Pinned Repositories
aerospike
aerospike 在线实验环境
ArangoDB
ArangoDB 在线实验环境
ashxLessSpy
ashx China Chopper WebShell
AwesomeXSS
Awesome XSS stuff
bash
bash在线实验环境
bashbunny-payloads
The Official Bash Bunny Payload Repository
Binary-files
调整下载方式,尝试规避域名黑名单。
dirtycow
sonarqube
sonarqube 在线实验环境
thinkphp-RCE-POC-Collection
thinkphp v5.x 远程代码执行漏洞-POC集合
MM0x00's Repositories
MM0x00/AwesomeXSS
Awesome XSS stuff
MM0x00/bashbunny-payloads
The Official Bash Bunny Payload Repository
MM0x00/CVE-2019-3396_EXP
CVE-2019-3396 confluence SSTI RCE
MM0x00/CVE-2019-5786
FileReader Exploit
MM0x00/CVE-2019-9978
CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)
MM0x00/CVE-2020-11978
PoC of how to exploit a RCE vulnerability of the example DAGs in Apache Airflow <1.10.11
MM0x00/Drupalgeddon2
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
MM0x00/exploits
Some of my exploits.
MM0x00/file
MM0x00/gitlab-SSRF-redis-RCE
GitLab 11.4.7 SSRF配合redis远程执行代码
MM0x00/GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
MM0x00/Impost3r
👻Impost3r -- A linux password thief
MM0x00/kscan
Kscan是一款纯go开发的轻量级的资产发现工具,可针对指定IP段、资产清单、存活网段自动化进行端口扫描以及TCP指纹识别和Banner抓取,在不发送更多的数据包的情况下尽可能的获取端口更多信息。并且能够针对扫描结果进行自动化暴力破解,且是go平台首款开源的RDP暴力破解工具。
MM0x00/linux-kernel-exploits
linux-kernel-exploits Linux平台提权漏洞集合
MM0x00/MacPass
A native OS X KeePass client
MM0x00/MYSQL_SQL_BYPASS_WIKI
mysql注入,bypass的一些心得
MM0x00/PHP-Parser
A PHP parser written in PHP
MM0x00/phpstudy
XSS Vulnerability
MM0x00/Rails-doubletap-RCE
RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
MM0x00/RW_Password
此项目用来提取收集以往泄露的密码中符合条件的强弱密码
MM0x00/Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
MM0x00/study
MM0x00/sudo_inject
[Linux] Two Privilege Escalation techniques abusing sudo token
MM0x00/super-guacamole
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc html-poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql
MM0x00/top-500-username
看见一个top 500的用户名字典,觉得还可以,因为是中文,所以搞了了很low的脚本转换一下。
MM0x00/weevely3
Weaponized web shell
MM0x00/WordPress-Easy-WP-SMTP-plugin-0day
MM0x00/XSStrike
Most advanced XSS scanner.
MM0x00/Yasso
强大的内网渗透辅助工具集-让Yasso像风一样
MM0x00/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.