cxzero
Passionate about offensive security, pentester, security researcher, bug bounty hunter, hunger for learning new things
Pinned Repositories
AntSword-JSP-Template
ctf-writeups
A series of many CTFs writeups made by me.
CVE-2017-7494
Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
cve-2020-10977
GitLab 12.9.0 Arbitrary File Read
CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
CVE-2022-22965-spring4shell
CVE-2022-22965 Spring4Shell research & PoC
CVE-2022-42889-text4shell
CVE-2022-42889 aka Text4Shell research & PoC
keycloak-sample-extension
OWASP-CSRFGuard
OWASP CSRFGuard 3.1.0
xss-finder
PoC tool to check if a URL is vulnerable to XSS
cxzero's Repositories
cxzero/CVE-2022-42889-text4shell
CVE-2022-42889 aka Text4Shell research & PoC
cxzero/xss-finder
PoC tool to check if a URL is vulnerable to XSS
cxzero/ctf-writeups
A series of many CTFs writeups made by me.
cxzero/CVE-2022-1388_PoC
F5 BIG-IP RCE exploitation (CVE-2022-1388)
cxzero/CVE-2022-22965-PoC
cxzero/CVE-2022-22965-spring4shell
CVE-2022-22965 Spring4Shell research & PoC
cxzero/CVE-2022-39952
POC for CVE-2022-39952
cxzero/CVE-2022-40684
A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager
cxzero/local-spring-vuln-scanner
Simple local scanner for applications containing vulnerable Spring libraries
cxzero/objection
📱 objection - runtime mobile exploration
cxzero/owasp-mstg
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
cxzero/spring-core-rce
spring框架RCE漏洞 CVE-2022-22965
cxzero/Spring4Shell-POC
Spring4Shell Proof Of Concept/Information
cxzero/Spring4Shell-POC-1
Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit
cxzero/SpringShell
Spring Core RCE
cxzero/VirusTotalC2
Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list , and in case you don't have C2 infrastructure , now you have a free one
cxzero/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
cxzero/business-ctf-2024
Official writeups for Business CTF 2024: The Vault Of Hope
cxzero/CVE-2020-1472
Test tool for CVE-2020-1472 ZeroLogon
cxzero/CVE-2023-25690-POC
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
cxzero/CVE-2024-23897
POC for CVE-2024-23897 Jenkins File-Read
cxzero/cxzero.github.io
Personal website at https://cxzero.github.io
cxzero/disable-flutter-tls-verification
A Frida script that disables Flutter's TLS verification
cxzero/Frida-Guide
This repository explain how to write frida hook scripts and analysis written hooks.
cxzero/HTB-Business-CTF-2023-The-Great-Escape
Hackthebox Business CTF 2023- The Great Escape Writeups
cxzero/htb-cyber-apocalypse-2024
Official writeups for Cyber Apocalypse CTF 2024: Hacker Royale
cxzero/pairipcore
Public researchings of the Google's Android apps protection
cxzero/pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
cxzero/public-templates-htb
Templates for submissions
cxzero/Training-Android-Apps