Pinned Repositories
1000php
1000个PHP代码审计案例(2016.7以前乌云公开漏洞)
30-seconds-zh_CN
📙 前端知识精选集,包含 HTML、CSS、JavaScript、React、Node、安全等方面,每天仅需 30 秒。
ABPTTS
TCP tunneling over HTTP/HTTPS for web application servers
AggressorScript-RunDumpHash
AggressorScript-RunDumpHash
aliyun-cli
Alibaba Cloud CLI
antispy
AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
ba0zi
Config files for my GitHub profile.
BaiLu-SED-Tool
白鹿社工字典生成器,灵活与易用兼顾。
Spring-Boot-Actuator-Exploit
Spring Boot Actuator (jolokia) XXE/RCE
ba0zi's Repositories
ba0zi/ba0zi
Config files for my GitHub profile.
ba0zi/CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
ba0zi/Chunk-Proxy
ba0zi/cve-2020-0688
cve-2020-0688
ba0zi/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
Support ALL Windows Version
ba0zi/CVE-2022-0995
CVE-2022-0995 exploit
ba0zi/CVE-2022-39197
CobaltStrike <= 4.7.1 RCE
ba0zi/DnfHelper-C
C++ 地下城与勇士-辅助
ba0zi/DnfHelper-Python
Python-地下城与勇士-dnf工具
ba0zi/exchange-ssrf-rce
exchange-ssrf-rce
ba0zi/follina.py
Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes
ba0zi/goproxy
Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
ba0zi/H
H是一款强大的资产收集管理平台
ba0zi/jackson-rce-via-spel
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
ba0zi/Java
关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
ba0zi/javasec
自己学习java安全的一些总结,主要是安全审计相关
ba0zi/JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
ba0zi/nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
ba0zi/ProxyLogon
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
ba0zi/RabR
Redis-Attack By Replication (通过主从复制攻击Redis)
ba0zi/requests-html
Pythonic HTML Parsing for Humans™
ba0zi/shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
ba0zi/shiro_rce
shiro rce 反序列 命令执行 一键工具
ba0zi/ShortPayload
如何将Java反序列化Payload极致缩小
ba0zi/spp
简单强大的多协议双向代理工具 A simple and powerful proxy
ba0zi/StopDefender
Stop Windows Defender programmatically
ba0zi/vnote
A pleasant note-taking platform.
ba0zi/WMIHACKER
A Bypass Anti-virus Software Lateral Movement Command Execution Tool
ba0zi/yaml-payload-for-ruoyi
A memory shell for ruoyi
ba0zi/zsxq
Hacking自动化就是好玩的星球相关