😱 A curated list of amazingly awesome OSINT

Droidefense: Advance Android Malware Analysis Framework

VBA Obfuscation Tools combined with an MS office document generator

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Common PHP webshells you might need for your Penetration Testing assignments or CTF challenges. Do not host the file(s) on your server!

Maltego Penetration Testing Transforms

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator

Cknife

A tool for detecting XML External Entity (XXE) vulnerabilities in Java applications

PowerShell script and Java code to decrypt WebLogic passwords

Vulnerable Java based Web Application

fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class，然后运行Poc.java

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and th…

Burp extension to perform Java Deserialization Attacks

Dex to Java decompiler

S2-055的环境，基于rest-show-case改造

“六道”实时业务风控系统

Java Agent which mitigates deserialisation attacks by making certain classes unserializable

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

💸 WeChat's lucky money helper (微信抢红包插件) by Zhongyi Tong. An Android app that helps you snatch red packets in WeChat groups.

CTF platfrom(Team Version) developed by Jarvis from Phrack Team. 做一个功能最全的CTF平台。

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios.