Pinned Repositories
30-Days-Of-JavaScript
30 days of JavaScript programming challenge is a step-by-step guide to learn JavaScript programming language in 30 days. This challenge may take more than 100 days, please just follow your own pace.
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
AI-Sec-Paper-Sharing
该资源为作者AI安全相关论文的分享知识,包括PPT和PDF版本及原文,希望对您有所帮助。加油~
akto
Instant, Open source API security → API discovery, automated business logic testing and runtime detection.
Crescendo
Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
gadgetinspector
一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静态检测功能。并且加入了很多功能以方便进行漏洞自动化挖掘。
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Information_Security_Books
150本信息安全方面的书籍书籍(持续更新)
Noriben
Noriben - Portable, Simple, Malware Analysis Sandbox
TrueTree
A command line tool for pstree-like output on macOS with additional pid capturing capabilities
asnblock's Repositories
asnblock/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
asnblock/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
asnblock/Information_Security_Books
150本信息安全方面的书籍书籍(持续更新)
asnblock/Awesome-CobaltStrike
cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources
asnblock/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
asnblock/Awesome-macOS-Red-Teaming
List of Awesome macOS Red Teaming Resources.
asnblock/awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
asnblock/blocklist-ipsets
ipsets dynamically updated with firehol's update-ipsets.sh script
asnblock/BloodHound
Six Degrees of Domain Admin
asnblock/BurpExtend
基于Burp插件开发打造渗透测试自动化
asnblock/CVE-2017-7921
CVE-2017-7921-EXP Hikvision camera
asnblock/CVE-2022-0847-DirtyPipe-Exploit
A root exploit for CVE-2022-0847 (Dirty Pipe)
asnblock/exploitdb
The official Exploit Database repository
asnblock/Godzilla
哥斯拉
asnblock/impacket
Impacket is a collection of Python classes for working with network protocols.
asnblock/introduction-to-bash-scripting
Free Introduction to Bash Scripting eBook
asnblock/logbackRceDemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
asnblock/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
asnblock/PHP-binary-bugs
PHP binary bugs advisory
asnblock/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
asnblock/reapoc
OpenSource Poc && Vulnerable-Target Storage Box.
asnblock/remote-method-guesser
Java RMI Vulnerability Scanner
asnblock/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
asnblock/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
asnblock/Software-Security-Learning
Software-Security-Learning
asnblock/spring-boot-demo
该项目已成功集成 actuator(监控)、admin(可视化监控)、logback(日志)、aopLog(通过AOP记录web请求日志)、统一异常处理(json级别和页面级别)、freemarker(模板引擎)、thymeleaf(模板引擎)、Beetl(模板引擎)、Enjoy(模板引擎)、JdbcTemplate(通用JDBC操作数据库)、JPA(强大的ORM框架)、mybatis(强大的ORM框架)、通用Mapper(快速操作Mybatis)、PageHelper(通用的Mybatis分页插件)、mybatis-plus(快速操作Mybatis)、BeetlSQL(强大的ORM框架)、upload(本地文件上传和七牛云文件上传)、redis(缓存)、ehcache(缓存)、email(发送各种类型邮件)、task(基础定时任务)、quartz(动态管理定时任务)、xxl-job(分布式定时任务)、swagger(API接口管理测试)、security(基于RBAC的动态权限认证)、SpringSession(Session共享)、Zookeeper(结合AOP实现分布式锁)、RabbitMQ(消息队列)、Kafka(消息队列)、websocket(服务端推送监控服务器运行信息)、socket.io(聊天室)、ureport2(**式报表)、打包成war文件、集成 ElasticSearch(基本操作和高级查询)、Async(异步任务)、集成Dubbo(采用官方的starter)、MongoDB(文档数据库)、neo4j(图数据库)、docker(容器化)、JPA多数据源、Mybatis多数据源、代码生成器、GrayLog(日志收集)、JustAuth(第三方登录)、LDAP(增删改查)、动态添加/切换数据源、单机限流(AOP + Guava RateLimiter)、分布式限流(AOP + Redis + Lua)、ElasticSearch 7.x(使用官方 Rest High Level Client)、HTTPS、Flyway(数据库初始化)、UReport2(**式复杂报表)。
asnblock/SpringExploit
🚀 一款为了学习go而诞生的漏洞利用工具
asnblock/SRC-experience
工欲善其事,必先利其器
asnblock/wangyi3060
Config files for my GitHub profile.
asnblock/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.