An Intentionally designed Vulnerable Android Application built in Kotlin.

Unsecure time-based secret exploitation and Sandwich attack implementation Resources

Android-DirtyStream Vuln Demo

OWASP Thick Client Application Security Verification Standard

bypass-url-parser

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

渗透测试报告/资料文档/渗透经验文档/安全书籍

HTTP parameter discovery suite.

A collection of awesome one-liner scripts especially for bug bounty tips.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

A collection of PDF/books about the modern web application security and bug bounty.

Go parser for maven Project Object Model (POM) file

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Canarytokens helps track activity and actions on your network.

A tool for embedding XXE/XML exploits into different filetypes

强大的敏感信息搜索工具

kunwu是新一代webshell检测引擎，使用了内置了模糊规则、污点分析模拟执行、机器学习三种高效的检测策略

Detect file content types with deep learning

梳理【护网高利用率POC】并集成Nuclei模板仓库，针对解决网上同一资产漏洞一键检测工具参次不齐问题。

一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。

Force-disabling the JVM bytecode verifier

ebpf WebShell/内核马，一种新型内核马/WebShell技术

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring

Some payloads of JNDI Injection in JDK 1.8.0_191+

An HTTP toolkit for security research.

对权限绕过自动化bypass的burpsuite插件

libbpfgo port of bcc/libbpf-tools