R.M6's Projects
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
本项目集成了全网优秀的攻防工具项目,包含自动化利用,子域名、敏感目录、端口等扫描,各大中间件,cms漏洞利用工具以及应急响应等资料。
All about bug bounty (bypasses, payloads, and etc)
In-depth Attack Surface Mapping and Asset Discovery for Github Actions
A big list of Android Hackerone disclosed reports and other resources.
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
ARL(灯塔系统)替换子域名字典和路径扫描字典
利用IP地址池进行自动切换Http代理,防止IP封禁。
A curated list of various bug bounty tools
ChatGPT 中文调教指南。各种场景使用指南。学习怎么让它听你的话。
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Some files for bruteforcing certain things.
Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
Easy-XSS-V2 火狐XSS插件修改版
Horizontal Domain Discovery
The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.
Web Pentesting Fuzz 字典,一个就够了。
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Gosint is a distributed asset information collection and vulnerability scanning platform
Top disclosed reports from HackerOne
口令爆破字典,有键盘组合字典、拼音字典、字母与数字混合这三种类型