InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…

Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and SIGMA

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

A Python script designed to monitor bug bounty programs for any changes and promptly notify users.

list of TLDs

A streamlined tool for discovering private TLDs for security research.

Utility program to perform multiple operations for a given subnet/CIDR ranges.

微舆：人人可用的多Agent舆情分析助手，打破信息茧房，还原舆情原貌，预测未来走向，辅助决策！从0实现，不依赖任何框架。

AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration testers and bug bounty hunters conducting reconnaissance, AssetV…

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A list of interesting payloads, tips and tricks for bug bounty hunters.

A collection of awesome one-liner scripts especially for bug bounty tips.

Automatic SSRF fuzzer and exploitation tool

Automated learning of regexes for DNS discovery

DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discove…

JavaScript Reverse Tools -- JS逆向工具

Digging Deeper....

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Fully featured and community-driven hacking environment

kunwu是新一代webshell检测引擎，使用了内置了模糊规则、污点分析模拟执行、机器学习三种高效的检测策略

一款面向SRC漏洞挖掘中，页面信息收集场景的浏览器扩展，自动收集页面及相关资源中的敏感信息与可疑线索，支持基础扫描、深度递归扫描、批量 API 测试及结果导出与自定义正则配置

Go/React开发的端到端webrtc的文件传输/文字传输/桌面共享，安全，隐私，数据不经过服务器。

分布式信息收集工具（又一个轮子）

Fancy reverse and bind shell handler

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.