Exploitation Framework for Embedded Devices

WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.

A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑

Web path scanner

Automated pentest framework for offensive security experts

w3af: web application attack and audit framework, the open source web vulnerability scanner.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A list of web application security

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Web Application Security Scanner Framework

Next generation web scanner

scanner detecting the use of JavaScript libraries with known vulnerabilities

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Scan, index, and archive all of your paper documents (acquired by Mayan EDMS)

Personal document manager (Linux/Windows) -- Moved to Gnome's Gitlab

Advanced information gathering & OSINT framework for phone numbers

Document Scanning Made Easy for iOS

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、Netbios、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

A high performance offensive security tool for reconnaissance and vulnerability scanning

WAScan - Web Application Scanner

Loki - Simple IOC and Incident Response Scanner

🔒🌍 Static analysis powered security scanner for your terraform code

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Automated NoSQL database enumeration and web application exploitation tool.

🔥 ZXing的精简版，优化扫码和生成二维码/条形码，内置闪光灯等功能。扫描风格支持：微信的线条样式，支付宝的网格样式。几句代码轻松拥有扫码功能 ，ZXingLite让集成更简单。（扫码识别速度快如微信）

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

A php.ini scanner for best security practices

Simple, safe and intuitive Scala I/O