lordsky's Stars
ehang-io/nps
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
ffuf/ffuf
Fast web fuzzer written in Go
sml2h3/ddddocr
带带弟弟 通用验证码识别OCR pypi版
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
de4dot/de4dot
.NET deobfuscator and unpacker.
CodingGay/BlackDex
BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.
zu1k/nali
An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.
threedr3am/learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
veo/wsMemShell
WebSocket 内存马/Webshell,一种新型内存马/WebShell技术
woodpecker-framework/woodpecker-framework-release
高危漏洞精准检测与深度利用框架
threedr3am/JSP-WebShells
Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
cube0x0/noPac
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
trickest/inventory
Asset inventory of over 800 public bug bounty programs.
Kevin-Robertson/Powermad
PowerShell MachineAccountQuota and DNS exploit tools
S3cur3Th1sSh1t/OffensiveVBA
This repo covers some code execution and AV Evasion methods for Macros in Office documents
ffffffff0x/AboutSecurity
Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
Phuong39/2022-HW-POC
2022 护网行动 POC 整理
Crypt0s/FakeDns
A regular-expression based python MITM DNS server with support for DNS Rebinding attacks
milo2012/pathbrute
Pathbrute
Y4er/dotnet-deserialization
dotnet 反序列化学习笔记
depycode/fastjson-c3p0
fastjson不出网利用、c3p0
kylesmile1103/Learn-Frida
Modding Unity app with Frida tutorial.
WBGlIl/ReBeacon_Src
assetnote/exploits
Repository to store exploits created by Assetnotes Security Research team
H3rmesk1t/Fastjson-Gadgets-Automatic-Scanner
Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may be exploited, and screening results need to be excluded by themselves. Looking forward to Fork and Star.
SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053
lordsky/awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
lordsky/k8s-pentest
lordsky/whoisserver-world
iana supported whoisserver metadata of all active generic/cc/sponsored tlds