Download market data from Yahoo! Finance's API

An open source application scanning tool

🎯 SQL Injection Payload List

用java实现构造openwire协议，利用activeMQ < 5.18.3 RCE 回显利用 内存马注入

RandomX, KawPow, CryptoNight and GhostRider unified CPU/GPU miner and RandomX benchmark

Hook WeChat / 微信逆向

缠中说禅技术分析工具；缠论；股票；期货；Quant；量化交易

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

金蝶云星空 erp反序列化命令执行漏洞批量扫描POC&EXP，带命令回显

CobaltStrike beacon written in golang

重构了Cobaltstrike Beacon，行为对国内主流杀软免杀，支持4.1以上的版本。 A cobaltstrike Beacon bypass anti-virus, supports 4.1+ version.

captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite

A CAT called tabby ( Code Analysis Tool )

Exploit for zerologon cve-2020-1472

PoC for Zerologon - all research credits go to Tom Tervoort of Secura

Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.

Test tool for CVE-2020-1472

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

Impacket is a collection of Python classes for working with network protocols.

Web安全工程师/信息安全工程师/渗透测试工程师 面试题库

🔥 Web-application firewalls (WAFs) from security standpoint.

应急相关内容积累

WTF Solidity 极简入门教程，供小白们使用。Now supports English! 官网: https://wtf.academy

Fileless Command Execution for Lateral Movement in Nim

Get file less command execution for lateral movement.

shiro加fastjson环境

Fastjson姿势技巧集合

免杀版Neo-reGeorg

A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!