🍹A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)

Ling 是由 z0scan 而衍生的基于 PyQt5 与 QFluentWidgets 构建的图形化界面（GUI）| Ling is a graphical user interface (GUI) derived from z0scan, built based on PyQt5 and QFluentWidgets.

Security tools for web vulnerability detection. | 兼具本地式与分布式优势、针对大类通用型Web漏洞、插件外部动态化导入的轻量级主被动扫描器

ColorOS短信漏洞，以及用户自救方案

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

A binder interceptor framework for Android

A lightweight GPT model, trained to discover subdomains.

AI模型聚合管理中转分发系统，支持将多种大模型转为统一格式调用，支持OpenAI、Claude、Gemini等格式，可供个人或者企业内部管理与分发渠道使用。🍥 The next-generation LLM gateway and AI asset management system supports multiple languages.

A tool to detect root on android

PandaWiki 是一款 AI 大模型驱动的开源知识库搭建系统，帮助你快速构建智能化的 产品文档、技术文档、FAQ、博客系统，借助大模型的力量为你提供 AI 创作、AI 问答、AI 搜索等能力。

ARMv7 payload that provides arbitrary code execution on MediaTek bootloaders

猫抓 浏览器资源嗅探扩展 / cat-catch Browser Resource Sniffing Extension

real time face swap and one-click video deepfake with only a single image

Finds unknown classes of injection vulnerabilities

Truly independent web browser

CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

PoC of CVE-2022-20474

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

secator - the pentester's swiss knife

FastGPT is a knowledge-based platform built on the LLMs, offers a comprehensive suite of out-of-the-box capabilities such as data processing, RAG retrieval, and visual AI workflow orchestration, le…

Turn (almost) any Python command line program into a full GUI application with one line

攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。

PoC and writeup for bypassing the initial patch of CVE-2024-0044, Android run-as any app vulnerability allowing privilege escalation from adb to installed app

⚓️ Easily test HTTP webhooks with this handy tool that displays requests instantly.

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

利用 Docker 打造自动化家庭影院，开箱即用

Conquer Any Code in VSCode: One-Click Comments, Conversions, UI-to-Code, and AI Batch Processing of Files! 在 VSCode 中征服任何代码：一键注释、转换、UI 图生成代码、AI 批量处理文件！💪