me1ons's Stars
mbechler/serianalyzer
A static byte code analyzer for Java deserialization gadget research
5wimming/gadgetinspector
利用链、漏洞检测工具
c0ny1/java-object-searcher
java内存对象搜索辅助工具
wh1t3p1g/ysomap
A helpful Java Deserialization exploit framework.
CHYbeta/Code-Audit-Challenges
Code-Audit-Challenges
lazybootsafe/Go-Learning-With-Hack
Go-Learning-With-Hacker--go语言HackTools开发教程从入门到入狱
projectdiscovery/httpx
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
projectdiscovery/subfinder
Fast passive subdomain enumeration tool.
welk1n/JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
0linlin0/CyberBox
Java Exp FrameWork
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
phith0n/JavaThings
Share Things Related to Java - Java安全漫谈笔记相关内容
FunnyWolf/Viper
Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台
potats0/javaSerializationTools
xiaoZ-hc/redtool
日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
Maskhe/xxeDemo
z1un/Z1-AggressorScripts
适用于Cobalt Strike的插件
1n7erface/PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
yhy0/ExpDemo-JavaFX
图形化漏洞利用Demo-JavaFX版
GrowingGit/GitHub-Chinese-Top-Charts
:cn: GitHub中文排行榜,各语言分设「软件 | 资料」榜单,精准定位中文好项目。各取所需,高效学习。
w181496/Web-CTF-Cheatsheet
Web CTF CheatSheet 🐈
atdpa4sw0rd/Search-Tools
聚合空间测绘搜索(Fofa,Zoomeye,Quake,Shodan,Censys,BinaryEdge)
p0wershe11/ProxyLogon
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
longofo/rmi-jndi-ldap-jrmp-jmx-jms
rmi、jndi、ldap、jrmp、jmx、jms一些demo测试
yhy0/github-cve-monitor
实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控,并多渠道推送通知
1013503897/RDP-credentials-decrypter
decrypt rdp credentials to password using mimikatz.
momosecurity/momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
c0ny1/vulstudy
使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
c0ny1/upload-labs
一个想帮你总结所有类型的上传漏洞的靶场
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF