Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Go 4,402 842 Updated Jan 23, 2025

kaushikb11 / awesome-llm-agents

A curated list of awesome LLM agents frameworks.

Python 822 70 Updated Mar 23, 2025

BountySecurity / gbounty

GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications.

Go 122 21 Updated Mar 14, 2025

smxiazi / xia_Liao

xia Liao（瞎料）burp插件用于Windows在线进程/杀软识别与 web渗透注册时，快速生成需要的资料用来填写，资料包含：姓名、手机号、身份证、统一社会信用代码、组织机构代码、银行卡，以及各类web语言的hello world输出和生成弱口令字典等。

Java 641 43 Updated Jul 9, 2024

harleyszhang / llm_note

LLM notes, including model inference, transformer model structure, and llm framework code analysis notes.

Python 643 66 Updated Mar 24, 2025

byname66 / SerializeJava

用Go+Fyne开发的，展示JAVA序列化流以及集成一键插入脏数据,UTF过长编码绕WAF(Utf OverLoad Encoding),修改类SerializeVersionUID功能的图形化工具。

Go 98 3 Updated Jan 14, 2025

vulhub / java-chains

vulhub Vulnerability Reproduction Designated Platform

Dockerfile 1,355 109 Updated Mar 10, 2025

aeverj / weblive

批量获取网站基本信息

HTML 85 10 Updated Feb 27, 2025

crifan / ios_re_crack_shell_ipa

iOS逆向开发：砸壳ipa

Makefile 30 6 Updated Dec 9, 2024

ReaJason / MemShellParty

Java 内存马开聚会 🎉

Java 674 69 Updated Mar 24, 2025

jar-analyzer / jar-analyzer

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

Java 1,417 133 Updated Mar 20, 2025

YDCloudSecurity / cloud-security-guides

165 7 Updated Feb 7, 2023

4ndersonLin / awesome-cloud-security

🛡️ Awesome Cloud Security Resources ⚔️

2,152 326 Updated Nov 8, 2024

magnologan / awesome-k8s-security

A curated list for Awesome Kubernetes Security resources

1,942 287 Updated Oct 4, 2023

An0nUD4Y / AV-EDR-Lab-Environment-Setup

AV/EDR Lab environment setup references to help in Malware development

369 25 Updated Feb 19, 2025

GTFOBins / GTFOBins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

HTML 11,402 1,376 Updated Oct 28, 2024

d3mondev / puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Go 1,839 166 Updated Nov 18, 2024

bsauce / kernel-security-learning

Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.

C 673 84 Updated Mar 24, 2025

SwagXz / encrypt-labs

前端加密对抗练习靶场，包含非对称加密、对称加密、加签以及禁止重放的测试场景，比如AES、DES、RSA，用于渗透测试练习

PHP 355 27 Updated Nov 25, 2024

mohitmishra786 / underTheHoodOfExecutables

A guide that explains how programs transform from source code to executables. Deep dive into ELF format, linking processes, and binary optimization techniques. Perfect for systems programmers, C de…

HTML 327 36 Updated Nov 20, 2024

g0h4n / RustHound-CE

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

Rust 175 13 Updated Mar 4, 2025

yinsel / BypassAV

一款基于PE Patch技术的后渗透免杀工具，支持32位和64位

C++ 304 30 Updated Mar 5, 2025

ctf-wiki / ctf-challenges

HTML 1,548 442 Updated Apr 7, 2024

wwl012345 / Vuln-List

(持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行整理，主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等，并且会持续更新。

498 92 Updated Nov 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

wha000tif

Block or report wha000tif

Starred repositories

AmazingAng / WTF-Solidity

DeFiHackLabs / Web3-CTF-Intensive-CoLearning

slowmist / Cryptocurrency-Security-Audit-Guide

Web3Hack / Web3Hack

yewbs / Web3-Security

BishopFox / jsluice

KingOfBugbounty / KingOfBugBountyTips