⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。

Lightweight, fast, stable, and programmable component-based rule engine/process engine. Component reuse, synchronous/asynchronous orchestration, dynamic orchestration, multi-language scripting supp…

Audits performed by Solidified

A curated list of blockchain security Capture the Flag (CTF) competitions

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

[WIP] 整理过去我和K8s、容器、虚拟化相关的分享 🧐

🚦Web Application Firewall or API Gateway(应用防火墙/API网关)

Real - time non-invasive AOP framework container based on JVM

DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全匿名 产品(fuzz.red)，Alphalog与传统DNSLog不同，更快、更安全。

Knowledge Base 慢雾安全团队知识库

利用链、漏洞检测工具

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…

Nuclei plugin for BurpSuite

网络空间测绘/搜索引擎相关的资料

加密资产安全解决方案 Cryptocurrency Security Solution

CodeQL Java 全网最全的中文学习资料

A Golang Job Scheduling Package.

Web Attack Cheat Sheet

ShadowsocksX-NG-R for MacOS, ShadowsocksR

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

A declarative, simple, fast, and fun package for building command line tools in Go

Cobalt Strike系列

Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。

将Linux现常用的网络加速集成在一起

构建优化高效的渗透 fuzz 字典合集

各种安全大会PPT PDF

分布式端口（漏洞）扫描、资产安全管理、实时威胁监控与通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架

一款将xray和fofa完美结合的自动化工具,调用fofaAPI进行查询扫描,新增爬虫爬取扫描(懒人必备)