Pinned Repositories
2022-HW-POC
2022 护网行动 POC 整理
ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
CodeAuditChecklist
Dangarous functions for code auditing
java_memshell
java各中间件的内存马、回显研究
reverse-engineering-for-beginners
translate project of Drops
Spring-Data-Mongodb-Example
CVE-2022-22980环境
subjack
Subdomain Takeover tool written in Go
kuron3k0's Repositories
kuron3k0/java_memshell
java各中间件的内存马、回显研究
kuron3k0/ARL
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
kuron3k0/bayonet
bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
kuron3k0/bounty-targets
This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
kuron3k0/CobaltstrikeSource
kuron3k0/CVE-2022-21882
win32k LPE
kuron3k0/CVE-2022-34265
CVE-2022-34265 Vulnerability
kuron3k0/degoogle_hunter
Simple fork from degoogle original project with bug hunting purposes
kuron3k0/EgGateWayGetShell
锐捷EG易网关批量GetShell / Code By:Tas9er
kuron3k0/extractor-java
CodeQL extractor for java, which don't need to compile java source
kuron3k0/gitGraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
kuron3k0/JavaBug
kuron3k0/JNDI-Injection-Bypass
Some payloads of JNDI Injection in JDK 1.8.0_191+
kuron3k0/JNDIExploit
A malicious LDAP server for JNDI injection attacks
kuron3k0/K8s-Mind-Map
K8S安全攻防思维导图 | Docker安全攻防思维导图
kuron3k0/kuron3k0
kuron3k0/Learn_Hessian_RCE
kuron3k0/marshalsec
kuron3k0/momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
kuron3k0/myJNDIExploit
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
kuron3k0/nuclei-templates
Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.
kuron3k0/Pentest-Notes
📖《内网安全攻防-渗透测试实战指南》
kuron3k0/reflected-parameters
kuron3k0/reflector
Burp plugin able to find reflected XSS on page in real-time while browsing on site
kuron3k0/shiro_padding_oracle
kuron3k0/ShortPayload
如何将Java反序列化Payload极致缩小
kuron3k0/SQLEXP
SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据
kuron3k0/SRCScanner
资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
kuron3k0/Sublist3r
Fast subdomains enumeration tool for penetration testers
kuron3k0/verifyemail
Python在线验证邮箱真实性,支持批量验证