k0bee
Follow
Stars
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas
一款部署于云端或本地的隧道代理池中间件,可将静态代理IP灵活运用成隧道IP,提供固定请求地址,一次部署终身使用
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…
Open source free capture HTTP(S) traffic software ProxyPin, supporting full platform systems
一个半自动化springboot打点工具,内置目前springboot所有漏洞
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
蓝队分析研判工具箱,功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端口连接分析、各种编码/解码功能、蓝队分析常用网址、java反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索等。
BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
Vulhub Vulnerability Reproduction Designated Platform
captcha captcha captcha 可能是java界最好的开源行为验证码 [滑块验证码、点选验证码、行为验证码、旋转验证码, 滑动验证码]
Snyk CLI scans and monitors your projects for security vulnerabilities.
Linux/Windows post-exploitation framework made by linux user
A next-generation crawling and spidering framework.
A powerful browser crawler for web vulnerability scanners
云环境利用框架(Cloud exploitation framework)主要用来方便红队人员在获得 AK 的后续工作。
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
云资产管理工具 目前工具定位是云安全相关工具,目前是两个模块 云存储工具、云服务工具, 云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等 云服务工具主要是针对rds、服务器的管理,查看、执行命令、接管等等
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Adversarial frameworks for Android and iOS sandbox evasion.
httpgo是一个web指纹识别工具,支持多线程、HTTP代理、批量识别、保存结果、截图展示。可自行添加指纹。
最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
一个想让你测试加密流量像测试明文一样简单高效的 Burp 插件。 A Burp plugin that makes testing encrypted traffic as simple and efficient as testing plaintext.