Mstce/Onyx

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Mstce/Onyx)

Mstce / Onyx

Onyx 是一款安全测试工具集，集合多种渗透测试常用的功能和工具，赋能攻防、渗透等场景。整合空间测绘、漏洞扫描、主机探测、信息收集、小程序反编译等能力，提供一站式的渗透测试工作台，告别需要到处切换工具、网站的麻烦

☆124

Alternatives and similar repositories for Onyx

Users that are interested in Onyx are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

mhtsec / Docker-Registry-exp
View on GitHub
一款功能强大的Docker Registry 5000端口未授权浏览、下载和安全测试工具，集成了镜像管理、认证爆破、敏感信息搜索等多项实用功能。
☆35Nov 6, 2025Updated 5 months ago
ChenChen753 / Nuclei_Gui
View on GitHub
基于 PyQt5 的 Nuclei 漏洞扫描图形化工具，支持 POC 管理、FOFA/Hunter/Shodan 资产搜索、AI 辅助分析、漏洞报告生成等功能
☆47Feb 28, 2026Updated last month
youmulijiang / BpArsenal
View on GitHub
BpArsenal, a Burp Suite plugin that can quickly convert http requests into command-line tool execution, launch third-party tools and open…
☆22Oct 31, 2025Updated 5 months ago
SharpKean / Burp_TLA
View on GitHub
Burp插件 TLA Watcher：分为两个模块：流量管理模块、扩展功能模块（脆弱风险检测）
☆39Nov 13, 2025Updated 5 months ago
ONLYYE / Yscan
View on GitHub
Yscan 是一款集 Web 资产扫描、图形化 Nuclei POC 管理、漏洞验证与数据整理于一体的实战型安全工具，界面简洁，功能强大，助你快速识别互联网暴露面中的薄弱点与攻击面。
☆102Apr 2, 2026Updated last week
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
phoenix118go / Unauthorized_VUL_GUI
View on GitHub
一款最全未授权访问漏洞批量检测工具，集成40+常见未授权访问漏洞；使用PYQT6，为其添加了GUI界面
☆110Jul 31, 2025Updated 8 months ago
howmp / WinDump
View on GitHub
后渗透信息/密码/凭证收集工具
☆289May 7, 2025Updated 11 months ago
24-2021 / Proxy24
View on GitHub
一个简单的代理浏览器插件
☆30Feb 9, 2026Updated 2 months ago
Chave0v0 / AutoFuzz
View on GitHub
AutoFuzz是一款安全测试的辅助型BurpSuite插件，主要用于自动识别请求中的参数，根据预设的payload逐个发包测试，从而提高测试效率。
☆115Jun 2, 2025Updated 10 months ago
Mr-xn / CVE-2025-54424
View on GitHub
CVE-2025-54424：1Panel 客户端证书绕过RCE漏洞一体化工具 (扫描+利用)
☆58Aug 5, 2025Updated 8 months ago
h0ny / jshERP-exploit
View on GitHub
jshERP Exploit GUI
☆22Aug 26, 2024Updated last year
AnQuanPig / XiaSQL_Plus
View on GitHub
迄今为止公开的二开瞎注插件中最强版本：Xia SQL Plus，基于 “瞎注” xia_sql二次开发。
☆95Feb 26, 2026Updated last month
24-2021 / Finger24
View on GitHub
基于已收集指纹库进行识别网站指纹的浏览器插件
☆115Jul 30, 2025Updated 8 months ago
yyy4nl / PwdCrack
View on GitHub
用于若依和Jeecg数据库中密码的爆破
☆23Jul 19, 2025Updated 8 months ago
Deploy open-source AI quickly and easily - Bonus Offer • Ad
Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
Y5neKO / ShiroEXP
View on GitHub
Shiro漏洞利用工具
☆161Jan 12, 2026Updated 3 months ago
gfx-5921 / XGao-1.0
View on GitHub
XGao免杀工具可绕过国内常见杀毒，持续更新，请多多关注
☆43Nov 18, 2025Updated 4 months ago
kk12-30 / RouteVulScan_go
View on GitHub
递归式主动检测脆弱路径的工具
☆17Mar 24, 2025Updated last year
duckpigdog / XSS-Sec
View on GitHub
