Java 面试，首选 JavaGuide！
oldmanpushcart/greys-anatomy - Java诊断工具
mercyblitz/segmentfault-lessons - Segment Fault 在线讲堂代码工程
frank-lam/fullstack-tutorial - 🚀 fullstack tutorial 2022，后台技术栈/架构师之路/全栈开发社区，春招/秋招/校招/面试
c0ny1/HTTPHeadModifer - 一款快速修改HTTP数据包头的Burp Suite插件
ngbdf/redis-manager - Redis 一站式管理平台，支持集群的监控、安装、管理、告警以及基本的数据操作
crossoverJie/JCSprout - 👨‍🎓 Java Core Sprout : basic, concurrent, algorithm
nccgroup/BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
bit4woo/domain_hunter - A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
bit4woo/knife - A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
ninetysec/Cknife - Cknife
irsdl/IIS-ShortName-Scanner - latest version of scanners for IIS short filename (8.3) disclosure vulnerability
CaledoniaProject/CVE-2018-1270 - Spring messaging STOMP protocol RCE
waylau/mongodb-file-server - MongoDB File Server is a file server system based on MongoDB. 基于 MongoDB 的文件服务器。
zengxs/gdns - A Secure DNS Server (forwarder) based on Google DNS over HTTPS Service
zouzg/mybatis-generator-gui - mybatis-generator界面工具，让你生成代码更简单更快捷
microsoft/mssql-jdbc - The Microsoft JDBC Driver for SQL Server is a Type 4 JDBC driver that provides database connectivity with SQL Server through the standard JDBC application program interfaces (APIs).
An0nymous0/MybatisPlugin-Crack-Javassist - Javassist实现的破解IDEA MybatisPlugin修改字节码工具，仅供学习用途。
mplushnikov/lombok-intellij-plugin - Lombok Plugin for IntelliJ IDEA
zjlywjh001/PhrackCTF-Platform-Team - CTF platfrom(Team Version) developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
tranleduy2000/javaide - Code editor, java auto complete, java compiler, aapt, dx, zipsigner for Android
tls-attacker/TLS-Scanner - The TLS-Scanner Module from TLS-Attacker
Col-E/Recaf - The modern Java bytecode editor
proxyee-down-org/proxyee-down - http下载工具，基于http代理，支持多连接分块下载
xuningjack/ANRManager - ANR collector which can collect ANR information（收集ANR相关信息的工具类）
naozibuhao/SecQuanCknife - SecQuanCknife
zjlywjh001/PhrackCTF-Platform-Personal - CTF platfrom developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。
littleRich/VirtualLocation - 利用Hook技术对APP进行虚拟定位，可修改微信、QQ、以及一些打卡APP等软件，随意切换手机所处位置！
MindorksOpenSource/from-java-to-kotlin - From Java To Kotlin - Your Cheat Sheet For Java To Kotlin
cundong/MemoryMonitor - Memory clean, pss monitor tool, for developer
godlikewangjun/dexknife-wj - apk加固插件带签名校验、dex加密、资源混淆
guardianproject/haven - Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors
94fzb/zrlog - ZrLog是使用 Java 开发的博客/CMS程序，具有简约，易用，组件化，内存占用低等特点。自带 Markdown 编辑器，让更多的精力放在写作上，而不是花费大量时间在学习程序的使用上。
shengqi158/S2-055-PoC - S2-055的环境，基于rest-show-case改造
SecureSkyTechnology/study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095 - Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告
ooni/probe-android - OONI Probe Android
ffay/lanproxy - lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具，支持tcp流量转发，可支持任何tcp上层协议（访问内网网站、本地支付接口调试、ssh访问、远程桌面、http代理、https代理、socks5代理...）。技术交流QQ群 736294209
OpenRefine/OpenRefine - OpenRefine is a free, open source power tool for working with messy data and improving it
yandex/burp-molly-scanner - Turn your Burp suite into headless active web application vulnerability scanner
tiagorlampert/sAINT - :eye: (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
sevck/CVE-2017-12149 - CVE-2017-12149 JBOSS as 6.X反序列化(反弹shell版)
ZjieHU/Tomcat_weak_password_scan - Tomcat弱口令扫描器
confluentinc/ksql - The database purpose-built for stream processing applications.
NickstaDB/BaRMIe - Java RMI enumeration and attack tool.
ibey0nd/NSTProxy - 一款存储HTTP请求入库的burpsuite插件
dragonite-network/dragonite-java - [DEPRECATED, please check https://github.com/tobyxdd/hysteria]
vulnersCom/burp-vulners-scanner - Vulnerability scanner based on vulners.com search API
chengdedeng/waf - :vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
daniel-cues/NMapGUI - Advanced Graphical User Interface for NMap
quhw/xtunnel - An useful TCP/SSL tunnel utility.
zhisheng17/blog - SpringBoot + Mybatis + thymeleaf 搭建的个人博客 http://www.54tianzhisheng.cn/
ZHENFENG13/spring-boot-projects - :fire: 该仓库中主要是 Spring Boot 的入门学习教程以及一些常用的 Spring Boot 实战项目教程，包括 Spring Boot 使用的各种示例代码，同时也包括一些实战项目的项目源码和效果展示，实战项目包括基本的 web 开发以及目前大家普遍使用的线上博客项目/企业大型商城系统/前后端分离实践项目等，摆脱各种 hello world 入门案例的束缚，真正的掌握 Spring
