本文原文由知名 Hacker Eric S. Raymond 所撰寫，教你如何正確的提出技術問題並獲得你滿意的答案。

红队武器库漏洞利用工具合集整理

An IIS short filename enumeration tool

Top disclosed reports from HackerOne

best tool for finding SQLi,XSS,LFi,OpenRedirect

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Xploitra is a powerful reverse shell payload generator for educational and security testing. It offers customizable payloads with advanced obfuscation and session management, making it ideal for si…

实战沉淀字典

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

社会工程学密码生成器，是一个利用个人信息生成密码的工具

一款burp插件,请看简介

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

自己学习java安全的一些总结，主要是安全审计相关

BY Blog ->

Fetch all the URLs that the Wayback Machine knows about for a domain

Accept URLs on stdin, replace all query string values with a user-supplied value

一个用于web框架、CDN和CMS指纹识别的高性能命令行工具。A high-performance command-line tool for web framework, CDN and CMS fingerprinting.

ParamWizard is a powerful Python-based tool designed for extracting and identifying URLs with parameters from a specified website. It provides a comprehensive way to discover hidden parameters with…

A wrapper around grep, to help you grep for things

Burp Plugin to Bypass WAFs through the insertion of Junk Data

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

Find domains and subdomains related to a given domain

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Codebase to generate an msdt-follina payload

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…