Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Source Code Security Audit (源代码安全审计)

Official Black Hat Arsenal Security Tools Repository

大型内网渗透扫描器&Cobalt Strike，Ladon7.2内置94个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、Netbios、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

A high performance offensive security tool for reconnaissance and vulnerability scanning

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Advanced vulnerability scanning with Nmap NSE

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

nodejsscan is a static security code scanner for Node.js applications.

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Application Layer DoS attack simulator

Discover Your Attack Surface

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

A default credential scanner.

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Simple Golang HTTPS/TLS Examples

Open-Source Security Architecture | 开源安全架构

Enumeration sub domains(枚举子域名)

Golang安全资源合集

Semi-automatic OSINT framework and package manager

🆕 The Multi-Tool Web Vulnerability Scanner.

InQL - A Burp Extension for GraphQL Security Testing