Pinned Repositories
altdns
Generates permutations, alterations and mutations of subdomains and then resolves them
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
btScan
批量漏洞扫描框架
burpExtender
burp的漏洞检测插件扩展
Bypass_Disable_functions_Shell
一个各种方式突破Disable_functions达到命令执行的shell
CNVD-C-2019-48814
WebLogic wls9-async反序列化远程命令执行漏洞
CVE-2017-0213
CVE-2017-0213 for command line
CVE-2018-2628
CVE-2018-2628
CVE-2018-8174_EXP
CVE-2018-8174_python
xss_html_dom
HTML DOM事件对象下的XSS
forlin's Repositories
forlin/CVE-2018-2628
CVE-2018-2628
forlin/xss_html_dom
HTML DOM事件对象下的XSS
forlin/CVE-2018-8174_EXP
CVE-2018-8174_python
forlin/burpExtender
burp的漏洞检测插件扩展
forlin/CNVD-C-2019-48814
WebLogic wls9-async反序列化远程命令执行漏洞
forlin/CVE-2018-14729
Discuz backend getshell
forlin/CVE-2018-3191
CVE-2018-3191 payload generator
forlin/CVE-2018-9206
A Python PoC for CVE-2018-9206
forlin/CVE-2019-11581
Atlassian JIRA Template injection vulnerability RCE
forlin/CVEScript
forlin/easyXssPayload
XssPayload List . Usage:
forlin/EventCleaner
A tool mainly to erase specified records from Windows event logs, with additional functionalities.
forlin/fuzzDicts
Web Pentesting Fuzz 字典,一个就够了。
forlin/HTTPHeadModifer
一款快速修改HTTP数据包头的Burp Suite插件
forlin/insight
洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
forlin/Intranet_Penetration_Tips
2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
forlin/K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)
forlin/laravel-poc-CVE-2018-15133
PoC for CVE-2018-15133 (Laravel unserialize vulnerability)
forlin/LaZagne
Credentials recovery project
forlin/lxhToolHTTPDecrypt
HTTPDecrypt
forlin/NodeJS-Red-Team-Cheat-Sheet
NodeJS Red-Team Cheat Sheet
forlin/pentest
渗透测试用到的东东
forlin/Project
forlin/rdpy
Remote Desktop Protocol in Twisted Python
forlin/redis-rogue-getshell
利用redis 4.x/5.x master/slave 模式getshell
forlin/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
forlin/sh00t
Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
forlin/SSRFmap
Automatic SSRF fuzzer and exploitation tool
forlin/vulhub
Docker-Compose file for vulnerability environment
forlin/zimbra_poc
Zimbra XXE+SSRF+UPLOAD Poc