🔥 Open Source Browser API for AI Agents & Apps. Steel Browser is a batteries-included browser sandbox that lets you automate the web without worrying about infrastructure.

用于windows下通过NTFS MFT快速查找文件名中带有敏感词的文件

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s …

Open-source AI hackers to find and fix your app’s vulnerabilities

一个既可以满足安服仔日常渗透工作也可以批量刷洞的工具盒子。集合了常见的域名收集、目录扫描、ip扫描、指纹扫描、PoC验证等常用工具，方便安服仔快速展开渗透测试

A cross-platform programmable network tool

🥢像老乡鸡🐔那样做饭。主要部分于2024年完工，非老乡鸡官方仓库。文字来自《老乡鸡菜品溯源报告》，并做归纳、编辑与整理。CookLikeHOC.

AuditLuma是一个AI+智能体代码审计系统，它利用多个AI代理和先进的技术，包括多代理合作协议（MCP）和Self-RAG（检索增强生成），为代码库提供全面的安全分析，目前已经支持ollama部署的本地大模型

渗透测试报告生成工具

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Automatic SQL injection and database takeover tool

Run your own AI cluster at home with everyday devices 📱💻 🖥️⌚

A small, null-free Windows shellcode that executes calc.exe (x86/x64, all OS/SPs)

LiYing is an automated photo processing program designed for automating the post-processing workflow of ID photos in general photo studios. | LiYing 是一套适用于自动化 完成一般照相馆后期证件照处理流程的照片自动处理的程序。

Biscuit's Bug Bounty Playbook is a curated hub for cybersecurity learners and bug bounty hunters. It includes tools, methodologies, writeups, vulnerable labs, YouTube channels, checklists, and plat…

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…

The First Open Source Bug Bounty Platform

BugRepoter_0x727(自动化编写报告平台)根据安全团队定制化协同管理项目安全，可快速查找历史漏洞，批量导出报告。

Browser Fuzz Summarize / 浏览器模糊测试综述

GateSentinel 是一个现代化的 C2 (Command and Control) 框架，专为安全研究和渗透测试设计。该项目采用 Go 语言开发服务端，C 语言开发客户端，提供了强大的远程控制和管理功能。

A library that scrapes Linkedin for user data

🌎 machine learning tutorials (mainly in Python3)

PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 "Zerodeo"

ARL 资产侦察灯塔系统（可运行，添加指纹，提高并发，升级工具及系统，无限制修改版） | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

使用小爱音箱播放音乐，音乐使用 yt-dlp 下载。

音乐标签编辑器，可编辑本地音乐文件的元数据（Editable local music file metadata.）

AirPlay Unix mirroring server

fastjson一键命令执行