Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Pentester's Promiscuous Notebook

Dumping DPAPI credz remotely

[漏洞复现] 全球首款利用PHP默认环境（XAMPP）的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP。

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

Why is this running?

一个用于测试文件上传功能安全性的 Burp Suite 插件。通过 Intruder 模块自动生成各类绕过 payload，覆盖常见的文件上传限制场景。共1000+条payload

Say goodbye to the complex, verbose, and laggy interaction mode of IDA Pro MCP

Local Privilege Escalation to Root via Sudo chroot in Linux

指纹识别+目录扫描工具，支持主动和被动模式，简单的功能做到极致。

Nuclei POC 管理与漏洞验证工具

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

CVE-2025-55182 POC

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

A tool that helps you find the real IP addresses hiding behind Cloudflare by checking subdomains.

Web-based ZooKeeper UI

Linux命令大全搜索工具，内容包含Linux命令手册、详解、学习、搜集。https://git.io/linux

dddd是一款使用简单的批量信息收集,供应链漏洞探测工具，旨在优化红队工作流，减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标

Nacos 综合漏洞利用工具

Linux应急响应工具