An enterprise friendly way of detecting and preventing secrets in code.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Credentials recovery project

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

哈希值计算工具，批量计算/批量校验/查找重复文件/改变哈希值等，支持集成到系统右键菜单

Web site navigation

clash for windows汉化版. 提供clash for windows的汉化版, 汉化补丁及汉化版安装程序

A modern GUI client based on Tauri, designed to run in Windows, macOS and Linux for tailored proxy experience

🚀 2024-至今 1Day 漏洞 PoC 深度研究与复现归档。涵盖 OA、ERP、安防、数通、大模型及容器等 高价值资产漏洞，实战导向，助力安全研究与合规检测。

Browser extension for opening lists of URLs built with Vue.js on top of WebExtension with cross-browser support

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

哥斯拉

GodzillaNodeJsPayload

js主动参数提取与构造工具

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

Burp extension to fuzz/brute force GenAI/LLM prompts using a list of various payloads.

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

Kingfisher is a blazingly fast and highly accurate tool for secret detection and live validation across files, Git repos, GitHub, GitLab, Azure Repos, BitBucket, Gitea, AWS S3, Docker images, Jira,…

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams

一个方便逆向人员进行渗透的 burp 插件

致命精准的红队作战兵器。模块化集成资产发现、漏扫与利用，重新定义渗透测试工作流 (Workflow) 的新一代安全平台。

基于Chrome开发者协议(CDP)的AI自动化JavaScript逆向分析工具

Autoswagger by Intruder - detect API auth weaknesses

burpsuit插件，解析swagger/openapi接口文档并进行请求，模拟参数方便渗透测试人员快速发现可用接口 (最新使用源码编译，release有时候没空搞)

Proxifier Alternative to redirect any Windows/MacOS TCP and UDP traffic to HTTP/Socks5 proxy