f0ur0four

f0ur0four's Stars

• reddelexc/hackerone-reports

  Top disclosed reports from HackerOne

  Language:Python3.9k715

• Tib3rius/Pentest-Cheatsheets

  Language:Python1.1k274

• OneSourceCat/XxlJob-Hessian-RCE

  XxlJob<=2.1.2配置不当情况下反序列化RCE

  Language:Java706

• xiaoy-sec/Pentest_Note

  渗透测试常规操作记录

  3.7k934

• splitline/How-to-Hack-Websites

  開源的正體中文 Web Hacking 學習資源 - 程式安全 2021 Fall

  Language:PHP50750

• ffffffff0x/1earn

  ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

  Language:C++5.3k1.2k

• u1f383/writeup

  ctf writeup and log

  412

• sqlsec/ssrf-vuls

  国光的手把手带你用 SSRF 打穿内网靶场源码

  Language:PHP36459

• ynwarcs/CVE-2024-38063

  poc for CVE-2024-38063 (RCE in tcpip.sys)

  Language:Python618113

• harisec/orange-confusion-attacks

  Language:PHP197

• orangetw/My-Presentation-Slides

  Collections of Orange Tsai's public presentation slides.

  71277

• ax1sX/RouteCheck-Alpha

  A Java Route Collection Tool

  Language:Java853

• ProbiusOfficial/PHP-inversion

  RCE through Nested Function Calls and Character Inversion.

  Language:HTML7

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python61.3k14.7k

• splitline/My-CTF-Challenges

  🏴 🏴 🏴

  Language:Python1026

• zademn/EverythingCrypto

  (Still exploring) My cryptography journey: A collection of notebooks covering different algorithms and concepts from cryptography

  Language:Jupyter Notebook22525

• Bashfuscator/Bashfuscator

  A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

  Language:Python1.7k183

• pwntester/ysoserial.net

  Deserialization payload generator for a variety of .NET formatters

  Language:C#3.2k470

• synacktiv/php_filter_chain_generator

  Language:Python68670

• ProbiusOfficial/PHP-FilterChain-Exploit

  A Online PHP FilterChain Generator.

  Language:HTML122

• nxenon/h2spacex

  HTTP/2 Single Packet Attack low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks

  Language:Python1388

• fine-1/php-SER-libs

  php反序列化靶场，集合了常见的php反序列化漏洞——由这周末在做梦制作

  Language:PHP13920

• ProbiusOfficial/PHPSerialize-labs

  【Hello-CTF labs】PHPSerialize-labs是一个使用php语言编写的，用于学习CTF中PHP反序列化的入门靶场。旨在帮助大家对PHP的序列化和反序列化有一个全面的了解。

  Language:PHP13811

• ProbiusOfficial/RCE-labs

  【Hello-CTF labs】一个想帮你收集所有RCE技巧的靶场。

  Language:Hack17519

• ProbiusOfficial/bashFuck

  exec BashCommand with only ! # $ ' ( ) < \ { } just 10 charset used in Bypass or CTF

  Language:HTML21516

• zzwlpx/JNDIExploit

  A malicious LDAP server for JNDI injection attacks

  299385

• welk1n/JNDI-Injection-Exploit

  JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

  Language:Java2.6k725

• lalajun/RMIDeserialize

  RMI 反序列化环境 一步步

  Language:Java21123

• BishopFox/GadgetProbe

  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

  Language:Java58592

• wonderkun/CTF_web

  a project aim to collect CTF web practices .

  Language:PHP677203