f0ur0four

f0ur0four's Stars

• Contrast-Security-OSS/joogle

  A static analysis API for finding deserialization attack gadgets

  Language:Java387

• public-apis/public-apis

  A collective list of free APIs

  Language:Python313k33.4k

• nicolasff/pysha1

  Exploiting SHA-1-signed messages

  Language:Python74

• hugsy/jdwp-shellifier

  Language:Python202

• limitedeternity/HeapLAB

  Udemy – Linux Heap Exploitation

  Language:Python349

• wyzxxz/shiro_rce_tool

  shiro 反序列 命令执行辅助检测工具

  1.3k181

• welk1n/JNDI-Injection-Bypass

  Some payloads of JNDI Injection in JDK 1.8.0_191+

  Language:Java47082

• jailctf/pyjailbreaker

  Python sandbox escape wiki + payload generator

  Language:Python36

• Whoopsunix/PPPYSO

  proof-of-concept for generating Java deserialization payload | Proxy MemShell

  Language:Java16520

• drtychai/browser-exploitation

  A collection of curated resources and CVEs I use for research.

  Language:C++10013

• c0ny1/FastjsonExploit

  Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

  Language:Java1.3k167

• Ice1187/TW-Security-and-CTF-Resource

  台灣資安 / CTF 學習資源整理

  44824

• cranelab/exploit-development

  esoteric

  5013

• pwang00/Cryptographic-Attacks

  Repository containing implementation of attacks on modern public key cryptosystems and symmetric key ciphers.

  Language:Sage10814

• laluka/bypass-url-parser

  bypass-url-parser

  Language:Python1k104

• jvdsn/crypto-attacks

  Python implementations of cryptographic attacks and utilities.

  Language:Python895114

• Ivan1ee/Sharp4SoapShell

  4个 .soap 版本的WebShell（持续更新维护），优点：可以运行于子目录，突破了过去只能运行于根目录的限制。4个脚本分别支持调用cmd.exe/哥斯拉/冰蝎/天蝎 客户端。

  1247

• ByamB4/Common-CTF-Challenges

  Common CTF Challenges is a collection of tools and resources to help individuals improve their Capture the Flag (CTF) skills. Our tools cover a wide range of challenges, from cryptography to reverse engineering.

  Language:Python7112

• xy-241/CS-Notes

  My Second Brain for Computer Science related stuff. Zero bullshit, short and sweet.

  Language:TypeScript344

• BlockApex/Audit-Reports

  Security Audit reports by BlockApex

  353

• botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study

  Burp Suite Certified Practitioner Exam Study

  Language:Python882254

• CHYbeta/Code-Audit-Challenges

  Code-Audit-Challenges

  973205

• jthack/ffufai

  AI-powered ffuf wrapper

  Language:Python12012

• l3m0n/Bypass_Disable_functions_Shell

  一个各种方式突破Disable_functions达到命令执行的shell

  Language:PHP1.2k260

• attackercan/regexp-security-cheatsheet

  Language:PHP706104

• Y4tacker/JavaSec

  a rep for documenting my study, may be from 0 to 0.1

  Language:Java1.9k283

• QAX-A-Team/WeblogicEnvironment

  Weblogic环境搭建工具

  Language:Shell76699

• ambionics/wrapwrap

  Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.

  Language:Python1725

• practical-tutorials/project-based-learning

  Curated list of project-based tutorials

  198k25.8k

• dionach/CMSmap

  CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

  Language:Python1k251