Nuclei POC，每2小时更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现。已有41w+POC，其中3.5w+高质量POC

Fastjson姿势技巧集合

Tools to work with android .dex and java .class files

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。

FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.

飞刃是一套完整的企业级黑盒漏洞扫描系统，集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库，覆盖多种漏洞类型和应用程序框架。

强化fscan的漏扫POC库

SQL 审核查询平台

Biny is a tiny, high-performance PHP framework for web applications

FastGPT is a knowledge-based platform built on the LLMs, offers a comprehensive suite of out-of-the-box capabilities such as data processing, RAG retrieval, and visual AI workflow orchestration, le…

linux-kernel-exploits Linux平台提权漏洞集合

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrar…

Path traversal in Ollama with rogue registry server

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…

这是一个用于IP和域名碰撞匹配访问的小工具，旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。

内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描

一款java漏洞集合工具

LC（List Cloud）是一个多云攻击面资产梳理工具

Continuous Inspection

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios.

Apache JMeter open-source load testing tool for analyzing and measuring the performance of a variety of services

BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.

MeterSphere 是新一代的开源持续测试工具，内置 AI 助手，让软件测试工作更简单、更高效，不再成为持续交付的瓶颈。

自动化漏洞扫描系统，方便安全测试人员在测试过程中，快速对网站进行信息收集、漏洞扫描，系统采用B/S架构，分为源码部署、虚拟机部署、docker部署，项目会持续更新，欢迎在Issues中提出您在使用过程中遇到的问题和需求，如果项目对您有所帮助，欢迎留下宝贵的star，感谢！！！

CMAK is a tool for managing Apache Kafka clusters

The Cloud Native Application Proxy

CVE-2023-25157 - GeoServer SQL Injection - PoC

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes