JOHN-FROD

Pinned Repositories

CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
Language:Go0 0 00
cf
Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作
Language:Go01
checksite
check site ipv4/ipv6 http/https/http2.0 support
Language:PHP00
cloudTools
cloudTools
00
codeql_compile
自动反编译闭源应用，创建codeql数据库
Language:Python00
Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Language:Shell00
fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
Language:Python00
helm-tiller-pwn
Language:HTML00
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
Language:Java00
JOHN-FROD.github.io
个人博客
Language:CSS00

JOHN-FROD's Repositories

JOHN-FROD/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
Language:Go0 0 00
JOHN-FROD/cf
Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作
Language:Go01
JOHN-FROD/checksite
check site ipv4/ipv6 http/https/http2.0 support
Language:PHP00
JOHN-FROD/cloudTools
cloudTools
00
JOHN-FROD/codeql_compile
自动反编译闭源应用，创建codeql数据库
Language:Python00
JOHN-FROD/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Language:Shell00
JOHN-FROD/fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
Language:Python00
JOHN-FROD/helm-tiller-pwn
Language:HTML00
JOHN-FROD/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
Language:Java00
JOHN-FROD/JOHN-FROD.github.io
个人博客
Language:CSS00
JOHN-FROD/kubetcd
Post-exploit a compromised etcd, gain persistence and remote shell to nodes.
Language:Go00
JOHN-FROD/ARL-2.6.2
ARL备份仓库
JOHN-FROD/assertManager
手动收集各大SRC平台主域名，通过程序自动处理以格式化存入数据库中，便于配合其它信息搜集工具进一步测试。
JOHN-FROD/AutorizePro
🧿 AutorizePro是一款越权检测 Burp 插件，通过增加AI分析模块 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding AI analysis modules, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.
JOHN-FROD/BurpAPIFinder
攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
JOHN-FROD/DecryptTools
DecryptTools-综合解密
JOHN-FROD/git-hound
Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
JOHN-FROD/ivy_config
ivy config
JOHN-FROD/Komo
🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。
JOHN-FROD/Library-POC
基于Pocsuite3、goby编写的漏洞poc&exp存档
JOHN-FROD/nacos-poc
JOHN-FROD/PicGo
JOHN-FROD/POC
收集整理漏洞EXp/POC,大部分漏洞来源网络，目前收集整理了500多个poc/exp，长期更新。
JOHN-FROD/SBSCAN
SBSCAN是一款针对spring框架的渗透测试工具，可以对指定站点进行spring boot敏感信息扫描以及进行spring相关漏洞的扫描与验证。
JOHN-FROD/sz_checksite
Language:JavaScript
JOHN-FROD/trufflehog
Find and verify secrets
JOHN-FROD/vulnerability-paper
收集的文章 https://mrwq.github.io/vulnerability-paper/
JOHN-FROD/WebShell-Traffic-Dataset
自建 WebShell 流量数据集
JOHN-FROD/ysoserial-1
此项目为su18大佬的仓库镜像，如有问题可发issuse删库