ch-fun

Pinned Repositories

cf
云环境利用框架（Cloud exploitation framework）主要用来方便红队人员在获得 AK 的后续工作。
Language:Go0 0 00
cookiecutter-frida
Cookiecutter template for hooking traffic encrytion by frida
Language:JavaScript015
CS-AutoPostChain
基于 OPSEC 的 CobaltStrike 后渗透自动化链
00
e0e1-wx
wx小程序辅助渗透-自动化
Language:Python00
encrypt-decrypt-vuls
加解密逻辑漏洞靶场
Language:Vue00
FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
Language:Dockerfile00
hooker
🔥🔥hooker是一个基于frida实现的逆向工具包。为逆向开发人员提供统一化的脚本包管理方式、通杀脚本、自动化生成hook脚本、内存漫游探测activity和service、firda版JustTrustMe、disable ssl pinning
Language:JavaScript00
JavaSec
a rep for documenting my study, may be from 0 to 0.1
Language:Java0 0 00
JavaSecInterview
打造最强的Java安全研究与安全开发面试题库，包含问题和详细的答案，帮助师傅们找到满意的工作
Language:Python0 0 00
JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
Language:Java00

ch-fun's Repositories

ch-fun/cf
云环境利用框架（Cloud exploitation framework）主要用来方便红队人员在获得 AK 的后续工作。
Language:Go0 0 00
ch-fun/cookiecutter-frida
Cookiecutter template for hooking traffic encrytion by frida
Language:JavaScript015
ch-fun/CS-AutoPostChain
基于 OPSEC 的 CobaltStrike 后渗透自动化链
00
ch-fun/e0e1-wx
wx小程序辅助渗透-自动化
Language:Python00
ch-fun/encrypt-decrypt-vuls
加解密逻辑漏洞靶场
Language:Vue00
ch-fun/FastJsonParty
FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
Language:Dockerfile00
ch-fun/hooker
🔥🔥hooker是一个基于frida实现的逆向工具包。为逆向开发人员提供统一化的脚本包管理方式、通杀脚本、自动化生成hook脚本、内存漫游探测activity和service、firda版JustTrustMe、disable ssl pinning
Language:JavaScript00
ch-fun/JavaSec
a rep for documenting my study, may be from 0 to 0.1
Language:Java0 0 00
ch-fun/JavaSecInterview
打造最强的Java安全研究与安全开发面试题库，包含问题和详细的答案，帮助师傅们找到满意的工作
Language:Python0 0 00
ch-fun/JNDI-Injection-Exploit-Plus
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
Language:Java00
ch-fun/JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
Language:Java00
ch-fun/Mshell
Memshell-攻防内存马研究
0 0 00
ch-fun/NacosRce
Nacos JRaft Hessian 反序列化 RCE 加载字节码注入内存马不出网利用
Language:Java00
ch-fun/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Language:Python0 0 00
ch-fun/POC-bomber
利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点
Language:Python00
ch-fun/PowerOneLiner
Powershell shellcode one-liner. Powershell免杀一句话上线器便捷生成
Language:Python00
ch-fun/PowerSharpPack
Language:PowerShell0 0 00
ch-fun/Upload_Bypass
File upload restrictions bypass, by using different bug bounty techniques covered in Hacktricks.
00
ch-fun/nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
ch-fun/ReconAIzer
A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
ch-fun/Sec-Interview-4-2023
一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
0 0
ch-fun/ShortPayload
如何将Java反序列化Payload极致缩小
ch-fun/WebShell
各种无后门大马的整理，有用就点个Star吧~