hack-umbrella

hack-umbrella's Stars

• chaitin/SafeLine

  serve as a reverse proxy to protect your web services from attacks and exploits.

  Language:Go14.3k80887872

• Ascotbe/Kernelhub

  :palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

  Language:C2.9k805670

• threedr3am/learnjavabug

  Java安全相关的漏洞和技术demo，原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

  Language:Java2.6k756496

• pen4uin/java-memshell-generator

  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

  Language:Java1.7k2132194

• wgpsec/fofa_viewer

  A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.

  Language:Java1.6k20148164

• FeeiCN/SecurityInterviewGuide

  网络信息安全从业者面试指南

  1.5k282148

• Moddable-OpenSource/moddable

  Tools for developers to create truly open IoT products using standard JavaScript on low cost microcontrollers.

  Language:C1.4k62893238

• whwlsfb/JDumpSpider

  HeapDump敏感信息提取工具

  Language:Java1.4k148133

• Schira4396/VcenterKiller

  一款针对Vcenter的综合利用工具，包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j，提供一键上传webshell，命令执行或者上传公钥使用SSH免密连接

  Language:Go1.4k1514166

• jar-analyzer/jar-analyzer

  Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

  Language:Java1.3k1093109

• wh1t3p1g/ysomap

  A helpful Java Deserialization exploit framework.

  Language:Java1.2k2816150

• 1n7erface/Template

  Next generation RedTeam heuristic intranet scanning | 下一代RedTeam启发式内网扫描

  1.1k1734121

• Mob2003/rakshasa

  基于go编写的跨平台、稳定、隐秘的多级代理内网穿透工具

  Language:Go1k1213144

• ben-sb/javascript-deobfuscator

  General purpose JavaScript deobfuscator

  Language:TypeScript8171651117

• LandGrey/ClassHound

  利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码

  Language:Python6979194

• DeEpinGh0st/MDUT-Extend-Release

  MDUT-Extend(扩展版本)

  65981426

• phith0n/zkar

  ZKar is a Java serialization protocol analysis tool implement in Go.

  Language:Go60313452

• smallcham/sec-admin

  分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

  Language:Python602521119

• eciavatta/caronte

  A tool to analyze the network flow during attack/defence Capture the Flag competitions

  Language:JavaScript60083385

• rudyxu1102/cross-origin

  A collection of simple demos of CORS

  Language:JavaScript579194182

• DeEpinGh0st/WindowsBaselineAssistant

  Windows安全基线核查加固助手

  Language:C#4515761

• zema1/yarx

  An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应靶站的工具

  Language:Go4078550

• jdr2021/OSSFileBrowse

  存储桶遍历漏洞利用工具

  Language:Java2913615

• veracode-research/spring-view-manipulation

  When MVC magic turns black

  Language:Java2897028

• Richard-Tang/x1DecoderPlus

  AntSword(蚁剑)全参数流量XOR和Base64加伪装WebShell

  1634320

• YDHCUI/csload.net

  一个cobaltstrike shellcode加载器，过国内主流杀软

  Language:C#1213114

• su18/rasp-vuln

  当死去的记忆突然开始攻击我，我终于想起了我还写过一款十分十分垃圾的 rasp 靶场。

  Language:PLpgSQL78115

• PDWR/3vilMacro

  This is a easy tool for gen VBA code, and bypass most antivirus

  597416

• DeEpinGh0st/JetbrainsServerFinder

  一个利用Shodan搜索引擎查询Jetbrains系列产品激活服务器的网页端工具

  Language:Python564316

• Q1IQ/CTF

  Store the exps and attachments for my blog and articles.

  Language:Python4001