158915830

158915830's Stars

• wangsir01/docs

  互联网数字垃圾回收专用废纸篓

  1827

• rzte/pdf-exploit

  pdf exploit 集成

  Language:Python17131

• cckuailong/reapoc

  OpenSource Poc && Vulnerable-Target Storage Box.

  Language:PHP666219

• X1r0z/JNDIMap

  JNDI 注入利用工具, 支持 RMI 和 LDAP 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI and LDAP protocols, including a variety of methods to bypass higher-version JDK

  Language:Java22918

• pmiaowu/BurpShiroPassiveScan

  一款基于BurpSuite的被动式shiro检测插件

  Language:Java1.6k152

• pimps/ysoserial-modified

  That repository contains my updates to the well know java deserialization exploitation tool ysoserial.

  Language:Java17538

• pimps/JNDI-Exploit-Kit

  JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection）

  Language:Java885165

• welk1n/JNDI-Injection-Bypass

  Some payloads of JNDI Injection in JDK 1.8.0_191+

  Language:Java46382

• lemono0/FastJsonParty

  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

  Language:Python75789

• Y4er/ysoserial

  ysoserial修改版，着重修改ysoserial.payloads.util.Gadgets.createTemplatesImpl使其可以通过引入自定义class的形式来执行命令、内存马、反序列化回显。

  Language:Java58997

• frohoff/ysoserial

  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  Language:Java7.5k1.7k

• wy876/POC

  收集整理漏洞EXp/POC,大部分漏洞来源网络，目前收集整理了800多个poc/exp，长期更新。

  2.8k566

• alibaba/fastjson

  FASTJSON 2.0.x has been released, faster and more secure, recommend you upgrade.

  Language:Java25.7k6.5k

• ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955

  Git-lfs RCE exploit CVE-2020-27955 - tested on Windows on: git, gh cli, GitHub Desktop, Visual Studio, SourceTree etc.

  Language:Batchfile3125

• welk1n/JNDI-Injection-Exploit

  JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

  Language:Java2.5k719

• WangYihang/ccupp

  基于社会工程学的弱口令密码字典生成工具

  Language:Python33252

• CodeXTF2/Burp2Malleable

  Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

  Language:Python34932

• L-codes/Neo-reGeorg

  Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

  Language:Java2.8k430

• JKme/cube

  内网渗透测试工具，弱密码爆破、信息收集和漏洞扫描

  Language:Go56665

• shadow1ng/fscan

  一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

  Language:Go9.3k1.5k

• Al1ex/WindowsElevation

  Windows Elevation(持续更新)

  Language:C631164

• Prepouce/CoercedPotato

  A Windows potato to privesc

  Language:C30667

• itm4n/PrintSpoofer

  Abusing impersonation privileges through the "Printer Bug"

  Language:C1.8k325

• HavocFramework/Havoc

  The Havoc Framework.

  Language:Go6.4k906

• xerial/sqlite-jdbc

  SQLite JDBC Driver

  Language:Java2.8k601

• GhostTroops/scan4all

  Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

  Language:Go5.4k644

• Mr-Un1k0d3r/CatMyPhish

  Search for categorized domain

  Language:Python43285

• Y4tacker/JavaSec

  a rep for documenting my study, may be from 0 to 0.1

  Language:Java1.8k272

• arsium/EagleMonitorRAT

  Remote Access Tool Written In C#

  Language:C#440147

• flipt-io/reverst

  Reverse Tunnels in Go over HTTP/3 and QUIC

  Language:Go90435