CryptoJS常规加解密自吐密钥、加解密方式，快速定位加解密位置(无视混淆)。SRC和常规渗透神器

闲鱼自动回复管理系统是一个基于 Python + FastAPI 开发的自动化客服系统，专为闲鱼平台设计。系统通过 WebSocket 连接闲鱼服务器，实时接收和处理消息，提供智能化的自动回复服务。

2025年11月更新，目前国内可用Docker镜像源汇总，DockerHub国内镜像加速列表，🚀DockerHub镜像加速器

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

常用英语词汇表

Rockyou for web fuzzing

EV: IDS Evasion via Packet Manipulation

Browser-based XSS finder

Python3 o365 User Enumeration Tool

DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

新一代爬虫平台，以图形化方式定义爬虫流程，不写代码即可完成爬虫。

gitlab version index

Little Bug Bounty & Hacking Tools⚔️

This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

A flexible scanner

一个全新的敏感文件发现工具

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

A collection of useful Serverless functions I use when pentesting

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

BurpBounty 魔改版本

信息收集自动化工具

🐸fingerprint detect framework 批量深度指纹识别框架

🐸Subdomain Monitor, 子域名监控

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

安全、快捷、高交互、企业级的蜜罐管理系统，护网；支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functi…

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

互联网公司子域名收集