🤖 The Modern Port Scanner 🤖

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，支持 MCP 调用，文档：https://docs.qq.com/doc/DV3pKbG9GS0pJS0tk

A programming language exclusively designed for cybersecurity

Advanced Burp Suite Logging Extension

🎉 (RuoYi)官方仓库 基于SpringBoot的权限管理系统 易读易懂、界面简洁美观。 核心技术采用Spring、MyBatis、Shiro没有任何其它重度依赖。直接运行即可用

Cadence is a distributed, scalable, durable, and highly available orchestration engine to execute asynchronous long-running business logic in a scalable and resilient way.

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

A public version of Unity's internal SSDLC. Meant to provide an example framework, not just to share with others, but to also take contributions and continue to improve and evolve.

Ultimate DevSecOps library

Prefect is a workflow orchestration framework for building resilient data pipelines in Python.

Apache DolphinScheduler is the modern data orchestration platform. Agile to create high performance workflow with low-code

Orchestrate everything - from scripts to data, infra, AI, and business - as code, with UI and AI Copilot. Simple. Fast. Scalable.

RuoYi AI 是一个全栈式 AI 开发平台，旨在帮助开发者快速构建和部署个性化的 AI 应用。

The most powerful and modular diffusion model GUI, api and backend with a graph/nodes interface.

A Nuclei security scanning server based on MCP (Model Control Protocol), providing convenient vulnerability scanning services.一个基于 MCP (Model Control Protocol) 的 Nuclei 安全扫描服务器，提供便捷的漏洞扫描服务。

All-in-one security testing toolbox that brings together popular open source tools through a single MCP interface. Connected to an AI agent, it enables tasks like pentesting, bug bounty hunting, th…

Playwright MCP server

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

AI-Powered Python & Python-Powered AI (Python-Use)

xia_Yue 插件修改版，瞎越修改版，修复中文重放乱码，添加请求行越权测试，一键导出越权url，允许重复url测试等功能

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…

WebGoat is a deliberately insecure application

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it sign…

A list of web application security

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Automatic SQL injection and database takeover tool

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management