Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project

Trace packets as they go through iptables chains

MCP Server for Ghidra

XSS漏洞与SSRF漏洞的联合攻击及其综合防范机制实验平台

Keep searching, reading webpages, reasoning until it finds the answer (or exceeding the token budget)

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Kyanos is a networking analysis tool using eBPF. It can visualize the time packets spend in the kernel, capture requests/responses, makes troubleshooting more efficient.

java-swing-gui-stater | Java Swing GUI Maven 项目模板 | 简单的教程

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

SRK Toolbox - a web app (based on CyberChef) for encryption, encoding, compression and data analysis, translated to Chinese locale

USB Army Knife – the ultimate close access tool for penetration testers and red teamers.

基于yolov8+孪生网络识别验证码的ICP备案查询程序。从工业和信息化部政务服务平台查询实时数据，高精度过验证码

xxl-job最新漏洞利用工具

HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks

Comfortably monitor your Internet traffic 🕵️‍♂️

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

a Hassle-Free Python Experience

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

This tool, programmed in C#, allows for the fast discovery and exploitation of vulnerabilities in MSSQL servers

sdenv补环境框架，完美过瑞数vmp理论通杀，配合瑞数vmp纯算法逆向项目（rs-reverse）更好学习原理，商标网更新后在线样例失效，可尝试使用其它网站试验(不保证有效)

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

Lightning-fast and Powerful Code Editor written in Rust

An extensible framework for Personal Data Management.

一款免费开源轻量的漏洞情报系统

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

一款Java内存马生成、测试工具，搭配@ax1sX的MemShell食用。

Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. The tool offers concurrent scanning, allowing users to define …