Pinned Repositories
CVE-2018-12636_exploit
Exploit for CVE-2018-12636
CVE-2018-20148_exploit
Exploit for CVE-2018-20148 - WordPress PHAR deserialization via XMLRPC
CVE-2018-3810_exploit
Exploit for CVE-2018-3810
CVE-2019-9081_PoC
PoC for CVE-2019-9081
CVE-2020-28032_PoC
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
CVE-2021-3129_exploit
Exploit for CVE-2021-3129
Java-SSTI-demo
Java SSTI vulnerability demos based on Spring Boot and various template engines (Thymeleaf, FreeMarker, Velocity)
Zimbra-RCE-exploit
RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post
nth347's Repositories
nth347/Zimbra-RCE-exploit
RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post
nth347/Java-SSTI-demo
Java SSTI vulnerability demos based on Spring Boot and various template engines (Thymeleaf, FreeMarker, Velocity)
nth347/CVE-2018-20148_exploit
Exploit for CVE-2018-20148 - WordPress PHAR deserialization via XMLRPC
nth347/CVE-2020-28032_PoC
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
nth347/CVE-2018-3810_exploit
Exploit for CVE-2018-3810
nth347/amass
In-depth attack surface mapping and asset discovery
nth347/auth-analyzer
nth347/Chunk-Proxy
nth347/ctf-wutfaces-resources
MatesCTF2018 WutFaces - A CTF challenge made by @tint0 with my own solution
nth347/CVE-2013-2251
Vulnerable environment of CVE-2013-2251 (S2-016) for testing
nth347/CVE-2020-17530
Vulnerable environment of CVE-2020-17530 (S2-061) for testing
nth347/CVE-2021-31805
Vulnerable environment of CVE-2021-31805 (S2-062) for testing
nth347/Java-RMI-deserialization
Java RMI deserialization vulnerability demos
nth347/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
nth347/JavaSecInterview
打造最强的Java安全研究与安全开发面试题库,包含问题和详细的答案,帮助师傅们找到满意的工作
nth347/Javassist-demo
Simple demo demonstrates how to modify Java code at runtime using Javassist library
nth347/JNDI-Exploit-Kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
nth347/JNDI-injection-servers
Some RMI/LDAP servers for exploiting JNDI injections
nth347/Khepri
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ like CobaltStrike.
nth347/learnjavabug
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。
nth347/Log4Shell
A web application vulnerable to Log4Shell. It's a target for https://github.com/nth347/JNDI-injection-servers
nth347/marshalsec
nth347/nth347.github.io
Build a Jekyll blog in minutes, without touching the command line.
nth347/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
nth347/rogue-jndi
A malicious LDAP server for JNDI injection attacks
nth347/SerializationDumper
A tool to dump Java serialization streams in a more human readable form.
nth347/Spring-view-manipulation
Demo of a Spring Boot application vulnerable to Spring view manipulation
nth347/subfinder
Fast passive subdomain enumeration tool.
nth347/test-secrets
nth347/WordPress-before-4.8.2-stored-XSS
This is Proof of Concept for a stored XSS vulnerability in WordPress before 4.8.2