This is your work, valued
Creating with coding,Learning by doing,Learning by sharing!
domain_hunter_pro. domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
2.1kknife. A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
1.9kpython_sec. python安全和代码审计相关资料收集 resource collection of python security and code review
1.4kFiora. Fiora:漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行,也可作为burp插件使用。
1.3kteemo. A Domain Name & Email Address Collection Tool
1kSummit_PPT. 各种安全大会PPT PDF
924reCAPTCHA. reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
811domain_hunter. A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
674burp-api-drops. burp插件开发指南
620passmaker. 可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified
562code2sec.com. xmind\code\articles for my personal blog 个人博客上的资源备份存储,也是个人分享的汇总
258u2c. Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
253Java_deserialize_vuln_lab. Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
87ReSign. A burp extender that recalculate signature value automatically after you modified request parameter value.
60burp-api-common. common methods that used by my burp extension projects
52DNSLog. DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
46burp_collaborator_http_api. Burp Suite Collaborator HTTP API
44GUI_Burp_Extender_para_encrypter. Burp_Extender_para_encrypter
40secqa. 解答开发关于安全漏洞的常见问题
39Burp_Extender_random_X-Forward-For. a Burp Extender that add an random X-Forward-For IP address for each request
31CVE-2020-13925.
16passmaker_java. 密码生成工具、password maker、password generator
15ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
10theHarvester. theHarvester that change from https://github.com/laramies/theHarvester. add proxy option to cross GFW
9protobuf_editor. 可以直接编辑Protobuf的burp插件
8log4jScan. Java
7IdentityCardNumberBruter. To Find Possibe ID Card Number
52redis. save burp traffic to redis 将burp的流量保存到redis
5Ashe. Add Scan Task To WVS
5Wsdler. WSDL Parser extension for Burp
5ip2region. 准确率99.9%的ip地址定位库,0.0x毫秒级查询,数据库文件大小只有1.5M,提供了java,php,c,python,nodejs,golang,c#查询绑定和Binary,B树,内存三种查询算法,妈妈再也不用担心我的ip地址定位!
4HTTP_Basic_Auth_Bruter. HTTP Basic Auth Bruter
4java_utilbox. Java项目常用代码
3upload-labs. 一个帮你总结所有类型的上传漏洞的靶场
3AZScanner.
3learnjavabug. Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
3BlueLotus_XSSReceiver. XSS平台 CTF工具 Web安全工具
3ThinkphpGUI. Thinkphp(GUI)漏洞利用工具,支持各版本TP漏洞检测,命令执行,getshell。
2java-sec-code. Java常见通用漏洞和修复的代码以及利用payload
2LCX. My LCX, PortMaper. used in Windows,Linux,Android,Mac
2RocketMQ_RCE_CVE-2023-33246. Java
2403-bypasser. Python
2ShiroAttack2. shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
2bit4woo.
2Struts-S2-xxx. 整理收集Struts2漏洞环境
2Cknife. Cknife
2Fortify_Rule. Decode Fortify Rule Bin File Get XML File
1drozer. The Leading Security Assessment Framework for Android.
1HaE. HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
1processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
1swagger-exp. A Swagger API Exploit
1xxe-lab. 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
1fuzzbunch. NSA finest tool
1AndroidProxySetter. An android app that sets the proxy settings for a wifi access point by using adb
1xunfeng. 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
1GourdScanV2. 被动式漏洞扫描系统
1FuzzDomain. FuzzDomain
1fofa_viewer. 一个简单实用的FOFA客户端 By flashine
1DNS-Discovery. DNS-Discovery is a multithreaded subdomain bruteforcer.
1awvs_script_decode. 解密好的AWVS10.5 data/script/目录下的脚本
1