AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

real time face swap and one-click video deepfake with only a single image

A proxy tool to bypass GFW.

Automatic SQL injection and database takeover tool

🍰 Desktop utility to download images/videos/music/text from various websites, and more.

A GPT-empowered penetration testing tool

Study Notes For Web Hacking / Web安全学习笔记

信息收集自动化工具

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Automatic SSRF fuzzer and exploitation tool

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

Tools & Interesting Things for RedTeam Ops

Extract credentials from lsass remotely

DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your t…

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…

收集的文章 https://mrwq.github.io/tools/paper/

网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool

蚁阅 - 让 RSS 更好用，轻松订阅你喜欢的博客和资讯

WiFi密码暴力破解工具-图形界面，支持WPA/WPA2/WPA3、多开并发、自动破解、自定义密码本、自动生成密码字典

【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。

IoT固件漏洞复现环境

实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控，并多渠道推送通知

阿里云accesskey利用工具

Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.

A reconnaissance framework for researching and investigating Telegram.

FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别