DioLin's Stars
NickstaDB/DeserLab
Java deserialization exploitation lab.
epinna/tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
makuga01/dnsFookup
DNS rebinding toolkit
AXDOOMER/easy-xss-cookie-stealer
XSS cookie stealer using JavaScript and PHP
sidaf/homebrew-pentest
Homebrew Tap - Pen Test Tools
h3xstream/http-script-generator
ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
tennc/webshell
This is a webshell open source project
neex/phuip-fpizdam
Exploit for CVE-2019-11043
we45/Serverless-Workshop
Serverless Workshop
MrMugiwara/CTF-Tools
Useful CTF Tools
skylot/jadx
Dex to Java decompiler
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
payloadbox/command-injection-payload-list
🎯 Command Injection Payload List
swisskyrepo/SSRFmap
Automatic SSRF fuzzer and exploitation tool
FinMind/FinMind
Open Data, more than 50 financial data. 提供超過 50 個金融資料(台股為主),每天更新 https://finmind.github.io/
mpgn/Spring-Boot-Actuator-Exploit
Spring Boot Actuator (jolokia) XXE/RCE
veracode-research/actuator-testbed
A vulnerable application exposing Spring Boot Actuators
artsploit/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
xl7dev/WebShell
Webshell && Backdoor Collection
netbiosX/Checklists
Red Teaming & Pentesting checklists for various engagements
sighook/pixload
Image Payload Creating/Injecting tools
gquere/pwn_jenkins
Notes about attacking Jenkins servers
medbenali/CyberScan
CyberScan: Network's Forensics ToolKit
Ivan1ee/NET-Deserialize
总结了20+.Net反序列化文章,持续更新
irsdl/IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
c0ny1/chunked-coding-converter
Burp suite 分块传输辅助插件
OmerYa/Invisi-Shell
Hide your Powershell script in plain sight. Bypass all Powershell security features
RhinoSecurityLabs/IPRotate_Burp_Extension
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
java-decompiler/jd-gui
A standalone Java Decompiler GUI