The open source coding agent. (Unleashed 、Removing LLM safety guardrails）

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

An IIS short filename enumeration tool

致命精准的红队作战兵器。模块化集成资产发现、漏扫与利用，重新定义渗透测试工作流 (Workflow) 的新一代安全平台。

HaE-Lite（Highlighter & Extractor Lite）是基于著名 BurpSuite 插件 [HaE](https://github.com/gh0stkey/HaE) 的 Chrome 扩展版本。它实现了原版 HaE 的核心功能，将敏感信息高亮与提取能力带到 Chrome DevTools 环境中

微舆：人人可用的多Agent舆情分析助手，打破信息茧房，还原舆情原貌，预测未来走向，辅助决策！从0实现，不依赖任何框架。

查询域名、APP、小程序、快应用以及企业的ICP备案信息，提供完全本地化的API

个人向自写JS Hook脚本

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

由Rust+TypeScript+Vue构建的跨平台FOFA第三方图形化工具，支持抓取、导出、存活检测、去重等功能。

HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

DeepResearchAgent is a hierarchical multi-agent system designed not only for deep research tasks but also for general-purpose task solving. The framework leverages a top-level planning agent to coo…

Generative AI-based CyberSecurity-focused Prompt Dataset for Benchmarking Large Language Models

Ridiculously fast web & TCP fuzzer designed for brute-forcing directories, subdomains, and files on web servers.

A blazingly fast web directory scanner written in Rust

MCP Server for Burp

信息安全从业者在线资源清单

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

The Arcanum Prompt Injection Taxonomy

Ai迷思录（应用与安全指南）

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Take a list of domains and probe for working HTTP and HTTPS servers

Directory Traversal Scanner 是一个高性能的目录遍历漏洞扫描工具，专门用于检测和验证 Web 应用程序中的路径遍历漏洞。通过异步并发扫描和智能 WAF 绕过技术，帮助安全研究人员快速发现潜在的安全隐患。Directory Traversal Scanner is a high-performance security tool designed to detect …

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

这是一个强大的 Tampermonkey 脚本，专为 Vue 开发者打造的实时路由信息面板。它能够自动检测并展示当前网页的 Vue 版本、路由信息，提供可拖动、可缩放的交互式面板

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

Comment Extractor 是一款智能的 Burp Suite 扩展工具，专注于从 Web 应用响应中自动提取和分析注释信息。它能快速识别 HTML 和 JavaScript 注释中的敏感信息，为安全测试提供关键线索。

All the deals for InfoSec related software/tools this Black Friday