Some good resources for getting started with application security

一款复现wooyun经典漏洞的docker靶机环境

Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

🎯 RFI/LFI Payload List

A tool to test security of json web token

🐛 A multi threads web application source leak scanner

China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

Scrape domain names from SSL certificates of arbitrary hosts

收集网络上公开的漏洞扫描器的白皮书。

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

备考 OSCP 的各种干货资料/渗透测试干货资料

OpenSSL对称算法、哈希校验、非对称算法、证书管理、SSL安全

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

Powerful Visual Subdomain Enumeration at the Click of a Mouse

🎯 Server Side Template Injection Payloads

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

🎯 Open Redirect Payload List

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

国光的手把手带你用 SSRF 打穿内网靶场源码

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.