This is your work, valued

shenzhen

bit4woo

Elite
@bit4woo

Creating with coding,Learning by doing,Learning by sharing!

domain_hunter_pro. domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等

2.1k

knife. A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

1.9k

python_sec. python安全和代码审计相关资料收集 resource collection of python security and code review

1.4k

Fiora. Fiora:漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行,也可作为burp插件使用。

1.3k

teemo. A Domain Name & Email Address Collection Tool

1k

Summit_PPT. 各种安全大会PPT PDF

924

reCAPTCHA. reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件

811

domain_hunter. A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件

674

burp-api-drops. burp插件开发指南

620

passmaker. 可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified

562

code2sec.com. xmind\code\articles for my personal blog 个人博客上的资源备份存储,也是个人分享的汇总

258

u2c. Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】

253

Java_deserialize_vuln_lab. Java 反序列化学习的实验代码 Java_deserialize_vuln_lab

87

ReSign. A burp extender that recalculate signature value automatically after you modified request parameter value.

60

burp-api-common. common methods that used by my burp extension projects

52

DNSLog. DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。

46

burp_collaborator_http_api. Burp Suite Collaborator HTTP API

44

GUI_Burp_Extender_para_encrypter. Burp_Extender_para_encrypter

40

secqa. 解答开发关于安全漏洞的常见问题

39

Burp_Extender_random_X-Forward-For. a Burp Extender that add an random X-Forward-For IP address for each request

31

CVE-2020-13925.

16

passmaker_java. 密码生成工具、password maker、password generator

15

ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

10

theHarvester. theHarvester that change from https://github.com/laramies/theHarvester. add proxy option to cross GFW

9

protobuf_editor. 可以直接编辑Protobuf的burp插件

8

log4jScan. Java

7

IdentityCardNumberBruter. To Find Possibe ID Card Number

5

2redis. save burp traffic to redis 将burp的流量保存到redis

5

Ashe. Add Scan Task To WVS

5

Wsdler. WSDL Parser extension for Burp

5

ip2region. 准确率99.9%的ip地址定位库,0.0x毫秒级查询,数据库文件大小只有1.5M,提供了java,php,c,python,nodejs,golang,c#查询绑定和Binary,B树,内存三种查询算法,妈妈再也不用担心我的ip地址定位!

4

HTTP_Basic_Auth_Bruter. HTTP Basic Auth Bruter

4

java_utilbox. Java项目常用代码

3

upload-labs. 一个帮你总结所有类型的上传漏洞的靶场

3

AZScanner.

3

learnjavabug. Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

3

BlueLotus_XSSReceiver. XSS平台 CTF工具 Web安全工具

3

ThinkphpGUI. Thinkphp(GUI)漏洞利用工具,支持各版本TP漏洞检测,命令执行,getshell。

2

java-sec-code. Java常见通用漏洞和修复的代码以及利用payload

2

LCX. My LCX, PortMaper. used in Windows,Linux,Android,Mac

2

RocketMQ_RCE_CVE-2023-33246. Java

2

403-bypasser. Python

2

ShiroAttack2. shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack

2

bit4woo.

2

Struts-S2-xxx. 整理收集Struts2漏洞环境

2

Cknife. Cknife

2

Fortify_Rule. Decode Fortify Rule Bin File Get XML File

1

drozer. The Leading Security Assessment Framework for Android.

1

HaE. HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.

1

processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

1

swagger-exp. A Swagger API Exploit

1

xxe-lab. 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo

1

fuzzbunch. NSA finest tool

1

AndroidProxySetter. An android app that sets the proxy settings for a wifi access point by using adb

1

xunfeng. 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。

1

GourdScanV2. 被动式漏洞扫描系统

1

FuzzDomain. FuzzDomain

1

fofa_viewer. 一个简单实用的FOFA客户端 By flashine

1

DNS-Discovery. DNS-Discovery is a multithreaded subdomain bruteforcer.

1

awvs_script_decode. 解密好的AWVS10.5 data/script/目录下的脚本

1