Stars
Virtual Engine for Android(Support 14.0 in business version)
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
golang version for nmap service and application version detection (without nmap installation)
Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
Burp插件,通过自定义hook脚本自动解密报文,让你像测试明文一样简单。A Burp plugin that automatically decrypts messages by custom hook scirpt, making it as simple as testing plaintext.
heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等
一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practi…
收集的文章 https://mrwq.github.io/tools/paper/
被动收集资产并自动进行SQL注入检测(插件化 自动Bypass)、XSS检测、RCE检测、敏感信息检测
Corax for Java: A general static analysis framework for java code checking.
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。
Distributed web crawler admin platform for spiders management regardless of languages and frameworks. 分布式爬虫管理平台,支持任何语言和框架
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
GitHub项目监控 && CodeQL自动扫描 (GitHub project monitoring && CodeQL automatic analysis)
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本,端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具,批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect w…