Pinned Repositories
CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
cf
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
checksite
check site ipv4/ipv6 http/https/http2.0 support
cloudTools
cloudTools
codeql_compile
自动反编译闭源应用,创建codeql数据库
Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
helm-tiller-pwn
java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
JOHN-FROD.github.io
个人博客
JOHN-FROD's Repositories
JOHN-FROD/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
JOHN-FROD/cf
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
JOHN-FROD/checksite
check site ipv4/ipv6 http/https/http2.0 support
JOHN-FROD/cloudTools
cloudTools
JOHN-FROD/codeql_compile
自动反编译闭源应用,创建codeql数据库
JOHN-FROD/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
JOHN-FROD/fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
JOHN-FROD/helm-tiller-pwn
JOHN-FROD/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
JOHN-FROD/JOHN-FROD.github.io
个人博客
JOHN-FROD/kubetcd
Post-exploit a compromised etcd, gain persistence and remote shell to nodes.
JOHN-FROD/ARL-2.6.2
ARL备份仓库
JOHN-FROD/assertManager
手动收集各大SRC平台主域名,通过程序自动处理以格式化存入数据库中,便于配合其它信息搜集工具进一步测试。
JOHN-FROD/AutorizePro
🧿 AutorizePro是一款越权检测 Burp 插件,通过增加AI分析模块 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding AI analysis modules, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.
JOHN-FROD/BurpAPIFinder
攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
JOHN-FROD/DecryptTools
DecryptTools-综合解密
JOHN-FROD/git-hound
Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
JOHN-FROD/ivy_config
ivy config
JOHN-FROD/Komo
🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具,集成了20余款工具,通过多种方式对子域进行获取,收集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip端口扫描,web服务链接爬取并发送给xray,对web服务进行POC漏洞扫描,对主机进行主机漏洞扫描。
JOHN-FROD/Library-POC
基于Pocsuite3、goby编写的漏洞poc&exp存档
JOHN-FROD/nacos-poc
JOHN-FROD/PicGo
JOHN-FROD/POC
收集整理漏洞EXp/POC,大部分漏洞来源网络,目前收集整理了500多个poc/exp,长期更新。
JOHN-FROD/SBSCAN
SBSCAN是一款针对spring框架的渗透测试工具,可以对指定站点进行spring boot敏感信息扫描以及进行spring相关漏洞的扫描与验证。
JOHN-FROD/sz_checksite
JOHN-FROD/trufflehog
Find and verify secrets
JOHN-FROD/vulnerability-paper
收集的文章 https://mrwq.github.io/vulnerability-paper/
JOHN-FROD/WebShell-Traffic-Dataset
自建 WebShell 流量数据集
JOHN-FROD/ysoserial-1
此项目为su18大佬的仓库镜像,如有问题可发issuse删库