Cainlll's Stars
qi4L/JYso
It can be either a JNDIExploit or a ysoserial.
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
rmb122/rogue_mysql_server
A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.
chengling-ing/SecReport
多人协同信息安全渗透测试报告编写/导出平台
go-gost/gost
GO Simple Tunnel - a simple tunnel written in golang
jenv/jenv
Manage your Java environment
chaitin/xray-plugins
chaitin/xapp
chaitin/SafeLine
serve as a reverse proxy to protect your web services from attacks and exploits.
arch3rPro/PST-Bucket
Scoop-Buket for Penetration Suite Toolkit - Windows渗透测试工具仓库For Scoop
vaycore/OneScan
OneScan是递归目录扫描的BurpSuite插件
tldr-pages/tldr
📚 Collaborative cheatsheets for console commands
PortSwigger/route-vul-scan
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
pen4uin/java-echo-generator
一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.
ffffffff0x/AboutSecurity
Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
gh0stkey/Web-Fuzzing-Box
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
d3ckx1/Fvuln
F-vuln(全称:Find-Vulnerability)是为了自己工作方便专门编写的一款自动化工具,主要适用于日常安全服务、渗透测试人员和RedTeam红队人员,它集合的功能包括:存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。
lz520520/railgun
tzwlhack/Vulnerability
bcvgh/daydayExp-pocs
daydayExp的漏洞POC仓库,慢慢更新...
wh1t3p1g/ysomap
A helpful Java Deserialization exploit framework.
arch3rPro/Pentest-Windows
Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境
charonlight/NacosExploitGUI
Nacos漏洞综合利用GUI工具,集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用
nccgroup/SocksOverRDP
Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
Y4tacker/JavaSec
a rep for documenting my study, may be from 0 to 0.1
404tk/CVE-2022-46463
harbor unauthorized detection
feihong-cs/Java-Rce-Echo
Java RCE 回显测试代码
exp1orer/JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
SleepingBag945/dddd
dddd是一款使用简单的批量信息收集,供应链漏洞探测工具,旨在优化红队工作流,减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标
ezshine/wxapkg-convertor
一个反编译微信小程序的工具,仓库也收集各种微信小程序/小游戏.wxapkg文件