6iovan/ActivityHijacker - DEPRECATED
jearyorg/jsp -
codewatchorg/bypasswaf - Add headers to all Burp requests to bypass some WAF products
difcareer/sqlmap4burp - sqlmap embed in burpsuite
JGillam/burp-paramalyzer - Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
DirectDefense-zz/SuperSerial-Active - SuperSerial-Active - Java Deserialization Vulnerability Active Identification Burp Extender
securifybv/PHPUnserializeCheck - PHP Unserialize Check - Burp Scanner Extension
vah13/BurpCRLFPlugin - Another plugin for CRLF vulnerability detection
rover12421/ShakaApktool - ShakaApktool
floyd-fuh/JKS-private-key-cracker-hashcat - Nail in the JKS coffin - Cracking passwords of private key entries in a JKS file
ilmila/J2EEScan - J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
PanagiotisDrakatos/JavaRansomware - Simple Ransomware Tool in Pure Java
GoSecure/csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
nVisium/xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
ewilded/psychoPATH - psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, si
mbechler/marshalsec -
mystech7/Burp-Hunter - XSS Hunter Burp Plugin
RIPE-NCC/whois - RIPE Database whois code repository
7ym0n/security - Happy Hacker
1135/EquationExploit - Eternalblue Doublepulsar exploit
beiyu/tomcat-maven -
NetSPI/WebLogicPasswordDecryptor - PowerShell script and Java code to decrypt WebLogic passwords
olacabs/jackhammer - Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
zackszhu/hack_sjtu_2017 -
NetSPI/Wsdler - WSDL Parser extension for Burp
federicodotta/Java-Deserialization-Scanner - All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
lygttpod/RxHttpUtils - Rxjava+Retrofit封装，便捷使用
zencodex/hack-android - Collection tools for hack android, java
frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
shengqi158/fastjson-remote-code-execute-poc - fastjson remote code execute poc 直接用intellij IDEA打开即可首先编译得到Test.class，然后运行Poc.java
yaphone/itchat4j - itchat4j -- 用Java扩展个人微信号的能力
s4n7h0/Halcyon-IDE - First IDE for Nmap Script (NSE) Development.
linchaolong/ApkToolPlus - ApkToolPlus 是一个 apk 逆向分析工具（a apk analysis tools）。
ikkisoft/SerialKiller - Look-Ahead Java Deserialization Library
google/binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.
AndroidVTS/android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app t
gozo-mt/burplist -
PortSwigger/backslash-powered-scanner - Finds unknown classes of injection vulnerabilities
ReactivePlatform/netty-in-action-cn - Netty In Action 中文版
nisrulz/android-tips-tricks - :ballot_box_with_check: [Cheatsheet] Tips and tricks for Android Development
amikey/zhihuWebSpider - https://github.com/QiuMing/zhihuWebSpider.git
0Chencc/CTFCrackTools - China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
zaproxy/zaproxy - The OWASP ZAP core project
lionsoul2014/ip2region - Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming la
ewilded/shelling - SHELLING - a comprehensive OS command injection payload generator
knightliao/disconf - Distributed Configuration Management Platform(分布式配置管理平台)
dreamhead/moco - Easy Setup Stub Server
bilibili/DanmakuFlameMaster - Android开源弹幕引擎·烈焰弹幕使～
Blankj/AndroidUtilCode - :fire: Android developers should collect the following utils(updating).
TellH/GitClub - An elegent Android Client for Github. 不仅仅是Github客户端，而且是一个发现优秀Github开源项目的app
apache/rocketmq - Mirror of Apache RocketMQ
51bigdata/StockData2Hbase - 股票交易数据处理的整个业务流程数据源--->数据采集--->数据归类--->数据储存--->数据分析--->数据可视化
1973Blunt/VisualSocialNetwork - 用图状数据结构表达社交网络中实体、边的关系，以 web 应用形式可视化展示。
realXuJiang/bigtable-sql - 分布式大数据SQL查询可视化界面！
summitt/Burp-Non-HTTP-Extension - Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

JavaScript

[hjmmc/reverse-sourcemap-image](https://g

awesome-hacking-lists awesome-hacking-lists copied to clipboard

Metadata

Awesome Stars

Contents

ASL

ActionScript

Ada

Arduino

AsciiDoc

Assembly

AutoHotkey

Batchfile

BitBake

Blade

BlitzBasic

Boo

C

C#

C++

CMake

CSS

Classic ASP

Clojure

CodeQL

ColdFusion

Dart

Dockerfile

Emacs Lisp

Erlang

F#

FreeMarker

Go

Groovy

HCL

HTML

Hack

Haskell

Inno Setup

Java

JavaScript

← Metadata

Owner

Metadata

awesome-hacking-lists
awesome-hacking-lists copied to clipboard