本项目是一个以“实战为导向”的 XSS 漏洞练习靶场，覆盖反射型、存储型、DOM 型、SVG、CSP、框架注入、协议绕过等多种场景。页面样式统一，逻辑清晰，适合系统化学习与教学演示
☆30Mar 6, 2026Updated last month
mk4no1 / TingYu
View on GitHub
☆75Sep 10, 2025Updated 7 months ago
Y5neKO / Y5_VulnHub
View on GitHub
个人漏洞收集项目，包括复现环境、POC、EXP等
☆30Mar 14, 2025Updated last year
pureqh / xxl-job-attack
View on GitHub
xxl-job漏洞综合利用工具
☆155Jun 3, 2025Updated 10 months ago
winezer0 / XiaYue_Pro
View on GitHub
Xia_Yue_Plus 瞎越增强版
☆72Aug 20, 2025Updated 7 months ago
XF-FS / RVScan
View on GitHub
RVScan 是一个功能强大的 Burp Suite 扩展插件，专为自动化Web应用程序安全测试和漏洞扫描而设计。它提供全面的路径发现、绕过技术、EHole指纹识别和可定制的扫描规则。
☆191Mar 13, 2026Updated last month
1-Click AI Models by DigitalOcean Gradient • Ad
Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
wrongwe / index-of-scanner
View on GitHub
基于协程并发的Web敏感文件扫描器，精准探测备份文件、配置泄露及版本控制目录暴露风险，为渗透测试与安全防护提供专业级资产测绘方案。
☆12Mar 6, 2025Updated last year
kk12-30 / ruoyi-Vue-tools
View on GitHub
若依Vue漏洞检测工具
☆256May 23, 2025Updated 10 months ago
myh0st / xazlscan
View on GitHub
☆30Jan 15, 2025Updated last year
Lotus6 / JavaGadgetGenerator
View on GitHub
JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
☆560Apr 3, 2026Updated last week
bitboy-sys / OSS_scanner
View on GitHub
OSS存储桶的漏洞扫描工具，目前支持阿里云、腾讯云、华为云、aws
☆64Nov 5, 2025Updated 5 months ago
TFour123 / Webpack_Insight
View on GitHub
用于提取Webpack打包的未加载的JavaScript文件，并扫描这些文件以查找敏感信息。
☆39Sep 17, 2025Updated 6 months ago
vsdwef / StarCodeSecurity
View on GitHub
这是一款图形化的代码审计工具，支持对规则进行增删改查。可协助代码审计人员在日常代审中对于规则的积累。其中配置页面可配置：审计文件后缀、审计路径关键字、禁止审计路径关键字。支持 java php net项目审计。
☆124Jan 16, 2025Updated last year
qazwsx5293870 / S-APICONT
View on GitHub
**S-APICONT** 是一款功能强大的 Burp Suite 扩展插件，专注于自动化收集、提取和测试 Web 应用中的 API 接口。它能够从浏览器流量中智能识别 API 端点，支持多种前端框架的路由解析，并提供批量测试和敏感信息检测功能。
☆109Mar 7, 2026Updated last month
pureqh / Hyacinth
View on GitHub
一款java漏洞集合工具
☆1,114Jan 13, 2026Updated 3 months ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
CRlife / Rscan
View on GitHub
自动化扫描利器，指纹识别更精准，漏洞扫描更全面
☆379Oct 29, 2025Updated 5 months ago
VirgoLee / Virgol
View on GitHub
Virgol渗透测试工具
☆96Jun 11, 2025Updated 10 months ago
polite-007 / Milkyway
View on GitHub
一款全方位扫描工具，具备高效的机器探活，端口探活，协议识别，指纹识别，漏洞扫描等功能
☆395Sep 13, 2025Updated 7 months ago
evilc0deooo / SwaggerHound
View on GitHub
自动化检测 Swagger API 接口未授权访问漏洞工具
☆62Mar 10, 2025Updated last year
Rabb1tQ / emergency_response
View on GitHub
一个应急响应的工具，自带规则，可以分析启动项、网络之类的东西
☆77Jul 23, 2025Updated 8 months ago
winezer0 / APIFinderPlus
View on GitHub
目标是成为当下最完善的API挖掘工具，实现自动提取响应敏感信息、URI信息，并且对URI进行自动|手动递归检查
☆257Aug 16, 2025Updated 7 months ago
h0ny / NacosExploit
View on GitHub
Nacos 综合漏洞利用工具
☆603Nov 3, 2025Updated 5 months ago