基于Memprocfs和Volatility的可视化内存取证工具

Coinspect created a standard security checklist to provide transparent, objective insights into the most secure crypto wallets. Based on our ongoing research on web3 wallets, which unveiled multipl…

A collection of resources to study Solana smart contract security, auditing, and exploits.

An updated roadmap to help you become a web3 security researcher

A curated list of resources for learning web3 hacking/Security

Web3 CTF Intensive CoLearning

Information about web3 security and programming tutorials/tools

Collection of smart contracts examples and projects in Solidity.

A curated list of blockchain security Capture the Flag (CTF) competitions

继承大量poc检查 包含oa 如 泛微 通达 致远 万户 等。

A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.

laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.

0xFA

静态分析及代码审计自动化相关资料收集

Extension project for the Go and Don't Return CodeQL CTF

Electron Research

记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。

记录实战中的各种sql注入绕过姿势

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

🗂️A file list/WebDAV program that supports multiple storages, powered by Gin and Solidjs. / 一个支持多存储的文件列表/WebDAV程序，使用 Gin 和 Solidjs。

High-Performance server for NATS.io, the cloud and edge native messaging system.

The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many mo…

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

CasaOS - A simple, easy-to-use, elegant open-source Personal Cloud system.

Some payloads of JNDI Injection in JDK 1.8.0_191+

python 代码审计项目

边界打点后的自动化渗透工具

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。